|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
Thread Tools | Display Modes |
|
#1
July 14th 08, 04:48 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
Spyware Alert
I have been getting critical system alert from a phony software i have
downloaded in an attempt to remove spyware. Its name is windows anti virus i think. I have tried using Windows defender and Norton360 but i am still getting warning signals that eventually opens a web page with further warnings. One of the frequent alerts that i get states that there's Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't know what to do, in have done full system scan using both Norton and Windows defender. 
|
| Ads |
|
#3
July 14th 08, 09:15 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
"jaeann" wrote: I have been getting critical system alert from a phony software i have downloaded in an attempt to remove spyware. Its name is windows anti virus i think. I have tried using Windows defender and Norton360 but i am still getting warning signals that eventually opens a web page with further warnings. One of the frequent alerts that i get states that there's Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't know what to do, in have done full system scan using both Norton and Windows defender. Is that the Anti-virus you mean: http://www.bleepingcomputer.com/malw...antivirus-2008 http://hands-oncorp.com/2008/06/12/w...-instructions/ Unexplained computer behaviour may be caused by deceptive software http://support.microsoft.com/kb/827315 Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en...hijackthis.php) my add : to_you_ross(atremove this and repalce with the abvoius)yahoo.co.uk ( _ is underscore) HTH. nass --- http://www.nasstec.co.uk
|
|
#4
July 14th 08, 10:35 PM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
From: "jaeann"
| I have been getting critical system alert from a phony software i have | downloaded in an attempt to remove spyware. Its name is windows anti virus i | think. I have tried using Windows defender and Norton360 but i am still | getting warning signals that eventually opens a web page with further | warnings. One of the frequent alerts that i get states that there's | Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't | know what to do, in have done full system scan using both Norton and Windows | defender. Two part reply.. Perform Part 1 then perform Part 2. It is suggested that you execute each tool in Normal Mode then in Safe Mode. Part 1 ----------- Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe http://noahdfear.geekstogo.com/click...click.php?id=1 http://www.bleepingcomputer.com/forums/topic43659.html Part 2 ----------- S!ri's SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix_En.php * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#5
July 16th 08, 04:39 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
Thanks but i still have this annoying fake system alert popping up. Here's the results from hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:24:31 PM, on 7/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O2 - BHO: ASCWarningBHO Class - {58472BC6-BEA3-42d4-8917-7A8BCB0711B5} - C:\Program Files\ASC 2.1\ASCWarning32.dll (file missing) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm565LDUS O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsite.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolsite.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jody-Ann McLeggon\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JS...ws-i586-jc.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O22 - SharedTaskScheduler: enation - {629340b5-8df6-4211-9245-a86563a35792} - C:\WINDOWS\system32\gnmguxh.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 13180 bytes "Leythos" wrote: In article , says... I have been getting critical system alert from a phony software i have downloaded in an attempt to remove spyware. Its name is windows anti virus i think. I have tried using Windows defender and Norton360 but i am still getting warning signals that eventually opens a web page with further warnings. One of the frequent alerts that i get states that there's Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't know what to do, in have done full system scan using both Norton and Windows defender. Only download software you can validate as uncompromised - in the case of non-vendor site you have no guarantee that the files are unmodified or uncompromised. Anyone providing a link to a non-vendors site with a direct download should not be trusted, the vendors sites are the safest place to download their application. No person of sound mind would download files from a hack site that requires a password to access the unknown files when they are available directly from the vendors. Always remember - only download files from Trusted Sites. The following links will take you to vendors sites for Spy Ware / Ad ware removal tools and also for Antivirus tools. After you install any of these applications and update them, run them in SAFE MODE to allow them to properly clean your system. First, make sure that your Java is updated to the latest version: http://www.java.com/en/download/index.jsp These sites are for downloading Anti-Malware and Anti-Spyware tools, in order that I would use them myself: Dave Lipman's tools: Download MULTI_AV.EXE from the URL -- http://www.pctipp.ch/downloads/dl/35905.asp AdAwareSE can be found he http://www.lavasoft.com/products/ad_aware_free.php SpyBot Search and Destroy can be found he http://www.safer-networking.org/en/download/index.html SmitRem.exe by Noahdfear's SmitFraud, SpyAxe, SpyFalcon, removal tool http://noahdfear.geekstogo.com/click...click.php?id=1 IEFix Utility - Description: http://windowsxp.mvps.org/IEFIX.htm -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" (remove 999 for proper email address)
|
|
#6
July 16th 08, 04:39 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
Thanks very much. It helped but i still have a system alert that pops up.
Whenever IE is launched it is redirected to a so called "safe page" that wants me to download antispyware. I know these are fake. "nass" wrote: "jaeann" wrote: I have been getting critical system alert from a phony software i have downloaded in an attempt to remove spyware. Its name is windows anti virus i think. I have tried using Windows defender and Norton360 but i am still getting warning signals that eventually opens a web page with further warnings. One of the frequent alerts that i get states that there's Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't know what to do, in have done full system scan using both Norton and Windows defender. Is that the Anti-virus you mean: http://www.bleepingcomputer.com/malw...antivirus-2008 http://hands-oncorp.com/2008/06/12/w...-instructions/ Unexplained computer behaviour may be caused by deceptive software http://support.microsoft.com/kb/827315 Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he SuperAntispyware - Free http://www.superantispyware.com/supe...freevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sys...tRevealer.mspx Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en...hijackthis.php) my add : to_you_ross(atremove this and repalce with the abvoius)yahoo.co.uk ( _ is underscore) HTH. nass --- http://www.nasstec.co.uk
|
|
#7
July 16th 08, 10:02 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
"jaeann" wrote: Thanks very much. It helped but i still have a system alert that pops up. Whenever IE is launched it is redirected to a so called "safe page" that wants me to download antispyware. I know these are fake. Hi, Can you contact me on the Email address below please. If you don't wish then you need to send your Hijackthis log to one of many forums that specialized in analyzing Hijackthis log. to_you_ross(remove this and repalce with the ( _ is underscore) HTH. nass --- http://www.nasstec.co.uk
|
|
#8
July 16th 08, 11:04 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
From: "jaeann"
| Thanks but i still have this annoying fake system alert popping up. Here's | the results from hijack this: HJT logs are not allowed/accepted nor analyzed here ! See my other reply to your other HJT post; " False System Alert" -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#9
July 16th 08, 11:20 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
From: "jaeann"
| Thanks but i still have this annoying fake system alert popping up. Here's | the results from hijack this: 1. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en...HJTInstall.exe 2. Disable Notepad's word wrap: In Notepad.exe; Format -- uncheck; "Word wrap" 3. Download/run Deckard's System Scanner: http://www.techsupportforum.com/sect...eckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post in one of the below expert forums... { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! } Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/i...hp?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/...splay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malwa..._Here-f37.html http://gladiator-antivirus.com/forum...?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/...p?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
#10
July 17th 08, 12:22 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
In article ,
says... Thanks but i still have this annoying fake system alert popping up. Here's the results from hijack this: and your annoying the group by posting a HJ log here. -- - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" (remove 999 for proper email address)
|
|
#11
October 8th 08, 02:44 AM
posted to microsoft.public.windowsxp.security_admin
|
|||
|
|||
|
Spyware Alert
"jaeann" wrote: I have been getting critical system alert from a phony software i have downloaded in an attempt to remove spyware. Its name is windows anti virus i think. I have tried using Windows defender and Norton360 but i am still getting warning signals that eventually opens a web page with further warnings. One of the frequent alerts that i get states that there's Trojan-Spy.Win32@mix but this is from windows defender or Norton360. I don't know what to do, in have done full system scan using both Norton and Windows defender.
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
