It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Virus, Spyware.. Need Help? Here it is

page: 1
20
<<   2  3  4 >>

log in

join
share:

posted on Apr, 6 2006 @ 10:52 AM
link   
If your system is currently running slow or not to the level you would wish.

Give some of the following steps a chance and you should notice some improvement.

My first recommendation is Windows OneCare and try the 30 day free trial. It will run for 60 days and protect your system, or get the 1 year subscription for $19.95 in April.

If your running Norton I would really recommending removing it, these guys have been on the decline for several years now and their program is lacking as well. It conflicts with alot of programs and will end up causing more troubles then it solves.

Some other programs I would recommend is, Smitrem Trend Micro Safety.Live these are all scanners that can be utilized in no time at all to remove a broad range of problems.

Optimizing your Internet Explorer can really do you a great service as well. If your using IE, look up the top of your screen and click on Tools and then Internet Options

Now click on Delete Cookies and Delete Files Be sure to select delete all offline content as well on the delete files selection. Now click on Settings and View Objects This is a list of your ActiveX controls and you can delete all of these. Now click over to Content and click Clear SSL State Over to Programs and Reset Web Settings

Finally go to Advanced and take the check mark out of Enable Third Party Browser Extensions You will need to restart your computer for this to come into effect.

Try doing a Disc Clean Up as well. To do this click on your Start Menu and look for All Programs...Accessories..System Tools...Disc Cleanup

To reset your winsocks, which can sometimes prevent you from being able to browse with Internet Explorer.

Without Service Pack 2

Start...Run.. netsh int ip reset nul

With Service Pack 2

Start..Run.. netsh winsock reset catalog

And Restart your computer.


The best way to utilize these scanners that I have listed above is to run them in safe mode. In order to boot into safe mode you simply need to tap on F8 as your computer is booting up. It takes you to a Windows Advanced Options Screen and just select One of two options.

Safe Mode

This will boot you up without any third party software running in the background, your internet connection is disconnected here as well. So troubleshooting is very efficient.

Safe Mode With Networking

This is the same as Safe Mode, only if you have a Cable or DSL (Direct) connection, you will beable to connect to the internet in this mode. So the above listed online virus scans with Safety.Live.com or Trendmicro can be very beneficial here.


Windows Updates

Doing your windows updates is extremely important. Almost daily their are new viruses being put out and these are in response to the recent windows updates. So if you update regularly you will not be at risk or any new virus out there. The update is available before the virus is created Without updating you leave yourself vulnerable to anything these excuses for humans create.

Sasser and Blaster were probably two of the largest viruses ever, they would continuosly shut your computer down. Only the people who did not do their updates were infected. The update for these viruses were released about two weeks before the virus.

If you are getting the 60 second shut down command, you probably are not on ATS to read this. But if you ever get it, quickly go to

Start.. Run.. and Type in shutdown -a

This will stop the shutdown and allow you to troubleshoot it.

Google Stinger and download the tool from Mcafee to remove the Sasser or Blaster.

Ads and Popups

NEVER! give your credit card number or Sin/Social Security numbers over the internet. Microsoft will never inform you of a problem on your system and offer a direct link to resolve it. They only inform of the problem.

So this is how you can distinguish between spyware and actual problems.

WinFixer and WinAntivirus are not legitimate programs, so if you have them or have popups for them. You have been ripped off and contact them immediately to have it removed.

Free Support

At the moment free support is offered from Microsoft at 1-866-727-2338 and you can recieve free support for any Virus and Spyware problems you maybe experiencing. I would recommend making use of this as it really can help you out.

Programs like Adaware, Spybot, Spysweeper, Spyware Doctor etc. all work above average. Using them together will work even better, however its still not perfect.

Feel free to U2U me any questions of anything I have said here. If you have questions how to use any of these programs feel free to ask as well.

[edit on 6-4-2006 by chissler]




posted on Apr, 6 2006 @ 02:50 PM
link   
Can you get connected and Not Able to browse?

If you know you have established an internet connection, however your getting a Page cannot be displayed with IE I would do as follows:

Ping Test

Start...Run... CMD

Here you will receieve a command prompt window.

Type...

Ping www.cnn.com (It can be any website, however some are not pingable. Microsoft.com is not able to be pinged)

In the results you are looking for the statistics.

4 Packets will be sent and you are looking to see if 4 were recieved. If so the connection is stable and probably means the problem is within Internet Explorer.

If you get either Request Timed Out four times or 4 sent and 0 recieved, then it can be an issue with the connection itself.

Next I would try Pinging the IP address to the website. You can find the IP in the first line of the above reply. It will give you the address.

The IP may look like this... 68.142.197.82.

So you would type..

ping 68.142.197.82

If this is not pingable you can type..

ipconfig --- Look for your Default Gateway. 0.0.0.0 or complete blank means no connection is making it to your computer, an IP that begins with 169 is an invalid IP. Anything else means you have a valid Ip address and you do have a connection established.

Now I would reset your winsocks. If your running Windows XP with Sp1 or No SP.. You hit Start.. Run and type netsh int ip reset nul

If you have SP2 you type.. netsh winsock reset catalog

Now you need to restart your computer. If you running Windows 2000 or earlier, winsocks are much more difficult to reset so do not attempt these commands.

If this still fails try Optimizing IE, which I have explained above. Here it is again if you have missed it.


Optimizing your Internet Explorer can really do you a great service as well. If your using IE, look up the top of your screen and click on Tools and then Internet Options

Now click on Delete Cookies and Delete Files Be sure to select delete all offline content as well on the delete files selection. Now click on Settings and View Objects This is a list of your ActiveX controls and you can delete all of these. Now click over to Content and click Clear SSL State Over to Programs and Reset Web Settings

Finally go to Advanced and take the check mark out of Enable Third Party Browser Extensions You will need to restart your computer for this to come into effect.



Add/Remove Programs

This is something I would recommend checking every now and then to see if any malicious third party software has mades its way onto your system. The easiest solution here is look through the full list and if you see anything that seems strange, simply search for it on google and see what you get.

Most programs with Search in it, ex. Search Assistant, are going to eat up your resources and cause havoc. Be sure to have administrative rights while attempting this or you may not beable to remove certain programs. If even still you can not remove it, be sure its not running in the background or try it in safe mode.

To get safe mode, I have explained above.



The best way to utilize these scanners that I have listed above is to run them in safe mode. In order to boot into safe mode you simply need to tap on F8 as your computer is booting up. It takes you to a Windows Advanced Options Screen and just select One of two options.

Safe Mode

This will boot you up without any third party software running in the background, your internet connection is disconnected here as well. So troubleshooting is very efficient.

Safe Mode With Networking

This is the same as Safe Mode, only if you have a Cable or DSL (Direct) connection, you will beable to connect to the internet in this mode. So the above listed online virus scans with Safety.Live.com or Trendmicro can be very beneficial here.



Checking your Registry

This is the heart of your computer, if you make the wrong adjustment here you can do some serious damage to your computer. So if you come into here you really need to be careful. First thing you should do is back it up.

To get into the Registry you need to click on the Start Menu and go to Run.

Type in.. regedit

Up the top where you see File, click and go to Export. Save this anywhere you would like and put a name on it you will remember. This is basically an oops incase you make a mistake. You can use this file to restore your registry to its current settings.

Look for HKeyLocal_Machine when you find this open it up. Now we are for Software

After software we need Microsoft ... Now Windows and Current Version and finally Run

After hilighting Run, look into the right hand panel. You will probably see a list of items here.

These are all the processes that are beginning when your computer does

Some of these are items you probably would not wish to have. Simplest thing to do here is to google each one of them. You'll probably have a response with lilutilities.com This site will give a good description of what each entry is, and you can mak the decision whether or not to keep it.

Cleaning out this Run Key can really speed up the start up process, and help lower your recourses that are being used up in the background.


If you have any questions or problems you would like help with. Please make a post or send me a u2u.




posted on Apr, 6 2006 @ 08:42 PM
link   
Are you getting a Blackworm or WinFixer popup?

If you are experiencing a popup threatening of a Blackworm virus on the system, calm down its not actually on your system. This goes the same for the Winfixer infection, however sometimes the winfixer may actually be installed. But it can be removed.

In order to 100% succesfully remove the blackworm you need to do these simple steps.

www.symantec.com... ml

Visit the site above and click on Download Removal Tool

Run this program through completely and it will detect the blackworm component that is causing you the headache. This will also help in the removal of the winfixer but may not do so 100%.

With the Winfixer you may also need to run Smitrem which is explained above.

You can find this again at, SmitRem

Running these programs should fix both of these problems 100%.

If you have any alerts saying SpyAxe or Spy Sheriff follow the steps above, with more focus on the smitrem tool.

One Scan Does Not Fix Everything!

Be patient and be sure to run everything more than once. My rule of thumb is to run every scan until it comes up clean.



posted on Apr, 7 2006 @ 06:46 AM
link   
You got my vote for WATS.

Some helpful information here. Thanks!




posted on Apr, 7 2006 @ 09:51 AM
link   
Do You Currently have Spyware -- Virus Protection? -- Do you Have a Firewall enabled? -- Do you have your Windows Updated?

The best way to protect your system all begins well before anything ever comes in contact with your system.

If your not aware if you have Service Pack 2 on the system for Windows XP, or Service Pack 4 on Windows 2000 you can do the following.

Start -- Run -- winver

Read through the window that comes up and it will give you all the details on the windows you are running.

With XP if you have anything less than Service Pack 2 (SP2) or Service Pack 4 (SP4) on Windows 2000 your computer is not up to date and is vulnerable.

Please click here to update your computer with all available updates.

-- Windows Update --

If you have SP2 with XP then you currently have the Windows Firewall on your system.

Start -- Control Panel -- Security Center

In here you will see if you have a Firewall enabled, Windows Updated and an Up to date Antivirus program.

Spyware Protection is not measured in the Security Center so you will have to look after this on your own.

Windows OneCare -- Adaware SE Personal -- Spybot: Search & Destory -- Spyware Doctor -- Spysweeper

All of the programs listed above are good spyware programs that I would recommend using together. These programs on their own will probably miss out on some of the infections.

Online Virus Scans

Microsoft Online Virus Scan -- Trendmicro -- Panda Software


Windows OneCare

Windows OneCare Download

This program itself will provide you Antivirus, Antispyware protection. As well as a 2-way Firewall which prevents from unwanted information coming in or out of the system. This program is constantly updating itself so you are never caught out of date, along with housekeeping on your system.

Disc clean ups and Defragmentations are pre-scheduled with the program so you never have to lift a finger.



[edit on 7-4-2006 by chissler]



posted on Apr, 8 2006 @ 09:21 AM
link   
System Restore

Do you have a virus on your system?

If your ever in the process of removing a virus, you should deffinately disable your system restore. You should do so for these reason:

- After removing the virus, if you ever do a restore to your computer you run the risk of infecting yourself once again

The best step to follow is to disable the System Restore and remove the virus. Then enable it and as you do so you will create a restore point on the system where everything is clean. So if you use a restore in the future, your not going to reinfect your system with any headaches you've already resolved.

How do I disable System Restore?

The easiest way to do this is as follows:

Click on the Start Menu and go to Control Panel

Now we are looking for a System icon. Another window will popup and you will see where it says System Restore

In the System Restore tab you will see where it says:

Turn Off System Restore

You simply check the box and press OK

Here are some screen shots to help you in the process:








Very simple

Now that your system restore is disabled, refer to some of the steps above and remove the virus and other malicious files on the system.

Just retrace these steps inorder to Enable the Restore option when the troubleshooting is complete.



posted on Apr, 8 2006 @ 09:51 AM
link   
I try to stay away from Microsoft IE and use Firefox almost exclusively. Not that I came upon this knowledge personally but I heard MicroSoft IE, (being used more prevalently), has been focused on by hackers and is rather vulnerable.

I dropped Norton and McAfee as well. I found out they left some nasty stuff on my system.

My choices now regarding protection are . . .

Zone Alarm, AVG, Spybot, SpywareBlaster, Spy Sweeper, A-squared, Ad-Aware, CW Shredder & the on-line scan by Trend Micro.

The switch to these puppies sped up my system by no less than 25%. I couldn't believe the crap Norton and McAfee left behind. That and the fact that the first time I ran Spybot I found over 140 spyware friggers.

I agree to run multiple protection programs. Some find things others don't. I come across people who don't keep their crap updated though. Why bother getting the stuff if you don't keep it current?

Good info chissler.

Hey, I've heard Ad-Aware has a spyware capability in itself. I'd dismiss it but I've seen more than a couple people say that. I still run it but I am curious nonetheless.


edit to clarify Micosoft IE - was Windows E

[edit on 8-4-2006 by Breezin]



posted on Apr, 8 2006 @ 10:35 AM
link   
Adaware

This program will remove more popups than anything. If your experiencing alot of popups while browsing IE/Firefox etc, or just while your system is running then I would recommend this program. Those popups really can be a pain in the backside and eat up alot of your system recourses.

Spybot: Search & Destroy

This program will focus alittle more on malicious programs that maybe on the system rather then just popups. Adclickers or Dialers that may of made its way on your system will more than likely be picked up by this program and removed.

So the tandum of Adaware SE & Spybot: Search & Destory really is a strong defense against alot of the malicious files out there. Its not perfect, but for the price you pay you really get a good service.

(Its Free!)



I couldn't believe the crap Norton and McAfee left behind.


My focus of negativity is more towards Norton, but McAfee has to be mentioned as well. These guys have been writing programs that are less and less impressive every year. They are getting sloppier in the more recent editions, simply because they are not seeing the profits they once were. They can not afford to publish some of the creations they once had, so their programs slip just as their profits are.

I would be surprised if these guys were around in another 5-10 years.

ZoneAlarm

I really would be careful with this Firewall. It is a strong one and can really protect your system if your aware of whats happening with it, but it can cause alot of conflicts. To the common user who really does not follow exactly what the programs are saying, you could do some damage to your system.

Most conflicts on your system that are virus and spyware related, are commonly spun from conflicts in third party software.

This is a common one.



posted on Apr, 8 2006 @ 12:11 PM
link   
Spyware Quake

SpywareQuake is a anti-spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program.

If you are infected with this program you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of SpywareQuake. These warnings are fake and are a goad to have you buy the commercial version of this software . This version is slightly different than the previous variants (SpywareStrike, SpyAxe, SpyFalcon, etc) in that the alerts do not look like Windows Security alerts but are rather a square that appears from your taskbar.

Removal of Spyware Quake

Smitrem.exe
FixSQ.reg

Running these two programs should remove all the components of this malicious file.



posted on Apr, 8 2006 @ 12:40 PM
link   
Great posts, obviously a lots of work has gone into all that and will be very helpful for a lot of people.

As for me, I've been MS free for years now and as a result no spyware no viruses. Not for games, not for anything. If it's not *nix native I don't use it.




posted on Apr, 8 2006 @ 12:42 PM
link   
Microsoft really is a step ahead of the game in all of its aspects. Maybe alittle to far ahead but as deadboi is indicating, the problem with being the top dog on the market, this is where all the hackers are going to be focusing.

If the majority of the market is running MS programs, then this is where most of the malicious files are going to be compatible with. Linux, MAC etc are not as safe as some of them portray, but deffinately safer then some of the MS programs.



posted on Apr, 8 2006 @ 01:18 PM
link   
Current Security Settings Prohibit you from Running ActiveX Controls?

If your getting this alert when browsing with IE, Follow the steps below to resolve the issue.

Open Internet Explorer

Up the top click Tools and then Internet Options

Now go to Security

You will see four icons, Internet -- Local Intranet -- Trusted Sites -- Restricted Sites

Click on each one individually and select the Default Level which you will notice just below.

Now click on Custom Level and scroll down to where it says:

Automatic Prompting for ActiveX Controls

Enable This!

Now scroll down alittle more and look for:

Run ActiveX Controls and Plug Ins

Enable This!

Click OK and Reopen another IE window.

Problem should be resolved!


Aurora Popup

www.mypctuneup.com...

Save this file to the Desktop.

After saving the file to the desktop close out of any Internet Explorer windows, double-click on the MyPCUninstaller.exe icon and follow the instructions. When it is done it will ask you to restart the computer.

After restart get the customer to open Internet Explorer and go to a couple of different web pages to see if the aurora popup comes up. If it does then Boot the computer into Safe Mode and double-click on MYPCUninstaller.exe and go through the steps again, when it is done it will ask you to restart the computer.


For Safe Mode information, please read the posts above.




[edit on 8-4-2006 by chissler]



posted on Apr, 8 2006 @ 01:51 PM
link   
Windows Installer

If your currently experiencing difficulties while attempting to install programs, this normally comes back to the Windows Installer. To troubleshoot this component just follow the steps below:

Make sure the Service is started

Start -- Run -- services.msc

Scroll down to Windows Installer Services and ensure that it is started and automatic.

Re-Registering the Windows Installer Service

Start -- Run-- msiexec /unreg

Reboot Your Computer

Start -- Run -- msiexec /reg

Reboot Your Computer

Hopefully after following these steps you can now easily install different programs and operate without problem.

Norton is detecting a BloodHound?

When Norton finds a bloodhound virus but does not let you fix it, quarantine it, or delete it, and no other AV programs find it, remember the following:

Norton's "Bloodhound" is a technology, not the name of a virus. Symantec’s Bloodhound Technology is based on Heuristics, which is set to discover any problem and resolve it as fast as possible. This may seem ideal but your not getting the optimum results you deserve.

When Bloodhound finds what it considers a suspicious piece of code in a file, it will name it something like "Bloodhound.exploit.13" or similar. There is a 99% chance that it is NOT a virus. Norton cannot remove it, and no other Antivirus scanner finds it for this reason.



posted on Apr, 8 2006 @ 03:07 PM
link   
I've created a thread for this website, but I still believe it should be included in this thread as well as the other thread will probably fade out quicker.

www.screenshots.modemhelp.net

View this site for a Screen Shot of almost anything you could be looking for. Really is a great site and can help out along the way. Especially when you get into some unchartered waters.



posted on Apr, 8 2006 @ 08:46 PM
link   
answersthatwork.com...

This is a website that can be extremely! helpful when trying to find some information surrounding some mysterious items that maybe on your system. If alot of your system recourses are being used and your not sure why, you can press:

CTRL ALT DELETE and bring up the Task Manager

Click on the Processes tab.

In this list you will see alot of items that are running on the system. You can compare the items in this list to items on the website and they will give an explanation to exactly what each process is. Through the comparisons and common sence you can determine what to halt and what to leave running.

The information on this site is basically endless, so if you have any questions to do with really anything. Take the time and explore the website. It can help in the fight of protecting your system.



posted on Apr, 10 2006 @ 12:40 PM
link   
If you have any of the items listed below you can click on this link to find a removal tool for it:

securityresponse.symantec.com... ist.html

Adware.180Search
Adware.BargainBuddy
Adware.BetterInternet
Adware.BlazeFind
Adware.CDT
Adware.ClearSearch
Adware.ClickAlchemy
Adware.GAIN
Adware.Hotbar
Adware.IEPlugin
Adware.Iefeats
Adware.Ipinsight
Adware.Istbar
Adware.JustFindIt
Adware.Keenval
Adware.NDotNet
Adware.NetOptimizer
Adware.StatBlaster
Adware.VirtuMonde
Adware.Websearch
RazeSpyware
SecurityRisk.First4DRM
SecurityRisk.RazeSpyware
Spyware.Apropos
Spyware.Dotcomtoolbar
Spyware.Look2Me
Trackware.Webhancer


The link above provides a scanner which will search your system and remove all components of these malicious files.

U2U me if you have any Questions



posted on Apr, 10 2006 @ 08:24 PM
link   
Good on ya to help folks out with this stuff.

Now I get to do the "processes" tab and compare it with that Answers site.

Thanks.



posted on Apr, 11 2006 @ 12:36 AM
link   
if you're a pro, and instead of using anti-spyware to 'remove' spyware, why not use a preventative approach...takes time to set the rules, but once set, the whole trojan fiasco should nearly be eliminated.

Ghost Security has awesome software. Ghost Wall = free firewall, simply for rules based for blocking/allowing incoming packets

GSS: Ghost Security Suite. Has appdefend and regdefend
Appdefend is a 'allow program to execute' type program. Prevents the unauthorised execution of malware, especially if found to legitimate programs (ie allow the execution of first program, it unzips and executes two other programs , this program stops that)
Appdefend is also an outbound stopper..prevents programs accessing the internet.
Stops global mouse/keyboard hooks (key loggers), stops modification of physical memory (rootkits etc..)
Many many other things this program does...

Regdefend stops the entry/removal/editing of key registry components related to 'autostarts'. All relating to windows startup, internet explorer Browser Helper Objects etc...many rules, ranging from 'basic' to 'completely paranoid'. Expect the latter to bring up alerts every few minutes.

These programs are configurable, meaning you can add your own rules.

Then there are a few others, freeware, cant remember them, but worth a look.

XP/2000/2003 only, no Win ME or 98

Merger



posted on Apr, 11 2006 @ 03:19 PM
link   
Merger,

I agree with you. It would be best to take all the steps before ever coming into contact with these malicious files. But the average user knows nothing of virus or spyware until they are infected. Most people feel like it will not happen to them until it does. So if I created a thread preaching to do all this work when their was nothing wrong with your system, it would get shrugged off and ignored.

So I spent my time writing up steps to help remove and prevent in the future further infection. If you read all of my posts you would see alot of information to help prevent infections after removing them. This thread is directed towards the user who are currently having a problem and need help in the removal process. Those who don't have a problem on the system, will ignore this until it happens to them.

Its a steady cycle of infection, removal, protection.

Edit:

For the firewall information you were sharing, I have already went through the information of a firewall. The new firewall Microsoft is offering in the Windows One Care is a complete two way firewall that prevents unwanted information from incoming and outgoing. Thank you for your additional information to the members, it is greatly appreciated.

The more options the user has, the better for them.



if you're a pro, and instead of using anti-spyware to 'remove' spyware, why not use a preventative approach...takes time to set the rules, but once set, the whole trojan fiasco should nearly be eliminated


Never once did I claim myself a professional, just another member with some information to share and hopefully help out a few members who are in need.

[edit on 11-4-2006 by chissler]



posted on Apr, 11 2006 @ 06:24 PM
link   
Hey Chissler,

When I meant 'pro' I didn't mean someone with extraodinary PC skill. More so someone who knew what the registry was, or what process execution, keyboard hooks were (the main culprits of trojans/keyloggers/spyware). If you've got a handle on these, then preventative approach is great!

I actually haven't heard of the new MS firewall...good news for outbound protection as well


BTW, do you know much about this Macintosh using Intel Chips fiasco? Do you know what that means for the OS's for these systems? I'm wondering if the MAC using Windows OS's will allow for further 'spyware' infiltration to get onto the MACS as well as the average PC...

merger



new topics

top topics



 
20
<<   2  3  4 >>

log in

join