Please help, my computer has been bombarded by anti-spyware ads and system has been corrupted, what

This MSM security center thing keeps popping up. I can't surf the net on my account because everytime I plug in a legit site, it goes to some strange website that is not what I plugged in. Also, there is an icon on my desktop that says 'porn dvd' and another one that says gays and lesbians. I have no clue where these came from. Please help me I don't know what to do. I believe my system is being corrupted. Also, last time I ran my norton there were tracking cookies or something, and It said I could only delete them manually. I have no clue how to delete them that way. Please help somebody!


I don't know what caused this to my computer help! It's gonna get damaged beyond repair if I don't find out what to do. All weird things are happening and it won't stop popping up these false anti-spyware things!

Hi
Not sure how you can deal with it if damage already happen. But in gen. if you go to "this computer" "control panel" "internet adjustments" "project of personal information" and at this click on the "block pop up" .Evt. you can set it as you want. You can also configure the ge. security low, medium and high. Not sure i will help only the most logic suggestion at first thought. Maby someone will step forward to help on this...
BTW there seem to be some few trustable antispyware programs like "Adaware" or something it's called. But heard that some of these "agressive" ones can contain a acc. virus. A virus/spy in a antivirus/spy program. You know the old story about letting the wolf take care of the sheeps :-). Suggest you virus scan if you have a program you trust and make a restore of system...

[edit on 16-9-2008 by flymetothemoon]

There are a number of viruses that use a hijacked downloader to automatically download viruses, spyware, and other unwanted material onto your computer -- in short, your computer is no longer yours. I diagnosed a similar issue just last month on a clients computer and the end result was formatting the hard drive.

Most of these viruses come from websites which appear harmless, and if you aren't using an updated virus scanner and spyware protection, fraudulent services show up.

1. Has your desktop background been hijacked?

2. Are there any unknown programs running that you didn't install? (Look in your systems tray)

3. Do you have any anti-virus protection on your computer as of this instant, no including the previous? Did you have it before this issue started?

Finally.
4. What did you do prior to receiving this problem? Strange Email? Website loading funny?

The most common form of the virus/spyware you have is Anti Virus XP 2008, if this is indeed the case, there's a site you can lookup information about it on here:
www.bleepingcomputer.com...

Again, most of these viruses are really nasty, and once they hijack the browser, you're almost completely sunk. Ensuring the processes are stopped, and running a virus/spyware sweep CAN work, but most cases I've found -- it doesn't.

Good luck!

Most people would suggest that you run various anti spyware tools, antivirus scanners, and update your firewall but coming from someone who has had years of technical support experience, your best bet is to start new.

Once your web browser starts taking you to sites that you didn't intend on visiting, it could mean quite a few bad things ranging from simple spyware to a malicious code that has edited your hosts file (Your computers way of saying what website goes where) but this should never be taken lightly. This means that a hacker could change any site to 'phish' your personal information. When you think you are entering your information into a website, it may be intercepted and logged along the way without you ever knowing.

If you believe that your computer has been compromised, and it sounds like it has, no amount of anti spyware scans and antivirus scans is going to completely clean your computer. I suggest to you and anyone else that experiences your problems to simply restore your computer to factory settings and change your browsing habits. The fact is, while you can see a lot of the bad things out there, much more of it is hidden so well that not even the best can find it.

Restoring your computer basically wipes everything clean, so you will need to back up all of your information, and this can be a tedious task for those who aren't very good with computers. Luckily, there is a lot of help available online and your computer manufacturer will also help you along.

You will need your computers operating system CD (Windows XP, for example), throw it in, install it, and then work on the pretty simple process of making sure you NEVER get another bad file again.

If you get to the point where you have restored your computer, or if you decide not to and simply want to make sure you don't get any more malicious files, just follow these simple steps.

1. Make sure Windows is updated.

2. Never accept an activex or java applet on a website, unless you are 100% sure what it is doing behind the scenes.

3. Don't ever download or run a file unless you are 100% sure what is it doing behind the scenes or you are confident it is from a trusted source.

4. Keep your network secured if it is wireless. (WEP Encryption+)

5. Download and install a program called CCleaner to remove all of your private information, cache, cookies, and other things that can be used to hurt your PC.

6. Antivirus software and a firewall is helpful, to an extent, but unless it is kept updated every day, it has no use. Many viruses are also undetected by even the best antivirus scanners, so one should never rely 100% on them.

7. Common sense.

I hope I wasn't too wordy, and I'll be happy to help you and clarify anything you need. I just want to step in and say that from experience your best bet is to wipe your computer and start new once spyware gets to the point you're at. If you managed to get an icon that says "porn dvd" on your desktop, it would be foolish to think that you don't have much worse hidden out of sight that is silently logging personal information.







[edit on 16-9-2008 by Traffic]

[edit on 16-9-2008 by Traffic]

First.... Deep Breath. It's going to be ok.

Go to CNET Forums at Download.com.

Linky


That is a thread with over 400 replies from people who have had this happen to them. There are several fixes in there.

Seems the best is to download Malwarebytes and start your PC in safe mode, open Malwarebytes, update it - click button and then run a full scan of your computer.

Take your time, read through that thread, the fix is in there.

I had the XPAntivirus08, bug 2 times this year already and have recovered both times.

It can be fixed.

Good luck.



[edit on 16-9-2008 by elevatedone]

reply to post by elevatedone


reply to post by elevatedone


That Antivirus XP 2008 is definitely part of the problem. It keeps popping up as some license agreement and the only options it gives me is to click the agreement, but I have not clicked it. A fake Security Center box keeps popping up, it imitates the security center on my computer, except it's called MSA security center. I wonder how this got on my computer? My first thought was that my little brother could have been looking at something, or downloaded something he should not have. But I kept deleting that 'porn DVD' icon and to know avail. It kept coming back to my desktop as an icon again.

I have spybot and norton. I already scanned my computer, Norton showed me 4 viruses that I could only fix manually. I don't know how to do that.

I don't use this computer for many important things. There are no important files stored on my computer. So I don't mind something that would restart my computer fresh. My brother told me about system restore, but it seems the only date that it can restore it to is today. I don't know why we can't choose an earlier date than today. I loaded Avast antivirus, it supposedly deleted a couple of things, but the computer still keeps popping up these anti-virus windows and warning boxes telling my my system is infected and attacks are detected.

What exactly do I do? I don't mind restart the computer so that it starts fresh. Although my friend has the XP disc at his house. Is there anyway for me to jus cleanse my computer? I really only need it to surf and do my research. I planned to get a laser printer hooked up to it, but now I'm afraid these viruses might corrupt any new peripherals I attach to this.

Help, I need some suggestions!

I want to purge this stuff!

If you don't mind I would definately blat windows, just to be sure everything is out of it, since viruses change their names and extensions frequently.

I would recommened getting the disc back and reinstalling XP. But that is only if you don't mind, it's the easiest way, even though it's the messiest.

I can't get the information from the links on the site, It won't let me access them. I can only read them if you can copy and paste and put them here, where I can see what I must do. I also cannot download that anti-malware stuff , I can't access the link, my page goes blank and tells me there was an error and the page could not be accessed.

That "antivirusXP2008 " just about knocked my computer out. It hides in other files. I have "secureIT" thought my ISP and after 7 tries they finally got everything straighten out.

I had redirected searches, no load pages, e-mail messed up. AND then my modem messed up but my IPS fixed it.

I asked them if they knew who is responsible for the XP2008 and they don't know but they are looking.

Roper

please get rid of norton,it's pants.


a combination of Ad-aware - Spybot Search and Destroy - Avast and Advanced Windows Care V2 (all freeware) has kept this pc clean for as long as I care to remember.

try this little dude out to start you off. www.spywareinfo.com... it opens on it's own,all you've got to do is select run,not save. delete what it finds. (I was recomended this one from a guy who works on the PCs at Heathrow Airport in the UK,it's a good'un)

then all you've got to do is scrap Norton,seriously,it's so rubbish it hurts.

if you can download and install this i can help you get ur pc running alittle more stable so a normal anti virus and spayware killer can fix the rest of the job

Hi-Jack This

yea i know its got a weird name but it is mighty handy, run the program and paste the results either here or in a u2u.

if you cant get this program contact me in u2u and ill try talk you through the registry.

reply to post by Demandred


I was warned to be weary of Hijackthis. It's not really for "novice" computer people.... I've never used it.

Good Luck.

Originally posted by Pocky
I can't get the information from the links on the site, It won't let me access them. I can only read them if you can copy and paste and put them here, where I can see what I must do. I also cannot download that anti-malware stuff , I can't access the link, my page goes blank and tells me there was an error and the page could not be accessed.

Can you try this;

Reboot to Safemode with internet
[During restart press f8 repeatedly. A menu will allow you to scroll to choose safemode with networking]

Surf to the antimaleware link provided in previous posts.
Download.

Reboot to normal mode.
Install.
Run the scan and delete the things it quaratines.
Reboot.
Surf to find and download ccleaner.
Run it.

Best of luck
makeitso

[edit on 9/16/08 by makeitso]

reply to post by elevatedone

actually it is exactly for novices

all it does is give you a print out of registry entries and allows people who arnt knowledgable in pc's the ability to provide information needed to techies in a quick and easy manner.

ive used it on my work network many times with great success and it hasnt caused any compromise of the network here.

the only real problem with it is it can reveal what services and programs are running on a machine and allow people to try to exploit those weaknesses hence why i told him to U2U me if he didnt feel comfortable revealing that info onto an open board.

[edit on 16-9-2008 by Demandred]

eg of Hi Jack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:06 PM, on 17/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\PrinterMonAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
F:\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
O2 - BHO: &Yahoo! Toolbar Helper - [02478D38-C3F9-4efb-9B51-7695ECA05670] - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - [06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trellian BHO Impl - [24180B00-2EB6-11d7-BD6F-004854603DCE] - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - [3CA2F312-6F6E-4B53-A66E-4E65E497C8C0] - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)
O2 - BHO: AVG Security Toolbar - [A057A204-BACC-4D26-9990-79A187E2698E] - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - [AA58ED58-01DD-4d91-8333-CF10577473F7] - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - [AF69DE43-7D58-4638-B6FA-CE66B5AD205D] - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - [2318C2B1-4965-11d4-9B18-009027A5CD4F] - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - [A057A204-BACC-4D26-9990-79A187E2698E] - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Trellian &Toolbar - [71AAABE5-1F0F-11d7-BD6F-004854603DCE] - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O3 - Toolbar: Yahoo!7 Toolbar - [EF99BD32-C1FB-11D2-892F-0090271D4F88] - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - [92780B25-18CC-41C8-B9BE-3C9C571A8263] - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: [17492023-C23A-453E-A040-C7C580BBF700] (Windows Genuine Advantage Validation Tool) - go.microsoft.com...
O16 - DPF: [6E32070A-766D-4EE6-879C-DC1FA91D2FC3] (MUWebControl Class) - www.update.microsoft.com...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = *******
O17 - HKLM\Software\..\Telephony: DomainName = *********
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = *******
O18 - Protocol: linkscanner - [F274614C-63F8-47D5-A4D1-FBDDE494F8D1] - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 6422 bytes

you do a scan, save to log file and post log file to techie site or knowledgable friend or admin they can see exactly whats running, what reg entries you have and can recomend a course of action, many A-V's have difficaulty with viruses that disguise themselves as system files.

[edit on 16-9-2008 by Demandred]

In my opinion just forget about trying to fix it and use a restore point from before you had any trouble.

It's the lazy approach but it's also quite effective as long as you have a restore point or two.

If not I'd recommend trying spybot search and destroy you might end up having to start new though.

That software actually does some bad juju. From what I know about the XP Software (the virus that is), it'll delete the previous restore points, if in the admin account, and make the time it was installed the LAST restore point.

I've used system restore quite a few times with no ill effects it's often easier than trying to remove a nasty piece of spyware. In a few cases it worked when every scanner I tried failed to remove something.

Although the easiest way is not to get spyware in the first place of course

I'd recommend everyone uses firefox, adblock, spyware blaster and the chances of you being infected will drop quite considerably.

In my experience system restore is a good solution though as long as you pick an early enough point to avoid the problem all I can say is it hasn't failed for me yet.

One thing that has always bugged me is I really don't see any difference between spyware and viruses why can we not just jail the writers. In most cases spyware is using the same techniques and doing more damage.

[edit on 17-9-2008 by Teknikal]

Good advice here so far. Be ready to reload Windows at any time, so have your windows disks (some hp/compaqs can reload themselvesby hitting a key at startup). Have your network card driver on a disc if you do, so you can get back on the internet and infect yourself, lol

Seriously tho, reloading is often the best advice, viruses don't generally hide in pictures or files, though they can, they still have to be triggered by a mouseclick and things will go bad after that so you'll be able to track down the culprit.

A virus scanner can scan your files to find bad programs in disguise, but you'll need SpyBot, SuperAntiSpyware and HiJackThis (now owned by Trend Micro) to find the real buggers and also look in \windows and \windows\system32 and sort by date so you can try to find the .exe file and it's spawned files (they'll all have the same spawn date). Also you should search the registry for whatever random names you find, to find and delete those entries. If you want to avoid totally reloading windows you can use AutoRuns (from Microsoft) and maybe run SFC (system file checker goto START > RUN and type "sfc") if it works (which often it does not).

Some reading:

Wiki: RussianBusinessNetwork
wiki: Storm Botnet

BTW, Storm was found in 2007 and has been largely reduced in size so the typical botnet has a lifecycle of months at best, but the bad part is that if you've been keeping up on things, you'll know that DNS and Microsoft have been sold down the river from a security perspective. All in preparation for the NEW internet of course, lol

Good luck.


smallpeeps

alot of viruses can infect the restore points, so theres no garentee that restoring it will fix the problem