Guest Justin Posted May 1, 2009 Posted May 1, 2009 Running Windows XP my cousin ended up with an infestation of spyware and adware after AVG ran out and it stopped updating. I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then blue screened. After a reboot and another scan winlogon.exe was no longer infected but other files were. It seems to have disinfected them. The only thing left is a popup that comes up everytime IE is started. I can't figure out what is causing it. I ran ad aware - it disposed of a few things but he still gets that popup when IE starts. What now? Quote
Guest Malke Posted May 1, 2009 Posted May 1, 2009 Justin wrote: <span style="color:blue"> > Running Windows XP my cousin ended up with an infestation of spyware and > adware after AVG ran out and it stopped updating. > I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then > blue screened. > After a reboot and another scan winlogon.exe was no longer infected but > other files were. It seems to have disinfected them. > The only thing left is a popup that comes up everytime IE is started. I > can't figure out what is causing it. I ran ad aware - it disposed of a > few things but he still gets that popup when IE starts. > > What now?</span> Either get guided help at one of the specialty forums below OR back up your cousin's data and do a clean install of Windows. It is your choice. If you are unsure how to back up the data or how to do a clean install, you can take your machine to a local computer professional. I don't recommend using BigComputerStore/GeekSquad types of places. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://aumha.net/viewtopic.php?t=4075 - Posting FAQ http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://www.malwarebytes.org/forums/index.php?showforum=7 http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ http://www.thespykiller.co.uk/index.php?board=3.0 http://forums.subratam.org/index.php?showforum=7 Malke -- MS-MVP Elephant Boy Computers - Don't Panic! http://www.elephantboycomputers.com/#FAQ Quote
Guest rive0108 Posted May 1, 2009 Posted May 1, 2009 Justin;1033242 Wrote: <span style="color:blue"> > Running Windows XP my cousin ended up with an infestation of spyware and > adware after AVG ran out and it stopped updating. > I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then > blue screened. > After a reboot and another scan winlogon.exe was no longer infected but > other files were. It seems to have disinfected them. > The only thing left is a popup that comes up everytime IE is started. I > can't figure out what is causing it. I ran ad aware - it disposed of a > few things but he still gets that popup when IE starts. > > What now?</span> First of all, AVG and Ad-Aware are not very good, and you are probably dealing with Polymorphic malware. Example, AVG is recent AV-Comparative testing [feb 2009] only received 1 star certification out of 3 stars. This is what I suggest you do: 1. download/run a certified 3 star antivirus/antispyware app like NOD32 4, Kaspersky, Symantec, or Mcafee with Artemis. Avira is free, as is Avast!. Both only received 2 star certification in regards to On-demand scannning, but they are both better than AVG. 2. download and run Malwarebytes. Real time protection is disabled in the trial version, so update and use the On-Demand scanner. This App is specifically geared towards Polymorphic trojans, and is not designed to be used as a standalone. You can also download and run a System Inspector self Diagnostic. Green is ideal, while anything In red is a problem. If it was me I would do this: Install the 30 day Eset NOD32 4 Antivirus/Antimalware (this is the only program to recieve both a 3 star certification in Hueristic and on demand scanning from AV-Comparatives) [Nov 08/Feb 09] then, I would Install and run Malwarebytes, and run a full Scan with Defender-but I run x64 Ultimate-you would have to download this app. note- you can remove NOD32 after your system is cleaned. This app has self defense to prevent Malware Corruption. Chances are though, you have User/data file and Windows corruption that only a re-install will fix. Antivirus Comparative testing: http://www.vistax64.com/system-security/17...erformance.html Antimalware/Antivirus scanners: http://www.vistax64.com/system-security/16...rity-tools.html -- rive0108 Quote
Guest Mike Hall - MVP Posted May 2, 2009 Posted May 2, 2009 "rive0108" <guest@unknown-email.com> wrote in message news:2fd31ee950f66e893a9c2634c4785059@nntp-gateway.com...<span style="color:blue"> > > Justin;1033242 Wrote:<span style="color:green"> >> Running Windows XP my cousin ended up with an infestation of spyware and >> adware after AVG ran out and it stopped updating. >> I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then >> blue screened. >> After a reboot and another scan winlogon.exe was no longer infected but >> other files were. It seems to have disinfected them. >> The only thing left is a popup that comes up everytime IE is started. I >> can't figure out what is causing it. I ran ad aware - it disposed of a >> few things but he still gets that popup when IE starts. >> >> What now?</span> > > First of all, AVG and Ad-Aware are not very good, and you are probably > dealing with Polymorphic malware. > > Example, AVG is recent AV-Comparative testing [feb 2009] only received > 1 star certification out of 3 stars. > > This is what I suggest you do: > > 1. download/run a certified 3 star antivirus/antispyware app like NOD32 > 4, Kaspersky, Symantec, or Mcafee with Artemis. > Avira is free, as is Avast!. Both only received 2 star certification in > regards to On-demand scannning, but they are both better than AVG. > > 2. download and run Malwarebytes. Real time protection is disabled in > the trial version, so update and use the On-Demand scanner. This App is > specifically geared towards Polymorphic trojans, and is not designed to > be used as a standalone. > > You can also download and run a System Inspector self Diagnostic. Green > is ideal, while anything In red is a problem. > > If it was me I would do this: > Install the 30 day Eset NOD32 4 Antivirus/Antimalware (this is the > only program to recieve both a 3 star certification in Hueristic and on > demand scanning from AV-Comparatives) [Nov 08/Feb 09] > then, I would Install and run Malwarebytes, and run a full Scan with > Defender-but I run x64 Ultimate-you would have to download this app. > note- you can remove NOD32 after your system is cleaned. This app has > self defense to prevent Malware Corruption. > > > Chances are though, you have User/data file and Windows corruption that > only a re-install will fix. > > Antivirus Comparative testing: > http://www.vistax64.com/system-security/17...erformance.html > > Antimalware/Antivirus scanners: > http://www.vistax64.com/system-security/16...rity-tools.html > > > -- > rive0108</span> A pity that the Vista64 forum has an add for Uniblue Registry Booster.. I understand that Uniblue pay well for displaying it.. -- Mike Hall - MVP Windows Experience http://msmvps.com/blogs/mikehall/ Quote
Guest rive0108 Posted May 2, 2009 Posted May 2, 2009 Mike Hall - MVP;1033707 Wrote: <span style="color:blue"> > "rive0108" <guest@xxxxxx-email.com> wrote in message > news:2fd31ee950f66e893a9c2634c4785059@xxxxxx-gateway.com...> > > <span style="color:green"><span style="color:darkred"> > > > > > > Justin;1033242 Wrote:> > > > > > > > >> Running Windows XP my cousin ended up with an infestation of spyware > > > and > > > >> adware after AVG ran out and it stopped updating. > > > >> I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then > > > >> blue screened. > > > >> After a reboot and another scan winlogon.exe was no longer infected > > > but > > > >> other files were. It seems to have disinfected them. > > > >> The only thing left is a popup that comes up everytime IE is > > > started. I > > > >> can't figure out what is causing it. I ran ad aware - it disposed of > > > a > > > >> few things but he still gets that popup when IE starts. > > > >> > > > >> What now?> > > > > > > > > > First of all, AVG and Ad-Aware are not very good, and you are</span> > > probably<span style="color:darkred"> > > > dealing with Polymorphic malware. > > > > > > Example, AVG is recent AV-Comparative testing [feb 2009] only</span> > > received<span style="color:darkred"> > > > 1 star certification out of 3 stars. > > > > > > This is what I suggest you do: > > > > > > 1. download/run a certified 3 star antivirus/antispyware app like</span> > > NOD32<span style="color:darkred"> > > > 4, Kaspersky, Symantec, or Mcafee with Artemis. > > > Avira is free, as is Avast!. Both only received 2 star</span> > > certification in<span style="color:darkred"> > > > regards to On-demand scannning, but they are both better than</span> > > AVG.<span style="color:darkred"> > > > > > > 2. download and run Malwarebytes. Real time protection is</span> > > disabled in<span style="color:darkred"> > > > the trial version, so update and use the On-Demand scanner. This</span> > > App is<span style="color:darkred"> > > > specifically geared towards Polymorphic trojans, and is not</span> > > designed to<span style="color:darkred"> > > > be used as a standalone. > > > > > > You can also download and run a System Inspector self Diagnostic.</span> > > Green<span style="color:darkred"> > > > is ideal, while anything In red is a problem. > > > > > > If it was me I would do this: > > > Install the 30 day Eset NOD32 4 Antivirus/Antimalware (this</span> > > is the<span style="color:darkred"> > > > only program to recieve both a 3 star certification in Hueristic</span> > > and on<span style="color:darkred"> > > > demand scanning from AV-Comparatives) [Nov 08/Feb 09] > > > then, I would Install and run Malwarebytes, and run a full Scan</span> > > with<span style="color:darkred"> > > > Defender-but I run x64 Ultimate-you would have to download this</span> > > app.<span style="color:darkred"> > > > note- you can remove NOD32 after your system is cleaned. This app</span> > > has<span style="color:darkred"> > > > self defense to prevent Malware Corruption. > > > > > > > > > Chances are though, you have User/data file and Windows</span> > > corruption that<span style="color:darkred"> > > > only a re-install will fix. > > > > > > Antivirus Comparative testing: > > ></span> > > http://www.vistax64.com/system-security/17...erformance.html<span style="color:darkred"> > > > > > > Antimalware/Antivirus scanners: > > ></span> > > http://www.vistax64.com/system-security/16...rity-tools.html<span style="color:darkred"> > > > > > > > > > -- > > > rive0108 > > </span></span> > > > A pity that the Vista64 forum has an add for Uniblue Registry > Booster.. I > understand that Uniblue pay well for displaying it.. > > > -- > > Mike Hall - MVP Windows Experience > 'Mike's Window' (http://msmvps.com/blogs/mikehall/)</span> Where is that? Only Visitors see Google adsense at the top of the page. I see none, but anyhow, Registry "cleaners"/"boosters"/"performance increasers" are just gimmicks, and often do more harm than good. I do not recommend any type of reg cleaner/booster. If you know how to use a reg cleaner/editor, they are ok, but most dont, and reg cleaners are notorious for corruption of Windows as they often cannot distinguish between legitimate and unwanted entries. rule of thumb- If you dont know the purpose of the entry a cleaner wants to "clean" do not let it "clean" it. If you dont know the difference between a .dll and a svchost executable -YOU SHOULD NOT BE USING A REG CLEANER/PERFORMANCE BOOSTER! Otherwise you will find yourself re-installing Windows. -- rive0108 '::_-Win_$500_With_Vista_Forums-_::' (http://www.vistax64.com/competitions/22436...r_more_info-_:: Quote
Guest Mike Hall - MVP Posted May 2, 2009 Posted May 2, 2009 "rive0108" <guest@unknown-email.com> wrote in message news:3dca0419c841443f792380ac40f011b6@nntp-gateway.com...<span style="color:blue"> > > Mike Hall - MVP;1033707 Wrote:<span style="color:green"> >> "rive0108" <guest@xxxxxx-email.com> wrote in message >> news:2fd31ee950f66e893a9c2634c4785059@xxxxxx-gateway.com...> > ><span style="color:darkred"> >> > > >> > > Justin;1033242 Wrote:> > > > > >> > > >> Running Windows XP my cousin ended up with an infestation of >> > > >> spyware >> > > and >> > > >> adware after AVG ran out and it stopped updating. >> > > >> I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and >> > > >> then >> > > >> blue screened. >> > > >> After a reboot and another scan winlogon.exe was no longer >> > > >> infected >> > > but >> > > >> other files were. It seems to have disinfected them. >> > > >> The only thing left is a popup that comes up everytime IE is >> > > started. I >> > > >> can't figure out what is causing it. I ran ad aware - it disposed >> > > >> of >> > > a >> > > >> few things but he still gets that popup when IE starts. >> > > >> >> > > >> What now?> > > > >> > > >> > > First of all, AVG and Ad-Aware are not very good, and you are >> > probably >> > > dealing with Polymorphic malware. >> > > >> > > Example, AVG is recent AV-Comparative testing [feb 2009] only >> > received >> > > 1 star certification out of 3 stars. >> > > >> > > This is what I suggest you do: >> > > >> > > 1. download/run a certified 3 star antivirus/antispyware app like >> > NOD32 >> > > 4, Kaspersky, Symantec, or Mcafee with Artemis. >> > > Avira is free, as is Avast!. Both only received 2 star >> > certification in >> > > regards to On-demand scannning, but they are both better than >> > AVG. >> > > >> > > 2. download and run Malwarebytes. Real time protection is >> > disabled in >> > > the trial version, so update and use the On-Demand scanner. This >> > App is >> > > specifically geared towards Polymorphic trojans, and is not >> > designed to >> > > be used as a standalone. >> > > >> > > You can also download and run a System Inspector self Diagnostic. >> > Green >> > > is ideal, while anything In red is a problem. >> > > >> > > If it was me I would do this: >> > > Install the 30 day Eset NOD32 4 Antivirus/Antimalware (this >> > is the >> > > only program to recieve both a 3 star certification in Hueristic >> > and on >> > > demand scanning from AV-Comparatives) [Nov 08/Feb 09] >> > > then, I would Install and run Malwarebytes, and run a full Scan >> > with >> > > Defender-but I run x64 Ultimate-you would have to download this >> > app. >> > > note- you can remove NOD32 after your system is cleaned. This app >> > has >> > > self defense to prevent Malware Corruption. >> > > >> > > >> > > Chances are though, you have User/data file and Windows >> > corruption that >> > > only a re-install will fix. >> > > >> > > Antivirus Comparative testing: >> > > >> > http://www.vistax64.com/system-security/17...erformance.html >> > > >> > > Antimalware/Antivirus scanners: >> > > >> > http://www.vistax64.com/system-security/16...rity-tools.html >> > > >> > > >> > > -- >> > > rive0108 > ></span> >> >> >> A pity that the Vista64 forum has an add for Uniblue Registry >> Booster.. I >> understand that Uniblue pay well for displaying it.. >> >> >> -- >> >> Mike Hall - MVP Windows Experience >> 'Mike's Window' (http://msmvps.com/blogs/mikehall/)</span> > > Where is that? Only Visitors see Google adsense at the top of the page. > I see none, but anyhow, Registry "cleaners"/"boosters"/"performance > increasers" are just gimmicks, and often do more harm than good. I do > not recommend any type of reg cleaner/booster. > If you know how to use a reg cleaner/editor, they are ok, but most > dont, and reg cleaners are notorious for corruption of Windows as they > often cannot distinguish between legitimate and unwanted entries. > > rule of thumb- > If you dont know the purpose of the entry a cleaner wants to "clean" do > not let it "clean" it. > If you dont know the difference between a .dll and a svchost executable > -YOU SHOULD NOT BE USING A REG CLEANER/PERFORMANCE BOOSTER! Otherwise > you will find yourself re-installing Windows. > > > -- > rive0108 > > '::_-Win_$500_With_Vista_Forums-_::' > (http://www.vistax64.com/competitions/22436...r_more_info-_::</span> It isn't a Google Adsense ad. It is HTML code supplied by Uniblue. Go in as a visitor and you will see it.. -- Mike Hall - MVP Windows Experience http://msmvps.com/blogs/mikehall/ Quote
Guest rive0108 Posted May 2, 2009 Posted May 2, 2009 Mike Hall - MVP;1033973 Wrote: <span style="color:blue"> > > It isn't a Google Adsense ad. It is HTML code supplied by Uniblue. Go > in as > a visitor and you will see it.. > > Mike Hall - MVP Windows Experience > 'Mike's Window' (http://msmvps.com/blogs/mikehall/)</span> I saw it, It states it is Microsoft certified and recommended by Cnet. Which to me means nothing. Its just an ad, and if you checked my link in the above post Editors choice/recommendations are meaningless. It is a randomly generated ad that only non-registered Users see. +-------------------------------------------------------------------+ |Filename: Capture.jpg | |Download: http://www.vistax64.com/attachment.php?attachmentid=12526| +-------------------------------------------------------------------+ -- rive0108 '::_-Win_$500_With_Vista_Forums-_::' (http://www.vistax64.com/competitions/22436...r_more_info-_:: Quote
Guest rive0108 Posted May 2, 2009 Posted May 2, 2009 Mike Hall - MVP;1033973 Wrote: <span style="color:blue"> > > > > It isn't a Google Adsense ad. It is HTML code supplied by Uniblue. Go > in as > a visitor and you will see it.. > > Mike Hall - MVP Windows Experience > 'Mike's Window' (http://msmvps.com/blogs/mikehall/)</span> Oh, and by the way, youre wrong- The "ad" is google AdSense. Hover cursor over the link, and check the URL- 'www .googleads.g.doubleclick.net/' (http://www.googleads.g.doubleclick.net/) +-------------------------------------------------------------------+ |Filename: Capture.jpg | |Download: http://www.vistax64.com/attachment.php?attachmentid=12532| +-------------------------------------------------------------------+ -- rive0108 '::_-Win_$500_With_Vista_Forums-_::' (http://www.vistax64.com/competitions/22436...r_more_info-_:: Quote
Guest Peter Foldes Posted May 3, 2009 Posted May 3, 2009 Justin Take a look at the following. Reference it for next time http://www.blakjak.demon.co.uk/mul_crss.htm -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "Justin" <Justin@nobecauseihatespam.com> wrote in message news:O200cmqyJHA.1712@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Running Windows XP my cousin ended up with an infestation of spyware and adware > after AVG ran out and it stopped updating. > I installed AVG 8.5 ran a scan, it disinfected winlogon.exe and then blue > screened. > After a reboot and another scan winlogon.exe was no longer infected but other > files were. It seems to have disinfected them. > The only thing left is a popup that comes up everytime IE is started. I can't > figure out what is causing it. I ran ad aware - it disposed of a few things but > he still gets that popup when IE starts. > > What now? </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.