Help needed

Help and Discussion

Moderator: The Mod Squad

Help needed

Postby olly » Sat Mar 26, 2005 1:39 am

Hello I have some kind of spyware that keeps popping up messages, things like:

"Windows has found 47 critical errors", "Online pharmacy order valium, Xanax, Vicodin" (Sounds tempting after spending a few hours trying to remove spyware ;-)) and links to www.my-pills.com, www.win-fix.com, www.regpatch.com.

I've tried Spybot, Adaware, Microsoft AntiSpyware, CWShredder (and the Mini Removal tool for removing coolwebsearch.Smartkiller (v1/2), Microsoft Windows Malicious Software Removal Tool and F Secure virus scanner. I'm about to try Ant-Vir now.

I've turned off system restore and ran all these in safe mode, but still no joy.
It appears to have somehow disabled my Windows firewall and I cant re-enable it.

If it was my system I would just reinstall the OS, but this is not an option here as all the software is in a different language and reinstalling everything would be too much hassle for me.

Any advice mucho appreciated.
olly
Green Belt
Green Belt
 
Posts: 222
Joined: Thu Jun 27, 2002 8:11 pm

Postby olly » Sat Mar 26, 2005 1:43 am

PS Its windows XP Home the OS
olly
Green Belt
Green Belt
 
Posts: 222
Joined: Thu Jun 27, 2002 8:11 pm

Postby evasive » Sat Mar 26, 2005 2:54 am

w32.spybot.worm

Description by Symantec
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby olly » Sat Mar 26, 2005 2:55 am

Hmmmm sorry for the monologue but I think I've sussed it by god 8O

http://www.winfix.com/security.htm
http://www.itc.virginia.edu/desktop/docs/messagepopup/

Maybe this helps some other unfortunate soul.

PS I think it was the F Secure that botched up my windows firewall.
olly
Green Belt
Green Belt
 
Posts: 222
Joined: Thu Jun 27, 2002 8:11 pm

Postby olly » Sat Mar 26, 2005 3:10 am

evasive wrote:w32.spybot.worm

Description by Symantec


What make you think it is that? I just checked the registry keys in your link and found nothing. I'll carry on checking.

I was hoping I wasn't infected with anything and was just having my Messenger Service exploited :(
olly
Green Belt
Green Belt
 
Posts: 222
Joined: Thu Jun 27, 2002 8:11 pm

Postby olly » Sat Mar 26, 2005 3:24 am

Doesn't seem to be that. I ran this disinfection utility from here:

http://www.fsecure.fi/v-descs/wootbot.shtml

And it couldn't find it.
olly
Green Belt
Green Belt
 
Posts: 222
Joined: Thu Jun 27, 2002 8:11 pm

Postby evasive » Sat Mar 26, 2005 4:22 am

olly wrote:
evasive wrote:w32.spybot.worm

Description by Symantec


What make you think it is that? I just checked the registry keys in your link and found nothing. I'll carry on checking.

I was hoping I wasn't infected with anything and was just having my Messenger Service exploited :(


the win-fix.com domain showing up. I'd try the online Symantec virus checker, I think you're infected. Most probable cause: not updating your virusscanner in time...
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby kltsin » Mon Apr 04, 2005 11:50 pm

adware is generated of intense greed so the malware versions are intense and change very quick. It takes security gurus a few steps to catch up.
If adaware and/or spybot didnt catch it i need to know what has caused it for review or send you to real security experts so the affending file can be erradicated and info past on about it.
If you are still infected a HJT log would definetly be in order.

From what i have seen this looks like an old bug and it should have been eradicated after a reboot after running the above programs you listed.

Im assuming your OS is updated to latest service packs and all updates as well
kltsin
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2792
Joined: Tue Jun 29, 2004 9:05 am
Location: St. Augustine, Fl


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 3 guests