Nasty Virus/Spyware Got into My System

[anonymous]

I tried to use the restore point to see if it can repair the damaged
cause by some virus/spyware that got into my system. I had everything
installed as a measure to prevent this from happening, but somehow it
still got in anyway.

I had a AVG, Comodo Firewall, Search & Destroy Ice Tea installed as well
regularly used Ad-Aware.

Somehow, my desktop wallpaper got replaced by a wallpaper that said I had
a spyware in my system (hopefully someone knows something about that). So
I ran all of the anti-spyware program, found a buttload of them and
removed them.

Ran AVG and it didn't find anything, but it did notice a change in my
system...

Kernel32.dll
User32.dll
Shell32.dll
Ntoskrnl.exe
c:/windows\system32\drivers\etc\host

I can't get online using Windows 98, thank god I have a dual boot with
Ubuntu so I can get online and post my problem here.

Any idea on what to do to get my system back in order?

Thanks

 

[David H. Lipman]

From: "anonymous" <[email protected]>

| I tried to use the restore point to see if it can repair the damaged
| cause by some virus/spyware that got into my system. I had everything
| installed as a measure to prevent this from happening, but somehow it
| still got in anyway.
|
| I had a AVG, Comodo Firewall, Search & Destroy Ice Tea installed as well
| regularly used Ad-Aware.
|
| Somehow, my desktop wallpaper got replaced by a wallpaper that said I had
| a spyware in my system (hopefully someone knows something about that). So
| I ran all of the anti-spyware program, found a buttload of them and
| removed them.
|
| Ran AVG and it didn't find anything, but it did notice a change in my
| system...
|
| Kernel32.dll
| User32.dll
| Shell32.dll
| Ntoskrnl.exe
| c:/windows\system32\drivers\etc\host
|
| I can't get online using Windows 98, thank god I have a dual boot with
| Ubuntu so I can get online and post my problem here.
|
| Any idea on what to do to get my system back in order?
|
| Thanks

Win98 ?
This is a WinXP support group.

Additionally, the proper place to deal with malware is; microsoft.public.security.virus


Two part reply..

Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


* * * Please report back your results * * *

 

[HEMI-Powered]

anonymous added these comments in the current discussion du jour
....

I tried to use the restore point to see if it can repair the
damaged cause by some virus/spyware that got into my system. I
had everything installed as a measure to prevent this from
happening, but somehow it still got in anyway.

I had a AVG, Comodo Firewall, Search & Destroy Ice Tea
installed as well regularly used Ad-Aware.

Somehow, my desktop wallpaper got replaced by a wallpaper that
said I had a spyware in my system (hopefully someone knows
something about that). So I ran all of the anti-spyware
program, found a buttload of them and removed them.

Ran AVG and it didn't find anything, but it did notice a
change in my system...

Kernel32.dll
User32.dll
Shell32.dll
Ntoskrnl.exe
c:/windows\system32\drivers\etc\host

I can't get online using Windows 98, thank god I have a dual
boot with Ubuntu so I can get online and post my problem here.

Any idea on what to do to get my system back in order?

The most malicious malware's first intent is to disable detection
and innoculation attempts by the user and to also disable RPs.
Short of a repair installation, I'd suggest at least trying what
you've already done in Safe Mode. I assume that you do not have
imaging software such as Acronis True Image or Norton Ghost with
backups of your system, so the best of luck in recovering your
system. Or, if the remaining problem is just a small number of
files such as those you listed, you can probably get them from
your Windows install CD by unpacking them from the appropriate
..cab files.

 

[Nepatsfan]

I tried to use the restore point to see if it can repair the damaged
cause by some virus/spyware that got into my system. I had everything
installed as a measure to prevent this from happening, but somehow it
still got in anyway.

I had a AVG, Comodo Firewall, Search & Destroy Ice Tea installed as well
regularly used Ad-Aware.

Somehow, my desktop wallpaper got replaced by a wallpaper that said I had
a spyware in my system (hopefully someone knows something about that). So
I ran all of the anti-spyware program, found a buttload of them and
removed them.

Ran AVG and it didn't find anything, but it did notice a change in my
system...

Kernel32.dll
User32.dll
Shell32.dll
Ntoskrnl.exe
c:/windows\system32\drivers\etc\host

I can't get online using Windows 98, thank god I have a dual boot with
Ubuntu so I can get online and post my problem here.

Any idea on what to do to get my system back in order?

Thanks

With regard to your question concerning AVG, take a look here for more info.

Change files alerts
http://forum.grisoft.cz/freeforum/read.php?8,102236,backpage=,sv=

Good luck

Nepatsfan

 

[anonymous]

From: "anonymous" <[email protected]>

| I tried to use the restore point to see if it can repair the damaged |
cause by some virus/spyware that got into my system. I had everything |
installed as a measure to prevent this from happening, but somehow it |
still got in anyway.
|
| I had a AVG, Comodo Firewall, Search & Destroy Ice Tea installed as
well | regularly used Ad-Aware.
|
| Somehow, my desktop wallpaper got replaced by a wallpaper that said I
had | a spyware in my system (hopefully someone knows something about
that). So | I ran all of the anti-spyware program, found a buttload of
them and | removed them.
|
| Ran AVG and it didn't find anything, but it did notice a change in my
| system...
|
| Kernel32.dll
| User32.dll
| Shell32.dll
| Ntoskrnl.exe
| c:/windows\system32\drivers\etc\host |
| I can't get online using Windows 98, thank god I have a dual boot with
| Ubuntu so I can get online and post my problem here. |
| Any idea on what to do to get my system back in order? |
| Thanks

Win98 ?
This is a WinXP support group.

Additionally, the proper place to deal with malware is;
microsoft.public.security.virus


Two part reply..

Perform Part 1 then perform Part 2.

It is suggested that you execute each tool in Normal Mode then in Safe
Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool --
SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


* * * Please report back your results * * *

Make note to self, never post when dead tired. It's WinXP, sorry folks.

 

[David H. Lipman]

From: "anonymous" <[email protected]>

| On Sat, 08 Mar 2008 21:29:04 -0500, David H. Lipman wrote:
|

|
| Make note to self, never post when dead tired. It's WinXP, sorry folks.

OK then

Did you or are you runng the anti SmitFraud tools suggested ?