Major spyware problem - heelp

[Snowman23]

hey guys.

my web browser is completely hijacked. I can't even log onto the trend micro website for a scan. My spybot S&D program won't open either. So I thought okay, I'll reboot in safe mode... still didn't work. I'm like "damn". I'm surprised I made it back here.

Any ideas?

 

[KarmaSutra]

If you're using IE, stop. Download Firefox first.

Go into task manager and stop every process not MS related.

Then uninstall Spybot.
Reboot and reinstall Ad-Aware then Spybot. Run both concurrently.

Once they're done eliminate/quarantine everything.

Reboot.

Finally, STOP DOWNLOADING REDNECK BANGING SHEEP PORN.:rockon:

 

[Snowman23]

thanks.

I am using firefox, and I tried deleting all non MS related processes, but it said it was critical and couldn't be ended.

I used adware, it only found 2 cookies, needless to say it didn't fix anything. tried re-installing spybot... nothing.

 

[KarmaSutra]

My suggestion is to download Vista Royal Business or Vista Eternity and do a fresh format and install.

If IE and Firefox are both compromised then your machine is fvcked.

Finally, STOP DOWNLOADING REDNECKS FVCKING SHEEP PORN!

 

[KontrollerX]

Download Hijack This and run a scan.

Read over the directions thoroughly first as Hijack This just compiles a big list of background programs running on your computer which in other words means some things are legitimate and some things aren't and it is up to your knowledge and discretion to remove the bad files.

Also do what KarmaSutra has said.

If you manage to fix your system download Spyware Blaster as it is a program that works as a preventitive measure rather than trying to remove bad things after you get infected as most anti spyware programs do.

In other words it works like a fortress over your browser that automatically is updated to block your browsers from letting certain bad websites and hijacks take it over even if you click on such a site or are re-directed to one.

Also with Firefox download Adblock Plus which can help.

Oh and though typically PC problems stem from downloading porn you can also download Trojans and other nasty sh!t through using Limewire and those other types of piracy programs so be more careful if you continue using them and have a strong anti virus and firewall set up first like McAffee or something.

 

[I.A.F.Y.B.]

I use Kaspersky Internet Security. Works pretty well and found more stuff than, Norton.

Like, KontrollerX mentioned about LimeWire and such. I use FrostWire (same as Lime) to download music. With my program if i download anything that has a virus or trojan in it. I get up pop up from Kaspersky that tells this file is infected and it disinfects it or deletes it.

Now days you always want to make sure you got something protecting your computer.

 

[Duffdog]

You could totally cheat and use system restore in vista to go back to a previous date. That will kill everything on there--including some stuff you may want.

I did all the anti-spyware stuff and registry cleaners to get rid of spyware and malware, but in the end, the only surefire thing was system restore. And stop downloading stupid crap.

 

[KontrollerX]

You could totally cheat and use system restore in vista to go back to a previous date. That will kill everything on there--including some stuff you may want.

I did all the anti-spyware stuff and registry cleaners to get rid of spyware and malware, but in the end, the only surefire thing was system restore. And stop downloading stupid crap.

Yep.

I had to use System Restore just today thanks to installing some optional update for Windows Vista that made my mouse no longer work and put some weird crappy touchpad keyboard on my computer and someother weird sh!t.

 

[darkstarrr]

Malwarebytes has solved every virus/spyware problem I have ever had.

I found this number but I'm not sure what it means, maybe someone can explain it to me.

5HB47

F89B-YD5Q-70J7-KYGJ

 

[Alle_Gory]

Malwarebytes has solved every virus/spyware problem I have ever had.

I found this number but I'm not sure what it means, maybe someone can explain it to me.

5HB47

F89B-YD5Q-70J7-KYGJ

Its a 'fake' serial for a cracked version of the software.

 

[STR8UP]

Ever since I started using Firefox with AVG in Windows Vista I have had ZERO problems with viruses, spyware, or malware. Malware is some naaaaasty sh!t!

 

[Deep Dish]

hey guys.

my web browser is completely hijacked. I can't even log onto the trend micro website for a scan. My spybot S&D program won't open either. So I thought okay, I'll reboot in safe mode... still didn't work. I'm like "damn". I'm surprised I made it back here.

Any ideas?

Since you cannot open your spyware program, it would be helpful to figure out what viral strain you are infected with. The following are instructions to do-it-yourself. I have removed infections manually and have never used any programs like Hijack This. 99% of spyware programs are very easy to manually remove if you know what you're doing and only once have I ever failed (I suspect it was a rootkit virus and if you ever get a rootkit virus you're basically screwed.)

• Assuming you're Windows-based, go into Task Manager and delete any RUNDLL processes. You may need to do this often. Google search processes.
• Assuming you're Windows-based, go into the system registry and look under HKEY_Current_User/Software/Microsoft/Windows/CurrentVersion/Run and RunOnce, and HKEY_Local_Machine/Software/Microsoft/Windows/CurrentVersion/Run and RunOnce. Google search the filenames and be alert for any filenames which look randomly generated - the common signature of spyware.
• Assuming you use IE, look under HKEY_Current_User/Software/Microsoft/Internet Explorer/Explorer Bars, and HKEY_Local_Machine/Software/Microsoft/Internet Explorer/Explorer Bars. Google search the entries, which will be enclosed in brackets. Be forewarned these entries show up in Hijack This logs which people post on forums, so Google will spit back a flurry of hits to forums, which sorta makes this useless, but it's solid in principle.
• Run msconfig.exe to see what loads on start-up. Google search anything suspicious.
• Do a search, including hidden files and directories, for all files with *.dll, *.exe, *.com, within the past week, month, six months, or year. If you know the exact day and time of the infection, be on the lookout for any files created at that time, especially any randomly generated filenames. Google search anything suspicious.
• For any files which you find associated with spyware/malware or any randomly generated filenames, search the registry for references to those files.

Do any pop-ups appear? Are any IE bars created? Is your browser re-directed anywhere? These are all helpful clues in determining what you may be infected with. Be forewarned spyware infections often involve multiple files in multiple directories, infections often prove more sophisticated than you may originally think. Be sure to perform all system checks, as often you will get re-infected if you don't wipe it all out. It's a game of cat and mouse. I think for you, the goal is to simply identify your viral strain and Google search a solution.

 

[canibis_trip]

The Solution

Hi Snowman, I'm long time reader of these forums and I created this account just to reply to you.

Now, what you have is probably called voondoo. I did not find a way to fix that, even while using a voondoo removal tool. My solution was to backup data, format disk, and do a clean install of everything.

By the way buddy, I got that thing from surfing the web using Firefox browser, and before that I got it through Internet Explorer as well.

These script viruses come through ad banners on pretty much any page you go to on the web. Most banners are cool, but some are very bad. It is finicky, but it's like a conspiracy to infect as many machines as possible, so that then computer people would have work. Who knows.

To not get any of these in the future, you need:

A) Firefox browser.
B) NO script add-on... only allow sites that you visit, BUT not advertisers. Read docs on No script well.
C) Lock down Internet Explorer and only use it for Windows Update.
D) Do use Windows Defender
E) Do use anti-virus.. I know you saying what's the point since anti-virus don't do anything. I know. That's why I call it conspiracy lol. But still use it.
F) Try to do work NOT under administrative account.


Good luck

 

[darkstarrr]

Now, what you have is probably called voondoo. I did not find a way to fix that, even while using a voondoo removal tool. My solution was to backup data, format disk, and do a clean install of everything.

I had voondoo or however it is spelled and Malwarebytes removed it and a few other nasties from my computer. Haven't had a problem ever since.

 

[canibis_trip]

I had voondoo or however it is spelled and Malwarebytes removed it and a few other nasties from my computer. Haven't had a problem ever since.

I'm very germophobic when it comes to computer viruses. If it's infected, I need a new thing right away.

 

[horaholic]

Why is it better not to work under an administrative account?
I havent heard that one before.

 

[canibis_trip]

It's not better to not work under administrative account, as a matter of fact it is pain in you know where. Thing is, when you get infected, those things have access to everything if you run administrator rights.

The most important thing for you is to get Firefox + NOSCRIPT. In contrary, noscript add-on is not a point in you know where. It makes browsing faster because you don't get scripts and crap from completely irrelevant telemarketer sites.

For me, noscript was like going from dial up to DSL as far as performance goes, and I have DSL 8.0..