adware/spyware/hacker????

  • Thread starter Thread starter jock
  • Start date Start date
J

jock

Message constantly popping up from security shield on lower right screen.
system intrusion or stealth intrusion, security breach, system danger,
privacy threat etc. .
-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
trying to access internet shows IRC-worm.dos.septic or
trojan-bnk.win32.keylogger.gen
Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
Help. JOCK
 
Sounds like you've been HiJacked
First Disconnect your PC from the NETWORK
Download this onto a USB Drive
and run it
http://free.antivirus.com/hijackthis/

Find the Offected Registries.
(Google if you won't know what a program is it will tell you if it's ok or
not)
Russ
 
Also get this
http://www.malwarebytes.org/
Russ
--
Russell Grover - [SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


Russ - SBITS.Biz said:
Sounds like you've been HiJacked
First Disconnect your PC from the NETWORK
Download this onto a USB Drive
and run it
http://free.antivirus.com/hijackthis/

Find the Offected Registries.
(Google if you won't know what a program is it will tell you if it's ok or
not)
Russ
--
Russell Grover -[SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


jock said:
Message constantly popping up from security shield on lower right screen.
system intrusion or stealth intrusion, security breach, system danger,
privacy threat etc. .
-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
trying to access internet shows IRC-worm.dos.septic or
trojan-bnk.win32.keylogger.gen
Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
Help. JOCK
 
This may be nothing more than windows messenger service popup vunerability
turn off windows messenging service
 
security center is blocking access to all internet sites on one user login
account. the other logins seem to be ok. running windows xp. home edition.
--
jock


Russ - SBITS.Biz said:
Also get this
http://www.malwarebytes.org/
Russ
--
Russell Grover - [SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


Russ - SBITS.Biz said:
Sounds like you've been HiJacked
First Disconnect your PC from the NETWORK
Download this onto a USB Drive
and run it
http://free.antivirus.com/hijackthis/

Find the Offected Registries.
(Google if you won't know what a program is it will tell you if it's ok or
not)
Russ
--
Russell Grover -[SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


jock said:
Message constantly popping up from security shield on lower right screen.
system intrusion or stealth intrusion, security breach, system danger,
privacy threat etc. .
-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
trying to access internet shows IRC-worm.dos.septic or
trojan-bnk.win32.keylogger.gen
Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
Help. JOCK
 
security center is blocking access to all internet sites on one user login
account. the other logins seem to be ok. running windows xp. home edition..
--
jock



Russ - SBITS.Biz said:
Also get this
http://www.malwarebytes.org/
Russ
--
Russell Grover - [SBS-MVP]
24hr SBS Remote Support -www.SBITS.Biz
Second Opinion -www.PersonalITConsultant.com
Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com
Sounds like you've been HiJacked
First Disconnect your PC from the NETWORK
Download this onto a USB Drive
and run it
http://free.antivirus.com/hijackthis/
Find the Offected Registries.
(Google if you won't know what a program is it will tell you if it's ok or
not)
Russ
--
Russell Grover -[SBS-MVP]
24hr SBS Remote Support -www.SBITS.Biz
Second Opinion -www.PersonalITConsultant.com
Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com
:
Message constantly popping up from security shield on lower right screen.
system intrusion or stealth intrusion, security breach, system danger,
privacy threat etc. .
-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
trying to access internet shows IRC-worm.dos.septic or
trojan-bnk.win32.keylogger.gen
Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
Help. JOCK

Stop guessing what it might be.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.
 
Reading your post and I think you have what is called "rogue anti-virus"
software - which isn't anti-virus software at all - it itself is the
malware! They are trying to get you to buy their "full" program in order to
remove what they themselves have put there. Instead use known good software
such as Malwarebytes to remove this cr*p from your PC.

One thing you should do is have a good look at the thing and do a bit of
research first using the search engines. Do not use any removal tools that
are not 'known good' or that ask for money as you might just be digging
yourself deeper into the rogue's doo doo.

Ideally, you would have a full system image you could just reapply - so your
PC is back like new - apps - settings - 'n all - and a current backup of
more recent data which you could then just import. You could be back running
as if it never happened in under an hour. Look into "system image" and
"backup" and consider a back up and recovery strategy that doesn't involve
reinstalling everything all over. Windows 7, BTW, has wonderful backup
utilities built right in - you might consider moving to a PC running Windows
7 just for that.
 
You are seeing the effects of an already-present hijackware infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
• http://mvps.org/winhelp2002/unwanted.htm
• http://inetexplorer.mvps.org/tshoot.html
• http://www.mvps.org/sramesh2k/Malware_Defence.htm
• http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
Thank you all for the responses. I had CA security suite installed which has
not detected this problem. what I find strange is that I can log on as
another user and the computer seems to be fine. I have contacted CA and they
are going to try to resolve this problem. they issued me a case number and
will have their "infectious malware/spyware professionals" contact me.
 
Contacted microsoft support and after 3 hrs. on the phone resolved the
problem. Lookout for :AV.exe." Lethal!!!!!!!
 
undisclosed said:
Hi,

What you have explained in this post is basically the exact symptoms of
my computer sleath intrustion privacy threat etc. all pop up warnings
coming from windows xp internet security. I would just like to know what
the solution was this thread seems to just end with you saying you spoke
to Microsoft and after 3 hours it was solved.

I suspected the xp internet security immediately as no virus scanner
can scan as quickly as that it took about 3 mins for it to find 25
threats. then i did a scan with spyware doctor and it found a threat
called rougue.antivirusXP. My last resort will be to format my computer
but hopefully this thread will provide some answer. After the spydoctor
scan was complete and the computer rebooted but immediately XP internet
security popped up on screen again so this did not solve the problem.

Thanks in Advance for any help with this issue.
Phil

Well, there are hundreds of references to Malwarebytes in this one
newsgroup, and four to six in this thread alone.. maybe you could try:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

and

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
jock said:
Contacted microsoft support and after 3 hrs. on the phone resolved the
problem. Lookout for :AV.exe." Lethal!!!!!!!

Any chance you remember what they told you? I'm having the same problem. Any
help would be appreciated.
 
SunaScorpion said:
Any chance you remember what they told you? I'm having the same problem. Any
help would be appreciated.

You can't read the post? Just what does it say to lookout for?
 
SunaScorpion said:
Any chance you remember what they told you? I'm having the same problem. Any
help would be appreciated.

Press Ctrl/Alt-Delete and stop AV.exe from running. Stop any other
process that will stop, unless you know some belong there, and then
Malwarebytes will possibly update and run. If not, try the same thing
in Safe Mode.

If you stop the wrong process and the system is disabled, restart and
try again, ignoring the process that caused problems during the previous
attempt. Usually, no Svchost.exe process will stop. But you might find
Sychost.exe running, and it's malicious.. intended to look like the
other legitimate service. Don't stop Explorer.exe, though it would
probably restart itself if you did.
 
Hello:

I ran your suggested hijacker program and now the simulated trojan is gone,
but I cannot remove any programs from my system. Add/Remove Programs ->
c:\WINDOWS\system32\rundll32.exe Application not found. Any suggestions?
Is this a path issue? Thanks. Deb
 
Back
Top