Viruses/Spyware

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

HELP!

A couple of days ago, spyware and a trojan was inadvertantely downloaded to
my computer. I tried my best to clean it out, but today, more has been
downloaded. I know that these malicious programs have opened up "back doors"
into my computer, but I do not know how to close them, or even if they can be
closed.

I would like to fix everything with out reformatting, which I would like to
keep as a last resort. But the way things are looking, it seems as though I
might have to.

Could somebody please help me. I really need this computer running smoothly
ASAP. Reformatting isnt a problem since I backed everything up a week ago,
but, again, I would like it to be a last resort only.

HELP

--Christopher Isherwood
 
Hi Chris,
First make sure you have a back up of all your valuable files (ie
documents, spreadsheets, photos, mp3, etc)
Second: I would make sure I have an antivirus program. Make sure it is
up to date and run a full scan. There are many free ones out there
including special trojan ones
Third:I would download, install and run spybot, ad-aware and windows
defender
If the malware still exists after that, then turn off the system restore
and run those four again.
After that you will need to post a HJT (HighJack This)log file so we can
really dig in and eliminate the precise file causing the headache.
Hope this helps,
Steve
 
In
Christopher Isherwood said:
HELP!

A couple of days ago, spyware and a trojan was inadvertantely
downloaded to my computer. I tried my best to clean it out, but
today, more has been downloaded. I know that these malicious programs
have opened up "back doors" into my computer, but I do not know how
to close them, or even if they can be closed.

I would like to fix everything with out reformatting, which I would
like to keep as a last resort. But the way things are looking, it
seems as though I might have to.

Could somebody please help me. I really need this computer running
smoothly ASAP. Reformatting isnt a problem since I backed everything
up a week ago, but, again, I would like it to be a last resort only.

HELP

--Christopher Isherwood
Click to expand...

Hi -

a) Do you know what the spyware/trojans *are* ? What symptoms are you
experiencing?
b) Have you tried a System Restore to a date prior to the initial
'infestation' ?
 
Yes, I know what they are. I've fixed problems with them before, however,
this time, they won't seem to go away. IE has been hijacked, so I'm using
Firefox. But every time I connect to the Internet, stuff saying that my
computer is infected and that I should download something to clean it. I know
what my anti-spyware/adware/virus software notifications look like, and these
notifications do not look right. When I do run the legitimate cleaners, they
constantly come up with malicious software. I have downloaded more
anti-spyware/adware/virus applications since I know that different apps
detect different bugs, and with each one I run, malicious software comes up.

Luckily, there are other computer in my house, but this is my primary one
with the software I need to work with, so I need to get it running ASAP. I
can fall back on the others for a couple of days but I still need this
problem resolved. As I wrote in the prev post, I can do a reformat without
any problems because I back up everything, but I would like to avoid the work
anyway. And, no, I have not run a system restore. I will try that next -
after all the other anti-malware programs finish.

Could you give me any pointers?

BTW, I am far from a novice. I constantly help people with their computers,
but I have not had to deal with a problem of this magnitude.

Christopher Isherwood
 
Christopher Isherwood said:
HELP!

A couple of days ago, spyware and a trojan was inadvertantely downloaded to
my computer. I tried my best to clean it out, but today, more has been
downloaded. I know that these malicious programs have opened up "back doors"
into my computer, but I do not know how to close them, or even if they can be
closed.

I would like to fix everything with out reformatting, which I would like to
keep as a last resort. But the way things are looking, it seems as though I
might have to.

Could somebody please help me. I really need this computer running smoothly
ASAP. Reformatting isnt a problem since I backed everything up a week ago,
but, again, I would like it to be a last resort only.

HELP

--Christopher Isherwood
Click to expand...

I recommend that you post your message in a security-oriented news
group, such as microsoft.public.security.homeusers.

Give details of the spyware and trojan to help the people there
identify them and recommend specific cleanup procedures. Describe the
steps that you've already tried, including the names of the
malware-removal programs that you've used and what they found.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Hi Christopher,

Boy don't I know how much of a pain in the backside this all can be. I have
had clients that experienced this exact type of problem and I know it took me
some time to resolve it. These are my suggestions for resolving it hopefully.

First of all go to Start-Settings-Control Panel-Add/Remove Programs. Look at
the list of programs that are there. Do you see any that you know you didn't
install? If so check to see when it says it was installed or how often it
used. If you are absolutely certain that it isn't software you installed or
wanted then I would recommend removing it.

Before you do that go into TASK MANAGER and sort items alphabetically to see
what process are running. See if you see any processes that are running that
seem strange to you. If you locate one then do a SEARCH of the system to see
if you can locate where the file was started from. If it pertains to the date
range when the problem first occurred then try ENDING the process. If the
process restarts itself then the only way to stop it is to shutdown and
restart in SAFE MODE.

Once in SAFE MODE check to see if the process is listed again. If it isn't
then do that SEARCH again and remove any references to that file and all
supporting directories. I would STRONGLY RECOMMEND that you first backup the
systems registry and make a copy of that directory or those files into a
ZIPPED FOLDER or file just in case. Once it is removed from there I would go
into REGEDIT and do a SEARCH for it to see if it shows up there. If it does
then remove it from the registry but only after you are sure you have BACKED
UP the REGISTRY first.

Now reboot the PC and see if the process shows up again. If it is gone then
your problem is probably resolved. If it still remains then your Antivirus
and SPYWARE software has been screwed with by them. Depending on what kind of
Antivirus Software you are using you should double check the settings of it
completely to make sure it is setup properly. If it isn't then reconfigure it
and rescan system if it shows no VIRUSES or SPYWARE then double check to make
sure you have all the latest updates. If not get them and then rerun.

I personally prefer Norton Antivirus 2006 / Webroot Spy Sweeper / Lavasoft's
AdWare / Spybot / YAHOO AntiSpyware / Microsoft AntiSpyware. You definitely
need to make sure the settings are properly enabled. You should definitely go
and remove all TEMPORARY INTERNET FILES & COOKIES from your system and remove
them from the RECYCLE BIN.

Make sure to check in REGEDIT for the KEY'S labeled RUN & RUNONCE to see
what is there. There is usually more than one occurrance of each so don't
forget to check there also. Those pesky programs usually get reloaded from
there after a reboot and become memory resident which starts the whole
process all over again. If you see something that shouldn't be there then
remove it. AGAIN ONLY IF YOU HAVE A BACKUP OF REGISTRY before doing so. I
also RECOMMEND that you set your starting INTERNET EXPLORER startup page to
BLANK as this is usually the quickest way to tell if you have been hijacked
again.

If you have Norton Installed on your PC and you have the Original CD I would
strongly suggest that you UNINSTALL it and reboot. Then reboot and reinstall
it to your system. During the installation process of NAV2004 - NAV2006 it
gives you the option of doing a scan of your system before it is installed.
DO THIS FIRST! It usually will find that problem and allow you to eliminate
it before installing so your NAV won't be corrupted by those threats.

Reboot system and immediately go to START-SETTINGS-CONTROL PANEL-Symantec
LiveUpdate and change the settings to EXPRESS MODE and all EXPRESS MODE
OPTIONS ENABLED. Then run LIVE UPDATE until you have all the latest and
greatest updates. Now before running the scan set the settings in your
Antivirus Options as follows:

First click on Auto Protect and make sure Auto- Stay Protected all options
are checked. Make sure How to respond when a virus is found - Try to repair
then quarantine if unsuccessful is checked. Which file types to scan for
viruses - Comprehensive file scanning is set. Now click on the Autoprotect
Arrow to show BLOODHOUND Options. Go into it and make sure HIGHEST LEVEL of
PROTECTION is selected. Go to Advanced Options and make sure all boxes are
checked. Basically repeat the same steps for MANUAL SCAN Options but make
sure all boxes are checked in MANUAL SCAN.

Go to EMAIL and all boxes should be checked and REPAIR THEN SILENTLY
QUARANTINE IF UNSUCCESSFUL. Go to Internet Worm Protection and make sure it
is enabled. Go to Instant Messenger and make sure any messengers you have
installed are checked. Also set TRY TO REPAIR THEN QUARANTINE IF
UNSUCCESSFUL. Go to LIVE UPDATE settings and make sure all boxes are checked.
Make sure under MISCELLANEOUS options are checked and set your password.
Remember to click OK once you are done.

Now run a complete VIRUS SCAN and see if you have any it finds. If so you
can see if it is in any files you need to keep which is why I set it up to
QUARANTINE instead of just DELETING them. Now run your SPYWARE removal
programs and see if they find any. If so remove them but only if you are sure
it won't cause problems with some software you have running that needs to run.

If you don't have Webroot installed on your system then DOWNLOAD it and
immediately update the definitions and programs and change settings before
running it. Run it and if it doesn't find anything by now you should be clean
and VIRUS & SPYWARE free. If at any point after you have found and removed
anything, you should reboot and rerun the software until they are clean.

Hope this is of some help to you and please let us all know.

Joel
 
Back
Top