Just a quick note:

I've spent the last hour trying to recover my PC from the grips of some pretty nasty spyware/malware.

The software responsible is called SpySheriff and it's a sneaky bugger. It appears as if Windows is warning you of an infection and will download the latest spyware removel software. This then appears to find tons of nasty sh1t on your computer and then requests that you register your details to download the fully software to remove said files.

DON'T DO ANYTHING IT REQUESTS

Fortunately I have a friend who works for MS and directed my to their security centre and we've slowly been recovering my laptop.

I was running Lavasoft Adaware, CCleaner and AVG Antivirus. I now also run the Malicious Software Removal Tool and Antispyware Beta from the MS security centre.

www.microsoft.com/security

I'm now getting:


frequent AVG warnings
my desktop wallpaper is horribly changed (cannot alter it back)
apparent warnings from Windows
a program called 'shopping wizard' which can't be removed from add/remove programs


Any further ideas welcome! Take care

Spyware and suchlike is a real pain - I pay the £25 per year and have Norton Anti-Everything, seems to work a treat - I got burned like you before and it hurts. I now even do regular backups and store them remotely.

90 mins later and I'm still getting pop-ups, AVG warnings and a desktop (which still can't be changed) that looks like this.....

I always found Norton products to slow the system down too much, not used them for a while though so maybe different now. We swear by McAfee at work though, oh and a firewall, but that would defeat the purpose of a laptop wouldn't it!

Don't suppose you have any recovery dates you can fall back on do you?

There is something on my system (detected, but not identified, by the MS software I've installed) which is trying to set my homepage to about:blank


Don't suppose you have any recovery dates you can fall back on do you?

Once I know my enemy I shall do a system restore to last week, scan and start over.

Can't you just manually delete it and hope for the best?

Can't you just manually delete it and hope for the best?

I cannot remove it from the Add/Remove Programs function as the REMOVE button just launches a website which requests an email and comments before removal - I'm reluctant to do this.

I don't know where it is on my PC to remove it manually!

Stumped.

AVG is finding some more nasties right now.

couple of things (3 actually)

download and use microsft antispyware from download.microsoft.com
download and use ad-aware personal edition from www.lavasoftusa.com
download and use avast (google it)
iver got two anti virus and thre firewalls!

cant be too careful

If the MS software identifies the problem, can it give you a location i.e C:/documentsandsettings/microsoft/blablabla if it does go there and delete it lkike you would any other file.

If not, get the name of the file as identified from the MS software , do a search on all files and folders using the search function entering the file name or whatever info you have, if that gives you a location find file and delete.

If it won't let you delete it, reboot into safe mode and then try to again to delete it.

Other than that, seek professional help or break it over your knee :thumbsup:

couple of things (3 actually)

download and use microsft antispyware from download.microsoft.com
download and use ad-aware personal edition from www.lavasoftusa.com
download and use avast (google it)
iver got two anti virus and thre firewalls!

cant be too careful

On my PC at home I have:
0 Spyware tools
0 Anti-virus tools
1 x firewall which is located on the broadband router.

I do not suffer viruses, nor spyware.

Why? because i get all my pr0n via P2P! :joker:
No, actually... its because I am very careful about what I install on my PC.

I would advise checking out something that KiwiTT lauds... its called "processguard" or something similar. It basically locks your processes down so that when a malicous program tries to install other "background" processes, it cant.

Oh, at worst case switch to linux. there arre some pretty nice distros around these days IIRC

Hi Steve

Don't know if you read my tread on MY LapTop dying, :embarasse but i have eventually been able to recover it.. Think it's took about 4 days.. /yes
1 program you haven't mentioned is Spy Bot Search and Destroy, this is obtainable from places like Download.com. To give you an idea of how bad my LapTop was .. It was taking up to 15mins to shut down, 5 mins to boot up, No internet access, POP Ups ucking everywhere.. CCleaner usually was clearing anything from 1/2 meg to 60meg of crap out whilst it was running ok.. The other day i cleared out 1017meg.. And today i cleared 1652.3meg of ****e out.. And that was after clearing 42meg out 1hr earlier.. :rolleyes4
Hope you get it sorted .. :thumbsup:

You can also start in "safe mode" (press F8 just before windows starts loading) and do a search for EVERY file that has changed since you installed the software that caused the problem.

You should get quite a list, depending on what you have done. Often you can see obviously dodgy files, DLLs, EXEs and stuff. delete (or quarantene in a safe place if you want to be safe!) these.

I had to do this to a PC at work (being one of the techs) and it took a couple of hours to locate and remove these files.

Other than that, seek professional help or break it over your knee :thumbsup:

I'm in a top floor flat mate, when we get to that stage I've something far more spectacular planned :thumbsup:


Why? because i get all my pr0n via P2P!

What are you trying to insinuate? :embarasse

BTW: Did the pair of you advise Gary Glitter on internet security? STORY HERE (http://www.thesun.co.uk/article/0,,2-2005550432,00.html)

BTW2: When you look at that link has The Super Soaraway Sun turned certain words into hyperlinks or is that another little problem someones left on my PC?

If the MS software identifies the problem, can it give you a location i.e C:/documentsandsettings/microsoft/blablabla if it does go there and delete it lkike you would any other file.

If not, get the name of the file as identified from the MS software , do a search on all files and folders using the search function entering the file name or whatever info you have, if that gives you a location find file and delete.

If it won't let you delete it, reboot into safe mode and then try to again to delete it.

Other than that, seek professional help or break it over your knee :thumbsup: Another thing you could try is to do perform a search in your registry to see whether you could delete them that way... now that you know the path of the "install" directory, you should be able to find the relevant executables and perform deletions of unwanted programs to launch.
Go to the registry --> HKEY_LOCAL_MACHINE --> SOFTWARE --> Microsoft --> Windows NT --> CurrentVersion --> Winlogon
Look at the right hand pane and find Shell, there should only be Explorere.exe in the list. There should be none others in the entry.

BTW: Did the pair of you advise Gary Glitter on internet security? STORY HERE (http://www.thesun.co.uk/article/0,,2-2005550432,00.html)

No, but if you leave me in a room with him for 20 minutes i'll give him some advice!! /pan :elvis: :smash: :skull: :rifle:

Another thing you could try is to do perform a search in your registry to see whether you could delete them that way... now that you know the path of the "install" directory, you should be able to find the relevant executables and perform deletions of unwanted programs to launch.
Go to the registry --> HKEY_LOCAL_MACHINE --> SOFTWARE --> Microsoft --> Windows NT --> CurrentVersion --> Winlogon
Look at the right hand pane and find Shell, there should only be Explorere.exe in the list. There should be none others in the entry.



good info, and dont forget to backup your registry first! or if you want to backup specific things, you can right click on the registry branch in the left window and "export" that key.

good info, and dont forget to backup your registry first! Doh... forgot to mention that!!! /pan/pan/pan/pan

Spyware 1 - 0 Brunty

/pan /grr /pan

:rolleyes4

2.30am

I'm beaten

Removal instructions

http://forums.majorgeeks.com/showthread.php?t=65945

Its pretty intensive but may be quicker that a reinstall

Did you try a System Restore ?

A squared from Andreas Haak is another worthwhile trojan/anti spyware solution, currently is able to remove approx 90,000 of the known sh!te, worth a look...... :thumbsup:

Removal instructions

http://forums.majorgeeks.com/showthread.php?t=65945

Its pretty intensive but may be quicker that a reinstall

Did you try a System Restore ?

Gotta agree with Nick. If you found that it is a problem that has occured since a downnload or something that happened in the last few days, then restore your system to a date prior to this happening. Works all the time for me.

Start>All Programs>Accessories>System Tools> System Restore. Then pick a date (usually no more than a month back).

Works all the time for me. :thumbsup:

Start>All Programs>Accessories>System Tools> System Restore. Then pick a date (usually no more than a month back).

Works all the time for me. :thumbsup:


But what do you do when a virus disables your system restore..... /help... I have had this happen on two customers pc's lately, no doubt there is some very nasty crap flying around..... :thumbsdow

But what do you do when a virus disables your system restore..... /help... I have had this happen on two customers pc's lately, no doubt there is some very nasty crap flying around..... :thumbsdow

I had this and then remembered someone posting about restarting pc nd pressing F8 while rebooting then selecting the last known working configuration option.. It did the trick .. :thumbsup: It took around 15mins for my laptop to shut down thou :rolleyes4

I had this and then remembered someone posting about restarting pc nd pressing F8 while rebooting then selecting the last known working configuration option.. It did the trick .. :thumbsup: It took around 15mins for my laptop to shut down thou :rolleyes4

Did it work for you Glen....?

Did it work for you Glen....?

I'm here aren't i /yes :happy: :thumbsup:

Thank you everyone for your advice and recommendations.

My laptop is infected with the trojan Startpage.19.AO

The various software I had installed, and that has been recommended, means that my computer works atleast. Although The problems come when I open IE, symptoms as follow:


homepage continually defaults to about:blank - frustrating
occasional pop-ups - frustrating
AVG antivirus recognises the Startpage trojan when a new session of IE is started - worrying


Unfortunately, although the PC will attempt a system restore - when the PC reboots I'm told it can't restore to that point. The 'restore to last working configuration' in safemode doesn't work - presumable because my PC wasn't not working?

I will beat it - it's just hampering my use of the PC/Internet as I don't want to risk using any of my banking/email passwords and unfortunately I need to work today!!!! AARrrggggghhhhh!!!!

Thanks again.

Steve

Thank you everyone for your advice and recommendations.

My laptop is infected with the trojan Startpage.19.AO

The various software I had installed, and that has been recommended, means that my computer works atleast. Although The problems come when I open IE, symptoms as follow:


homepage continually defaults to about:blank - frustrating
occasional pop-ups - frustrating
AVG antivirus recognises the Startpage trojan when a new session of IE is started - worrying


Unfortunately, although the PC will attempt a system restore - when the PC reboots I'm told it can't restore to that point. The 'restore to last working configuration' in safemode doesn't work - presumable because my PC wasn't not working?

I will beat it - it's just hampering my use of the PC/Internet as I don't want to risk using any of my banking/email passwords and unfortunately I need to work today!!!! AARrrggggghhhhh!!!!

Thanks again.

Steve

Did you try Spy Bot and Spy Axe as i am sure these are the 2 progs that eventually stopped the pop ups. i had the same with system restore. there restore or the reboot to lst known working config did not clear these but they did speed up the pc once i had got the pywre, virus's and pop ups out. it's still not a 100% as CCleaner is still pulling out 10 x the ammount of crap it used to, so summat is still a miss. Also none of the smilies on this site are animated anymore. It actually got to the point where i could not connect to the internet at all, but the Nice man at NTL sorted that out for me /yes
Stick at it Steve, cos if i can get through it with the help of the folks on here i'm sure you can :thumbsup:

Thanks Glen - I missed SPY AXE first time round so will try that now. I'm pretty close, and have found some additional advice on the internerd. Reckon I can kiss goodbye to this weekend though :embarasse

Thanks again to all who've chipped in with advice.

Steve

Glen - a google search for SPY AXE seems to suggest that this too is unwanted software, the first page on Google is forum posts from people struggling to remove it! I'll give this one a miss for now.

It's not inconceivable that spyware companies are generating trojans/adware/malware/viruses which can be successfully be removed by their software - I know many of my pop-ups are for antivirus/spyware removal tools. It all started with Spy Sheriff!

Hmmmm ! Cheers for that Steve.. as i am still having a few probs i will try and remove Spy Axe from my lap top and see it there is a change.. :thumbsup: Chin Up .. I'm sure it won't take all weekend.. /Hmmm
Glen - a google search for SPY AXE seems to suggest that this too is unwanted software, the first page on Google is forum posts from people struggling to remove it! I'll give this one a miss for now.

It's not inconceivable that spyware companies are generating trojans/adware/malware/viruses which can be successfully be removed by their software - I know many of my pop-ups are for antivirus/spyware removal tools. It all started with Spy Sheriff!

Format and Re-install.

Sounds like it would have been quicker to have done that to begin with :P

just back up your important files first... Personally I always have at least 2 partitions / hard disks so the one with windows installed can be wiped without loosing all my documents and other important stuff

... Personally I always have at least 2 partitions / hard disks so the one with windows installed can be wiped without loosing all my documents and other important stuff

Which is exactly what I'll do in the future. I'd wondered why it came with two large partitions on the hard-drive.