My mate's really wierd computer problem

[zulu9812]

Okay, my mate doesn't take care of his computer and I've been sorting it out for him. I installed Spybot and Ad-Aware - Spybot turned up 59 results, Ad-Aware 149. These were all deleted. He also had 21 trojans, which I got rid of as well. However there is still a very odd problem. At first I thought that a spyware program had taken over his desktop with a web page which tells him that his computer is infected with spyware. However, all the spyware is gone (supposedly - and yes, I updated the definitions before I did the scans). I then thought that it could be that fudgingg messenger service, so I went into Administrative Tools > Services, stopped the process and set it to deisabled. Upon restart, however, the strange desktop was still there. It has ActiveX plugins which keep trying to run, and it referenced an html file in Windows\Webdesktop.html - I moved that file to the recyle bin. Now, instead of the message about the computer being infected (that's gone) - it's just a white screen. Whenever I launch Internet Explorer, this supra-desktop keeps trying to download a file but it always fails (with no intervention from myself and no firewall installed). This is all very strange - can anyone help?

 

[ainwood]

Try downloading hijackthis. It picks up things like this that Spybot and Adaware miss.

Also, try turning-off the "Active Desktop".

 

[oldStatesman]

Okay, my mate doesn't take care of his computer and I've been sorting it out for him. I installed Spybot and Ad-Aware - Spybot turned up 59 results, Ad-Aware 149. These were all deleted. He also had 21 trojans, which I got rid of as well. However there is still a very odd problem. At first I thought that a spyware program had taken over his desktop with a web page which tells him that his computer is infected with spyware. However, all the spyware is gone (supposedly - and yes, I updated the definitions before I did the scans). I then thought that it could be that fudgingg messenger service, so I went into Administrative Tools > Services, stopped the process and set it to deisabled. Upon restart, however, the strange desktop was still there. It has ActiveX plugins which keep trying to run, and it referenced an html file in Windows\Webdesktop.html - I moved that file to the recyle bin. Now, instead of the message about the computer being infected (that's gone) - it's just a white screen. Whenever I launch Internet Explorer, this supra-desktop keeps trying to download a file but it always fails (with no intervention from myself and no firewall installed). This is all very strange - can anyone help?

Wow. With that many trojans I would do a complete wipe and reinstall. No telling what system files were hosed and how.

If you don't want to do that, try SpywareBlaster to help identify/eliminate the ActiveX stuff...if you have Spybot there should be a link on the immunize screen.

Another great free tool is Bazooka Adware Detector - WARNING: it will not remove the spyware but it will link you to instructions on how to remove it. Buit it will find stuff the other's don't. And it is very small and hyper-fast. No harm to use it. I use it all the time professionally when consulting. WARNING AGAIN: Use care with a Google search for this one - most hits will take you to a spyware scam product. Best bet is at Cnet for the download: http://www.download.com/Bazooka-Adware-and-Spyware-Scanner/3640-8022_4-10377953.html

If you do do a reinstall, it may be a good idea to put your OS on one partition and data and programs on other separate partitions in case you have to do it again in the future. (For example, C:>Windows XP D:>Program files E:>User data files (My Documents); don't put applications into program files on C: - it makes it harder to wipe clean C and reinstall and also some bugs look for them there to hide in; if not found they may create a 'fake' program entry - I know I have an infection when I see a folder called 'Atari" for instance in c:/Program Files/Atari since my Atari install is really on the D drive under program files i.e. d:>/program files/Atari - the bug didn't know that so it made it's own fake place to hide that I could easily spot. My c:>/program files path is relatively empty. If all you have on c is your OS then it is easy to wipe just that partition and reinstall without wiping all your other data.)

Good Luck!

 

[zulu9812]

Wow. With that many trojans I would do a complete wipe and reinstall. No telling what system files were hosed and how.

In the end, that's what I did

 

[Neomega]

In the end, that's what I did

Smart Security was the infection. It hijacks your desktop. fairly difficult to remove.

I hope they didn't have anything important on there.

Sometimes a hard drive can be worth the price of a professional anti-spyware service subscription.

Really, all the stuff promoted by the internet forums is a hodgepodge of mediocre at best software. peopel swear by AdAware, but if they paid $20 a year for it they would toss it in 3 months.

Duct tape security system.... thats what I called it when I had the whole bag of free virus and spyware fighting stuff.

 

[Dabomb18359]

But then again for people without money in their pockets all the time free stuff that works is better than nothing.

 

[Neomega]

But then again for people without money in their pockets all the time free stuff that works is better than nothing.

true, true... But if your hardrive is important to you, and the information inside is important to you, you have two routes; education, or service pay.

Too many people choose not to make the choice.

 

[Dabomb18359]

Not really. Too many people don't know as much about computers as you do and they don't care much about it either.

They flat out don't care so anything free sounds good to them. They get the free stuff and whatever it finds they're happy because they don't know any better.

 

[Souron]

The thing is, the non-free spyware removal tools have not been shown to work better. If you can garentee that a spyware program works better than spybot and Ad-aware, I would be interested in buying it.

 

[Dabomb18359]

Well you don't need a guarantee. When I use SPybot I will turn up maybe 1-10 traces or something but in Spysweeper it's always more.