Malware problems...

[ras]

Have you tried starting in Safe Mode and running your spyware scanners?
This is the best way because that crap shouldn't start up in Safe Mode.

 

[iibriarroseiii]

Help! I have a malware program on my computer that is messing things up
royaly. Program's name is mssearchnet.exe, I've followed all the
recomendations from Norton and such, but now my computer won't restart
normally. Steps I've taken already-
1) turned off system restore
2) run and updated norton- it did find a virus, Trojan_downloader and
it was deleated
3) mssearchnet adds a reg key that i've deleated
4) removed all spyware
5) removed the program i had originally thought was the problem-
spywarestrike 2.5
6) i did 2-5 in safemode

now when i try and start up my computer, it won't start normally and it
just asks if i want to restart in safe mode. the boot is set to start
up in normal mode.

grrr, i don't know what to do now! HELP!!
thanks!
Nancy

 

[Juan]

1) In Safe Mode options try the "Last known good configuration option".
2) If still in safe mode, go to Start\Run\type; msconfig and hit enter\
click on BOOT.INI and see if /SAFEBOOT is selected and remove the check
mark.
3) disconect your computer from the Internet as soon as possible and
reconnect when your system has been cleaned.

Process File: mssearchnet or mssearchnet.exe Process Name: Trojan.Zlob.D
Trojan
Description: mssearchnet.exe is registered as the Generic Downloader.aa
and Trojan.Zlob.D Trojans. This process usually comes bundled with a virus
and it's main role is to do nothing other than download other viruses to
your computer. It is a registered security risk and should be removed
immediately.

Download HijackThis
http://216.180.233.162/~merijn/files/HijackThis.exe

Download tool DelPSGuard and unzip it in the desktop, but not yet.
http://www.forospyware.com/attachments/forum16/252-delpsguard.zip?d=11370299
55

follow the next steps:
1) Turn System Restore off
2) See hidden files. to delete mssearchnet.exe and hp1206.tmp
(Explorer\Tools\Folder Options\View\Show hidden files).
3) Reboot in Safe Mode
4) Scan with HijackThis with all programs closed

Select O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} -
C:\WINDOWS\System32\hp1206.tmp and click on Fix Checked.

5) Delete the next files:
C:\WINDOWS\System32\mssearchnet.exe C:\WINDOWS\System32\hp1206.tmp

For files that can't be deleted downlad and use KillBox
http://www.forospyware.com/attachments/forum14/117-killbox.zip?d=1123460955

6) Before rebooting run tool DelPSGuard.exe
http://www.forospyware.com/attachments/forum16/252-delpsguard.zip?d=11370299
55

7) Reboot in normal mode and finish with the following: - Scan with at least
two Online antivirus, the next are recommended
http://www.kaspersky.com/virusscanner/
http://www.infospyware.com/Anti-Virus/Panda/

- Clean the Registry with RegSeeker
http://www.forospyware.com/attachments/forum15/53-regseeker.zip?d=1118023810

and scan with Ad-Aware
ftp://ftp.download.com/pub/windows/aawsepersonal.exe previously updated.
- Delelte cookies and Internet Temporary Files with the buttons in Control
Panel\Internet Options\General and empty the Waste Bin.
Reboot the computer.

---------------------------------------

 

[Juan]

Antispyware downloads.
http://www.majorgeeks.com/downloads31.html

--------------------------

 

[Leythos]

Download HijackThis

Ask yourself if you really want to trust the advice and files provided
by a person that has all of their posts deleted, hides by 20+ different
identities, and has foul content on their website that they post links
too in Usenet.

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

No person of sound mind would download files from a hack site that
requires a password to access the unknown files when they are available
directly from the vendors.

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad
ware removal tools and also for Antivirus tools. After you install any
of these applications and update them, run them in SAFE MODE to allow
them to properly clean your system.

These sites are for downloading Anti-Spyware tools, in order that I
would use them myself:

Dave Lipman's tools:
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Secured2K's AntiPauper (download link/info at)
http://forums.mcafeehelp.com/viewtopic.php?t=65072

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

HiJack can be found here:
http://www.spywareinfo.com/~merijn/downloads.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

CrapCleaner can be found at the vendors site here:
http://www.ccleaner.com/ccdownload.asp

CleanUp can be found at the vendors site here:
http://www.stevengould.org/software/cleanup/download.html
or from another reputable source:
http://www.tucows.com/get/405276_152071

The following are two links to Antivirus software in order that I would
use them:

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.

 

[Ron Martell]

Help! I have a malware program on my computer that is messing things up
royaly. Program's name is mssearchnet.exe, I've followed all the
recomendations from Norton and such, but now my computer won't restart
normally. Steps I've taken already-
1) turned off system restore

That was a bad move. Never repeat never disable System Restore on an
infected machine. If you do so, and the cleanup process crashes for
some reason you may end up with an unusable computer that cannot be
recovered except by doing a reinstall. A functioning but still
infected computer is vastly preferable to one that is not usable. Once
the system is fully cleaned up and is known to be operating
satisfactorily then and only then should system restore be cleaned
out. And the preferred method for doing this is not to turn off
system restore but rather to first create a brand new restore point
manually and then use Disk Cleanup - Advanced Options to delete all
but the most recent system restore point.

2) run and updated norton- it did find a virus, Trojan_downloader and
it was deleated
3) mssearchnet adds a reg key that i've deleated
4) removed all spyware
5) removed the program i had originally thought was the problem-
spywarestrike 2.5
6) i did 2-5 in safemode

now when i try and start up my computer, it won't start normally and it
just asks if i want to restart in safe mode. the boot is set to start
up in normal mode.

I am assuming that the computer will start okay in Safe Mode and that
you have another functioning computer that you can use to access the
Internet.

Go to http://www.webroot.com/download (it brings up an "error" page
but that is okay) and click on the download link for the 14 day trial
version of SpySweeper on the right side of the page. Save the
download to a CD or USB memory stick and then install and run it on
the problem computer in Safe Mode. Then reboot the problem computer
into "Safe Mode with Networking" and get the latest updates for
SpySweeper and run it again.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."

 

[Juan]

I see what you mean, but the recommended download of Hijackthis is from the
creator website!.. and majorgeeks is a reliable download site, and as for
the recommended forospyware downloads, that was an honest mistake, that's
why I included the majorgeeks download site in the second post.. as for my
posts, they have never been deleted! And my Identity has been the same since
two and a half or three years ago! I have used one other identity to
respond about three
times, and the spyware solutions I offer, the solution depends on the user,
but they work in most cases! As for the wrong links, we all make mistakes
but as long as they are honest mistakes and there was no harm done, what is
the problem? As for Usenet, until today I had never heard of the word, I
don't waste my time accessing sites were I have to register myself and the
foul content you speak about, maybe I need a program [which I don't require
as most people] to see what you see because I don't see the said foul
content you say...
As for your implication of me having 20+ different Identities, can you prove
it?
-------------------------------

 

[Leythos]

I see what you mean, but the recommended download of Hijackthis is from the
creator website!.. and majorgeeks is a reliable download site, and as for
the recommended forospyware downloads, that was an honest mistake, that's
why I included the majorgeeks download site in the second post..

The posting of direct links to exe files is always a thread, you should
post a link to the web page that includes the link to the exe file.

as for my
posts, they have never been deleted! And my Identity has been the same since
two and a half or three years ago! I have used one other identity to
respond about three

This was a big mistake on my part - I had pasted the wrong reply into
the thread and only meant to post the threat part, not the typical part
about chap that is always doing what you did.

times, and the spyware solutions I offer, the solution depends on the user,
but they work in most cases! As for the wrong links, we all make mistakes
but as long as they are honest mistakes and there was no harm done, what is
the problem? As for Usenet, until today I had never heard of the word, I
don't waste my time accessing sites were I have to register myself and the
foul content you speak about, maybe I need a program [which I don't require
as most people] to see what you see because I don't see the said foul
content you say...

I screwed up, sorry.

TO THE GROUP: With the exception of posting direct links to files, the
rest of the implications of the post (where I suggested that the poster
was someone else) are incorrect on my part, it was a mistake for me to
include the morphing part or the suggestion that the person was not who
they suggested.

As for your implication of me having 20+ different Identities, can you prove
it?

Again, it appears to have been a mistake on my part, as the method you
used to post the link is a bad method, used by one of the resident
security threats, and I didn't check the link before I posted the wrong
response.

The part about identities/morphing, and the part about the posts being
deleted was incorrect on my part (I think).

The part about downloading from unknown sites, posting direct links to
files, that stands.

 

[Juan]

I understand your point of view, after all whe are both here for the same
reason, and that is to help, not make things even worse,... it takes honest
persons to admit their mistakes and we both have admitted our own! so
there's no harm done...

"The part about identities/morphing, and the part about the posts being
deleted was incorrect on my part (I think)."

I have not missed any of my answers so I'm sure that was another mistake...

The part about downloading from unknown sites, posting direct links to
files, that stands.

I have already admited that mistake, and the links led to nowhere, so no
resulting consequence should be expected. (and that mistake of not checking
where the links led to was due to time limitations) and about the HijackThis
direct download, I thought that the link containing the word "spywareinfo",
being the well known creator's web site, it would make no difference to the
end user....

------------------------------------

I see what you mean, but the recommended download of Hijackthis is from the
creator website!.. and majorgeeks is a reliable download site, and as for
the recommended forospyware downloads, that was an honest mistake, that's
why I included the majorgeeks download site in the second post..

The posting of direct links to exe files is always a thread, you should
post a link to the web page that includes the link to the exe file.

as for my
posts, they have never been deleted! And my Identity has been the same since
two and a half or three years ago! I have used one other identity to
respond about three

This was a big mistake on my part - I had pasted the wrong reply into
the thread and only meant to post the threat part, not the typical part
about chap that is always doing what you did.

times, and the spyware solutions I offer, the solution depends on the user,
but they work in most cases! As for the wrong links, we all make mistakes
but as long as they are honest mistakes and there was no harm done, what is
the problem? As for Usenet, until today I had never heard of the word, I
don't waste my time accessing sites were I have to register myself and the
foul content you speak about, maybe I need a program [which I don't require
as most people] to see what you see because I don't see the said foul
content you say...

I screwed up, sorry.

TO THE GROUP: With the exception of posting direct links to files, the
rest of the implications of the post (where I suggested that the poster
was someone else) are incorrect on my part, it was a mistake for me to
include the morphing part or the suggestion that the person was not who
they suggested.

As for your implication of me having 20+ different Identities, can you prove
it?

Again, it appears to have been a mistake on my part, as the method you
used to post the link is a bad method, used by one of the resident
security threats, and I didn't check the link before I posted the wrong
response.

The part about identities/morphing, and the part about the posts being
deleted was incorrect on my part (I think).

The part about downloading from unknown sites, posting direct links to
files, that stands.

 

[The one]

You dumb ass, you think everyone is me. PC is right you are obsessed.

I see what you mean, but the recommended download of Hijackthis is from
the
creator website!.. and majorgeeks is a reliable download site, and as
for
the recommended forospyware downloads, that was an honest mistake, that's
why I included the majorgeeks download site in the second post..

The posting of direct links to exe files is always a thread, you should
post a link to the web page that includes the link to the exe file.

as for my
posts, they have never been deleted! And my Identity has been the same
since
two and a half or three years ago! I have used one other identity to
respond about three

This was a big mistake on my part - I had pasted the wrong reply into
the thread and only meant to post the threat part, not the typical part
about chap that is always doing what you did.

times, and the spyware solutions I offer, the solution depends on the
user,
but they work in most cases! As for the wrong links, we all make
mistakes
but as long as they are honest mistakes and there was no harm done, what
is
the problem? As for Usenet, until today I had never heard of the word, I
don't waste my time accessing sites were I have to register myself and
the
foul content you speak about, maybe I need a program [which I don't
require
as most people] to see what you see because I don't see the said foul
content you say...

I screwed up, sorry.

TO THE GROUP: With the exception of posting direct links to files, the
rest of the implications of the post (where I suggested that the poster
was someone else) are incorrect on my part, it was a mistake for me to
include the morphing part or the suggestion that the person was not who
they suggested.

As for your implication of me having 20+ different Identities, can you
prove
it?

Again, it appears to have been a mistake on my part, as the method you
used to post the link is a bad method, used by one of the resident
security threats, and I didn't check the link before I posted the wrong
response.

The part about identities/morphing, and the part about the posts being
deleted was incorrect on my part (I think).

The part about downloading from unknown sites, posting direct links to
files, that stands.