Help! Under Attack!

[Fifty]

My computer has been attacked by spyware/adware!

I was trying to get buddy icons and I kept being prompted to download some garbage. I knew it was adware stuff so I kept denying the download, but somehow it got on my computer anyways! Now my computer is immersed in wierd desktop icons, search pages, programs, toolbars, etc.

This really angers me, becasue I've paid good money for:

Norton Antivirus, fully updated
Norton Internet Secrurity Firewall and Intrusion Detection
Spysweeper adware/spyware blocker and remover

All these programs were running when the spyware hit! I did full scans, sweeps, etc. with all of these problems and none of them were able to alleviate the problem!

What on earth can/should I do? And why the hell doesn't my Norton crap work?! I pay $60 for this stuff and it does absolutely zilch. Some customer service rep. from India is going to get an angry phone call!

What should I do?! How do I get this junk off of my computer?!

 

[stormbind]

There is a security hole in Java (not JavaScript) that these programs seem unable to plug.

If you are using Netscape/Mozilla/FireFox/etc. then the evil temp files are hidden away somewhere in C:/Documents and Settings/<%username%>/.. which cannot be searched.

The flaw is actually Windows NT semi-secure model which allows stuff to be written, but won't allow programs to search. Browse to the suspect folders and scan them manually.

 

[Joeb WK]

I know how you feel this happened to one of our computers and really screwed it up for ages even though we had McAfee. Adaware are apparently pretty good for stopping Adware. BTW If you do decide to sign up for Adaware when it tells you the price for a years subscription keep saying no until they bring the price down to 99 cents or something like that.

 

[shadowdude]

See the "Index" link in my sig for links to spyware fighters

 

[Fifty]

Spysweeper is considered one of the best spyware removal programs and it does nothing! I doubt that a spyware removal program will work! Any other ideas?

 

[PlutonianEmpire]

When you run norton antivirus, do what you usually do with it, but instead of closing it when finished with the virus scan, leave it open. At the end of each scan, it gives you a list of what it was unable to remove. On the far left side of the list box, is the filename or something. click on it, and above the list box, it should tell you in which folder the file is in. Open windows explorer, hunt down that folder/file, and delete. Sometimes, you will be unable to delete a file. Write the filename and extension, and restart the computer in SAFE MODE, after you're done deleting the files that can be deleted. That's what I do.

Does this help?

 

[Jeratain]

Any other ideas?

Backup. Format.

 

[Thrawn]

Spysweeper is considered one of the best spyware removal programs and it does nothing! I doubt that a spyware removal program will work! Any other ideas?

Are you sure about that? Before this post I had never heard of Spysweeper, yet I continually hear people recommending Ad-aware and Spybot: Search and Destroy as the 2 best spyware removal tools out there. Try them anyway, they're both free.

 

[raen]

Now I use spybouncer, but dont know if works because at that time I didnt had him and no other anti spyware helped. But sees more spyware than adaware, I tried both.

To solve it I used hijackthis and erased some suspicious register folders, and gone to hard disk and deleted the files attached to them.

 

[Fifty]

Just another problem to add to the list:

The crap that is on my computer has somehow rendered Norton Antivirus' intrusion blocker useless. Now I get some error whenever I try and turn the intrusion blocker on.

 

[damunzy]

Spysweeper is considered one of the best spyware removal programs and it does nothing! I doubt that a spyware removal program will work! Any other ideas?

And yet it didn't work for you?

Take the man's advice and try Ad-aware - it is free and will only cost you time. While you are at it download and run SpyBot S&D. I make sure I run them both since they don't always find the same stuff. I also try out different spyware products but haven't found any of the others to help me anymore than the two I listed do.

Hint: Check my Sig. :-D

 

[Fifty]

Ad-aware did not work.

Another question: I can't log on to hotmail. Whenever I try I get the "this page cannot be displayed" message. Could this be a result of the stuff that's infected my computer?

Edit: Would running one of these spyware removal programs while in safe mode help?

 

[hbdragon88]

I've heard of Spysweeper - it's by Webroot, the makers of Window Washer and other programs. Since it costs moeny, I've never bothered with it.

 

[damunzy]

Running in safe mode is the best method.

 

[Nixnutz]

Monk:
You're getting some good advice on what to use. However, you need to take a systematic approach to eliminating this garbage.

Part of the problem is that there is no single program out there that will clean your computer or prevent the installation of this junk.

I've worked on over 70 machines over the last few weeks (5 in the last two days) and here is what I have found to be successful:

1) Make sure your Spysweeper is updated. This is one of the better pay-for products. You didn't waste your money.

2) Download the lastest AdawareSE from Lavasoftusa.com. Install it and update it.

3) Download and install Spybot S&D from safer-networking.com. Update it.

4) Download HiJackThis (v1.98.2) from Snapfiles.com or MajorGeeks.com or wherever you can find it. Create a folder on your desktop and save it there. Warning:This program works in the registry and you can get into a great deal of trouble if you start fixing things without help.

5) Go to Sophos.com and run their free virus scanner. You've probably got virus problems as well as adware/spyware. You can also go to McAfee.com and download their Stinger (v2.4.3) and run that.

6) Delete all cookies, temporary internet files, temporary files and history from your browser. Do this for all users.

7) If your are using XP or ME disable System Restore (from McAfee):

Disabling the System Restore Utility (Windows XP Users)
Right click the My Computer icon on the Desktop and click on Properties.
Click on the System Restore tab.
Put a check mark next to 'Turn off System Restore on All Drives'.
Click the 'OK' button.
You will be prompted to restart the computer. Click Yes and restart in Safe Mode. (press F8 as the machine starts)​

(To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.)

8) Go to the Folder Options control panel and click the View Tab; check "Show hidden files and folders"; uncheck 'Hide file extensions...." and "Hide protected operating system files...". Many of the files you and the softtware are looking for are hidden.

9) Run Spybot and restart, again in Safe Mode.

10) Run AdawareSE using the Custom setting and restart in Normal Mode. Re-enable System Restore if you are using ME or XP.

11) Run HiJackThis and save the log.

12) Go to spywareinfo.com, castlecops.com (formerly computercops) or spywarewarrior.com and post your HJT log with an explanation of what you have and what you did. There are folks at these forums that can give you the help you need. You will probably have to register to post. (If you peruse the HiJackThis log threads you will see what I mean about taking a systematic approach.)

Yes, this is gonna take some time, but it will be well worth the effort.

Good Luck!

 

[ainwood]

By the way - "free" downloads of things like icons and screen-savers are a very common way of getting all sorts of rubbishy trojans on to your PC.

 

[Fifty]

Just an update. I did everything Nixnutz said, and upon removing all the spyware, Internet Explorer suddenly did not work. So I wiped the hard-drive and reinstalled windows, and now it is finally up and running again after various errors impeded progress. I think this computer is on its last breath, but I don't really mind because in a few months I'll be going to college and buying a new computer.

The re-installation of windows was a pain and I got a bunch of critical errors along the way. I knew it was bad when the Gateway tech support guy said "oh god" then started telling me about all the special offers on new computers... but eventually it worked out.

Thanks for the help!

 

[Plexus]

The re-installation of windows was a pain and I got a bunch of critical errors along the way. I knew it was bad when the Gateway tech support guy said "oh god" then started telling me about all the special offers on new computers... but eventually it worked out.

Glad everything got worked out.

 

[Neomega]

Just an update. I did everything Nixnutz said, and upon removing all the spyware, Internet Explorer suddenly did not work. So I wiped the hard-drive and reinstalled windows, and now it is finally up and running again after various errors impeded progress. I think this computer is on its last breath, but I don't really mind because in a few months I'll be going to college and buying a new computer.

The re-installation of windows was a pain and I got a bunch of critical errors along the way. I knew it was bad when the Gateway tech support guy said "oh god" then started telling me about all the special offers on new computers... but eventually it worked out.

Thanks for the help!

You didn't have to. There are better anti-virus companies out there, though they have been slandered by the competition. If you want a good product, look for one with the best customer support. I can't say who I work for, but I know we could have taken care of that problem for you without charging you $3 a minute to talk to a technician, like Norton or McAfee, and without suggesting you format your hard drive like half of the Computer repair shops.

 

[Sir Bugsy]

Ad-Aware will tell you that Spy-Bot is spy-ware. Sure enough, there is a program inside called tea-timer. Tea-Timer is Spy-Bot's spy-ware.

Neomega, would you mind if we all e-mailed you or PM'ed you to get your advice on this problem?