|
Do you have Adware, Spyware, Virus/Trojan or a Browser Hijacker?
|
|
|
ddp
Moderator
|
1. August 2005 @ 07:45 |
Link to this message
|
|
if do a system restore than still do all the scans to see what happens
This message has been edited since posting. Last time this message was edited on 1. August 2005 @ 07:46
|
|
Advertisement
|
|
|
|
|
RagePro
Suspended permanently
|
1. August 2005 @ 07:52 |
Link to this message
|
|
Hey Kinza spyware,adware, viruses ,trogens and browser hackers are becoming smarter ,by that i mean system restore doesnt always wrk
good luck on ur problem
|
Senior Member
|
1. August 2005 @ 09:58 |
Link to this message
|
|
I didn't do system restore to fix the adware/spyware/viruses. It was another computer error, I must have done something in the Windows Registry, I have it all fixed now.
|
Senior Member
|
1. August 2005 @ 09:58 |
Link to this message
|
|
Bump.
This message has been edited since posting. Last time this message was edited on 1. August 2005 @ 18:15
|
|
ddp
Moderator
|
1. August 2005 @ 13:26 |
Link to this message
|
|
teach & learn
|
Senior Member
|
1. August 2005 @ 23:34 |
Link to this message
|
|
I have scanned and tried everything still showing up.
|
|
ddp
Moderator
|
2. August 2005 @ 12:02 |
Link to this message
|
|
try the post cjc did that started this thread to see if fixes the problem
|
Senior Member
|
2. August 2005 @ 12:47 |
Link to this message
|
|
turned out it was a browser hijacker, yay! everything's fixed now, finally i can see...
|
|
ddp
Moderator
|
2. August 2005 @ 12:52 |
Link to this message
|
|
teach & learn
|
|
eLeCTR0n
Member
|
3. August 2005 @ 07:00 |
Link to this message
|
|
Nice. it feels good after things get fixed. ;)
|
Staff Member
4 product reviews
|
11. August 2005 @ 19:40 |
Link to this message
|
|
for anyone who has "webp2p" from all versions of limewire. Here is how you remove it.
From windows->Press Start->Run->Type REGEDIT->Press my computer on the top to highlight it, aand press CTRL+F-> Type "Magnet" (no quotes) and then press find next. When it finds it, right click on the floder and press delete->Then go back up to My Computer and press CTRL+F again and press Find next once again.
This should destroy the surveillance software but note that it comes back every time you open limewire again.
|
|
eLeCTR0n
Member
|
20. August 2005 @ 09:54 |
Link to this message
|
|
My friend gave me his computer 2 days ago because it was completely screwed up. It was full of spyware, trojans and viruses. Right when you turn on the computer you get the message CRSS.EXE has crashed and Windows will reboot in 1 min, and it keeps rebooting. It also had all these porn icons on the desktop that one of the spyware created, and it had a whole lot more stuff that the trojans did. Even IEXPLORER.EXE was actully trojaned and binded with another executable. Anyway I was able to get rid of all that and fix almost everything. However, there was something that I couldnt change and I want to see if anybody has seen that before. Basicly the laptop had this spyware that was trying to imitate the Windows new security feature and it would pop a bouble by the clock and say "Your computer apears to be infected. Windows will now download and install the latest antispyware for you". Then it would install this program called SpyCherif and run it which would then ask for activation that of course you have to pay for. The other thing this one spyware did is change the desktop wallpaper to a wallpaper that says "Your computer is infected".
The problem is that I could not change that desktop, when you go to the display properties and try to change the desktop it is greyed out and the all the fields are locked so you cant change anything. Even after I got rid of the spyware itself and removed it, the desktop is still there and still cant change it.
Any ideas?
Thanks
|
|
eLeCTR0n
Member
|
20. August 2005 @ 09:57 |
Link to this message
|
|
I gave him the laptop yesterday because he really needed it so I cant test your ideas right away but as soon as I can.
|
|
ddp
Moderator
|
20. August 2005 @ 10:06 |
Link to this message
|
|
what did you use to get rid of the spyware & viruses??
|
|
eLeCTR0n
Member
|
20. August 2005 @ 16:43 |
Link to this message
|
|
I dont know if you asked to find out or to see what I did wrong but it's a good thing you did anyway because others can learn from this.
|
|
eLeCTR0n
Member
|
20. August 2005 @ 17:10 |
Link to this message
|
|
This is basicly what I did as I remember. I am probably going to miss something.
1. To stop Windows from rebooting after a critical process crashes, you can use the 'shutdown -a' command to abort the shutdown.
2. Then I deleted all the temp files in all temp directories, which includes:
C:\Windows\temp = %systemroot%\temp
C:\Documents and settings\username\Local Settings\temp =
%userprofile%\local settings\temp
All Internet temp files.
For the user profile temp file I did this to all the users.
3. Browsers history/cache/cookies/plugins were all removed.
4. I used 'msconfig', 'msinfo32' and the registry hive Local_Machine\Software\Microsoft\Windows\CurrentVersion\Run to find all the programs starting at startup and removed all the non-necessary.
For the suspicous programs I searched the harddrive for them and deleted them.
5. Then after finding that IEXPLORER was trojaned I deleted the whole internet explorer folder and installed Firefox and downloaded a brand new IE6setup from Microsoft.com
6. After installing Internet Explorer I went through all the Windows and IE updates, including SP2.
7. I installed Spybot and Ad-aware and searched the computer and removed all what they found.
8. Afterwards, I went to housecall.trendmicro.com and did a full scan.
9. I forgot to say this in the begenning but before I did most of this I went through the whole Add/Remove Programs list and uninstalled all the programs that he didnt recognize.
10. Of course I made Firefox the default browser and I updated Microsoft Office too.
11. Edited and cleaned the 'hosts' file.
12. I feel like I am missing something but cant remember now.
Anyway this is a good idea of what I used to clean his computer.
This message has been edited since posting. Last time this message was edited on 20. August 2005 @ 17:12
|
|
ddp
Moderator
|
20. August 2005 @ 17:27 |
Link to this message
|
|
use the ccleaner that is on my post as it cleans out the crap in cookies, history, registry & other stuff
|
|
eLeCTR0n
Member
|
20. August 2005 @ 17:31 |
Link to this message
|
|
Yea I've used that too but I am not a big fan or automating programs. I like to do things like that myself so I know what's going on. It's a good idea to save time but you can do everything it does manually. you know?
|
|
ddp
Moderator
|
20. August 2005 @ 17:33 |
Link to this message
|
|
it saves a bit of time tho not perfect
|
|
eLeCTR0n
Member
|
20. August 2005 @ 18:38 |
Link to this message
|
|
err
big fan of*
|
|
eLeCTR0n
Member
|
21. August 2005 @ 15:15 |
Link to this message
|
|
One thing i just remembered is that I also disabled the Guest account which really should never be enabled unless you know what you are doing.
|
|
Velvet
Newbie
|
24. August 2005 @ 15:59 |
Link to this message
|
|
Thanks CJC. Just installed and used Adware Away. It found quite a few hijacker files.
I'll also take this opportunity to say "hello" to everyone. Look forward to reading through the forum.
Thanks again!
|
|
eLeCTR0n
Member
|
24. August 2005 @ 17:44 |
Link to this message
|
|
"hi"
|
|
eLeCTR0n
Member
|
24. August 2005 @ 18:09 |
Link to this message
|
|
lol
|
|
Advertisement
|
|
|
Senior Member
|
24. August 2005 @ 18:12 |
Link to this message
|
|
are you posting to increase your count? you do that again and i'll have to report you. say bye bye if you do that again.
|
