Spyware/Viris that i cant remove

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Shadow911

Thread Starter
Joined
Jan 8, 2006
Messages
31
A short while ago while i was surfin the web I got a viris or somthing on my computer. A pop-up in my toolbar keeps telling me i have a serious infection, but im sure its just spyware because i cant stop it and it redirects me to a site to buy software. I have Spybot Search and Destroy and AVG anti-viris and ive run both twice, but it didnt help.What else can i do?

The pop-up says
System Intrusion detected!
Dangerous infection was detected on your PC
The system will now download and install most efficient
antimalware program to prevent data loss and your private
information theft.
Click here to protect your computer from the biggest malware
threats.

Also, when i restart my computer, i find new programs on my desktop.
Online Security Guide
Security Troubleshooting
Spyware Strike 2.5 and the install program for it

Finally, a new toolbar appears in firefox
Security Toolbar
 
Joined
Jan 18, 2005
Messages
132
Go into control panel and use add/remove to delete the newly installed programs, or have you already tried this and were unsucessful?
 
Joined
Jan 6, 2006
Messages
108
Hi there. First off, if your running WIndows XP, stop the System Restore feature before running any scans. If you leave system restore enabled, it will go back to the way it was upon your next reboot. So shut that off first Click Start, Right Click My Computer, Select Properties, then select the system restore tab. Also, go download Microsofts AntiSpyware program. It can remove some of the hard to remove stuff. After that, run Spybot. Perform a virus scan after removing spyware/malware (Use the latest definitions for all programs before running them) When all is said and done, delete everything in your prefetch folder. C:\windows\Prefetch, then restart your system. At this point, re-enable system restore, and scan again. See if you got rid of them for good.

One good thing about MS Antispyware is the fact it'll monitor your system in realtime. If your still having issues, go download HiJackThis. Run a scan and post the log here. That'll give us an idea of what programs are starting, any BHO's you might have etc..

Good luck!
 

Shadow911

Thread Starter
Joined
Jan 8, 2006
Messages
31
I think ive found the problem. its called
C:\WINDOWS\system32\ncompat.tlb
when i run spybot it says i need to restart to remove it but once i do, spybot finds it again.
 

Shadow911

Thread Starter
Joined
Jan 8, 2006
Messages
31
also just saw antispyware just block spyware strike from being auto installed on my computer.

1. it got installed anyway

2. id like whatever program thats doing it TO GET THE HELL OFF MY COMPUTER
 
Joined
Jan 6, 2006
Messages
108
Did you turn off system restore before running these scans and cleaning the system up? If you don't shut it off, they can come right back after you restart. Also delete the contents of your prefetch folder which is inside your windows folder.
 

Shadow911

Thread Starter
Joined
Jan 8, 2006
Messages
31
yeah i turned off system restore.

Are you sure its ok to delete this Prefetch folder? i dont want to do anything that will harm my computer
 
Joined
Jan 8, 2006
Messages
7
Go to the Security Forum and finda thread call "something called spyware strike". It explains this adware very well
 
Joined
Sep 7, 2004
Messages
49,014
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.


* Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan




Get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click UNZIP letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything, post the log here.
 
Joined
Sep 7, 2004
Messages
49,014
Shadow911 said:
1. i did not reset my web sttings. sorry, but i dont want to mess with that

2. I could not run activescan because im using firefox, not internet explorer

3. i attached the 2 log reports
I guess you don't want your problems fixed since you are deciding what you want to do and not do!!!!!!!!!!!!

By the looks of the HJT log you did not run the smitrem portion of the fix which is the most important

Either you follow the suggested fix or you stay infected - Your call!
 

Shadow911

Thread Starter
Joined
Jan 8, 2006
Messages
31
Your right, i want this S**t off my computer.
Just tell me what to do and ill do it
 
Joined
Jan 8, 2006
Messages
7
I just downloaded some updates from Microsoft yesterday and it killed the Spyware Strike stuff from my computer
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top