I turned off UAC on my parents' new computer a couple days ago.
Yesterday, my dad encountered some spyware while browsing (he called
me over and I noticed that Firefox had somehow gone to
onlinexpscanner.com and downloaded a suspicious executable, and there
was a prompt to run the program). I am now trying to figure out if
any spyware got installed onto the computer. The first thing I have
noticed is that UAC is now enabled, even though I had disabled it a
couple days ago. How did that happen? Could any Windows updates have
re-enabled it?

On Mon, 5 May 2008 20:06:29 -0700 (PDT), "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>I turned off UAC on my parents' new computer a couple days ago.
>Yesterday, my dad encountered some spyware while browsing (he called
>me over and I noticed that Firefox had somehow gone to
>onlinexpscanner.com and downloaded a suspicious executable, and there
>was a prompt to run the program). I am now trying to figure out if
>any spyware got installed onto the computer. The first thing I have
>noticed is that UAC is now enabled, even though I had disabled it a
>couple days ago. How did that happen? Could any Windows updates have
>re-enabled it?


Surprise. onlinexpscanner.com IS the threat. It's often called social
engineering. Dear old dad or someone with access to this computer
might have visited this site under the lure of a free system scan.
Sounds harmless enough, except it reports bogus things wrong with you
system and then installs itself. Newer versions of anti virus and
malware programs like AVG will flag hostile web sites so only dummies
like Frank would be dumb enough to still click on them.

Confirm onlinexpscanner is on your system. Look in Task Manager under
processes tab.

According to Google there are many web sites that tell you how to
remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
site! Use Google to find web pages that talk about it and offer
methods to remove it.

First install AVG 8.0. This is a reliable company that makes real anti
virus and malware protection software. Once installed when you enter
onlinexpscanner into Google and similar threats it will have a red X,
while "trusted" sites with have a green check mark.

This sounds like a Trojan, not spyware. Trojans have the ability to
hijack your system so somebody can remotely control your computer and
yes, that means exactly what it sounds like.

On May 5, 11:32*pm, Adam Albright <A...@ABC.net> wrote:
> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
>
> <void.no.spam....@gmail.com> wrote:
> >I turned off UAC on my parents' new computer a couple days ago.
> >Yesterday, my dad encountered some spyware while browsing (he called
> >me over and I noticed that Firefox had somehow gone to
> >onlinexpscanner.com and downloaded a suspicious executable, and there
> >was a prompt to run the program). *I am now trying to figure out if
> >any spyware got installed onto the computer. *The first thing I have
> >noticed is that UAC is now enabled, even though I had disabled it a
> >couple days ago. *How did that happen? *Could any Windows updates have
> >re-enabled it?
>
> Surprise. onlinexpscanner.com IS the threat. It's often called social
> engineering. Dear old dad or someone with access to this computer
> might have visited this site under the lure of a free system scan.
> Sounds harmless enough, except it reports bogus things wrong with you
> system and then installs itself. Newer versions of anti virus and
> malware programs like AVG will flag hostile web sites so only dummies
> like Frank would be dumb enough to still click on them.

Yeah, I figured it was one of those "anti-spyware" sites that really
install spyware onto your computer.


> Confirm onlinexpscanner is on your system. Look in Task Manager under
> processes tab.
>
> According to Google there are many web sites that tell you how to
> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
> site! Use Google to find web pages that talk about it and offer
> methods to remove it.
>
> First install AVG 8.0. This is a reliable company that makes real anti
> virus and malware protection software. Once installed when you enter
> onlinexpscanner into Google and similar threats it will have a red X,
> while "trusted" sites with have a green check mark.

I did install AntiVir onto the computer, but that sounds like a cool
feature in AVG. Would that be AVG Antivirus or AVG Antispyware?


> This sounds like a Trojan, not spyware. Trojans have the ability to
> hijack your system so somebody can remotely control your computer and
> yes, that means exactly what it sounds like.

I went to the second site that came up in Google for "onlinexpscanner"
- http://www.411-spyware.com/remove-onlinexpscanner-com. That is
legitimate, right? I checked for the processes/files/registry keys
that it mentioned, and I don't see anything. I do have Explorer
configured to show all hidden/system files, and I told Task Manager to
show processes for all users.

But I guess I'm still a little paranoid. Do you think Windows
Defender would have stopped the spyware from executing?

Also, what do you think of using System Restore? There is a restore
point that is prior to my dad's encounter with the spyware site, so if
I restored the system to that point, would it guarantee that any
spyware would be removed? I'm not sure if that would work, because I
read that System Restore does not restore everything.

On Mon, 5 May 2008 21:21:46 -0700 (PDT), "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>> First install AVG 8.0. This is a reliable company that makes real anti
>> virus and malware protection software. Once installed when you enter
>> onlinexpscanner into Google and similar threats it will have a red X,
>> while "trusted" sites with have a green check mark.
>
>I did install AntiVir onto the computer, but that sounds like a cool
>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?

It's the latest version of AVG antivirus. Very nice.

Use the programs I have listed below, and you will have no more probs.

http://service1.symantec.com/SUPPORT...05033108162039

Above is the link for Norton Removal Tool; if using Norton.

Vista’s Firewall is very good!

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.
Only have one (1) anti-virus installed; more than 1 can cause conflicts.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2”
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

IMPORTANT ADVICE: After scanning with the above Programs, problems still
remain.

Reboot computer, and tap F8 at power on/ startup. From the list of options
that appears, select Safe mode by using the UP and DOWN Arrows, then hit
ENTER.

Rescan the computer in Safe mode.

--
Mick Murphy - Qld - Australia


"(E-Mail Removed)" wrote:

> On May 5, 11:32 pm, Adam Albright <A...@ABC.net> wrote:
> > On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
> >
> > <void.no.spam....@gmail.com> wrote:
> > >I turned off UAC on my parents' new computer a couple days ago.
> > >Yesterday, my dad encountered some spyware while browsing (he called
> > >me over and I noticed that Firefox had somehow gone to
> > >onlinexpscanner.com and downloaded a suspicious executable, and there
> > >was a prompt to run the program). I am now trying to figure out if
> > >any spyware got installed onto the computer. The first thing I have
> > >noticed is that UAC is now enabled, even though I had disabled it a
> > >couple days ago. How did that happen? Could any Windows updates have
> > >re-enabled it?
> >
> > Surprise. onlinexpscanner.com IS the threat. It's often called social
> > engineering. Dear old dad or someone with access to this computer
> > might have visited this site under the lure of a free system scan.
> > Sounds harmless enough, except it reports bogus things wrong with you
> > system and then installs itself. Newer versions of anti virus and
> > malware programs like AVG will flag hostile web sites so only dummies
> > like Frank would be dumb enough to still click on them.
>
> Yeah, I figured it was one of those "anti-spyware" sites that really
> install spyware onto your computer.
>
>
> > Confirm onlinexpscanner is on your system. Look in Task Manager under
> > processes tab.
> >
> > According to Google there are many web sites that tell you how to
> > remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
> > site! Use Google to find web pages that talk about it and offer
> > methods to remove it.
> >
> > First install AVG 8.0. This is a reliable company that makes real anti
> > virus and malware protection software. Once installed when you enter
> > onlinexpscanner into Google and similar threats it will have a red X,
> > while "trusted" sites with have a green check mark.
>
> I did install AntiVir onto the computer, but that sounds like a cool
> feature in AVG. Would that be AVG Antivirus or AVG Antispyware?
>
>
> > This sounds like a Trojan, not spyware. Trojans have the ability to
> > hijack your system so somebody can remotely control your computer and
> > yes, that means exactly what it sounds like.
>
> I went to the second site that came up in Google for "onlinexpscanner"
> - http://www.411-spyware.com/remove-onlinexpscanner-com. That is
> legitimate, right? I checked for the processes/files/registry keys
> that it mentioned, and I don't see anything. I do have Explorer
> configured to show all hidden/system files, and I told Task Manager to
> show processes for all users.
>
> But I guess I'm still a little paranoid. Do you think Windows
> Defender would have stopped the spyware from executing?
>
> Also, what do you think of using System Restore? There is a restore
> point that is prior to my dad's encounter with the spyware site, so if
> I restored the system to that point, would it guarantee that any
> spyware would be removed? I'm not sure if that would work, because I
> read that System Restore does not restore everything.
>

On Mon, 5 May 2008 21:21:46 -0700 (PDT), "(E-Mail Removed)"
<(E-Mail Removed)> wrote:

>On May 5, 11:32*pm, Adam Albright <A...@ABC.net> wrote:
>> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
>>
>> <void.no.spam....@gmail.com> wrote:
>> >I turned off UAC on my parents' new computer a couple days ago.
>> >Yesterday, my dad encountered some spyware while browsing (he called
>> >me over and I noticed that Firefox had somehow gone to
>> >onlinexpscanner.com and downloaded a suspicious executable, and there
>> >was a prompt to run the program). *I am now trying to figure out if
>> >any spyware got installed onto the computer. *The first thing I have
>> >noticed is that UAC is now enabled, even though I had disabled it a
>> >couple days ago. *How did that happen? *Could any Windows updates have
>> >re-enabled it?
>>
>> Surprise. onlinexpscanner.com IS the threat. It's often called social
>> engineering. Dear old dad or someone with access to this computer
>> might have visited this site under the lure of a free system scan.
>> Sounds harmless enough, except it reports bogus things wrong with you
>> system and then installs itself. Newer versions of anti virus and
>> malware programs like AVG will flag hostile web sites so only dummies
>> like Frank would be dumb enough to still click on them.
>
>Yeah, I figured it was one of those "anti-spyware" sites that really
>install spyware onto your computer.
>
>
>> Confirm onlinexpscanner is on your system. Look in Task Manager under
>> processes tab.
>>
>> According to Google there are many web sites that tell you how to
>> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
>> site! Use Google to find web pages that talk about it and offer
>> methods to remove it.
>>
>> First install AVG 8.0. This is a reliable company that makes real anti
>> virus and malware protection software. Once installed when you enter
>> onlinexpscanner into Google and similar threats it will have a red X,
>> while "trusted" sites with have a green check mark.
>
>I did install AntiVir onto the computer, but that sounds like a cool
>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?
>
>
>> This sounds like a Trojan, not spyware. Trojans have the ability to
>> hijack your system so somebody can remotely control your computer and
>> yes, that means exactly what it sounds like.
>
>I went to the second site that came up in Google for "onlinexpscanner"
>- http://www.411-spyware.com/remove-onlinexpscanner-com. That is
>legitimate, right? I checked for the processes/files/registry keys
>that it mentioned, and I don't see anything. I do have Explorer
>configured to show all hidden/system files, and I told Task Manager to
>show processes for all users.
>
>But I guess I'm still a little paranoid. Do you think Windows
>Defender would have stopped the spyware from executing?
>
>Also, what do you think of using System Restore? There is a restore
>point that is prior to my dad's encounter with the spyware site, so if
>I restored the system to that point, would it guarantee that any
>spyware would be removed? I'm not sure if that would work, because I
>read that System Restore does not restore everything.

I would just install AVG 8.0. The free version. Then let it run it's
anti-virus malware routine. If you still have onlinexpscanner or
anything else malicious on your system it should be able to isolate
it.

You are best off not trusting some unknown anti-spyware. That's how
you got in trouble in the first space. AVG has been around a long time
and has a good reputation. Use it. It is free. That's all you need.

If it is a Trojan it may hide itself and not show up in the processes
tab. It may or may not be on your system. By using AVG you'll find out
and it should be able to remove it or at least render it harmless.

If the system appears to be running ok, no real need to use a restore
point.

"Nonny" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 5 May 2008 21:21:46 -0700 (PDT), "(E-Mail Removed)"
> <(E-Mail Removed)> wrote:
>
>>> First install AVG 8.0. This is a reliable company that makes real anti
>>> virus and malware protection software. Once installed when you enter
>>> onlinexpscanner into Google and similar threats it will have a red X,
>>> while "trusted" sites with have a green check mark.
>>
>>I did install AntiVir onto the computer, but that sounds like a cool
>>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?
>
> It's the latest version of AVG antivirus. Very nice.


AVG AntiSpyware 7.5.1.43 plus is the last version of the antispyware
product offered by AVG. It is now incorporated into their new AVG Antivirus
8.0. Their antispyware product will no longer be offered as a standalone
product.

C.B.


--
It is the responsibility and duty of everyone to help the underprivileged
and unfortunate among us.

The same thing happened to me just now (I use Windows XP). I was Googling,
went to a page I thought might have the info I was searching for, and bingo!
the screen turned into XP Scanner, complete with dire warnings (in red) that
I had a moderate tracking program installed, a moderate trojan, and a very
bad virus. My Norton protection, however, popped up and said the site did not
have an authentication signature. I immediately tried to exit...and the
dratted page gave me all kinds of grief. Every time I'd hit Cancel, the
computer looped back to the original WARNING window, and when I'd hit X, the
program download window would come up. I finally simply exited the Internet
altogether, and immediately ran a scan. No trojans, no viruses, and one minor
tracking program.

My advice is: ignore it, exit, and then run a quick scan to make sure
everything is OK.

"(E-Mail Removed)" wrote:

> I turned off UAC on my parents' new computer a couple days ago.
> Yesterday, my dad encountered some spyware while browsing (he called
> me over and I noticed that Firefox had somehow gone to
> onlinexpscanner.com and downloaded a suspicious executable, and there
> was a prompt to run the program). I am now trying to figure out if
> any spyware got installed onto the computer. The first thing I have
> noticed is that UAC is now enabled, even though I had disabled it a
> couple days ago. How did that happen? Could any Windows updates have
> re-enabled it?
>
>