Guest void.no.spam.com@gmail.com Posted May 6, 2008 Posted May 6, 2008 I turned off UAC on my parents' new computer a couple days ago. Yesterday, my dad encountered some spyware while browsing (he called me over and I noticed that Firefox had somehow gone to onlinexpscanner.com and downloaded a suspicious executable, and there was a prompt to run the program). I am now trying to figure out if any spyware got installed onto the computer. The first thing I have noticed is that UAC is now enabled, even though I had disabled it a couple days ago. How did that happen? Could any Windows updates have re-enabled it? Quote
Guest Adam Albright Posted May 6, 2008 Posted May 6, 2008 On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: <span style="color:blue"> >I turned off UAC on my parents' new computer a couple days ago. >Yesterday, my dad encountered some spyware while browsing (he called >me over and I noticed that Firefox had somehow gone to >onlinexpscanner.com and downloaded a suspicious executable, and there >was a prompt to run the program). I am now trying to figure out if >any spyware got installed onto the computer. The first thing I have >noticed is that UAC is now enabled, even though I had disabled it a >couple days ago. How did that happen? Could any Windows updates have >re-enabled it?</span> Surprise. onlinexpscanner.com IS the threat. It's often called social engineering. Dear old dad or someone with access to this computer might have visited this site under the lure of a free system scan. Sounds harmless enough, except it reports bogus things wrong with you system and then installs itself. Newer versions of anti virus and malware programs like AVG will flag hostile web sites so only dummies like Frank would be dumb enough to still click on them. Confirm onlinexpscanner is on your system. Look in Task Manager under processes tab. According to Google there are many web sites that tell you how to remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the site! Use Google to find web pages that talk about it and offer methods to remove it. First install AVG 8.0. This is a reliable company that makes real anti virus and malware protection software. Once installed when you enter onlinexpscanner into Google and similar threats it will have a red X, while "trusted" sites with have a green check mark. This sounds like a Trojan, not spyware. Trojans have the ability to hijack your system so somebody can remotely control your computer and yes, that means exactly what it sounds like. Quote
Guest void.no.spam.com@gmail.com Posted May 6, 2008 Posted May 6, 2008 On May 5, 11:32Â pm, Adam Albright <A...@ABC.net> wrote:<span style="color:blue"> > On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com" > > <void.no.spam....@gmail.com> wrote:<span style="color:green"> > >I turned off UAC on my parents' new computer a couple days ago. > >Yesterday, my dad encountered some spyware while browsing (he called > >me over and I noticed that Firefox had somehow gone to > >onlinexpscanner.com and downloaded a suspicious executable, and there > >was a prompt to run the program). Â I am now trying to figure out if > >any spyware got installed onto the computer. Â The first thing I have > >noticed is that UAC is now enabled, even though I had disabled it a > >couple days ago. Â How did that happen? Â Could any Windows updates have > >re-enabled it?</span> > > Surprise. onlinexpscanner.com IS the threat. It's often called social > engineering. Dear old dad or someone with access to this computer > might have visited this site under the lure of a free system scan. > Sounds harmless enough, except it reports bogus things wrong with you > system and then installs itself. Newer versions of anti virus and > malware programs like AVG will flag hostile web sites so only dummies > like Frank would be dumb enough to still click on them.</span> Yeah, I figured it was one of those "anti-spyware" sites that really install spyware onto your computer. <span style="color:blue"> > Confirm onlinexpscanner is on your system. Look in Task Manager under > processes tab. > > According to Google there are many web sites that tell you how to > remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the > site! Use Google to find web pages that talk about it and offer > methods to remove it. > > First install AVG 8.0. This is a reliable company that makes real anti > virus and malware protection software. Once installed when you enter > onlinexpscanner into Google and similar threats it will have a red X, > while "trusted" sites with have a green check mark.</span> I did install AntiVir onto the computer, but that sounds like a cool feature in AVG. Would that be AVG Antivirus or AVG Antispyware? <span style="color:blue"> > This sounds like a Trojan, not spyware. Trojans have the ability to > hijack your system so somebody can remotely control your computer and > yes, that means exactly what it sounds like.</span> I went to the second site that came up in Google for "onlinexpscanner" - http://www.411-spyware.com/remove-onlinexpscanner-com. That is legitimate, right? I checked for the processes/files/registry keys that it mentioned, and I don't see anything. I do have Explorer configured to show all hidden/system files, and I told Task Manager to show processes for all users. But I guess I'm still a little paranoid. Do you think Windows Defender would have stopped the spyware from executing? Also, what do you think of using System Restore? There is a restore point that is prior to my dad's encounter with the spyware site, so if I restored the system to that point, would it guarantee that any spyware would be removed? I'm not sure if that would work, because I read that System Restore does not restore everything. Quote
Guest Nonny Posted May 6, 2008 Posted May 6, 2008 On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: <span style="color:blue"><span style="color:green"> >> First install AVG 8.0. This is a reliable company that makes real anti >> virus and malware protection software. Once installed when you enter >> onlinexpscanner into Google and similar threats it will have a red X, >> while "trusted" sites with have a green check mark.</span> > >I did install AntiVir onto the computer, but that sounds like a cool >feature in AVG. Would that be AVG Antivirus or AVG Antispyware?</span> It's the latest version of AVG antivirus. Very nice. Quote
Guest Mick Murphy Posted May 6, 2008 Posted May 6, 2008 Use the programs I have listed below, and you will have no more probs. http://service1.symantec.com/SUPPORT/tsgen...005033108162039 Above is the link for Norton Removal Tool; if using Norton. Vista’s Firewall is very good! http://www.avast.com/eng/download-avast-home.html Above is a link to Avast Free 4 Home Anti-Virus It is low resource using, free and Vista 32bit and 64bit compatible. Only have one (1) anti-virus installed; more than 1 can cause conflicts. http://www.safer-networking.org/en/index.html For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2†Download it, install it, update it, immunize your system and scan your System with it. http://www.javacoolsoftware.com/ For a non-scanning, but running in the background, Program to STOP Spyware being downloaded to your Computer, use SpywareBlaster 4, available at the above link. IMPORTANT ADVICE: After scanning with the above Programs, problems still remain. Reboot computer, and tap F8 at power on/ startup. From the list of options that appears, select Safe mode by using the UP and DOWN Arrows, then hit ENTER. Rescan the computer in Safe mode. -- Mick Murphy - Qld - Australia "void.no.spam.com@gmail.com" wrote: <span style="color:blue"> > On May 5, 11:32 pm, Adam Albright <A...@ABC.net> wrote:<span style="color:green"> > > On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com" > > > > <void.no.spam....@gmail.com> wrote:<span style="color:darkred"> > > >I turned off UAC on my parents' new computer a couple days ago. > > >Yesterday, my dad encountered some spyware while browsing (he called > > >me over and I noticed that Firefox had somehow gone to > > >onlinexpscanner.com and downloaded a suspicious executable, and there > > >was a prompt to run the program). I am now trying to figure out if > > >any spyware got installed onto the computer. The first thing I have > > >noticed is that UAC is now enabled, even though I had disabled it a > > >couple days ago. How did that happen? Could any Windows updates have > > >re-enabled it?</span> > > > > Surprise. onlinexpscanner.com IS the threat. It's often called social > > engineering. Dear old dad or someone with access to this computer > > might have visited this site under the lure of a free system scan. > > Sounds harmless enough, except it reports bogus things wrong with you > > system and then installs itself. Newer versions of anti virus and > > malware programs like AVG will flag hostile web sites so only dummies > > like Frank would be dumb enough to still click on them.</span> > > Yeah, I figured it was one of those "anti-spyware" sites that really > install spyware onto your computer. > > <span style="color:green"> > > Confirm onlinexpscanner is on your system. Look in Task Manager under > > processes tab. > > > > According to Google there are many web sites that tell you how to > > remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the > > site! Use Google to find web pages that talk about it and offer > > methods to remove it. > > > > First install AVG 8.0. This is a reliable company that makes real anti > > virus and malware protection software. Once installed when you enter > > onlinexpscanner into Google and similar threats it will have a red X, > > while "trusted" sites with have a green check mark.</span> > > I did install AntiVir onto the computer, but that sounds like a cool > feature in AVG. Would that be AVG Antivirus or AVG Antispyware? > > <span style="color:green"> > > This sounds like a Trojan, not spyware. Trojans have the ability to > > hijack your system so somebody can remotely control your computer and > > yes, that means exactly what it sounds like.</span> > > I went to the second site that came up in Google for "onlinexpscanner" > - http://www.411-spyware.com/remove-onlinexpscanner-com. That is > legitimate, right? I checked for the processes/files/registry keys > that it mentioned, and I don't see anything. I do have Explorer > configured to show all hidden/system files, and I told Task Manager to > show processes for all users. > > But I guess I'm still a little paranoid. Do you think Windows > Defender would have stopped the spyware from executing? > > Also, what do you think of using System Restore? There is a restore > point that is prior to my dad's encounter with the spyware site, so if > I restored the system to that point, would it guarantee that any > spyware would be removed? I'm not sure if that would work, because I > read that System Restore does not restore everything. > </span> Quote
Guest Adam Albright Posted May 6, 2008 Posted May 6, 2008 On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" <void.no.spam.com@gmail.com> wrote: <span style="color:blue"> >On May 5, 11:32Â pm, Adam Albright <A...@ABC.net> wrote:<span style="color:green"> >> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com" >> >> <void.no.spam....@gmail.com> wrote:<span style="color:darkred"> >> >I turned off UAC on my parents' new computer a couple days ago. >> >Yesterday, my dad encountered some spyware while browsing (he called >> >me over and I noticed that Firefox had somehow gone to >> >onlinexpscanner.com and downloaded a suspicious executable, and there >> >was a prompt to run the program). Â I am now trying to figure out if >> >any spyware got installed onto the computer. Â The first thing I have >> >noticed is that UAC is now enabled, even though I had disabled it a >> >couple days ago. Â How did that happen? Â Could any Windows updates have >> >re-enabled it?</span> >> >> Surprise. onlinexpscanner.com IS the threat. It's often called social >> engineering. Dear old dad or someone with access to this computer >> might have visited this site under the lure of a free system scan. >> Sounds harmless enough, except it reports bogus things wrong with you >> system and then installs itself. Newer versions of anti virus and >> malware programs like AVG will flag hostile web sites so only dummies >> like Frank would be dumb enough to still click on them.</span> > >Yeah, I figured it was one of those "anti-spyware" sites that really >install spyware onto your computer. > ><span style="color:green"> >> Confirm onlinexpscanner is on your system. Look in Task Manager under >> processes tab. >> >> According to Google there are many web sites that tell you how to >> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the >> site! Use Google to find web pages that talk about it and offer >> methods to remove it. >> >> First install AVG 8.0. This is a reliable company that makes real anti >> virus and malware protection software. Once installed when you enter >> onlinexpscanner into Google and similar threats it will have a red X, >> while "trusted" sites with have a green check mark.</span> > >I did install AntiVir onto the computer, but that sounds like a cool >feature in AVG. Would that be AVG Antivirus or AVG Antispyware? > ><span style="color:green"> >> This sounds like a Trojan, not spyware. Trojans have the ability to >> hijack your system so somebody can remotely control your computer and >> yes, that means exactly what it sounds like.</span> > >I went to the second site that came up in Google for "onlinexpscanner" >- http://www.411-spyware.com/remove-onlinexpscanner-com. That is >legitimate, right? I checked for the processes/files/registry keys >that it mentioned, and I don't see anything. I do have Explorer >configured to show all hidden/system files, and I told Task Manager to >show processes for all users. > >But I guess I'm still a little paranoid. Do you think Windows >Defender would have stopped the spyware from executing? > >Also, what do you think of using System Restore? There is a restore >point that is prior to my dad's encounter with the spyware site, so if >I restored the system to that point, would it guarantee that any >spyware would be removed? I'm not sure if that would work, because I >read that System Restore does not restore everything.</span> I would just install AVG 8.0. The free version. Then let it run it's anti-virus malware routine. If you still have onlinexpscanner or anything else malicious on your system it should be able to isolate it. You are best off not trusting some unknown anti-spyware. That's how you got in trouble in the first space. AVG has been around a long time and has a good reputation. Use it. It is free. That's all you need. If it is a Trojan it may hide itself and not show up in the processes tab. It may or may not be on your system. By using AVG you'll find out and it should be able to remove it or at least render it harmless. If the system appears to be running ok, no real need to use a restore point. Quote
Guest C.B. Posted May 7, 2008 Posted May 7, 2008 "Nonny" <nonnymoose@yahoo.com> wrote in message news:c4rv14ldscubsh3chssodouape6jkavqqp@4ax.com...<span style="color:blue"> > On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com" > <void.no.spam.com@gmail.com> wrote: ><span style="color:green"><span style="color:darkred"> >>> First install AVG 8.0. This is a reliable company that makes real anti >>> virus and malware protection software. Once installed when you enter >>> onlinexpscanner into Google and similar threats it will have a red X, >>> while "trusted" sites with have a green check mark.</span> >> >>I did install AntiVir onto the computer, but that sounds like a cool >>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?</span> > > It's the latest version of AVG antivirus. Very nice.</span> AVG AntiSpyware 7.5.1.43 plus is the last version of the antispyware product offered by AVG. It is now incorporated into their new AVG Antivirus 8.0. Their antispyware product will no longer be offered as a standalone product. C.B. -- It is the responsibility and duty of everyone to help the underprivileged and unfortunate among us. Quote
Guest Newsgal330 Posted May 27, 2008 Posted May 27, 2008 The same thing happened to me just now (I use Windows XP). I was Googling, went to a page I thought might have the info I was searching for, and bingo! the screen turned into XP Scanner, complete with dire warnings (in red) that I had a moderate tracking program installed, a moderate trojan, and a very bad virus. My Norton protection, however, popped up and said the site did not have an authentication signature. I immediately tried to exit...and the dratted page gave me all kinds of grief. Every time I'd hit Cancel, the computer looped back to the original WARNING window, and when I'd hit X, the program download window would come up. I finally simply exited the Internet altogether, and immediately ran a scan. No trojans, no viruses, and one minor tracking program. My advice is: ignore it, exit, and then run a quick scan to make sure everything is OK. "void.no.spam.com@gmail.com" wrote: <span style="color:blue"> > I turned off UAC on my parents' new computer a couple days ago. > Yesterday, my dad encountered some spyware while browsing (he called > me over and I noticed that Firefox had somehow gone to > onlinexpscanner.com and downloaded a suspicious executable, and there > was a prompt to run the program). I am now trying to figure out if > any spyware got installed onto the computer. The first thing I have > noticed is that UAC is now enabled, even though I had disabled it a > couple days ago. How did that happen? Could any Windows updates have > re-enabled it? > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.