It's no longer MY PC...

  • Thread starter Thread starter Poppa
  • Start date Start date
P

Poppa

Today's rant...

I no longer own my PC. It sits on my desk but it is not
under my control. Spyware/Adware builds pop-ups for
tickle.com/american express/gamblimg casinos etc. In the
process of doing so, it downloads viruses to my PC. I
know this because i run my norton antivirus software
daily, and the same viruses are
detected/quarantined/deleted every day. Over and over.
Even on weekends... and i assue you, i am not working on
the weekends.

Maybe they're coming off the network. I doubt it. i'd
think there would be someone who discovered that the
network is infested by this time... So my guess is that
the adware pop-ups are exposing me to viruses and other
junk. MSAS doesn't detect anything. Hasn't for weeks
after i ran the first few times and "cleaned" things up.
The enterprise guys were here and spent a couple of days
trying to get me running clean. I still get the pop-ups.
MSAS says i am clean. The pop-ups still come. The
viruses are there again.

It's time to modify the old saying... Nothing is certain
except, death, taxes and spyware/adware infestaion.

Blah. Happy Monday!
 
BANG!

Just confirmed the pop-ups are doing damage. Another ad
from American express popped up and almost immediately i
get a virus warning from Norton. What is YOUR conclusion?
 
Poppa said:
BANG!

Just confirmed the pop-ups are doing damage. Another ad
from American express popped up and almost immediately i
get a virus warning from Norton. What is YOUR conclusion?
Click to expand...

Do a clean install (format) and install all your anti-spyware/adware/virus
apps before going online.
 
You have a hidden trojan that is re-infesting you. You will really have to
scour that machine clean so a wipe/reinstall will probably be a better
solution for you in the long run. Then, stay off those rogue websites!
 
Poppa said:
Today's rant...

I no longer own my PC. It sits on my desk but it is not
under my control. Spyware/Adware builds pop-ups for
tickle.com/american express/gamblimg casinos etc. In the
process of doing so, it downloads viruses to my PC. I
know this because i run my norton antivirus software
daily, and the same viruses are
detected/quarantined/deleted every day. Over and over.
Even on weekends... and i assue you, i am not working on
the weekends.

Maybe they're coming off the network. I doubt it. i'd
think there would be someone who discovered that the
network is infested by this time... So my guess is that
the adware pop-ups are exposing me to viruses and other
junk. MSAS doesn't detect anything. Hasn't for weeks
after i ran the first few times and "cleaned" things up.
The enterprise guys were here and spent a couple of days
trying to get me running clean. I still get the pop-ups.
MSAS says i am clean. The pop-ups still come. The
viruses are there again.

It's time to modify the old saying... Nothing is certain
except, death, taxes and spyware/adware infestaion.

Blah. Happy Monday!
Click to expand...


Use more than just Norton to check for viruses and trojans. There are
plenty of free online scanners available from other AV vendors. Those
detect but do not repair or quarantine (and why they are free) but some
offer manual removal instructions for each discovered pest. AV products
are geared mostly to detect viruses. You might want to also trial some
anti-trojan programs, like TDS-3 and Trojan Hunter. No anti-spyware
product is complete so use several to provide overlapping coverage and
hope some have non-overlapping coverage to detect what the others won't.
Use Ad-Aware, Spybot S&D, and CWshredder besides just MSAS. Make sure
to schedule scans or run them manually for MSAS rather than just rely on
the monitors to catch something that is entering or changing.

Do you run a personal software firewall on your host? Are you just
relying on the crippled one included in Windows. Get Sygate Personal
Firewall (smb.sygate.com) or ZoneAlarm Free to get something better.
Are you running any unneccessary services that open ports for hackers to
get in, like a web or FTP server? If you run these or anything that
listens to external port connects to act as a server, have they been
secured as much as possible? Running any P2P (file sharing) apps? Are
you running Messenger (chat client) with an option enabled to let others
upload files to your host?

Might be time to start thinking about using an IDS product (Intrusion
Detection Software) rather than rely on the IPS (Intrusion Protection
Software), that attempts to detect pests as they enter rather than
lockdown what can do what and what can change what on your host. Prevx
Home is free and I've experienced an insignificant impact on system
performance. But get ready to answer lots of questions as it learns,
and your decisions will affect how good is its security (i.e., you'll
have to investigate what it is asking you if you don't know - just
answer Yes to allow everything to every prompt eliminates its security).

Might be time to call in the IT folks to look at your host and notify
them that it is a security risk. Sounds like you are running something
that isn't itself spyware but allows your host to get infected or you
haven't secured your box. Are you bypassing your corporate firewall?
Maybe using VNC or VPN to connect through to another host that isn't
secure? Whose putting the files on those floppies and CDs that you
insert into your removable drives; i.e., is you sneakernet secure
(http://dictionary.reference.com/search?q=sneakernet)?
 
And you have disabled System Restore and followed the procedures listed
below?

--
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Reboot into safe mode - http://tinyurl.com/pfca

3. Clean out all temp file locations - ccleaner.exe
(be sure to configure to delete all temp files
and not just those 48 hours old or older)

4. Run MSAS at least twice in full/deep mode

5. Run a robust, updated antivirus software scan

6. Reboot into normal mode,see if problem has been corrected

7. Install and use killbox to delete stubborn files

8. If you think something is there but can't see it:
- Download:
Blacklight by F-Secure to look for rootkits
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block thousands of malware apps
from installing on your machine. It does not actively
run on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

**For a detailed attack plan **
http://spywarewarrior.com/sww-help.htm

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Note where you saved the log
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
- He will tell you what to do next


Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx

- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Spyware Doctor
http://www.majorgeeks.com/download4241.html
- Ewido Security Suite
http://www.ewido.net/en/

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
 
Then, stay off those rogue websites!
Click to expand...

And how does one define a rouge website until one hits it?
CNN, Gardenweb, a few lumber sites, google and some
business sites (i do do SOME work!).
I suspect that the worst offender is those sites that
goodle retuns and who have had thier domain jumped and
rerouted to some pay per clicker.

I start out on a four lane highway and take a side ride
marked as scenic tour that turns into a one lane dirt
road along a mountainside with an 1800 foot drop-off on
one side, heading downhill with breaks that are
overheating. No turnouts in sight and i see the lights
of a tractor-trailer in the distance making his way
uphill. *sigh*
 
GardenWeb - now there's a rogue site if I ever heard one!

Just kidding - in Google, you can set filtering to help reduce the kinds of
page results that a wrong click can ruin your day.
 
Today's rant...

I no longer own my PC. It sits on my desk but it is not
under my control. Spyware/Adware builds pop-ups for
tickle.com/american express/gamblimg casinos etc. In the
process of doing so, it downloads viruses to my PC. I
know this because i run my norton antivirus software
daily, and the same viruses are
detected/quarantined/deleted every day. Over and over.
Even on weekends... and i assue you, i am not working on
the weekends.

Maybe they're coming off the network. I doubt it. i'd
think there would be someone who discovered that the
network is infested by this time... So my guess is that
the adware pop-ups are exposing me to viruses and other
junk. MSAS doesn't detect anything. Hasn't for weeks
after i ran the first few times and "cleaned" things up.
The enterprise guys were here and spent a couple of days
trying to get me running clean. I still get the pop-ups.
MSAS says i am clean. The pop-ups still come. The
viruses are there again.

It's time to modify the old saying... Nothing is certain
except, death, taxes and spyware/adware infestaion.

Blah. Happy Monday!
Click to expand...

Create a folder C:\sysclean, download and extract Sysclean_FE into it
and run the exe. It will install sysclean and update its signature
files.

http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

Download, install and update the Ewido Security Suite (Its a fully
operable trial)

http://www.ewido.net/en/

Download, install and update Adaware SE

http://www.lavasoftusa.com/software/adaware/


Disable system restore

Boot into safe mode
Restart
After Bios screen start tapping F8 key
When advanced menu opens select Safe Mode (Can take a few minutes)

Scan with Sysclean and allow it to clean/delete

Scan with Ewido and allow it to clean/delete

Scan with Adaware and allow it to clean/delete

reboot

Run all three scans again

Enable system restore

Reboot

If that doesn't take out any trojans or spyware currently on your
system then get Hijackthis and submit to a security forum.
 
Back
Top