Yuck - Malware Attack

Discussion in 'Computer Security' started by AstroD, Oct 1, 2005.

  1. AstroD

    AstroD Guest

    Yesterday morning I clicked on a link to another web site. 20 seconds later
    my computer was infected with some sort of spyware/adware. My desktop
    wallpaper changed to a message saying:

    Warning - Your computer may be infected with Spyware or Adware.

    Click here to get the latest Spyware removal software.

    I try to replace my wallpaper and the message wallpaper pops back up within
    a second or two.

    My desktop properties menu has changed and the menu option for changing
    wallpaper is now gone.

    This is a criminal act by someone!!!

    ***

    I tried downloading some Spyware ( XoftSpy ), and I paid $39 for it, because
    I didn't want to go through reloading Windows as I have had to do in the
    past.

    It found 60 problems but couldn't cure this one. I've notified the vendor.
    XoftSpy lists this invasion as PSGuard.

    I downloaded Microsoft's latest (Beta1) antispyware product. It fails to
    find the problem at all.

    Suggestions anyone? I could try the "manual" approach to fixing the
    problem, as indicated at the XoftSpy web site, but they claim that their
    product fixes the problem - and it didn't. I do wonder if their manual
    procedure will miss something as well.

    Very frustrated...
     
    AstroD, Oct 1, 2005
    #1
    1. Advertisements

  2. Really nasty.Really bad and awful ?! :(

    "I tried downloading some Spyware ( XoftSpy ), and I paid $39 for it,
    because ..........<no matter> "
    Why ??? You really didn't have to do that.Really !

    "This is a criminal act by someone!!!" This is a criminal act,remember.
    We do not pay criminals.

    Now ,follow my malware removal instructions carefully and step-by-step.
    Scan without connected to internet.

    Then,WHEN YOU ARE CLEAN ,right click on the desktop -Properties- Desktop
    ..Now click on the Web tab and uncheck the box next to My Current Home Page
    and make sure the box
    next to "Lock desktop items" is unchecked. Apply and OK .


    MALWARE REMOVAL INSTRUCTIONS :

    1. Delete all the Internet Explorer's temporary stuff

    Start -> Settings- > Control Panel -> Internet Options

    There ,on the General Tab you will see where you can delete
    internet temporary files
    cookies
    history
    Delete them all.


    2. Delete all Temporary files

    Windows XP users (all new versions)

    The path is :
    C:\Documents and Settings\USER\Local Settings\Temp
    Delete all files from this folder
    and also
    C:\Windows\Temp

    Windows 98 users (all old versions)
    The path is :
    C:\Windows\Temp


    3. Run Disc Clean up

    Start -> Programs -> Accessories -> System Tools -> Disc Cleanup

    Make sure you have checked :
    Downloaded program files
    Temporary files
    Recycle bin
    Web Client/Publisher content


    4. Remove any unwanted programs

    Boot in Safe Mode (see how below)
    Then ,in Safe Mode, Start - Settings – Control Panel – Add /Remove programs
    See if you have any unknown /unwanted software
    installed- toolbars and/or known spy programs.
    Remove them with the REMOVE button.
    Also goto C:\Program files and remove ^the unwanted software^ traces

    Then restart with booting in Normal Mode .


    5. Remove spywares ,adwares ,hijackers ,dialers and other junk

    @ Download Spybot Search & Destroy and Ad-Aware SE Personal

    http://www.lavasoftusa.com/software/adaware
    and
    http://www.safer-networking.org/microsoft.en.html

    These programs are free of charge, they are compatiable to each other
    and also recommended by Microsoft, so use them together.
    Be sure to update them before running!!!
    You can also scan in Safe Mode.

    @ You may also try Microsoft Antispyware
    http://www.microsoft.com/athome/security/downloads/default.mspx

    Although it's still in Beta ,MS Antispyware seems to be good.
    It is only for users with genuie Windows-legal MS customers.
    Please,read the help file before running it.Update it before scanning !


    6. How to boot your computer in Safe Mode

    Do this by repeatedly typing F8 while Windows is starting before
    Windows logo appears.
    Then you'll open the BIOS menu where you can choose to boot
    the hard drive in SAFE MODE

    (If you are XP user ,find more about Safe Mode
    in Help and Support Center ; Start-Help and Suport)


    7. Run a Firewall

    Windows XP
    has integrated firewall -
    Internet Connection Firewall (ICF) for SP1 and
    Windows Firewall (WF) for SP2

    Windows versions different from XP
    They do not have integrated firewall ,they have to use software firewall.
    (Non-XP users can get free software firewall
    from here
    http://www.microsoft.com/athome/security/downloads/default.mspx)

    !!! Use only 1 firewall !!!


    8. Windows Updates
    Download all the security updates - Critical updates with Express install.
    Start -> Windows Updates
    or
    http://windowsupdate.microsoft.com


    9. Scan all your system with antivirus software

    Update the program and its definitions !
    You should use current version of your av software.
    Before scanning make sure all the security settings are turned ON.
    You’d rather scan in Safe Mode,too.

    * If you do not have an antivirus ,get one from here :
    http://www.microsoft.com/athome/security/downloads/default.mspx


    10. System Restore (for XP and ME only)

    If you are running Windows ME or XP , you have to
    disable/enable System Restore
    AFTER the system is clean of all kind of malware because malware will be
    in Restore Points.
    Check Turn off system restore.Click OK
    Make sure the PC is clean of malware !!!
    Uncheck Turn off system restore ,so you'll have your Restore function ON.


    11. For better performance ,it is advisable to check your hard drives for
    errors
    Open My computer .
    Then right click on the hard drive you want to check -> Properties -> Tools
    In the error-checking area ,click "Check now" to start the process.


    --- Useful pages ---

    http://www.microsoft.com/athome/security/downloads/default.mspx
    different kinds of free or trial security software.

    http://www.pandasoftware.com/about/resp_social/children_internet
    Because of the campaign "Children and the Internet"
    Panda Software offers 90 day free trial version of one of the best security
    software
    Panda Platininum Internet Security 2005

    http://www.pandasoftware.com/protected/tips.htm
    useful tips for protecting computers

    http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
    Panda Software free Active Scan,where you can check your
    PC for ALL TYPES of security threats and clean viruses and worms

    http://housecall.trendmicro.com
    Trend-Micro free online scanner HouseCall where you can scan for
    Viruses and Spywares and clean them. CWShredder is also available here

    http://www.kaspersky.com/virusscanner
    Kaspersky free online scanner
    and checker for suspicious files.If you have issues with suspicious
    file,here is the right place!

    http://www.f-prot.com/virusinfo/submission_form.html
    Send F-prot AV suspicious files for fast analyze and and it is all for FREE

    http://www.microsoft.com/malwareremove
    Microsoft Windows Malware Removal Tool

    http://support.microsoft.com
    Free Microsoft support and suggestions (for genuie clients)




    Panda_man
    "Let's beat malware black and blue"
    "No new epidemic of all kind of malware -> Panda TruPrevent"
     
    =?Utf-8?B?UGFuZGFfbWFu?=, Oct 1, 2005
    #2
    1. Advertisements

  3. AstroD

    PA Bear Guest

    Checking for/Help with Hijackware
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/archive/tshoot.html
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    When all else fails, HijackThis v1.99.1
    (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
    It will help you to both identify and remove any hijackware/spyware. **Post
    your log to http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
    for expert analysis, not here.**
     
    PA Bear, Oct 2, 2005
    #3
  4. AstroD

    AstroD Guest

    I have followed PandaMan's instructions and I'm pretty sure I've cleaned
    things up. One registry entry does continue to pop up again so I am missing
    something but the desktop is back to normal.


    Thanks all.

    Astro
    You're right. It was a waste of money. Ad-aware and Spybot did just as
    well.
    You're right again.
     
    AstroD, Oct 2, 2005
    #4
  5. I am pretty happy for you.
    But what do you mean by
    "One registry entry does continue to pop up again "
    Please,give more details so we'll try to clean it also.


    Panda_man
     
    =?Utf-8?B?UGFuZGFfbWFu?=, Oct 2, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.