• The Forums are now open to new registrations, adverts are also being de-tuned.

Spyware / Trojan / Warning

jadefox said:
Do you use Internet Explorer? If so, this is most likely a pop up window and not actually something on your computer. If you want to get rid of very irritating pop up's then I suggest downloading another browser called Firefox, it stops all unwanted pop ups and has in built security. It's a free download and I use it all the time - I just popped an icon to it on my desktop and click on that instead of IE.

It may be worth you CLICKING THIS LINK and giving it a go...

Hope that sorts the problem :)
Click to expand...

so if your Mercedes breaks down you'll most likely welcome advice like "you should have bought a BMW as that sort of thing doesn't happen to them" won't you?

Fact, Firefox is a good, well featured browser but so is IE, it's about personal choice

Fact, Firefox has a pop up blocker but so does IE, neither is better than the other and both still let the odd one through

Fact, Firefox has security issues just like any other browser, you hear less about it because there are less people using it than IE.

Fact, Carrying on blissfully ignorant of the threats because someone has told you Firefox is safe is far more dangerous that actually accepting that your browser may have yet undiscovered weaknesses that hackers may choose to exploit.

Crockers, sounds like you've picked up a nasty little piece of malware that's hiding itself quite well from all the virus/spyware checkers.

Running "HijackThis" and posting the log it generates on one of the many support forums may well prove to be your best course of action

If clicking on the link above doesn't work then use the url below as some malware may pick up on certain words in the address and block you

http://216.180.233.162/~merijn/

Before you start ripping your computer apart and your hair out, it's worth checking that it's not just exploiting a little Windows routine called Windows Messenger (not to be confused with MSN Messenger)

More info on that little issue here at shoot the messenger

HTH

Andy
 
have you tried in your HKEy local machine software.
I just spent the whole of tuesday removing that celldorado malware and all the rest as spybot could not do it.
Had to edit my registry as well.
Better still all back up your registry now so you can always revert to it come any spyware issues
 
Last edited:
Thats the begger i got.. mmmmmm

this is the first one in in 15+ years i cant find... this is a first for me
 
Last edited:
I'm hoping it's sorted ..I ran the malwarebyte software and again it found one registry issue..i quarantined it - then rebooted....trouble may be that spybot then spotted a registry change and told me and i didnt allow it..I have this time and am running malwarebyte again ..if its clear i will wait and see...

God this is mind blowingly maddening.....:eek:

I dont think its messenger popups etc as I use aol and have all popups blocked...it happens in aol / i.e. and even safari....so its not a browser popup its some little bugger in the registry..
 
so many people get it's unreal, use smitfraud as spinal suggested, will cure it no worries, also clean up loads of other stuff. :bannana:

Basically it's a BHO and smitfraud kills it, clean regisitry and wipes the exe if there is one

for best results run in safe mode :)

best of luck

Hash
 
have now used smitfraud......it even cleared my wallpaper...lol

now waiting with fingers crossed and baited breath..
 
Still there -- I'm beginning to give up on this.....:devil: :mad:
 
crockers said:
Still there -- I'm beginning to give up on this.....:devil: :mad:
Click to expand...

Just to verify, did you use SmitFraud in safe mode? (silly question, I know)...

another thing, is this a Internet Explorer window popping up, or your generic Windows Error message window?

If you could post the exact wording of the error messages it would be very helpful as it would allow us to pinpoint the exact software that's causing the bug - hence tailoring the solution...

Bar that, all I can recomend is HijackThis as Andy said - but it's quite an advanced tool and generally you'de need to get the logs on a specialist forum where some (extremely) helpful people spend their time scanning through them. There are a few automated analysers, but I've found that nothing beats a knowledgeable eye...

Oh, and although it probably won't solve your problem (actually, it almost certainly wont solve your problem) Startup Inspector is quite nice, allowing you to browse through what's scheduled to run when you boot/log-in.

Michele

A screenshot would be fantastic!
 
OK, you've tried everything so far and drawn a blank....

Did you try hijack this? and what was the collected wisdom from the tech forums?

how are you on registry editing?

There are very few places in the windows registry that can start a program "automatically" so you you should have a look at those and see if there is anything in there that shouldn't be.

Before you start though make a back up of your registry see here

First step - You need to get some sort of reference/name for what you are looking for so when there are no popups take a snapshot of your computers active processes - press cntrl, alt, delete to open the task manager and click on the processes tab - that will show you everything on the computer that is running at that time.

Second step, repeat the first step but when there is a popup active - hopefully that will show up something that wasn't there before and that can maybe linked to the popups - if in doubt google the names of the processes and if it's something you recognise don't delete it :)

if anything shows up that shouldn't be there you need to delete it from your computer - let's assume you find a file called "popupupgenerator.exe" check it's properties and it should give you a link like
"c:/programfiles/malware/popupgenerator.exe" - delete that and it's folder and then find the registry keys that are triggering it - now bear in mind, these virus writers are sneaky and it most likely won't have the same name in the processes tab as it does in the registry

As I said earlier, there aren't that many places to hide stuff you want to run automatically so check the following locations using "regedit" from the run menu

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup

They apply to XP but they are probably the same in Vista. Check each one and see if it is starting a program you don't recognise - again, any doubts, use google to seach for their names and see if they are innocent or malicious

Hopefully one (or more) of them will be trying to start the .exe file you found earlier.

Once you have cleaned your registry, then try again to see if your machine is clear

HTH

Andy

ps

If any of this is double dutch or you are not sure then please ask before you do anything you can't recover from
 
My desktop computer won't allow me to install anto-virus software and closes down the website before I get to the download page. Same happens when I try to download firefox. Does this mean I have spyware?
 
This sounds like a Smitfarud variant - there are lots of these out there at the moment.
Combofix should be the best approach as you've already been directed

If you need some extra help you're welcome to PM me.
 
Spinal said:
Just to verify, did you use SmitFraud in safe mode? (silly question, I know)...

another thing, is this a Internet Explorer window popping up, or your generic Windows Error message window?

If you could post the exact wording of the error messages it would be very helpful as it would allow us to pinpoint the exact software that's causing the bug - hence tailoring the solution...

Bar that, all I can recomend is HijackThis as Andy said - but it's quite an advanced tool and generally you'de need to get the logs on a specialist forum where some (extremely) helpful people spend their time scanning through them. There are a few automated analysers, but I've found that nothing beats a knowledgeable eye...

Oh, and although it probably won't solve your problem (actually, it almost certainly wont solve your problem) Startup Inspector is quite nice, allowing you to browse through what's scheduled to run when you boot/log-in.

Michele

A screenshot would be fantastic!
Click to expand...

Hi
My screenshot wont load onto here as it is too big a file...

Any ideas on how to make it smaller -- I dumped it into a word doc. If you PM me your email I will email it to you....

Thanks

Graham
 
andy_k said:
OK, you've tried everything so far and drawn a blank....

Did you try hijack this? and what was the collected wisdom from the tech forums?

how are you on registry editing?

There are very few places in the windows registry that can start a program "automatically" so you you should have a look at those and see if there is anything in there that shouldn't be.

Before you start though make a back up of your registry see here

First step - You need to get some sort of reference/name for what you are looking for so when there are no popups take a snapshot of your computers active processes - press cntrl, alt, delete to open the task manager and click on the processes tab - that will show you everything on the computer that is running at that time.

Second step, repeat the first step but when there is a popup active - hopefully that will show up something that wasn't there before and that can maybe linked to the popups - if in doubt google the names of the processes and if it's something you recognise don't delete it :)

if anything shows up that shouldn't be there you need to delete it from your computer - let's assume you find a file called "popupupgenerator.exe" check it's properties and it should give you a link like
"c:/programfiles/malware/popupgenerator.exe" - delete that and it's folder and then find the registry keys that are triggering it - now bear in mind, these virus writers are sneaky and it most likely won't have the same name in the processes tab as it does in the registry

As I said earlier, there aren't that many places to hide stuff you want to run automatically so check the following locations using "regedit" from the run menu

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServicesOnce
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunOnce\Setup

They apply to XP but they are probably the same in Vista. Check each one and see if it is starting a program you don't recognise - again, any doubts, use google to seach for their names and see if they are innocent or malicious

Hopefully one (or more) of them will be trying to start the .exe file you found earlier.

Once you have cleaned your registry, then try again to see if your machine is clear

HTH

Andy

ps

If any of this is double dutch or you are not sure then please ask before you do anything you can't recover from
Click to expand...


This is all way over my head.... I will have to get a mate to look at it if we need to edit the registry....

But thanks anyway..
 
It took me 3 mins to find this one that is the same.

I clicked on the red exit X and the next picture comes up.

The only way out is to turn off the computer.

The first line at the top can say that" your computer is infected please install this remover" It says other things on the same theme
 

Attachments

  • Picture 667.jpg
    Picture 667.jpg
    27.2 KB · Views: 34
  • Picture 668.jpg
    Picture 668.jpg
    22.1 KB · Views: 34
Last edited:
masqueraid said:
This sounds like a Smitfarud variant - there are lots of these out there at the moment.
Combofix should be the best approach as you've already been directed

If you need some extra help you're welcome to PM me.
Click to expand...

Masqueraid were u referring to me?
 
Smitfraud Variants

OK, for those of you with XP:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Those with Vista:
Start here:
Try running, in Safe Mode, RogueRemover and SUPERAntiSpyware:

RogueRemover:
http://www.malwarebytes.org/rogueremover.php

SUPER AntiSpyware:
http://www.superantispyware.com/

Smitfraud is pretty insidious - if you have a restorable backup of your drive it may be quicker to simply restore this than kill every component of the infection.

Also if you get to a point where a program asks you only to continue if you know what you are doing (and you don't) - please stop and ask for directions ;)


Edit @ Malcolm - I'm sure you realise that the downloads that you are being prompted in the screenshots for are just more nasties
 
Last edited:
malcolm.......pornwizardry?? we all know where u have been now! :P
 
ibrar said:
malcolm.......pornwizardry?? we all know where u have been now! :P
Click to expand...

That is not the case,, I had to go where I knew that I could find the trojan.

The first one that I got that said Your comter is infected I clicked th OK button and that was it,with a further message say for £35 we can remove it. As said I re booted
 
This is one of the three buggars
 

Attachments

  • 29-03-08_1345.jpg
    29-03-08_1345.jpg
    63.1 KB · Views: 32
this is another
 

Attachments

  • 29-03-08_1404.jpg
    29-03-08_1404.jpg
    52.3 KB · Views: 30
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Similar threads

Piff
PC trojan
2
Replies
20
Views
4K
st13phil
st13phil
T
Low coolant warning 2019 C63S
Replies
1
Views
383
BJC
BJC
E350Matty
Nox Sensor advice please.
2
Replies
24
Views
1K
DSM10000
DSM10000
Rexsdad
Replace key
Replies
3
Views
710
ALFAitalia
ALFAitalia
HelenT
ESP warning light- inoperable!
Replies
18
Views
1K
HelenT
HelenT
Back
Top Bottom