infected computer

[Guest]

i keep getting a message flashing up saying puter is infected with spyware
but i run the anti spyware from microsoft every day but this message keeps
popping up and is interering with th running of computer can anyone tell me
how to get rid of it. they want me to buy the antispyware from them and i
cant stop it poiing up all the time

 

[Jim Byrd]

Hi Lilly - From my Blog, addy in my Signature below:


*******************************************
Run the following programs regularly; I recommend at least once a week or
immediately if you suspect that you've been infected. And MOST IMPORTANTLY,
if possible download a fresh copy for each use of the spyware tools below
for which this is specified and ALWAYS UPDATE ALL of them.

WARNING: There are a lot of purported anti-malware commercial products
available attempting to get your hard earned cash. Many of these are
"Rogue/Suspect" which means that "these products are of unknown,
questionable, or dubious value as anti-spyware protection." Eric Howes
maintains a list of these here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products. To quote him:
"Some of the products listed on this page simply do not provide proven,
reliable anti-spyware protection or may be prone to ridiculous false
positives. Others may use unfair, deceptive, high pressure sales tactics to
scare up sales from gullible, confused users. A very few of these products
are either associated with known distributors of spyware/adware or have been
known to install spyware/adware themselves." This site also maintains a
feature comparison list for the better known anti-spyware products, both
free and paid here: http://spywarewarrior.com/asw-features.htm as well as a
list of "trustworthy" products here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#trustworthy. I highly
recommend this site.

All of the software mentioned in this Blog is free.
*******************************************

 

[Bill Sanderson]

I agree with the message--but don't buy your antispyware from the folks who
have infected your machine!

You've got something in place that Microsoft Antispyware has missed.

Beta2 of Microsoft Antispyware, now called Windows Defender, is available,
and may be able to clean this issue better for you.

http://www.microsoft.com/downloads/...e7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en

Download and run--it will replace Microsoft Antispyware.

It will update definitions and run a quickscan on completion of the install.

I would expect the quickscan to find something on your machine. If it does,
have it removed, and follow up by running a full scan from the menus at the
top of the home page of the app.

Let us know if this does the job for you--it isn't perfect--there are some
bugs, and I've seen machines it doesn't clean, but this is the best first
step I can recommend for you.

 

[Guest]

You have been invaded by malware posing as anti-spyware. The removal depends
on which one (or more) in on your PC. If it has identifed itself as Spyaxe
or says you have been infected ty smitfraud, see this link for removal
instructions:
http://www.bleepingcomputer.com/forums/topic36868.html
It is possible that several malwares have been installed along with that
one, if so you may need to use the longer method here:
http://www.bleepingcomputer.com/forums/topic17258.html
CastleCops has instructions for these plus other malwares that might have
been installed on your computer by a trojan downloader:
http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal
If you are just not sure or want more information on how to prevent this
from happening again, check out dsl reports here:
http://www.dslreports.com/faq/8428

 

[Guest]

Hi Bill, Of course you are right, but I was afraid the malware might
interfere with installing Defender. If it does, the special tools are easier
to get downloaded.

 

[Bill Sanderson]

You might be right, too. I've got a machine which probably has that in
place. It looks absolutely clean to Microsoft Antispyware, Ewido, and
HijackThis--looked at by myself and another MVP. However, it is very
clearly infected--so I need to try the full cleaning technique.

--

 

[Guest]

A friend of mine who does HJT work for folks on the AOL message boards has
been running into more malware that HJT couldn't find. This new stuff is
pernicious. I would have thought Ewido would have found it, at least, even if
it couldn't clean it. I'm not that proficient myself, so I have to depend on
my tools. I don't think 1 or 2 anti-spywares is enough anymore, especially
for folks who don't know their way around in the registry. I don't tread
there either unless I know exactly what I am looking for.

 

[Guest]

Thank u all for your help, after a few false starts i managed to download
defender and it found spy falcon on my puter, it didnt seem able to cancel it
but i quaranteened it and now it seems to be ok, thank u again for help

 

[Bill Sanderson]

I believe that is a tough one to get rid of. Glad it is better--but you
might also want to restart your computer in safe mode, and scan with both
your up-to-date antivirus, and with Windows Defender. Sometimes the anti-?
programs are able to clean things better in safe mode.

--

 

[Guest]

could u explain to me how to start in safe mode, am afraid im only a beginner

 

[Jim Byrd]

Hi Lily - SpyFalcon can be difficult to remove. If you're computer astute
or have access to someone who is, you can try it by yourself using the
following procedure. Otherwise you may want to get some assistance at one
of the HJT forums (See the HiJackThis info following this):

Courtesy of MVP "PA Bear":

"SpyFalcon

Oh, yes. Here's the tried & true removal procedure:
http://www.bleepingcomputer.com/forums/topic43659.html (NG:
C:\Windows\System32\ginuerep.dll was only identified in the past week, a
signature of very recent SpyFalcon infections).

Follow up:

1. Delete the files found by Panda Active Scan which it couldn't disinfect;

2. Reboot into Safe Mode;

3. Use HijackThis to "fix" any remaining Bad Guys;

4. Delete unwanted folders containing the files in Step 1.

5. Reboot into Windows.

6. Delete TIF, TEMP & XP Prefetch in all User Profiles;

7. "Flush" System Restore (WinXP, WinME)

8. Run another Active Scan, for safety's sake."




Here's the HijackThis info you may need:

Download HijackThis, free, here:
http://www.merijn.org/files/hijackthis.zip (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

There's a good "How-to-Use" tutorial here:
http://computercops.biz/HijackThis.html

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
when it's finished which will create hijackthis.log. Now click the Config
button, then Misc Tools and click on Generate StartupList.log which will
create Startuplist.txt


Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://forums.spywareinfo.com/
or Jim Eshelman's site here: http://forum.aumha.org/
or Bleepingcomputer here: http://www.bleepingcomputer.com/
or Computer Cops here: http://www.computercops.biz/forums.html
or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
or Net-Integration here: http://net-integration.us/forums/index.php

Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular site's HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s). Be sure you include at
the beginning of your post a description of "What specific
problem(s)/symptoms you're trying to solve" and "What steps you've already
taken."

 

[Bill Sanderson]

Basically, restart the computer, and, just after you see the black screen ,
start pressing the F8 function key about once a second or so. You do this
way before any Windows screen appears. That should bring up a menu that
will allow you to choose to start in safe mode. Don't be alarmed by the
appearance--lots of stuff will scroll by, and, in XP, you'll go into Help
and Support--but you should be able to scan with Windows Defender and
probably your antivirus as well--and it is more likely to succeed in
cleaning.

To get back to normal startup, just restart again.

--