| View previous topic :: View next topic |
| Author |
Message |
olly
Green Belt
Joined: 27 Jun 2002
Posts: 217
|
 Posted: Sat Mar 26, 2005 1:39 am Post subject: Help needed |
 |
|
Hello I have some kind of spyware that keeps popping up messages, things like:
"Windows has found 47 critical errors", "Online pharmacy order valium, Xanax, Vicodin" (Sounds tempting after spending a few hours trying to remove spyware  ) and links to www.my-pills.com, www.win-fix.com, www.regpatch.com.
I've tried Spybot, Adaware, Microsoft AntiSpyware, CWShredder (and the Mini Removal tool for removing coolwebsearch.Smartkiller (v1/2), Microsoft Windows Malicious Software Removal Tool and F Secure virus scanner. I'm about to try Ant-Vir now.
I've turned off system restore and ran all these in safe mode, but still no joy.
It appears to have somehow disabled my Windows firewall and I cant re-enable it.
If it was my system I would just reinstall the OS, but this is not an option here as all the software is in a different language and reinstalling everything would be too much hassle for me.
Any advice mucho appreciated. |
|
| Back to top |
|
 |
olly
Green Belt
Joined: 27 Jun 2002
Posts: 217
|
| Posted: Sat Mar 26, 2005 1:43 am Post subject: |
|
|
| PS Its windows XP Home the OS |
|
| Back to top |
|
|
evasive
Mobo-fu Master
Joined: 06 May 2001
Posts: 36384
Location: Netherlands, Breda
|
| Posted: Sat Mar 26, 2005 2:54 am Post subject: |
|
|
w32.spybot.worm
Description by Symantec
_________________
We hate rut, but we fear change.
System error, strike any user to continue... |
|
| Back to top |
|
|
olly
Green Belt
Joined: 27 Jun 2002
Posts: 217
|
|
| Back to top |
|
|
olly
Green Belt
Joined: 27 Jun 2002
Posts: 217
|
| Posted: Sat Mar 26, 2005 3:10 am Post subject: |
|
|
What make you think it is that? I just checked the registry keys in your link and found nothing. I'll carry on checking.
I was hoping I wasn't infected with anything and was just having my Messenger Service exploited  |
|
| Back to top |
|
|
olly
Green Belt
Joined: 27 Jun 2002
Posts: 217
|
|
| Back to top |
|
|
evasive
Mobo-fu Master
Joined: 06 May 2001
Posts: 36384
Location: Netherlands, Breda
|
| Posted: Sat Mar 26, 2005 4:22 am Post subject: |
|
|
| olly wrote: |
What make you think it is that? I just checked the registry keys in your link and found nothing. I'll carry on checking.
I was hoping I wasn't infected with anything and was just having my Messenger Service exploited |
the win-fix.com domain showing up. I'd try the online Symantec virus checker, I think you're infected. Most probable cause: not updating your virusscanner in time...
_________________
We hate rut, but we fear change.
System error, strike any user to continue... |
|
| Back to top |
|
|
kltsin
Black Belt 2nd Degree
Joined: 29 Jun 2004
Posts: 2792
Location: St. Augustine, Fl
|
| Posted: Mon Apr 04, 2005 11:50 pm Post subject: |
|
|
adware is generated of intense greed so the malware versions are intense and change very quick. It takes security gurus a few steps to catch up.
If adaware and/or spybot didnt catch it i need to know what has caused it for review or send you to real security experts so the affending file can be erradicated and info past on about it.
If you are still infected a HJT log would definetly be in order.
From what i have seen this looks like an old bug and it should have been eradicated after a reboot after running the above programs you listed.
Im assuming your OS is updated to latest service packs and all updates as well |
|
| Back to top |
|
|
|
