Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 09-04-2005, 11:08   #181
cjanderson
2 phalanxs and a catapult
 
cjanderson's Avatar
 
Join Date: Sep 2001
Posts: 36,023
Thanks: 467
Thanked 254 Times in 146 Posts
Quote:
Originally Posted by vik1
My little sis, somehow managed to install some lop malware on her computer. Is really slowing it all down and keeps playing with her homepage and has put a toolbar on her outlook.

Have tried adaware, spybot, and spy sweeper, none of which work! Spent hours on the net trying to find fixes, but cant get my head around them!

when i try and download the uninstall programme from the lop website - i get swizzor4.c trojan warning from my AVG

help needed please.......
I've got this today, Search now or something, from either downloading MSN7 or MSN plus 3.5. Is very annoying. Adaware found it, as lop but i removed it and still there. rebooted and everything, tried the uninstaller on the serahc now website.

Very annoying.
cjanderson is offline   Reply With Quote
Old 14-04-2005, 14:50   #182
Guest 19017
Trusted User
 
Join Date: May 2002
Location: UK
Posts: 64
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by cjanderson
I've got this today, Search now or something, from either downloading MSN7 or MSN plus 3.5. Is very annoying. Adaware found it, as lop but i removed it and still there. rebooted and everything, tried the uninstaller on the serahc now website.

Very annoying.
Just downloadhttp://lop.com/new_uninstall.exe and run the uninstall program and it should be gone
Guest 19017 is offline   Reply With Quote
Old 16-04-2005, 10:20   #183
Guest 1879
chasethehaggis
 
Join Date: Nov 2000
Location: Scotland
Posts: 156
Thanks: 0
Thanked 3 Times in 2 Posts
Don't know what it is we've got but we keep getting pop-ups. It's only starte din the last few days. We use Avant browser and the popups appear in a seperate IE window outside of Avant. Tried Adaware, Spybot S+D and even the Microsoft one and everythings clear. Any ideas?

Ta


Update: Got it fixed. Think it was the same problem you've got cj. Uninstall MSN Plus and it should be sorted.

Last edited by JonBoy; 17-04-2005 at 18:21.
Guest 1879 is offline   Reply With Quote
Old 28-04-2005, 10:10   #184
Guest 6028
Trusted User
 
Join Date: Apr 2001
Location: DUDLEY
Posts: 2,512
Thanks: 1
Thanked 0 Times in 0 Posts
I am on a computer at work with the most resilient piece of spyware I've ever come up against.

Popup adverts appear when there is now browser even currently open. The home page is set to 'about: blank' a search page with a lot of stuff on there that I don't want. Microsoft's antispyware tool removes spyware but then later on it seems to get added again anyway. Likewise Sophos removes viruses which then seem to add themselves back again later.

I've tried the startpage guard to ensure things remain set to use google. No good. Microsoft's restore IE settings is useless too. I can't download service pack 2 because I get an error when trying to use windowsupdate so I can't get the IE popup blocker working

I'm trying to get our workplace to use firefox for the most part but unfortunately some sites we use require IE because of the amount of Microsoft exclusive technology that is use (VBScript etc).

Eurgh... another goddamn popup advert for expedia just appeared! - Why would a reputable company like that promote the use of popups via spyware?
Guest 6028 is offline   Reply With Quote
Old 28-04-2005, 12:54   #185
Mr Biggles
Snuggy Possum
 
Join Date: Jan 2001
Location: I'm somewhere where I don't know where I am
Posts: 1,552
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by nashie
I can't download service pack 2 because I get an error when trying to use windowsupdate so I can't get the IE popup blocker working
You could try using the Microsoft Corporate Site to get SP2 if WindowsUpdate isn't working

Last edited by Mr Biggles; 28-04-2005 at 12:54.
Mr Biggles is offline   Reply With Quote
Old 30-04-2005, 19:49   #186
bobmartino
Trusted User
 
Join Date: May 2001
Location: Edinburgh
Posts: 282
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by nashie
I am on a computer at work with the most resilient piece of spyware I've ever come up against.

Popup adverts appear when there is now browser even currently open. The home page is set to 'about: blank' a search page with a lot of stuff on there that I don't want. Microsoft's antispyware tool removes spyware but then later on it seems to get added again anyway. Likewise Sophos removes viruses which then seem to add themselves back again later.

I've tried the startpage guard to ensure things remain set to use google. No good. Microsoft's restore IE settings is useless too. I can't download service pack 2 because I get an error when trying to use windowsupdate so I can't get the IE popup blocker working

I'm trying to get our workplace to use firefox for the most part but unfortunately some sites we use require IE because of the amount of Microsoft exclusive technology that is use (VBScript etc).

Eurgh... another goddamn popup advert for expedia just appeared! - Why would a reputable company like that promote the use of popups via spyware?
It's never a good idea to update to SP2 when a machine is infected, it has a tendency to fail.

If you want post a hijackthis 1.99.1 log(get a link from the first post) in a new thread and I'll try have a look at it for you.

Does your work not have a department that will fix computer problems?
bobmartino is offline   Reply With Quote
Old 20-05-2005, 12:34   #187
Guest 2582
They wiped my 1100 posts
 
Join Date: Jan 2001
Location: Edinburgh
Posts: 1,875
Thanks: 0
Thanked 7 Times in 2 Posts
Ive got 2 recurring pop-ups on my home machine and also one I installed for the GF's mum!

We get a pop up that pretends its from Microsoft saying the registry is corrupt or thats MSN Messenger is corrupt. They both look very official and say we should go to a site called win-clean or regfix.

Ive put on both Ad-ware and Spybot but neither work? Anyone know which software will remove these pests?
Guest 2582 is offline   Reply With Quote
Old 24-05-2005, 12:45   #188
bobmartino
Trusted User
 
Join Date: May 2001
Location: Edinburgh
Posts: 282
Thanks: 1
Thanked 0 Times in 0 Posts
Do you just mean this type of thing?

bobmartino is offline   Reply With Quote
Old 24-05-2005, 21:19   #189
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
For messenger pop-ups (messenger is not MSN Messenger by the way), see the last item on the first post on this thread.

If it is that, you don't have a virus/trojan, just you need to shut down messenger or block it off with a firewall so that people can't send messages to your PC from the Internet.

The fact you are getting them would suggest you don't have an effective firewall. I'd get one quick, and then thoroughly virus check and spyware check your PC (I assume you do have AV software as well as just Spybot, Ad-Aware?).
Guest 993 is offline   Reply With Quote
Old 24-05-2005, 21:25   #190
Guest 21935
Trusted User
 
Join Date: Sep 2002
Posts: 536
Thanks: 0
Thanked 0 Times in 0 Posts
If you download and install microsoft anti spyware it will automatically disable messenger messages,
Guest 21935 is offline   Reply With Quote
Old 26-05-2005, 13:37   #191
SPB
Balding Member
 
Join Date: Jan 2001
Location: SN2 - Swindon
Posts: 5,037
Thanks: 8
Thanked 30 Times in 24 Posts
A neighbour has asked me to look at their PC because they keep getting advert pop ups that eventually "kill" IE.

Read this thread and I think this is what I will do, if I miss anything please let me know.

1. Create restore point.
2. Check startup options for anything nasty
3. Run "hitman pro" - seems to pull in all the usual anti-spy/ad programs, auto configure and run.

If that doesn't work,

1. try firefox as a temp solution until I find out what is causing it,
2. come back here for help!
SPB is offline   Reply With Quote
Old 28-05-2005, 11:41   #192
PlexShaw
XBL/PSN/iOS: PlexShaw
 
PlexShaw's Avatar
 
Join Date: Apr 2005
Location: London
Posts: 6,535
Thanks: 93
Thanked 165 Times in 79 Posts
Ad-Aware SE 1.06 is now available:

http://www.majorgeeks.com/download506.html
PlexShaw is offline   Reply With Quote
Old 01-06-2005, 21:09   #193
PlexShaw
XBL/PSN/iOS: PlexShaw
 
PlexShaw's Avatar
 
Join Date: Apr 2005
Location: London
Posts: 6,535
Thanks: 93
Thanked 165 Times in 79 Posts
Spybot - Search & Destroy 1.4 is now also available:

http://www.majorgeeks.com/download2471.html
PlexShaw is offline   Reply With Quote
Old 31-07-2005, 20:38   #194
carlito8
XBL - Carlito8
 
carlito8's Avatar
 
Join Date: May 2001
Location: York
Posts: 2,640
Thanks: 17
Thanked 61 Times in 37 Posts
My mum has just rung up tonight saying her computer has a virus. Apparantly they were surfing the web when they got a message saying 'your computer may be infected with spyware etc....' now when they boot into winxp the normal desktop background is replaced by a black box with the same message ? I don't know if it's a pop up or what as she was a little on the vague side ! Just wondering if anyone has come across it before I go down this week to sort it ?
carlito8 is offline   Reply With Quote
Old 31-07-2005, 20:47   #195
carlito8
XBL - Carlito8
 
carlito8's Avatar
 
Join Date: May 2001
Location: York
Posts: 2,640
Thanks: 17
Thanked 61 Times in 37 Posts
After a bit of a google search I found the below info, can anyone tell me if there is an easier way to get rid of it ?

Before you start the below fix, you MUST disable SpySweeper and Microsoft Anti-Spyware's Real-time Protection to avoid a failed disinfection.

Open Microsoft AntiSpyware.
- Click on Tools | Settings.
- In the left pane, click on Real-time Protection.
- Under Startup Options uncheck:
-- "Enable the microsoft AntiSpyware Security Agents on startup (recommended)".
- Under Real-time spyware threat protection uncheck:
-- "Enable real-time spyware threat protection (recommended)".
- After unchecking these, click on the Save button and close Microsoft AntiSpyware.
- Right click on the microsoft AntiSpyware icon on the taskbar and select Shutdown microsoft AntiSpyware.


Open SpySweeper and click Options | Program Options.
Uncheck "load at windows startup".
Over to the left click "Shields" and uncheck these options:
-- "Home page shield".
-- "Automaticly restore default without notification".

**You'll need to renable the above real-time protections after you get the all clear.


Please check which build version of Ewido you have to make sure it is the latest v3.5. If it isn't please uninstall your present version and follow the download instructions below again. Make sure you do NOT install the 'Guard' function.

If your ewido is up to date, ensure the 'Guard' function is disabled by opening Ewido and clicking on 'Remove Guard' which you'll find under the 'Additional' menu on the 'Status' tab.


Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Download SmitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Download and install the trial version of Ewido Security Suite from here.
Configure the program correctly by following the instructions here and then close the program after updating the reference files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions here.
Otherwise, check for updates and download any new reference files before closing the program. We'll use it in Safe Mode later.


Step 2

Next, please reboot your computer in Safe Mode - Very Important !!

Go to Add/Remove Programs and uninstall Spyware Cleaner.

Then run HJT again and checkmark the boxes next to the following:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe



Close ALL OPEN WINDOWS/BROWSERS and click "Fix Checked".


Step 3

Open the SmitRem folder and double click the RunThis.bat file to start the tool.
Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.

Step 4

Open Ad-aware and do a full system scan. Remove all it finds.


Step 5

Now open Ewido Security Suite:

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Click Save report.
Save the report .txt file to your desktop.
Then close ewido security suite.

Warning: While the scan is in progress, do NOT open any folders or the Windows Control Panel !!



Step 6

Next go to your Control Panel and click Display | Desktop | Customise Desktop | Website and uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, and do a full system scan.

Make sure the autoclean box is checked.

Save the scan log and post it along with a new HijackThis Log and Ewido Log in your next reply to THIS thread.

Let me know if any problems persist.
carlito8 is offline   Reply With Quote
Old 31-07-2005, 21:47   #196
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by carlito8
My mum has just rung up tonight saying her computer has a virus. Apparantly they were surfing the web when they got a message saying 'your computer may be infected with spyware etc....' now when they boot into winxp the normal desktop background is replaced by a black box with the same message ? I don't know if it's a pop up or what as she was a little on the vague side ! Just wondering if anyone has come across it before I go down this week to sort it ?
Sounds like a browser or messenger pop-up to me, not a virus/spyware at all. These usually pop up and look like a normal window but they are just a clever browser window.

Clicking on various buttons on the window will likely take you to a page to download some software which is likely loaded with spyware, or maybe it downlaods an ActiveX control.

Best advice is to close the window with the 'X' at the top right hand corner or right clicking on the window in the task bar and closing it there.

However it sounds like she's gone and clicked on something and it's loaded on the PC. Now she's got one of the ones that works as a fake background. It's been discussed here somewhere I think, but I would have thought the main anti-spyware apps should clean it on their own.


P.S. Any stuff on the net which talks about needing to disable various anti-virus/spyware apps in order to "clean" should be taken with caution. Such advice is often yet more ways to con people into downloading more spyware and viruses.

Last edited by DeadKenny; 31-07-2005 at 21:48.
Guest 993 is offline   Reply With Quote
Old 31-07-2005, 22:21   #197
carlito8
XBL - Carlito8
 
carlito8's Avatar
 
Join Date: May 2001
Location: York
Posts: 2,640
Thanks: 17
Thanked 61 Times in 37 Posts
Cheers for the info mate, I've done a bit of reading and it seems it can be a pain to completely remove, apparantly it disables certain options in the control panel etc... I'll have a go at removing it while I'm there but If I get stuck I might just do a complete format.
carlito8 is offline   Reply With Quote
Old 03-08-2005, 16:23   #198
Fatbloke
PSN : Fatbloke-66
 
Fatbloke's Avatar
 
Join Date: May 2001
Location: Deepest Barking
Posts: 9,316
Thanks: 400
Thanked 556 Times in 326 Posts
Sounds like this is the Aurora virus, a nasty one. A guy at work got this yesterday. Fortunately, the systems techie found a fix, released yesterday apparently, that restored the broken .exe programs and removed the malware.
Do you have nail.exe in your Windows dir?
Fatbloke is offline   Reply With Quote
Old 15-08-2005, 21:47   #199
Guest 23929
Xbox - KaRW/ PSN KaRW1
 
Join Date: Oct 2002
Posts: 22,662
Thanks: 39
Thanked 154 Times in 110 Posts
I've got this thing as well. Horrible thing it is. Disables lots of things. Usual things didnt work and its taken over my desktop even when offline. Any suggestions?
Guest 23929 is offline   Reply With Quote
Old 23-08-2005, 10:55   #200
Guest 23929
Xbox - KaRW/ PSN KaRW1
 
Join Date: Oct 2002
Posts: 22,662
Thanks: 39
Thanked 154 Times in 110 Posts
http://www.bleepingcomputer.com/foru...ld-t22397.html

This claims to be able to get rid of the desktop hijack thing. Not tried it yet, but will and report back.
Guest 23929 is offline   Reply With Quote
Reply

Bookmarks

Tags
Browsing, Email, Windows Update, windows.xp, Zonealarm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

All times are GMT. The time now is 18:06.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network