There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..." I snooped around my comp
and found a SpyDawn and I uninstalled it. My roommate probably looked around
some sites that he shouldn't have and now I'm stuck with this annoying bubble
that asks me to download anti-virus software. Can anyone help me ?

From: "taileon" <(E-Mail Removed)>

| There's a blue colored icon with a question mark in the bottom right hand
| part of my toolbar that keeps flashing asking me to download software.
| "System has detected a number of active spyware..." I snooped around my comp
| and found a SpyDawn and I uninstalled it. My roommate probably looked around
| some sites that he shouldn't have and now I'm stuck with this annoying bubble
| that asks me to download anti-virus software. Can anyone help me ?



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

maybe it's a good thing
that you are suspicious about
that warning and didn't swallow
the lure.....

eventhough the uninstall may have
appeared successful, it's likely there
are remnants of the malware keys in the
registry and possibly there may have
been other programs installed that
piggybacked the one you uninstalled.

i suggest that you try a system restore
and see if there is a restore point prior
to installing that software.

if the above is helpful then a clean
boot, then a registry cleaner and then running an
antiviral is likely to be a reasonable idea.

if you want to try to target that particular
file then i suggest to download a freeware from
Microsoft.com called autoruns.

in it there will be a number of tabs but one
of them will indicate a process related
to that warning. you can
then check it off and double click the
filename to disable it in the registry.

you may want to pay close attention and
see if the parent folder for it is also revealed
so that you can delete it as well.
Then reboot and see what happens....

It's not clear if that msg is an indication
of an actual infection or a lure to get
infected. But once the phony warning
is disabled, i would begin the process
of cleaning your system...

- db
"taileon" <(E-Mail Removed)> wrote in message news:ACDA7E60-9CF6-40E9-A01B-(E-Mail Removed)...
There's a blue colored icon with a question mark in the bottom right hand
part of my toolbar that keeps flashing asking me to download software.
"System has detected a number of active spyware..." I snooped around my comp
and found a SpyDawn and I uninstalled it. My roommate probably looked around
some sites that he shouldn't have and now I'm stuck with this annoying bubble
that asks me to download anti-virus software. Can anyone help me ?

The machine is already infected. The pop-ups are symptom. Do NOT click on
any links in the pop-ups!

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_R...:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
http://www.elephantboycomputers.com/...moving_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)


taileon wrote:
> There's a blue colored icon with a question mark in the bottom right hand
> part of my toolbar that keeps flashing asking me to download software.
> "System has detected a number of active spyware..." I snooped around my
> comp
> and found a SpyDawn and I uninstalled it. My roommate probably looked
> around some sites that he shouldn't have and now I'm stuck with this
> annoying bubble that asks me to download anti-virus software. Can anyone
> help me ?

Some people don't like this person but she has proved trustworthy to me and
all the feedback given is positive and says it works. I have tested it and
it is an excellent fast safe removal tool.
http://help.lockergnome.com/security...opict9865.html

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



"taileon" <(E-Mail Removed)> wrote in message
news:ACDA7E60-9CF6-40E9-A01B-(E-Mail Removed)...
> There's a blue colored icon with a question mark in the bottom right hand
> part of my toolbar that keeps flashing asking me to download software.
> "System has detected a number of active spyware..." I snooped around my
> comp
> and found a SpyDawn and I uninstalled it. My roommate probably looked
> around
> some sites that he shouldn't have and now I'm stuck with this annoying
> bubble
> that asks me to download anti-virus software. Can anyone help me ?

"taileon" wrote ...

> There's a blue colored icon with a question mark in the bottom right hand
> part of my toolbar that keeps flashing asking me to download software.
> "System has detected a number of active spyware..."

Before getting out the axe and other brute force tools, start by figuring
out exactly what this thing is.

That will be just a starting point.

Use Process Explorer:

http://www.microsoft.com/technet/sys...sExplorer.mspx

> I snooped around my comp and found a SpyDawn and I uninstalled it.

They are never single anymore. One means many. All it takes is one
drive-by installer to open the flood gate.

Get your entire toolbox out: Hijackthis, Spybot S&D, Adaware, virus
scanners, traffic analyzer to catch anyone calling home, etc, etc...

Getting clean is going to be painstaking. You are going to have to
scrutinize all running processes, startups, registry entries, files.

Basically, everything.

> My roommate probably looked around some sites that he shouldn't have
> and now I'm stuck with this annoying bubble that asks me to download
> anti-virus software. Can anyone help me ?

Once you are clean, disable the ActiveX bullshit, check for a java update,
and don't use (or allow anyone else to use) Internet Explorer again. Use
Firefox. Get an AV program if you aren't already using one. Avast and AVG
are both free. Norton is bullshit.

....finally, kick your roomdog's ass.

taileon wrote:
> There's a blue colored icon with a question mark in the bottom right hand
> part of my toolbar that keeps flashing asking me to download software.
> "System has detected a number of active spyware..." I snooped around my comp
> and found a SpyDawn and I uninstalled it. My roommate probably looked around
> some sites that he shouldn't have and now I'm stuck with this annoying bubble
> that asks me to download anti-virus software. Can anyone help me ?

Removal instructions here.

http://www.bleepingcomputer.com/forums/topic81275.html

Sharon Franks wrote:
> Some people don't like this person but she has proved trustworthy to me and
> all the feedback given is positive and says it works. I have tested it and
> it is an excellent fast safe removal tool.
> http://help.lockergnome.com/security...opict9865.html
>
Sounds like a paranoid, ranting lunatic.

In article <(E-Mail Removed)>, noheret@realorther
says...
> Some people don't like this person but she has proved trustworthy to me and
> all the feedback given is positive and says it works. I have tested it and
> it is an excellent fast safe removal tool.
> http://help.lockergnome.com/security...opict9865.html

And we all know that "She" is only referred to as "She" by PC BUTT S1
himself when trolling as his alternate nyms. It's also been confirmed
that PC BUTT S1 impersonates Sharon Franks many times.

Nothing that comes from any if the PC BUTT S1 sites, shown in the link
provided above, is legit, it's all scammed source code from other
people.

The reson that Sharon Franks (PC BUTT S1) didn't post a direct link is
because MS Usenet Admins are now erasing ALL posts by PC BUTT S1 and
anyone that posts links to HIS site.

--

(E-Mail Removed)
remove 999 in order to email me

I am Sharon Franks and I did post that message. it was not some impersonator
that you are obsessed with. Now I would appreciate it if you would stop
replying to my posts in this newsgroup. Every time I reply to someone you
always reply to me about your obsession. What is wrong with you?. Now thanks
to you I have tried and tested spyerase and it works, I don't care who made
it, it's none of my business. The fact is that it works that is why I
recommend it.

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).



"Leythos" <(E-Mail Removed)> wrote in message
news:45e0bb03$0$5259$(E-Mail Removed)...
> In article <(E-Mail Removed)>, noheret@realorther
> says...
>> Some people don't like this person but she has proved trustworthy to me
>> and
>> all the feedback given is positive and says it works. I have tested it
>> and
>> it is an excellent fast safe removal tool.
>> http://help.lockergnome.com/security...opict9865.html
>
> And we all know that "She" is only referred to as "She" by PC BUTT S1
> himself when trolling as his alternate nyms. It's also been confirmed
> that PC BUTT S1 impersonates Sharon Franks many times.
>
> Nothing that comes from any if the PC BUTT S1 sites, shown in the link
> provided above, is legit, it's all scammed source code from other
> people.
>
> The reson that Sharon Franks (PC BUTT S1) didn't post a direct link is
> because MS Usenet Admins are now erasing ALL posts by PC BUTT S1 and
> anyone that posts links to HIS site.
>
> --
>
> (E-Mail Removed)
> remove 999 in order to email me