Author Topic: Virus/Spyware problem (Read 613 times)

Mathman · « **on:** June 24, 2004, 04:36:37 PM »

Hello all,

I am having a serious problem with fargin spyware or a virus. It is perplexing because I have run scans with Spybot, Ad-Aware, Norton, and SpyGuard. The spyware progs find tons of cookies, registry entries and so on that I get rid of. The Norton finds two Adware viruses, but when I go to get rid of them, I can't find them following the instructions on Symantec's website.

What is the bother is that I get the pop-ups from SpyGuard saying that various things were attempted with my browser everytime I reboot or launch another browser.

I keep all of the following up-to-date and run scans fairly frequently with them:

Norton Anti-Virus 2004
Spybot
AdAware
Spyguard
Zone Alarm

Any ideas? It is and isn't a major problem. The SpyGuard has the pop-ups that ask if I want the stuff changed so I can browse without the pop-ups and homepage changes, but it gets very annoying. I can reformat the HD since I have the major files and such backed up on my old 40GB, but I would prefer to leave that as a last resort.

Any help would be greatly appreciated.

Mathman · « **Reply #1 on:** June 24, 2004, 04:41:14 PM »

Oh, and some other stuff as well. I cleared my cookies and temp internet files, this still happens.

I also had an odd thing happen this morning. When I would try to access the AH message boards, it would load the list of forums. When I would click on one of the forums, the browser would close/ctd. This only occured with the AH BBS. Every other site would work fine. I could access the BBS through a "back door" (using a link from another forum to a specific thread). When I did this, I was able to freely navigate the boards. Once I saw this was effective, I closed the browser and tried going into the BBS from a bookmark and the browser would crash the same way as before.

However, now, it seems to be working fine

Silat · « **Reply #2 on:** June 24, 2004, 04:57:08 PM »

http://www.x-setup.net/ - To tweak till you drop FREE

http://www.javacoolsoftware.com/downloads.html - download and install : SpywareBlaster and SpywareGuard FREE

http://www.safer-networking.org/index.php?page=download - Download and install Spybot - Search & Destroy FREE

http://www.spywareinfo.com/~merijn/downloads.html - Download Hijackthis and CWShredder. Put them in a new folder named "Hijackthis". Put the folder on c drive. This is important for proper logging of info when you get hijacked. FREE

http://www.lavasoftusa.com/support/download/ - Download the free version of Adaware and install. Or pay for the advanced version if you want. FREE

http://www.grisoft.com/us/us_dwnl_free.php - If you don't have an antivirus program and don't want to pay for one then get AVG . It is free and good. FREE

If you dont have an antivirus you can do free scans at http://housecall.antivirus.com/ or http://www.pandasoftware.com/activescan/

SpywareBlaster, SpywareGuard, Spybot, Adaware, and AVG all need updating regularly.

Hijackthis and CWShredder also need updating but these should only be used when you have a problem. If you have a problem,you can contact me for help or go to the http://help.lockergnome.com/index.php?showforum=50 and click on the "HIJACKTHIS LOGS" forums. Register and post your problem. An expert will get to you within a few days to guide you to a clean machine

Contact me if you need help:) I can call you.

Lew/+Silat

Rasker · « **Reply #3 on:** June 24, 2004, 05:01:10 PM »

The Norton/Symantec and McAfee sites also offer free scans. I seem to recall someone referring to Housecall as spyware in and of itself, but recall nothing more than that.

Mathman · « **Reply #4 on:** June 24, 2004, 08:29:40 PM »

Just to let people know, I may have fixed this. I went back over the logs for SpyGuard and saw that a dll was trying to get loaded over and over again. I went and deleted it, haven't had the homepage and other changes trying to take place since I got rid of it. It was bcan.dll which according to SG was a "help file" of some sort.

mauser · « **Reply #5 on:** June 25, 2004, 04:58:10 PM »

My parent's computer fell to a browser hijack virus a week ago. The default homepage would always go to "smartsearch.com" no matter what after trying the latest versions of Adaware, CWShredder, SpyDoctor, Hijack This!, and McAfee Virus Scan. Running them all in Safe Mode (Win98SE) didn't really help either. I have a feeling it's a similar problem with your machine Mathman - a rogue dll being loaded up everytime IE loads. I gave up after a couple of days, loaded Mozilla and told my parents not to use IE for a while. I've read about looking at whatever processes are currently running for a suspiciously mis-spelled processes like "systtray." If checking the SpyGuard logs helped you, I'm gonna give that a try when I get the time.

mauser

DmdBT · « **Reply #6 on:** June 25, 2004, 05:00:52 PM »

Free porn isn't free

FOGOLD · « **Reply #7 on:** June 27, 2004, 03:14:14 AM »

My inlaws had downloaded "Searchalot". That was a pig to get rid of! I hate these people (Not my inlaws. lol!)

Eagler · « **Reply #8 on:** June 27, 2004, 09:57:39 AM »

format c: will get rid of it

LtPillur · « **Reply #9 on:** June 28, 2004, 01:35:49 PM »

Quote

Originally posted by mauser
My parent's computer fell to a browser hijack virus a week ago. The default homepage would always go to "smartsearch.com" no matter what after trying the latest versions of Adaware, CWShredder, SpyDoctor, Hijack This!, and McAfee Virus Scan. Running them all in Safe Mode (Win98SE) didn't really help either. I have a feeling it's a similar problem with your machine Mathman - a rogue dll being loaded up everytime IE loads. I gave up after a couple of days, loaded Mozilla and told my parents not to use IE for a while. I've read about looking at whatever processes are currently running for a suspiciously mis-spelled processes like "systtray." If checking the SpyGuard logs helped you, I'm gonna give that a try when I get the time.

mauser

Use HIJACK THIS for homepage hijacking. I was ready to throw my computer out the window until I found this software (free!). It took a few minutes and all is well. No other program would clean it up, although several found it, it was always there after cleaning. Hijack this is a great program.
Peace
Pillur

wrag · « **Reply #10 on:** June 28, 2004, 02:32:01 PM »

I was having some problems until I used this.......

http://www.free-av.com/

it found 2 trojans that nothing else found.

And it's free

Shuts down fine as well. For when I want to fly.

Note: I'm using Zonealarm while flying. Started having problems with disco's and stutters back in AHI while I wasn't using it. Forgot to turn it off one time while flying and wonder of wonders the problems stopped!?!?

Checked the logs (got notification turned off) and it seems possible from what was in there, that someone was trying to go through my computer system to other places. Use it as a server? Also possible that was what was causing my stutters and disco's?

Anyway, I always run Zonealarm with server portion set to NO WAY now. It seems to add about 5 to 7 mls but still gives me a stable connect. Mls seems to drop after the 1st few seconds of connect. I've checked the ping just before log on and noticed it seems to go slow at first then pick up. Also seems to sometimes when I first log on drop a few packets for about 5 seconds then steadyout and go 0 packet loss and low mls. Average between 185 and 215 on mls. Not too bad for so many hops (about 12) and dialup connect at 37333 connect. Also my ISP was very cooperative when I explained everything I was doing and the problems I was having way back when. I recommend em to anyone still using dialup. outdrs.net. $19.95 per month.

Thanks for the tips Skuzzy

~~An after thought... Thanks to HTC for probably allowing for ZoneAlarm and such while doing the coding~~

mauser · « **Reply #11 on:** June 29, 2004, 12:14:27 PM »

I think I finally killed it. I used McAffee virus scan to find the offending dlls and then used a program called "killbox" to permanently delete the dll. One of the bad dlls was called "msxword.dll." My parents can now use their machine without worry.

After going through all of this, I'm going to re-check my own machine after I pull it out of storage and get it back together again (no AH for more than two weeks now). I didn't know finding and removing trojans was such a pain until recently.

mauser

DREDIOCK · « **Reply #12 on:** July 01, 2004, 12:59:59 AM »

After you do all that get rid of Internet explorer and install a better browser http://www.mozilla.org/products/firefox/
On advise I read on the boards here I checked it out.
Best move I ever made.
In close to two months since the switch ot this browser I have seen nary a popup or a single peice of spyware. Not one single one
Neat trick when you have a barely computer literate wife, a 16 year old and a 7 year old with full access to the net using it.
Add to that . Web pages seem to load faster also
It will even automatically copy over all your Bookmarks from IE upon installation
Damn good browser

mauser · « **Reply #13 on:** July 01, 2004, 12:56:43 PM »

I've been using Mozilla since reading about it here at least last year. I was intrigued by the tabbed browsing, and now I use it all the time. Prior to that I used Netscape. I didn't like IE in the first place, but figured since my parents don't use their machine much it wouldn't be harmfull for them to use it. Besides, some websites don't like Netscape or Mozilla, so I didn't want them to think something was wrong with their machine everytime an "IE enhanced" website rejected their browser. However, I underestimated how well these trojans and hijacks travel. Now, no IE for them nor Outlook. I've taught them to use Mozilla for both browsing and mail. I'll check out Firefox sometime later, thanks for the tip!

mauser