New Malware/spyware found

Discussion in 'Security and Anti-Spyware Community' started by Guest, Jan 8, 2006.

  1. Guest

    Guest Guest

    Well I think I have found a new one.
    Having the router firewall and the Windows Server 2003 EE SP1 firewall did
    not seem to stop this beast from getting in.

    I also have MS Anti Spyware beta 1 installed - all definations up to date as
    well as Windows itself.

    I was googling, searching for something, click on a link within that page
    (this incident happened twice but on different websites) and it redirected to
    somewhere else.

    It installed automatically it's own stuff, anti spyware did not kick in
    (even though it was enabled) and the software/malware/whatever just did its
    job.

    It then downloaded software called spyware strike or something similar to
    that name and you get nothing but warnings on your taskbar saying that "your
    computer is infected..." blah blah blah from that software

    It also tried to change the IE settings - which MS Anti spyware picked up
    and asked for my approval to which I responded "Block" - this approval box
    kept appearing every few seconds.

    Now, it installs and keeps in memory some files, of which are these:

    mssearchnet.exe
    nvctrl (no, this is not the nvidia related files)

    both these files are located in the %windir%\%sysdir% folders.

    They also create tmp files and what not...

    Now, I tried scanning the system whilst infected, it didn't pick up anything
    unfortunatly.

    I did google this and found that it is of course spyware/malware and that it
    opens a door to lead hackers into the system as well as reporting information
    back to them automatically.

    When you reboot the system and boot back into Windows - Explorer.exe crashes
    constantly giving me the "application read error" messages pointing to
    different memory address locations.

    Repairing this file does not help, not even deleting the files in recovery
    console and replacing them and removing the mssearchnet etc... files.

    Even scanning from another system to this infected computer does not help,
    it does find some things but even when removed - it still some how installs
    itself.

    The only solution - to format and re-install, which should not be an option.

    This is of course in no way Microsoft's fault - that is what we are doing,
    creating such software to prevent these things happening but no one can be
    constantly up to date on the "per second" details of new spyware/anti
    software found.

    I am unsure if anyone has heard this but this is what is happening. We need
    a cure for this.

    Many thanks,
     
    Guest, Jan 8, 2006
    #1
    1. Advertisements

  2. Guest

    Tom Emmelot Guest

    Hello Ahmed,

    see the tread "WARNING ! SpywareStrike"
    in announcements 6/7/8/Jan 2006

    Regards >*< TOM >*<

    Ahmed Ilyas schreef:
    > Well I think I have found a new one.
    > Having the router firewall and the Windows Server 2003 EE SP1 firewall did
    > not seem to stop this beast from getting in.
    >
    > I also have MS Anti Spyware beta 1 installed - all definations up to date as
    > well as Windows itself.
    >
    > I was googling, searching for something, click on a link within that page
    > (this incident happened twice but on different websites) and it redirected to
    > somewhere else.
    >
    > It installed automatically it's own stuff, anti spyware did not kick in
    > (even though it was enabled) and the software/malware/whatever just did its
    > job.
    >
    > It then downloaded software called spyware strike or something similar to
    > that name and you get nothing but warnings on your taskbar saying that "your
    > computer is infected..." blah blah blah from that software
    >
    > It also tried to change the IE settings - which MS Anti spyware picked up
    > and asked for my approval to which I responded "Block" - this approval box
    > kept appearing every few seconds.
    >
    > Now, it installs and keeps in memory some files, of which are these:
    >
    > mssearchnet.exe
    > nvctrl (no, this is not the nvidia related files)
    >
    > both these files are located in the %windir%\%sysdir% folders.
    >
    > They also create tmp files and what not...
    >
    > Now, I tried scanning the system whilst infected, it didn't pick up anything
    > unfortunatly.
    >
    > I did google this and found that it is of course spyware/malware and that it
    > opens a door to lead hackers into the system as well as reporting information
    > back to them automatically.
    >
    > When you reboot the system and boot back into Windows - Explorer.exe crashes
    > constantly giving me the "application read error" messages pointing to
    > different memory address locations.
    >
    > Repairing this file does not help, not even deleting the files in recovery
    > console and replacing them and removing the mssearchnet etc... files.
    >
    > Even scanning from another system to this infected computer does not help,
    > it does find some things but even when removed - it still some how installs
    > itself.
    >
    > The only solution - to format and re-install, which should not be an option.
    >
    > This is of course in no way Microsoft's fault - that is what we are doing,
    > creating such software to prevent these things happening but no one can be
    > constantly up to date on the "per second" details of new spyware/anti
    > software found.
    >
    > I am unsure if anyone has heard this but this is what is happening. We need
    > a cure for this.
    >
    > Many thanks,
     
    Tom Emmelot, Jan 8, 2006
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Hi,

    MSAS is generally a reactive application. It tends to deal with spyware
    after it is already on your computer. If your looking for protection before
    it can download to your computer, you'd perhaps be interested in
    SpywareBlaster.

    http://www.javacoolsoftware.com/spywareblaster.html

    Oh, and it sure doesn't hurt to have both of these applications for multiple
    layers of protection.

    If you want something proactive, add Prevx Home
    http://www.prevx.com

    YOU must have the expertise since it is your choices and education that
    dictate how secure is your system.

    I hope this post is helpful, let us know how it works ºut.

    Engel

    --

    "Ahmed Ilyas" wrote:

    > Well I think I have found a new one.
    > Having the router firewall and the Windows Server 2003 EE SP1 firewall did
    > not seem to stop this beast from getting in.
    >
    > I also have MS Anti Spyware beta 1 installed - all definations up to date as
    > well as Windows itself.
    >
    > I was googling, searching for something, click on a link within that page
    > (this incident happened twice but on different websites) and it redirected to
    > somewhere else.
    >
    > It installed automatically it's own stuff, anti spyware did not kick in
    > (even though it was enabled) and the software/malware/whatever just did its
    > job.
    >
    > It then downloaded software called spyware strike or something similar to
    > that name and you get nothing but warnings on your taskbar saying that "your
    > computer is infected..." blah blah blah from that software
    >
    > It also tried to change the IE settings - which MS Anti spyware picked up
    > and asked for my approval to which I responded "Block" - this approval box
    > kept appearing every few seconds.
    >
    > Now, it installs and keeps in memory some files, of which are these:
    >
    > mssearchnet.exe
    > nvctrl (no, this is not the nvidia related files)
    >
    > both these files are located in the %windir%\%sysdir% folders.
    >
    > They also create tmp files and what not...
    >
    > Now, I tried scanning the system whilst infected, it didn't pick up anything
    > unfortunatly.
    >
    > I did google this and found that it is of course spyware/malware and that it
    > opens a door to lead hackers into the system as well as reporting information
    > back to them automatically.
    >
    > When you reboot the system and boot back into Windows - Explorer.exe crashes
    > constantly giving me the "application read error" messages pointing to
    > different memory address locations.
    >
    > Repairing this file does not help, not even deleting the files in recovery
    > console and replacing them and removing the mssearchnet etc... files.
    >
    > Even scanning from another system to this infected computer does not help,
    > it does find some things but even when removed - it still some how installs
    > itself.
    >
    > The only solution - to format and re-install, which should not be an option.
    >
    > This is of course in no way Microsoft's fault - that is what we are doing,
    > creating such software to prevent these things happening but no one can be
    > constantly up to date on the "per second" details of new spyware/anti
    > software found.
    >
    > I am unsure if anyone has heard this but this is what is happening. We need
    > a cure for this.
    >
    > Many thanks,
     
    Guest, Jan 8, 2006
    #3
  4. Guest

    Guest Guest

    Hi, i have had this same thing start on my computer about 3 days ago and now
    there is a non-stop screensaver on my puter saying: your computer may be
    infected . I also get the constant warnings every few seconds at the bottom
    of my computer screen, what can i do to fix this? I have run my microsoft
    spyware scan and nothing comes up. I would appreciate any help in this
    matter.

    Thanks you

    "Ahmed Ilyas" wrote:

    > Well I think I have found a new one.
    > Having the router firewall and the Windows Server 2003 EE SP1 firewall did
    > not seem to stop this beast from getting in.
    >
    > I also have MS Anti Spyware beta 1 installed - all definations up to date as
    > well as Windows itself.
    >
    > I was googling, searching for something, click on a link within that page
    > (this incident happened twice but on different websites) and it redirected to
    > somewhere else.
    >
    > It installed automatically it's own stuff, anti spyware did not kick in
    > (even though it was enabled) and the software/malware/whatever just did its
    > job.
    >
    > It then downloaded software called spyware strike or something similar to
    > that name and you get nothing but warnings on your taskbar saying that "your
    > computer is infected..." blah blah blah from that software
    >
    > It also tried to change the IE settings - which MS Anti spyware picked up
    > and asked for my approval to which I responded "Block" - this approval box
    > kept appearing every few seconds.
    >
    > Now, it installs and keeps in memory some files, of which are these:
    >
    > mssearchnet.exe
    > nvctrl (no, this is not the nvidia related files)
    >
    > both these files are located in the %windir%\%sysdir% folders.
    >
    > They also create tmp files and what not...
    >
    > Now, I tried scanning the system whilst infected, it didn't pick up anything
    > unfortunatly.
    >
    > I did google this and found that it is of course spyware/malware and that it
    > opens a door to lead hackers into the system as well as reporting information
    > back to them automatically.
    >
    > When you reboot the system and boot back into Windows - Explorer.exe crashes
    > constantly giving me the "application read error" messages pointing to
    > different memory address locations.
    >
    > Repairing this file does not help, not even deleting the files in recovery
    > console and replacing them and removing the mssearchnet etc... files.
    >
    > Even scanning from another system to this infected computer does not help,
    > it does find some things but even when removed - it still some how installs
    > itself.
    >
    > The only solution - to format and re-install, which should not be an option.
    >
    > This is of course in no way Microsoft's fault - that is what we are doing,
    > creating such software to prevent these things happening but no one can be
    > constantly up to date on the "per second" details of new spyware/anti
    > software found.
    >
    > I am unsure if anyone has heard this but this is what is happening. We need
    > a cure for this.
    >
    > Many thanks,
     
    Guest, Jan 9, 2006
    #4
  5. Guest

    Guest Guest

    Use Smitrem & Ewido then Ccleaner to remove temp files (Copy and save this to
    notepad so you can still view it in safe mode)

    Download SmitRem

    http://noahdfear.geekstogo.com/click counter/click.php?id=1

    Save it to your desktop,Double click on the SmitRem.exe file and extract it
    to it's own folder on the desktop.

    Download Ewido Security Suite

    http://www.ewido.net/en/download/

    When installing, under "Additional Options" uncheck "Install background
    guard" and "Install scan via context menu". Click on update in the left menu,
    then click the Start update button. After the update finishes (the status bar
    at the bottom will display "Update successful") Exit Ewido. DO NOT scan yet.

    Download Ccleaner (To Remove Temp and unused files from your system)

    http://www.ccleaner.com/ccdownload.asp

    Install Then close

    Now reboot to Safe Mode - Restart your computer and immediately begin
    tapping the F8 key on your keyboard.
    If done right a Windows Advanced Options menu will appear. Select the Safe
    Mode option and press Enter.
    To return to normal mode just restart your computer as you normally would.

    Run Smitrem :

    Open the smitRem folder, then double click the RunThis.bat file to start the
    tool. Follow the prompts on screen.
    Wait for the tool to complete and disk cleanup to finish.
    The tool will create a log named smitfiles.txt in the root of your drive,
    eg; Local Disk C: or partition where your operating system is installed.

    Run Ewido

    Click on the Scanner button in the left menu, then click on complete system
    scan.
    When ewido finds something, it will pop up a notification.
    Select "clean" and check the boxes "Perform action with all infections" and
    "Create encrypted backup" before clicking on ok. When the scan finishes,
    click on "Save Report" from the bottom of the screen and save it to your
    desktop incase you need more help with this.

    Run Ccleaner and press "Run Cleaner" then exit.

    While still in safe mode reset the Internet Settings : Goto Start Menu then
    Control Panel then to Internet Options, Click the Programs Tab and press
    "Reset Web Settings" and include the homepage then press Yes, Then goto the
    General Tab and enter the homepage you want to use into the space provided
    and press Apply .

    Then Reboot back to Normal Mode

    You will need to reload your wallpaper after this tool finishes, Smitrem
    will reset it because Trojans related to this infection will display a
    spyware warning as a desktop wallpaper which cannot be removed, To change
    your wallpaper right click desktop and choose properties, Set the Theme to XP
    if you are running XP then goto the Desktop tab and choose your wallpaper
    from there.

    Some of the Trojans/Exploit files that install this junk also delete Spybot
    Search & Destroys SDHelper.dll so if you have Spybot its worth reinstalling
    to be sure its not been damaged.

    All The Best

    Andy
     
    Guest, Jan 9, 2006
    #5
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guest

    RE: Malware not found or stoped.

    Guest, Feb 13, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    0
    Views:
    229
    Guest
    Feb 13, 2006
  2. Guest

    Malware not found or stoped.

    Guest, Feb 13, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    4
    Views:
    263
    Guest
    Feb 14, 2006
  3. Guest

    RE: malware found by "defender"

    Guest, Apr 4, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    0
    Views:
    240
    Guest
    Apr 4, 2006
  4. Guest

    RE: malware found by "defender"

    Guest, Apr 4, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    0
    Views:
    244
    Guest
    Apr 4, 2006
  5. Guest

    malware found by "defender"

    Guest, Apr 3, 2006, in forum: Security and Anti-Spyware Community
    Replies:
    0
    Views:
    256
    Guest
    Apr 3, 2006
Loading...

Share This Page