PC Review


Reply
Thread Tools Rate Thread

New Malware/spyware found

 
 
=?Utf-8?B?QWhtZWQgSWx5YXM=?=
Guest
Posts: n/a
 
      8th Jan 2006
Well I think I have found a new one.
Having the router firewall and the Windows Server 2003 EE SP1 firewall did
not seem to stop this beast from getting in.

I also have MS Anti Spyware beta 1 installed - all definations up to date as
well as Windows itself.

I was googling, searching for something, click on a link within that page
(this incident happened twice but on different websites) and it redirected to
somewhere else.

It installed automatically it's own stuff, anti spyware did not kick in
(even though it was enabled) and the software/malware/whatever just did its
job.

It then downloaded software called spyware strike or something similar to
that name and you get nothing but warnings on your taskbar saying that "your
computer is infected..." blah blah blah from that software

It also tried to change the IE settings - which MS Anti spyware picked up
and asked for my approval to which I responded "Block" - this approval box
kept appearing every few seconds.

Now, it installs and keeps in memory some files, of which are these:

mssearchnet.exe
nvctrl (no, this is not the nvidia related files)

both these files are located in the %windir%\%sysdir% folders.

They also create tmp files and what not...

Now, I tried scanning the system whilst infected, it didn't pick up anything
unfortunatly.

I did google this and found that it is of course spyware/malware and that it
opens a door to lead hackers into the system as well as reporting information
back to them automatically.

When you reboot the system and boot back into Windows - Explorer.exe crashes
constantly giving me the "application read error" messages pointing to
different memory address locations.

Repairing this file does not help, not even deleting the files in recovery
console and replacing them and removing the mssearchnet etc... files.

Even scanning from another system to this infected computer does not help,
it does find some things but even when removed - it still some how installs
itself.

The only solution - to format and re-install, which should not be an option.

This is of course in no way Microsoft's fault - that is what we are doing,
creating such software to prevent these things happening but no one can be
constantly up to date on the "per second" details of new spyware/anti
software found.

I am unsure if anyone has heard this but this is what is happening. We need
a cure for this.

Many thanks,
 
Reply With Quote
 
 
 
 
Tom Emmelot
Guest
Posts: n/a
 
      8th Jan 2006
Hello Ahmed,

see the tread "WARNING ! SpywareStrike"
in announcements 6/7/8/Jan 2006

Regards >*< TOM >*<

Ahmed Ilyas schreef:
> Well I think I have found a new one.
> Having the router firewall and the Windows Server 2003 EE SP1 firewall did
> not seem to stop this beast from getting in.
>
> I also have MS Anti Spyware beta 1 installed - all definations up to date as
> well as Windows itself.
>
> I was googling, searching for something, click on a link within that page
> (this incident happened twice but on different websites) and it redirected to
> somewhere else.
>
> It installed automatically it's own stuff, anti spyware did not kick in
> (even though it was enabled) and the software/malware/whatever just did its
> job.
>
> It then downloaded software called spyware strike or something similar to
> that name and you get nothing but warnings on your taskbar saying that "your
> computer is infected..." blah blah blah from that software
>
> It also tried to change the IE settings - which MS Anti spyware picked up
> and asked for my approval to which I responded "Block" - this approval box
> kept appearing every few seconds.
>
> Now, it installs and keeps in memory some files, of which are these:
>
> mssearchnet.exe
> nvctrl (no, this is not the nvidia related files)
>
> both these files are located in the %windir%\%sysdir% folders.
>
> They also create tmp files and what not...
>
> Now, I tried scanning the system whilst infected, it didn't pick up anything
> unfortunatly.
>
> I did google this and found that it is of course spyware/malware and that it
> opens a door to lead hackers into the system as well as reporting information
> back to them automatically.
>
> When you reboot the system and boot back into Windows - Explorer.exe crashes
> constantly giving me the "application read error" messages pointing to
> different memory address locations.
>
> Repairing this file does not help, not even deleting the files in recovery
> console and replacing them and removing the mssearchnet etc... files.
>
> Even scanning from another system to this infected computer does not help,
> it does find some things but even when removed - it still some how installs
> itself.
>
> The only solution - to format and re-install, which should not be an option.
>
> This is of course in no way Microsoft's fault - that is what we are doing,
> creating such software to prevent these things happening but no one can be
> constantly up to date on the "per second" details of new spyware/anti
> software found.
>
> I am unsure if anyone has heard this but this is what is happening. We need
> a cure for this.
>
> Many thanks,

 
Reply With Quote
 
 
 
 
=?Utf-8?B?RW5nZWw=?=
Guest
Posts: n/a
 
      8th Jan 2006
Hi,

MSAS is generally a reactive application. It tends to deal with spyware
after it is already on your computer. If your looking for protection before
it can download to your computer, you'd perhaps be interested in
SpywareBlaster.

http://www.javacoolsoftware.com/spywareblaster.html

Oh, and it sure doesn't hurt to have both of these applications for multiple
layers of protection.

If you want something proactive, add Prevx Home
http://www.prevx.com

YOU must have the expertise since it is your choices and education that
dictate how secure is your system.

I hope this post is helpful, let us know how it works Âșut.

Engel

--

"Ahmed Ilyas" wrote:

> Well I think I have found a new one.
> Having the router firewall and the Windows Server 2003 EE SP1 firewall did
> not seem to stop this beast from getting in.
>
> I also have MS Anti Spyware beta 1 installed - all definations up to date as
> well as Windows itself.
>
> I was googling, searching for something, click on a link within that page
> (this incident happened twice but on different websites) and it redirected to
> somewhere else.
>
> It installed automatically it's own stuff, anti spyware did not kick in
> (even though it was enabled) and the software/malware/whatever just did its
> job.
>
> It then downloaded software called spyware strike or something similar to
> that name and you get nothing but warnings on your taskbar saying that "your
> computer is infected..." blah blah blah from that software
>
> It also tried to change the IE settings - which MS Anti spyware picked up
> and asked for my approval to which I responded "Block" - this approval box
> kept appearing every few seconds.
>
> Now, it installs and keeps in memory some files, of which are these:
>
> mssearchnet.exe
> nvctrl (no, this is not the nvidia related files)
>
> both these files are located in the %windir%\%sysdir% folders.
>
> They also create tmp files and what not...
>
> Now, I tried scanning the system whilst infected, it didn't pick up anything
> unfortunatly.
>
> I did google this and found that it is of course spyware/malware and that it
> opens a door to lead hackers into the system as well as reporting information
> back to them automatically.
>
> When you reboot the system and boot back into Windows - Explorer.exe crashes
> constantly giving me the "application read error" messages pointing to
> different memory address locations.
>
> Repairing this file does not help, not even deleting the files in recovery
> console and replacing them and removing the mssearchnet etc... files.
>
> Even scanning from another system to this infected computer does not help,
> it does find some things but even when removed - it still some how installs
> itself.
>
> The only solution - to format and re-install, which should not be an option.
>
> This is of course in no way Microsoft's fault - that is what we are doing,
> creating such software to prevent these things happening but no one can be
> constantly up to date on the "per second" details of new spyware/anti
> software found.
>
> I am unsure if anyone has heard this but this is what is happening. We need
> a cure for this.
>
> Many thanks,

 
Reply With Quote
 
=?Utf-8?B?bWljaGVsbGU=?=
Guest
Posts: n/a
 
      9th Jan 2006
Hi, i have had this same thing start on my computer about 3 days ago and now
there is a non-stop screensaver on my puter saying: your computer may be
infected . I also get the constant warnings every few seconds at the bottom
of my computer screen, what can i do to fix this? I have run my microsoft
spyware scan and nothing comes up. I would appreciate any help in this
matter.

Thanks you

"Ahmed Ilyas" wrote:

> Well I think I have found a new one.
> Having the router firewall and the Windows Server 2003 EE SP1 firewall did
> not seem to stop this beast from getting in.
>
> I also have MS Anti Spyware beta 1 installed - all definations up to date as
> well as Windows itself.
>
> I was googling, searching for something, click on a link within that page
> (this incident happened twice but on different websites) and it redirected to
> somewhere else.
>
> It installed automatically it's own stuff, anti spyware did not kick in
> (even though it was enabled) and the software/malware/whatever just did its
> job.
>
> It then downloaded software called spyware strike or something similar to
> that name and you get nothing but warnings on your taskbar saying that "your
> computer is infected..." blah blah blah from that software
>
> It also tried to change the IE settings - which MS Anti spyware picked up
> and asked for my approval to which I responded "Block" - this approval box
> kept appearing every few seconds.
>
> Now, it installs and keeps in memory some files, of which are these:
>
> mssearchnet.exe
> nvctrl (no, this is not the nvidia related files)
>
> both these files are located in the %windir%\%sysdir% folders.
>
> They also create tmp files and what not...
>
> Now, I tried scanning the system whilst infected, it didn't pick up anything
> unfortunatly.
>
> I did google this and found that it is of course spyware/malware and that it
> opens a door to lead hackers into the system as well as reporting information
> back to them automatically.
>
> When you reboot the system and boot back into Windows - Explorer.exe crashes
> constantly giving me the "application read error" messages pointing to
> different memory address locations.
>
> Repairing this file does not help, not even deleting the files in recovery
> console and replacing them and removing the mssearchnet etc... files.
>
> Even scanning from another system to this infected computer does not help,
> it does find some things but even when removed - it still some how installs
> itself.
>
> The only solution - to format and re-install, which should not be an option.
>
> This is of course in no way Microsoft's fault - that is what we are doing,
> creating such software to prevent these things happening but no one can be
> constantly up to date on the "per second" details of new spyware/anti
> software found.
>
> I am unsure if anyone has heard this but this is what is happening. We need
> a cure for this.
>
> Many thanks,

 
Reply With Quote
 
=?Utf-8?B?QW5keU1hbmNoZXN0YQ==?=
Guest
Posts: n/a
 
      9th Jan 2006

Use Smitrem & Ewido then Ccleaner to remove temp files (Copy and save this to
notepad so you can still view it in safe mode)

Download SmitRem

http://noahdfear.geekstogo.com/click...click.php?id=1

Save it to your desktop,Double click on the SmitRem.exe file and extract it
to it's own folder on the desktop.

Download Ewido Security Suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes (the status bar
at the bottom will display "Update successful") Exit Ewido. DO NOT scan yet.

Download Ccleaner (To Remove Temp and unused files from your system)

http://www.ccleaner.com/ccdownload.asp

Install Then close

Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run Smitrem :

Open the smitRem folder, then double click the RunThis.bat file to start the
tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive,
eg; Local Disk C: or partition where your operating system is installed.

Run Ewido

Click on the Scanner button in the left menu, then click on complete system
scan.
When ewido finds something, it will pop up a notification.
Select "clean" and check the boxes "Perform action with all infections" and
"Create encrypted backup" before clicking on ok. When the scan finishes,
click on "Save Report" from the bottom of the screen and save it to your
desktop incase you need more help with this.

Run Ccleaner and press "Run Cleaner" then exit.

While still in safe mode reset the Internet Settings : Goto Start Menu then
Control Panel then to Internet Options, Click the Programs Tab and press
"Reset Web Settings" and include the homepage then press Yes, Then goto the
General Tab and enter the homepage you want to use into the space provided
and press Apply .

Then Reboot back to Normal Mode

You will need to reload your wallpaper after this tool finishes, Smitrem
will reset it because Trojans related to this infection will display a
spyware warning as a desktop wallpaper which cannot be removed, To change
your wallpaper right click desktop and choose properties, Set the Theme to XP
if you are running XP then goto the Desktop tab and choose your wallpaper
from there.

Some of the Trojans/Exploit files that install this junk also delete Spybot
Search & Destroys SDHelper.dll so if you have Spybot its worth reinstalling
to be sure its not been damaged.

All The Best

Andy
 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
404 Not Found - Not Found The requested URL /_vti_bin/shtml.exe/_vti_rpcwas not found on this server cinerama Microsoft Frontpage 1 6th Jan 2008 06:24 PM
What are the Folders Found.000, Found.001, Found.002 etc. all about? xyz Windows XP General 2 30th May 2004 11:55 AM
is it safe to delete Found.000,Found.001,Found.002,... (newbie) Sting Microsoft Windows 2000 4 16th Jan 2004 04:32 PM
no SCSI host adapter found ,no cd burner found botham Windows XP Performance 1 30th Dec 2003 07:22 PM
found new hardware (usb driver not found) Ahsan Microsoft Windows 2000 Setup 4 11th Nov 2003 11:50 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 05:37 PM.