Author Topic: recovering from spyware  (Read 6245 times)

0 Members and 1 Guest are viewing this topic.

Offline knowbtr42

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
recovering from spyware
« on: December 20, 2005, 09:56:38 AM »
We have Norton 2006 with spyware coverage, we got hit on the 15th liike I never experienced. Virus alerts, dialer alerts, worms & trojans every second non-stop. The screen was permanently blue with a black box in the middle that said your infected with spyware. After using spybot, spyware removers of all kinds, non stop virus scans, windows in safe mode, etc, I downloaded windows spyware and it stopped the attack but didn't fix the damage. I can't change my desktop at all. I founf the file with the black screen box & deleted it but still can't change the screen from white now. The task manager was turned off and my second log on was changed to guest instead of administrator. I'm afraid something might still be using the pc so I keep it off the cable unless we are on it. Any suggestions will help.
Thanks.

Offline GR@PH;<'S

  • Administrator
  • Hero Member
  • *****
  • Posts: 20125
    • View Profile
    • http://www.taktmobiles.co.uk
Re: recovering from spyware
« Reply #1 on: December 20, 2005, 03:08:26 PM »
knowbtr42,
Please can you try at least two if not more of these  On-line scans
Panda
Symantec
McAfee
TrendMicro
Bit Defender
Kaspersky
CommandonDemand
Computer Associates
CyberTechHelp
PC Pitstop
Stinger
a2
or download and try
TrojanHunter (Note Trojan Scanner 30 day Trial)
Then once you have done clear out your cache folder again ie: Run
CCleaner
(Note CCleaner Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours").
 Please can you make sure that you are using
Ad-aware SE Build 106 (Free/Personal)
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
(SE1R82.19.12.2005)
then scan  doing a  "Full Scan" and then post your logfile here by using the Add-Reply Feature .

GR@PH;<'S   :breakkie:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Offline knowbtr42

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
Re: recovering from spyware
« Reply #2 on: December 22, 2005, 06:17:13 PM »
Hi, I used Stinger, I used Norton, I tried installing others that were mentioned on PC forum site and the computer said it couldn't download due to some type of error. I swear whatever it is, its almost like its defending itself..lol I'm missing kernel64 also and I think I did that by accident when windows spyware put it on an alert list..I think I deleted it...whatever is going on..its seems to be getting worse...I can't shut the pc down without pressing the button since yesterday and still norton is not showing any alerts or quarinteened files. Are there things that disable Norton? Looks like its runnning but who knows whats going on. I will try a few others and install the Adawre and get the log for you if it lets me. The help is appreciated. Might not be posting til after Xmas but I will post it. Thanks much.   

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: recovering from spyware
« Reply #3 on: December 22, 2005, 06:29:01 PM »
knowbtr42 , hello and welcome here :)

To get some idea of what has hit you, (though I have an idea of what it is) could you please download HiJack This from here:  http://www.thespykiller.co.uk/files/HJTsetup.exe

This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
This is a complete installer that installs Hijackthis onto the computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.

then.......
Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here and we´ll have a look at it.

Regards

Die Hard :)



I create and edit my posts in GS-NOTES

Offline Skittles

  • Hero Member
  • *****
  • Posts: 776
    • View Profile
Re: recovering from spyware
« Reply #4 on: December 22, 2005, 06:32:19 PM »
I second that!  hehehe

DieHard just beat me to it!

meaner!  hehehe

Offline knowbtr42

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
Re: recovering from spyware
« Reply #5 on: December 22, 2005, 06:38:01 PM »
Quick question, I have Norton, Spycatcher & Windows Anti spyware on the computer at the moment. If I go to download Hijackthis (which is one of the programs I couldn't get to load the other day) will the other programs prevent me from loading it? Some of the names I remember from the alerts were backdoor a few different trojans..looking42 and some type of dialer. When it first happened my screen went from a picture background to all blue with a big black box in the middle with red letters "YOU ARE INFECTED WITH SPYWARE ". I actually found that file and delted it..now the screen stays white. If I can install all you suggested I will and then post the files. Do you think I am in any danger of ongoing use of some type of my pc by waiting to do system recovery?  

Offline Skittles

  • Hero Member
  • *****
  • Posts: 776
    • View Profile
Re: recovering from spyware
« Reply #6 on: December 22, 2005, 06:49:51 PM »
Nope....those programs will not effect HiJackThis


Offline Skittles

  • Hero Member
  • *****
  • Posts: 776
    • View Profile
Re: recovering from spyware
« Reply #7 on: December 22, 2005, 06:56:31 PM »
I might suggest that you read this first before running the hijackthis log. 

http://www.landzdown.com/index.php?topic=423.0

Altho you may have already done some of these steps, it is still very informative, especially towards the end, when talking about hijackthis.

Also if you have some real time monitoring programs running this will be beneficial to you as well.

http://www.landzdown.com/index.php?topic=422.0

Offline Die Hard

  • LzD Fallen Heroes
  • Hero Member
  • *****
  • Posts: 971
  • The Northern Berserk
    • View Profile
Re: recovering from spyware
« Reply #8 on: December 22, 2005, 06:58:07 PM »
knowbtr42  :)

Would the false spyware alert by any chance look something similar to this ? :
http://www.webhelper4u.com/CWS/Research/screenimages/warningyoumaybeinfectedscare.html

Die Hard :)
I create and edit my posts in GS-NOTES

Offline knowbtr42

  • Jr. Member
  • **
  • Posts: 5
    • View Profile
Re: recovering from spyware
« Reply #9 on: December 26, 2005, 12:59:35 PM »
Took care of a few things. Eliminated all current user accounts & set up new ones and I got back my task manager & desk top controls. Still had a kernel64 error upon start-up but advice from PCTools site said it was a new trojan & gave me instructions to remove.Also found Spyware Cleaner was a proble, got rid of that.Adwarealert had to go to. Did add/remove as well as safe mode search & delete. Ran multiple hijack scans & logs it seems to have worked so far. The screen you asked me about was a black box in the middle of the display. The letters were bright red and it said something like your computer is infected with spyware. We have found this all came from Warcraft III game online. My son went to his dads PC (another location) started warcraft & wham..same thing..he noticed the SPY SHERRIFF came up. They immediately deleted the user account & seem to have no problems visible.
All this time I thought it came from the problem with Norton vulnerability. Guess not. I now keep Windows Antispy active, I have spycatcher loaded, I'm afraid to remove it. On the Uninstall it reads that if I uninstall it all the things it removed are put back. Any advise on that?