Posted: 10/14/2008 8:02:05 PM EDT
|
I had posted about two days back about my computer ( Sony VIAO ) getting infected with spyware/malware and about advice on how to remove it. I downloaded AdAware ( paid version ), and ran that - no success. Popups still occured. I then downloaded SpyBot, and ran it to some good effect. It has slowed the freqency of the popups, and showed me exactly where some of the problems are. I then got AVG from Grisoft, and it also helped, but some of the popups still persist. In addition, my computer has slowed down TREMENDOUSLY since being infected. Typing in this message box is problematic, as I have to hit a key two or three times to get a letter. It also selects a point in the text to send the cursor to, like its got a mind of its own. The popups are usually the same ones, offering 'click to clean your PC of spyware!' promises. Like any sane person, I don't click on them. I even went into the registry manually and removed some of the offending files. This still has not worked. Here's some of the stuff Spybot has found, and 'fixed' about a dozen times over: Virtumonde.dll. (SBI $B554B1DA ) Browser helper object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects\{3B2750B4-77DF-4BE4-8DCE-3AC2F6568A10} (SBI $B554B1DA) Class ID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B2750B4-77DF-4BE4-8DCE-3AC2F6568A10} Smithfraud-C. (SBI $657289E) Data C:\Documents and setting\Neil\Local Settings\Temp\x.ico AntiSpywareMaster (SBI $5DCBA1F1 ) Link C:\Documents and settings\Neil\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk etc... Here's the deal. I'm an active duty enlisted Marine. I don't got the money to go and buy an XP installation pack, so re-formatting the harddrive is out of the question. I got to fix this laptop ASAP, so any help would be deeply appreciated. Hell, whoever has a solution ( aka, nuclear option ), I'll think of some way to pay you back. How, I don't know yet, but I'll think of something. Every time I try to google search the lightfighter boards, it opens more popups... its a sick, sick joke. Thanks in advance for the help. S/F |
|
Trend Housecalls free online scanner It's a pretty good one. My advice is to quit while you're behind. Save all your important files, and reformat and re-install. ZM |
Unfortunately no.  I'm stationed in CA right now. Thinkin' of going back to CT for a few days in December though. Updates - Computer won't boot in safe mode. I get a blue screen saying system error, and it sends the computer back to restart in normal mode. The free scan site won't open. I'll click on it, and IE will magically redirect itself to a new address. Out-fucking-standing... S/F |
Well, shit.... Wish I could've helped. Sounds like you've got an infected HOSTS file on that thing, judging by the redirect. You need to download Spybot, Search & Destroy, Ad-Aware SE, And McAfee Stinger and run them in safe mode. Booting up in other than safe mode, is a complete waste of time. The viruses/trojans are already running then. Like mentioned above, you can create a new user account in control panel, and log into that one temporarily. Might be just enough to get the things I mentioned above to install and do their magic. About the infected HOSTS file... This is bad. It'll redirect ALL your attempts to get to GOOD websites, when you attempt to clean this shit out. First thing is to delete it and replace it with a clean copy. If you had a 2nd computer close by, you could just yank your hard drive out and drop it into another as a slave. Then you can clean it, using the programs/scanners on the 2nd computer, without executing the bad shit.... Got to be some Kali guys here near you, who can get you squared away. Step up, fellas ! Help a guy out ! |
|
Some VAIOs came with a built-in recovery partition on the HDD. This means you can do the recovery yourself without spending any money. Are you still using the factory image, or has it been wiped before? There might be a VAIO Recovery program in your program groups or it might be something you have to access after the computer boots but before the OS starts loading. Sometimes you have to press an "F" key to access the recovery wizard before wndows loads. The other possibility is you have to burn your own recovery CD/DVDs using the VAIO recovery wizard. Most of the time the recovery process will destroy your data and bring the computer back to the way it was out of the factory. Sometimes there is a non-destructive recovery method. |
|
No, not the Mfg restore, the OS restore. Through the All Programs menu: 1. Click Start. 2. Point to All Programs. 3. Point to Accessories. 4. Point to System Tools. 5. Click System Restore. 6. Follow the instructions on the wizard. It's only useful IF your system was setup to use restore points. Which is usually default. The system restore takes snapshots of your OS, like XP in week or day intervals... kind of like going back in time to when your computer worked right. Vista and XP both have the feature. www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx |
System Restore is virtually useless, in infected machines as the backed up files will almost always ALSO be infected. The machine needs to be wiped and reinstalled from scratch. Preferably with a low-level drive format, to delete any master boot record infections. It's really the quickest and easiest way. You could spend HOURS attacking the various viruses and trojans, but you'll literally spend HOURS...... Been there, done that. Just a matter of time before some Cali folks chime in, and help out wounded Marine out.  I, for one, will bump the everlovin shit out of the thread, so someone sees it. |
 I've got an old XP cd and serial number lying around my house somewhere that I'll never use again. It belongs to my 4 year old dust magnet (computer) that is pretty much toast at this point and will be scraped at some point when I get aroud to it. If I can find the CD I wouldn't mind giving the damn thing to you. Of course, I wouldn't mind some "lost" 5.56 ammo showing up in the mail in return.If you want it, send me an email or IM me and let me know and I'll see if I can find it. And no I won't ask for anything in return. Although this CD would really only help you do a clean sweep of your system and you'd loose your saved files, unless you have an external hard drive to store them on. |
|
Download System Mechanic, install it...Disconnect from the Internet..Run the App and let it do its thing...Reboot (make sure your not plugged in to the Internet and rerun the scan... With Spybot Enable the TeaTimer, this will prompt you anytime the system wants to write into your System Startup List, Registry, HOST file, and a few other things. If its severely infected then use HiJack This & Crap Cleaner...These tools require more knowledge vs Sypbot, Adaware, or AVG's Anti-Virus. Hope this helps... |
|
There are message boards where folks ask you to post Hijack This output, and they'll figure out, from that, what's wrong with your system. I'm not sure which one is best, but that would be my suggested route if reformatting isn't an option. It may seem slow compared to other options, but I guarantee you that anything else will be wasted effort. Find the forum, follow directions, and wait for help. |
|
Dude I just went through this. Its a trojan.win32 program and it has registered itself on your HD...even restoring will not kill it. i bought Zome Alarm and guess what...no joy. their own forums mod posted a huge topic on how to get rid of it. I only had to use Malwarebytes, anti-malware to get rid of mine. here is the link. trojan deleting I did this AFTER uninstalling ZA, so just use the safe mode start up and delete what it says, then run malwarebytes. also do step 23 and 24 on this link. delete old files |
Sounds like one a guy at work had last week. Download this: http://www.malwarebytes.org/ Boot in safe mode and run it. It was the only thing that took care of it. |
Well, I can't do that, but I can 'lose' some of it in a religious fanatic that uses a mandress, AK-47, has a beard, smells really bad and likes to jihad often. Would that do? I'm overwhelmed by the offers for help. Thanks again to everyone. As an update! I attempted to run in all modes, download several types of spyware and virus removers, use the restore feature, uninstall firefox, manually extract the shit from the registry.... pretty much everything short of a full hard drive reformat. None of it worked. Rebooted, and hit F10 to restore the system to factory specs, and totally restore the C: drive to factory specs. I lost a lot of good stuff in the process, but the computer finally is clean. Got Nortons, AdAware, Trend Micro Spyware, and AdWatch all installed and running now, with Mozilla Firefox as the default browser. It is now running smooth. Also wiped out any and all AOL programs with the exception of AIM. I don't know what the hell kind of a virus that was, but it was insane to take that much to solve it. This thread got me thinking that ARFCOM might benefit from a computer forum of sorts? I haven't really seen a section just for that - but hey, we got one for the mighty cigar!  Thanks again for all the help. ARFCOM never ceases to amaze me... maybe I should finally ante up and get a membership now that its payday today?  S/F |
We have just such a forum! Urban Commandos Forum |
Should have done what I told you to do
|
DOH' I'm awesome tonight, ain't I? S/F |
If your computer has a license number sticker on it, you can reformat with any WinXP disk you want (that is, just borrow somebody else's) and just re-use the same license/serial number as before. It is usually possible to dis-infect a Windows machine, but reformatting is way less hassle. ~ |
Glad to hear ya got it fixed up !  Now, for round 2  Get RID of Norton and install Avast Free Antivirus. Trust me. Norton A/V products, short of Symantec's enterprise protection, sucks ass. Plus, it sucks your system resources way down. Absolute garbage. Here: Linky It's free for home use. You just register your email address with them and they'll send you a serial good for a year. Renewal doesn't cost a dime either. One of the best free ones out there. Very comprehensive protection. Hard to beat, really. If you need anything else, give a hollar. |
Hrmmm.... will do. Downloading now... System restore turned off now, I'll turn it back on at a later time once I've run Avast. Avast, eh? So now pirates are into the whole tech industry? Shit, we're doomed.  Now what I want to know, is how in the blue blazes people find the time to sit and engineer such viruses, and what the hell they get out of it. They ought to be brought out into public and shot.... with a potato gun... in the balls... repeatedly... S/F |
|
I had what I belive was the same Malware on my comp a year or so back. Pop ups saying "You are infected " Buy this Anti-Spyware product ect, ect. I tried all the removal software like ad-aware and such, no luck.  Finaly was able to remove it with Microsoft Malicious Software Removal Tool. support.microsoft.com/kb/890830#appliesto This removed it and it has not returned. I keep this bookmarked. |
It really is just a bunch of sick no-life losers who get some kind of retarded kick out of screwing up completely random people's shit. Need an ass beating in the worst way. That, plus the scumbags make MONEY off those damned pop-ups from ad companies.  Not to mention lots pretend they're legit anti-virus/spyware companies, and will then 'disinfect' your computer for the low low fee of only $39.95 ! et al .  Basically, they hijack your shit and hold out for you to panic and pay the ransom.... Lowest kind of scum. |
GET SMITFRAUDFIX AND RUN IT JUST LIKE THEY SAY TO. http://siri.urz.free.fr/Fix/SmitfraudFix_En.php HAS WORKED EACH TIME I HAD A PROBLEM LIKE YOU DESCRIBE. I AM NOT YELLING. |
Slap it in another machine as a slave drive and remove the malware. Save off his stuff, reformat and install xp. Can't send him the stuff to do it, or I would. |
This, plus: www.malwarebytes.org Get their Antimalware app and run it in safe mode. Vundo sucks. -Mark |
|
Your problem is the malware or virus is running when you do the scan and re-infecting the system. Your best bet would be to use Ultimate Boot CD and do virus scan from that. www.ultimatebootcd.com/ You will need to read up a little bit on it on how to add virus scanners or def updates to it. |
You really don't need to replace the hosts file. The hosts file can be deleted. While MS operating systems will look at a host file first, it looks at DNS second to determine a URL's ip. If you delete hosts and still have this issue - PM me on here and I'll try to help you further. Dean |
+1 Malwarebytes is the latest best spyware removal tool. Run this along with spybot and you're good to go. |
| sometimes the spyware that is installed came with an app you downloaded, and will run because it is a program you "ok'd" for installation. some spyware apps wont pick it up. you need to use the task manager and hunt down the process. then get into the registry and search for it, then delete the key. try spybot S&D afterwards, and check your task manager for any leftovers. do the usual cleaning steps also like deleting from your temp folder, IE cache, etc... if your task manager is disabled, (which is a common trick for some trojans/spyware) you will need to enable it again from the registry. some viruses also run a script that will auto disable the TM again, so you need to be quick with the cntrl-alt-del and nail the exe that is causing it. |