malware??spysheriff, windows security centre alert popup,about bla

G

Guest

hi newbi here so i apologise for any wrong doings just now. Have gone through
lots of all your help solutions to no avail what ever i have will not let me
onto a lot of web sites including bleepingcomputers.com so i get half way
through something then have to stop.
homepage hijacked by about blank,windows security centre alert constant
popup and i believe a spysheriff thing as well. Any help would be appreciated
as ive run out of steam trying everything. ta p.s cant get into my hotmail
e-mails
 
T

TaurArian [MS-MVP]

E

Elendil

Please go to the Detailed Malware Removal page on my website:
www.stopmalware.tk after you go to the forum that TaurArian directed you to.
Once you're on the Detailed Malware Removal page scroll down until you find
the Special Malware Removal instructions. Look for SpyAxe, SpySheriff, and
others and follow the instructions to remove the malware. Once finished with
the SpySheriff removal, proceed to the Fast Malware Removal page on my
website and follow the instructions; however, a few things need to be
answered before following my steps:
1. What operating system are you using (if it's not Windows XP DO NOT
proceed with my steps because I have no clue whether or not these tools work
on non-Windows XP operating systems.
2. What anti-virus program are you using (if any)? If you're using an
anti-virus program DO NOT follow any steps that involve downloading an
anti-virus program on my website, instead use David Lipman's Multi_AV tool:

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.

You can choose to go to each menu item and just download the needed files or
you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to
run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help

Good Luck on Cleaning your Computer!
 
D

David H. Lipman

From: "janemcdee" <[email protected]>

| hi newbi here so i apologise for any wrong doings just now. Have gone through
| lots of all your help solutions to no avail what ever i have will not let me
| onto a lot of web sites including bleepingcomputers.com so i get half way
| through something then have to stop.
| homepage hijacked by about blank,windows security centre alert constant
| popup and i believe a spysheriff thing as well. Any help would be appreciated
| as ive run out of steam trying everything. ta p.s cant get into my hotmail
| e-mails



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Pop Up MALWARE: trojan.vundo, winfixer2005, winantivirus etc. 12

Top