Guest jenjo200 Posted October 21, 2008 Posted October 21, 2008 First a disclaimer: I'm computer illiterate, so please talk to me like I'm a neanderthal. That being said, I've reviewed the posts from September 18th for this spyware pop-up, but they aren't helping me. I cannot access the recommended website to post my Hijack log. I don't know if the Trojan spyware is preventing me from doing so or what. I could really use some step by step assistance to walk me through this. If anyone could help me, I'd greatly appreciate it. In addition to the flashing yellow triangle and the pop-up System alert warning, I also get a window trying to direct me to download spyware software from "Windows". I am smart enough to know not to do so, but how do I get rid of the pop-ups? I have AdAware, which is not detecting it. I've read things telling me to manually delete the msmsg folders, but those look like Microsoft messenger and system folders and I'm afraid to do so. This thing appears to have deleted my homepage info as well. Being that I'm a computer moron, would you recommend I go to a professional, or is this something that I can do on my own? Thanks in advance for your help! Quote
Guest Kayman Posted October 21, 2008 Posted October 21, 2008 On Mon, 20 Oct 2008 22:40:01 -0700, jenjo200 wrote: <span style="color:blue"> > First a disclaimer: I'm computer illiterate, so please talk to me like I'm a > neanderthal. > > That being said, I've reviewed the posts from September 18th for this > spyware pop-up, but they aren't helping me. I cannot access the recommended > website to post my Hijack log. I don't know if the Trojan spyware is > preventing me from doing so or what. I could really use some step by step > assistance to walk me through this. If anyone could help me, I'd greatly > appreciate it. > > In addition to the flashing yellow triangle and the pop-up System alert > warning, I also get a window trying to direct me to download spyware software > from "Windows". I am smart enough to know not to do so, but how do I get rid > of the pop-ups? I have AdAware, which is not detecting it. I've read things > telling me to manually delete the msmsg folders, but those look like > Microsoft messenger and system folders and I'm afraid to do so. This thing > appears to have deleted my homepage info as well. > > Being that I'm a computer moron, would you recommend I go to a professional, > or is this something that I can do on my own?</span> Give it a try style_emoticons/ 1.Clear the (IE) temporary Internet files and the history cache. Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK' button. In Internet Properties panel 'General' tab, under 'Browsing history', click 'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete all...'button then place a checkmark into the box beside 'Also delete files and settings stored by add-ons', Click 'Yes' and exit the Internet Properties panel by clicking the 'OK' button. 2.Clean HDD Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out quotation marks into the box, then click the 'OK' button. Select your drive (presumably WinXP (C:) and click OK. 3.Kaspersky® AVPTool http://avptool.virusinfo.info/en/ Direct: http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ --and-- Dr.Web CureIt!® Utility - FREE http://www.freedrweb.com/cureit/ --and-- Malwarebytes© Corporation - Anti-Malware http://www.malwarebytes.org/mbam/program/mbam-setup.exe --and-- SuperAntispyware - Free http://www.superantispyware.com/superantis...efreevspro.html Note: Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't turn into full blown scanners), thus they need to be re-downloaded every time there's an update. Re: K/AVPTool; Uninstall after use. To uninstall/move this program "enable self-defense" must be unchecked! 4.Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/to...ools/hijackthis Please, do not post HJT logs to this newsgroup. Fora where you can get expert advice for HiJack This! (HJT) logs. http://www.thespykiller.co.uk/index.php?board=3.0 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.tomcoyote.org/index.php?showforum=27 http://www.bleepingcomputer.com/forums/forum22.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.theeldergeek.com/forum/index.php?showforum=29 NOTE: Registration is required in any of the above mentioned fora before posting a HJT log and read the 'stickies' (instructions/guidelines) for the respective HJT forum. 5.Flush your System Restore after doing these cleaning steps. Do this: Click Start==>Run... then type (or copy/paste) "sysdm.cpl" (w/out quotation marks) into the box, then click the 'OK' button. In the 'System Properties' panel click on 'System Restore' tab and [check] the box beside 'Turn off System Restore on all drives'. Click 'Apply' (under 'Available drives:' wait until the 'Status' has changed) then click 'OK'. Reboot. Click Start==>Run... then type (or copy/paste) "sysdm.cpl" (w/out quotation marks) into the box, then click the 'OK' button. In the 'System Properties' panel click on 'System Restore' tab and [uncheck] the box 'Turn off System Restore on all drives'. Click the 'Apply' button. Note: ensure that under 'Available drives' the Status of Drive does show 'Monitoring' (this may take while). Then click the 'OK' button. Now, manually create a restore point: 1. Click Start, point to Programs, point to Accessories, point to System Tools, and then click System Restore. 2. On the Welcome page, activate the radio button besides 'Create a restore point', click the 'Next >' button. 3. On the Create a Restore Point page, enter a descriptive name for your restore point, e.g. 'After Flushing System Restore Cache' and then click the 'Create' button. Reboot. Done! Quote
Guest Malke Posted October 21, 2008 Posted October 21, 2008 jenjo200 wrote: <span style="color:blue"> > First a disclaimer: I'm computer illiterate, so please talk to me like I'm > a neanderthal. > > That being said, I've reviewed the posts from September 18th for this > spyware pop-up, but they aren't helping me. I cannot access the > recommended website to post my Hijack log. I don't know if the Trojan > spyware is preventing me from doing so or what. I could really use some > step by step assistance to walk me through this. If anyone could help me, > I'd greatly appreciate it. > > In addition to the flashing yellow triangle and the pop-up System alert > warning, I also get a window trying to direct me to download spyware > software from "Windows". I am smart enough to know not to do so, but how > do I get rid of the pop-ups? I have AdAware, which is not detecting it. > I've read things telling me to manually delete the msmsg folders, but > those look like Microsoft messenger and system folders and I'm afraid to > do so. This thing appears to have deleted my homepage info as well. > > Being that I'm a computer moron, would you recommend I go to a > professional, or is this something that I can do on my own?</span> You must get the needed tools/updates from a different, known-clean computer. You must post your HJT log on one of the specialty forums from a different, known-clean computer. The infected one should be off the Internet and any Local Area Network anyway. I'll give you my standard "rogue malware" reply but as that says - there is no shame in admitting this isn't your cup of tea. We all have our areas of expertise. And yes, I think you should probably take your computer to a professional based on what you wrote above, but of course that's your choice. Your system is infected with a rogue antivirus program. It is called "rogue" because it pretends to be A Good Guy but is really Evil. Do not pay them! Because you didn't give me the name of the program that is trying to get you to buy it, I can't point you to specific removal steps. Look for them here: Bleeping Computer removal how-to's - http://www.bleepingcomputer.com/forums/forum55.html or here Malwarebytes malware removal guides - http://tinyurl.com/5xrpft If you are infected with XP Antivirus or Antivirus 2009/10, here are removal steps: http://www.bleepingcomputer.com/malware-re...-antivirus-2009 http://www.bleepingcomputer.com/forums/topic154529.html (earlier versions) Removal instructions for Antivirus 2010: http://www.malwarebytes.org/forums/index.php?showtopic=6703 Removal instructions for Antivirus 2009: http://www.malwarebytes.org/forums/index.php?showtopic=5178 These may work for you and all may be well. However, in many cases the computer will also be infected with Zlob and/or Vundo trojans and protected by a rootkit. These machines are extremely difficult to clean. If your machine is one of these cases, either get guided help at one of the specialty forums below OR back up your data and do a clean install of Windows. It is your choice. If you are unsure how to back up your data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.org/downloads/hijackthis.zip http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! FAQ - http://www.elephantboycomputers.com/#FAQ Quote
Guest The Real Truth MVP Posted October 22, 2008 Posted October 22, 2008 Use my Remove-it software, it will remove that malware from your system. Choose yes for all options when prompted. Download it here http://pcbutts1.com/downloads/tools/tools.htm -- The Real Truth http://pcbutts1-therealtruth.blogspot.com/ "jenjo200" <jenjo200@discussions.microsoft.com> wrote in message news:A2E7B913-2129-46CB-BFD1-3FCDBFCA0888@microsoft.com...<span style="color:blue"> > First a disclaimer: I'm computer illiterate, so please talk to me like I'm > a > neanderthal. > > That being said, I've reviewed the posts from September 18th for this > spyware pop-up, but they aren't helping me. I cannot access the > recommended > website to post my Hijack log. I don't know if the Trojan spyware is > preventing me from doing so or what. I could really use some step by step > assistance to walk me through this. If anyone could help me, I'd greatly > appreciate it. > > In addition to the flashing yellow triangle and the pop-up System alert > warning, I also get a window trying to direct me to download spyware > software > from "Windows". I am smart enough to know not to do so, but how do I get > rid > of the pop-ups? I have AdAware, which is not detecting it. I've read > things > telling me to manually delete the msmsg folders, but those look like > Microsoft messenger and system folders and I'm afraid to do so. This thing > appears to have deleted my homepage info as well. > > Being that I'm a computer moron, would you recommend I go to a > professional, > or is this something that I can do on my own? > > Thanks in advance for your help! > </span> Quote
Guest brucereid Posted October 23, 2008 Posted October 23, 2008 Thanks for all your suggestions, I guess these tips alone would help me in eliminating the pest that has made life miserable for me in the last one week or so, to my horror it has disabled the task manager, regedit like options and also does not allow them to function when I run on the Safe Mode. I believed though there was help waiting for me in these communities and here I found it. -- brucereid ------------------------------------------------------------------------ brucereid's Profile: http://forums.techarena.in/members/brucereid.htm View this thread: http://forums.techarena.in/security-virus/1058570.htm http://forums.techarena.in Quote
Guest David H. Lipman Posted October 23, 2008 Posted October 23, 2008 From: "brucereid" <brucereid.3hqozc@DoNotSpam.com> | Thanks for all your suggestions, I guess these tips alone would help me in eliminating | the pest that has made life miserable for me in the last one week or so, to my horror | it has disabled the task manager, regedit like options and also does not allow them to | function when I run on the Safe Mode. I believed though there was help waiting for me | in these communities and here I found it. -- brucereid Actually, you are in the WRONG place ! The following is the CORRECT URL... news://msnews.microsoft.com/microsoft.public.security.virus The above URL will take your default News Client directly to this news group and not through a web page front-end that bastardizes your ability to access the wealth of the Microsoft News Groups. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest ~BD~ Posted October 23, 2008 Posted October 23, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:e6YuxPVNJHA.3496@TK2MSFTNGP04.phx.gbl...<span style="color:blue"> > From: "brucereid" <brucereid.3hqozc@DoNotSpam.com> > > | Thanks for all your suggestions, I guess these tips alone would help me > in eliminating > | the pest that has made life miserable for me in the last one week or so, > to my horror > | it has disabled the task manager, regedit like options and also does not > allow them to > | function when I run on the Safe Mode. I believed though there was help > waiting for me > | in these communities and here I found it. -- brucereid > > Actually, you are in the WRONG place ! > > The following is the CORRECT URL... > > news://msnews.microsoft.com/microsoft.public.security.virus > > The above URL will take your default News Client directly to this news > group and not > through a web page front-end that bastardizes your ability to access the > wealth of the > Microsoft News Groups. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> Are you suggesting that 'news.microsoft.com' is now an inappropriate server to access the Microsoft Newsgroups? Dave -- Quote
Guest David H. Lipman Posted October 23, 2008 Posted October 23, 2008 From: "~BD~" <~BD~@no.mail.afraid.com> | Are you suggesting that 'news.microsoft.com' is now an inappropriate server | to access the Microsoft Newsgroups? | Dave I am NOT saying the MS News Server is "now an inappropriate server". I am saying that using a news client to access the MS News Groups, including microsoft.public.security.virus , is the BEST way to access and experience the wealth of the Microsoft News Groups. Using a web based HTTP front-end, to Usenet in general and the Microsoft groups in particular, is NOT the best route. You lose threading. You lose access to headers, you don't have a good search facility and you lose possibble attachments (NOTE: Microsoft allows up to 75KB attachments, most Usenet groups however do not allow attachments). There are many other benefits to using a news client to access Usenet news groups. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest ~BD~ Posted October 23, 2008 Posted October 23, 2008 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:u7NEMxVNJHA.1308@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > From: "~BD~" <~BD~@no.mail.afraid.com> > > > | Are you suggesting that 'news.microsoft.com' is now an inappropriate > server > | to access the Microsoft Newsgroups? > > | Dave > > I am NOT saying the MS News Server is "now an inappropriate server". > I am saying that using a news client to access the MS News Groups, > including > microsoft.public.security.virus , is the BEST way to access and > experience the wealth of > the Microsoft News Groups. > > Using a web based HTTP front-end, to Usenet in general and the Microsoft > groups in > particular, is NOT the best route. You lose threading. You lose access > to headers, you > don't have a good search facility and you lose possibble attachments > (NOTE: Microsoft > allows up to 75KB attachments, most Usenet groups however do not allow > attachments). > There are many other benefits to using a news client to access Usenet news > groups. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > ></span> You should know by now that I don't ask questions before giving matters just a little thought, Mr Lipman! style_emoticons/ I have asked before on the MS newsgroups and been advised that one may utilise either :- 'news.microsoft.com' ......... or 'msnews.microsoft.com' Your post (above) remains on 'news.microsoft.com' ........ but was deleted from 'msnews.microsoft.com' - any idea why that may be? TIA BD -- Quote
Guest David H. Lipman Posted October 23, 2008 Posted October 23, 2008 From: "~BD~" <~BD~@no.mail.afraid.com> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message | news:u7NEMxVNJHA.1308@TK2MSFTNGP02.phx.gbl...<span style="color:blue"><span style="color:green"> >> From: "~BD~" <~BD~@no.mail.afraid.com></span></span> <span style="color:blue"><span style="color:green"> >> | Are you suggesting that 'news.microsoft.com' is now an inappropriate >> server >> | to access the Microsoft Newsgroups?</span></span> <span style="color:blue"><span style="color:green"> >> | Dave</span></span> <span style="color:blue"><span style="color:green"> >> I am NOT saying the MS News Server is "now an inappropriate server". >> I am saying that using a news client to access the MS News Groups, >> including >> microsoft.public.security.virus , is the BEST way to access and >> experience the wealth of >> the Microsoft News Groups.</span></span> <span style="color:blue"><span style="color:green"> >> Using a web based HTTP front-end, to Usenet in general and the Microsoft >> groups in >> particular, is NOT the best route. You lose threading. You lose access >> to headers, you >> don't have a good search facility and you lose possibble attachments >> (NOTE: Microsoft >> allows up to 75KB attachments, most Usenet groups however do not allow >> attachments). >> There are many other benefits to using a news client to access Usenet news >> groups.</span></span> <span style="color:blue"><span style="color:green"> >> -- >> Dave >> http://www.claymania.com/removal-trojan-adware.html >> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp</span></span> | You should know by now that I don't ask questions before giving matters just | a little thought, Mr Lipman! style_emoticons/ | I have asked before on the MS newsgroups and been advised that one may | utilise either :- | 'news.microsoft.com' ......... or | 'msnews.microsoft.com' | Your post (above) remains on 'news.microsoft.com' ........ but was deleted | from 'msnews.microsoft.com' - any idea why that may be? TIA | BD | -- news.microsoft.com = 207.46.248.16 = msnews.microsoft.com -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.