PC Review


Reply
Thread Tools Rate Thread

Spyware Infection Desktop

 
 
=?Utf-8?B?QmFkV2l0aFRlY2hub2xvZ3k=?=
Guest
Posts: n/a
 
      2nd Aug 2006
I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
antispyware software, I got a desktop background saying:

SPYWARE
INFECTION

Your system is infected with spyware. Windows recommends you to use a
spyware removal tool to prevent loss of important data and increase system
performance. Using this PC before having it cleaned from spyware threats is
highly discouraged.


I removed the spyware and now when I try to change my desktop, it still
remains the SPYWARE INFECTION desktop. Help Please.
 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      2nd Aug 2006
From: "BadWithTechnology" <(E-Mail Removed)>

| I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
| antispyware software, I got a desktop background saying:
|
| SPYWARE
| INFECTION
|
| Your system is infected with spyware. Windows recommends you to use a
| spyware removal tool to prevent loss of important data and increase system
| performance. Using this PC before having it cleaned from spyware threats is
| highly discouraged.
|
| I removed the spyware and now when I try to change my desktop, it still
| remains the SPYWARE INFECTION desktop. Help Please.



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE/JSE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
This is most likely why you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_07


http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
 
=?Utf-8?B?S2VtY28=?=
Guest
Posts: n/a
 
      2nd Aug 2006
Hey BWT,

Just go into start > control panel > appearance and themes > Display >
desktop tab > customize desktop button > web tab > uncheckmark and delete all
entries in there > ok > ok > restart. Good Luck

Joe

Kemco Technician

"BadWithTechnology" wrote:

> I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
> antispyware software, I got a desktop background saying:
>
> SPYWARE
> INFECTION
>
> Your system is infected with spyware. Windows recommends you to use a
> spyware removal tool to prevent loss of important data and increase system
> performance. Using this PC before having it cleaned from spyware threats is
> highly discouraged.
>
>
> I removed the spyware and now when I try to change my desktop, it still
> remains the SPYWARE INFECTION desktop. Help Please.

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      2nd Aug 2006
From: "Kemco" <(E-Mail Removed)>

| Hey BWT,
|
| Just go into start > control panel > appearance and themes > Display >
| desktop tab > customize desktop button > web tab > uncheckmark and delete all
| entries in there > ok > ok > restart. Good Luck
|
| Joe
|
| Kemco Technician
|


And how will that remove the SmitFraud Trojan (or FakeAlert, ZLob, etc.) that has caused
this ?
How about if the malware has also set the Policies to limit the user's ability to change teh
Desktop ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
=?Utf-8?B?bWlzc2ll?=
Guest
Posts: n/a
 
      2nd Aug 2006
I am trying to remove the spyware off my computer, but it won't let me.It
tells me the system is locked and can't close it down now what.

"BadWithTechnology" wrote:

> I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
> antispyware software, I got a desktop background saying:
>
> SPYWARE
> INFECTION
>
> Your system is infected with spyware. Windows recommends you to use a
> spyware removal tool to prevent loss of important data and increase system
> performance. Using this PC before having it cleaned from spyware threats is
> highly discouraged.
>
>
> I removed the spyware and now when I try to change my desktop, it still
> remains the SPYWARE INFECTION desktop. Help Please.

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      3rd Aug 2006
From: "missie" <(E-Mail Removed)>

| I am trying to remove the spyware off my computer, but it won't let me.It
| tells me the system is locked and can't close it down now what.
|


The same advice I gave the OP...

Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE/JSE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
This is most likely why you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
be installed ASAP.

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version...

C:\Program Files\Java\jre1.5.0_07

http://www.java.com/en/download/manual.jsp

Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click...click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html

Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.

ALTERNATE:

Part 1
-----------

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072

Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
=?Utf-8?B?S2VtY28=?=
Guest
Posts: n/a
 
      3rd Aug 2006
The OP stated:

| I removed the spyware and now when I try to change my desktop, it still
| remains the SPYWARE INFECTION desktop. Help Please.

I suppose I should have covered that he may still have smitfraud but I was
assuming, and I know that its not the right thing to do, that when he says he
removed the spyware that he had an anti-spyware capable of removing the
threats. My bad, I guess....

Joe

Kemco Technician

"David H. Lipman" wrote:

> From: "Kemco" <(E-Mail Removed)>
>
> | Hey BWT,
> |
> | Just go into start > control panel > appearance and themes > Display >
> | desktop tab > customize desktop button > web tab > uncheckmark and delete all
> | entries in there > ok > ok > restart. Good Luck
> |
> | Joe
> |
> | Kemco Technician
> |
>
>
> And how will that remove the SmitFraud Trojan (or FakeAlert, ZLob, etc.) that has caused
> this ?
> How about if the malware has also set the Policies to limit the user's ability to change teh
> Desktop ?
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      3rd Aug 2006
From: "Kemco" <(E-Mail Removed)>

| The OP stated:
|
|> I removed the spyware and now when I try to change my desktop, it still
|> remains the SPYWARE INFECTION desktop. Help Please.
|
| I suppose I should have covered that he may still have smitfraud but I was
| assuming, and I know that its not the right thing to do, that when he says he
| removed the spyware that he had an anti-spyware capable of removing the
| threats. My bad, I guess....
|
| Joe
|
| Kemco Technician
|

The utilities I posted, incli\uding my own, are written specifically for this falmily of
malware and will remove the policies that block changes to the desktop as well as other
known relationships with this family of malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
Jay
Guest
Posts: n/a
 
      7th Aug 2006
I'm currently using Ad-aware and the Mcafee security centre, do you
think this a sufficient amount of security to repel current spyware
threats?

Regards,
Jay

David H. Lipman wrote:
> From: "Kemco" <(E-Mail Removed)>
>
> | The OP stated:
> |
> |> I removed the spyware and now when I try to change my desktop, it still
> |> remains the SPYWARE INFECTION desktop. Help Please.
> |
> | I suppose I should have covered that he may still have smitfraud but I was
> | assuming, and I know that its not the right thing to do, that when he says he
> | removed the spyware that he had an anti-spyware capable of removing the
> | threats. My bad, I guess....
> |
> | Joe
> |
> | Kemco Technician
> |
>
> The utilities I posted, incli\uding my own, are written specifically for this falmily of
> malware and will remove the policies that block changes to the desktop as well as other
> known relationships with this family of malware.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      7th Aug 2006
From: "Jay" <(E-Mail Removed)>

| I'm currently using Ad-aware and the Mcafee security centre, do you
| think this a sufficient amount of security to repel current spyware
| threats?
|
| Regards,
| Jay


No. Insufficient to fully get rid of this family of malware.
That's why these specialty tool exist.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"SPYWARE INFECTION" on desktop =?Utf-8?B?a21kNDU=?= Windows XP Security 2 1st Feb 2006 10:32 PM
"SPYWARE INFECTION" BLACK BOX ON DESKTOP =?Utf-8?B?TmF0ZSBCLg==?= Windows XP General 7 30th Jan 2006 07:59 PM
Are WinFixer 2005 popups a sign of infection or just attempts at infection? Donna Fox Windows XP Security 9 15th Jan 2006 06:47 PM
Desktop "spyware infection" screen =?Utf-8?B?YXpyYW5keXVzYQ==?= Anti-Spyware Installation 5 13th Dec 2005 08:19 PM
Possible infection/spyware? =?Utf-8?B?YzEyOHVzZXI=?= Windows XP Help 2 25th Nov 2004 11:09 AM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 06:21 PM.