Multiple Problems!

  • Thread starter Thread starter Huw Miller
  • Start date Start date
H

Huw Miller

Please help, I am in my final term, of my final year at
university, and just when my work load is getting
massive, my computer has become infected with a whole
load of rubbish! To the extent that I am finding it very
difficult to do my work, as other windows keep trying to
open when ever I am typing!

To begin, whenever I restart my computer my home page is
change, and a dialler installs itself on my computer. It
is from a place called DirBiz.com. What ever I do I just
can't get rid of it! Have just bought the new Norton
anti virus, I have downloaded ad aware, and obviously
AntiSpyware, and all of these I run regularly. I have
tried restarting with a "Selective Start Up" and running
them all again, and it always looks like it has been
removed. But it starts all over again whenever I restart
my computer.

I also get multiple popup.

Please help as it is really putting me of my finals!

Regards
 
Please help, I am in my final term, of my final year at
university, and just when my work load is getting
massive, my computer has become infected with a whole
load of rubbish! To the extent that I am finding it very
difficult to do my work, as other windows keep trying to
open when ever I am typing!

To begin, whenever I restart my computer my home page is
change, and a dialler installs itself on my computer. It
is from a place called DirBiz.com. What ever I do I just
can't get rid of it! Have just bought the new Norton
anti virus, I have downloaded ad aware, and obviously
AntiSpyware, and all of these I run regularly. I have
tried restarting with a "Selective Start Up" and running
them all again, and it always looks like it has been
removed. But it starts all over again whenever I restart
my computer.

I also get multiple popup.

Please help as it is really putting me of my finals!

Regards
Click to expand...

You didn't write what version of Windows do you have.. but:

First of all - secure your computer with firewall (for example Zone Alarm
http://www.zonelabs.com , Agnitum Outpost http://www.agnitum.com/ , Kerio
http://www.kerio.com/kerio.html or any other), do not leave any user account
without password (and a strong one will be most suitable).

Than, if you have Windows XP/2000/2003 than (in other case just go to "try
other cleaning soft" below):
- start the computer in safe mode, start the MS AntiSpyware application, go
to Scan options, select Run a full system scan and let it clean the system.

- also try other "cleaning" software:
Spybot Search&Destroy http://www.majorgeeks.com/download2471.html
HijackThis http://www.majorgeeks.com/download3155.html
CWShredder http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal http://www.lavasoft.com/software/adaware/
McAfee Stinger http://vil.nai.com/vil/stinger/
 
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Reboot into safe mode - http://tinyurl.com/pfca

3. Clean out all temp file locations - ccleaner.exe
(be sure to configure to delete all temp files
and not just those 48 hours old or older)

4. Run MSAS at least twice in full/deep mode

5. Run a robust, updated antivirus software scan

6. Reboot into normal mode,see if problem has been corrected

7. Install and use killbox to delete stubborn files

8. If you think something is there but can't see it:
- Download:
Blacklight by F-Secure to look for rootkits
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block thousands of malware apps
from installing on your machine. It does not actively
run on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

**For a detailed attack plan **
http://spywarewarrior.com/sww-help.htm

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Note where you saved the log
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
- He will tell you what to do next


Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx

- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Spyware Doctor
http://www.majorgeeks.com/download4241.html
- Ewido Security Suite
http://www.ewido.net/en/

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
 
If this doesn't go away with a full, deep, scan while
started in safe mode (press F8 before the first Windows
screen appears) and logged in as "administrator"--then I
would call Microsoft Product Support Services and get help.

There are a number of questions here--is this real or is
it a false positive? If it is real, you need to hear what
they have to say about what may have been disclosed to an
unknown party.

In at least two cases involving diallers keyloggers here,
removal of the keylogger resulted in an inoperable
keyboard. So--better to get direct help.

In the United States or Canada, call 1-866-pcsafety.

In other parts of the world, call your local Microsoft
subsidiary.

PSS provides free support for issues relating to Virus
infection and security patch related issues. A dialer
keylogger definitely qualifies for this help, but perhaps
not all spyware related issues do--I don't know how they
make the determination.

I'd love to hear back how this works out?

--
 
Thank you for your help. I have tried all that you said
to do, but what ever I do I just can't get rid of it. It
is driving me crazy!

I am running XP, forgot to mention that. I am still
getting the Dialler, still getting pop ups from
ad1.searchmiracle.com and many others, and I also get
something call Aroura, I think that is how you spell it,
but my Norton Internet security blocks that.

I never got a restore disk with my pc, other wise I would
probably have done that by now!

Any other ideas would be greatly appreciated.

Regards
 
Ok,

Go back down this list to Ronn Kinner's information and send him a
HijackThis logfile. He can get you the rest of the way.



--
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Reboot into safe mode - http://tinyurl.com/pfca

3. Clean out all temp file locations - ccleaner.exe
(be sure to configure to delete all temp files
and not just those 48 hours old or older)

4. Run MSAS at least twice in full/deep mode

5. Run a robust, updated antivirus software scan

6. Reboot into normal mode,see if problem has been corrected

7. Install and use killbox to delete stubborn files

8. If you think something is there but can't see it:
- Download:
Blacklight by F-Secure to look for rootkits
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block thousands of malware apps
from installing on your machine. It does not actively
run on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

**For a detailed attack plan **
http://spywarewarrior.com/sww-help.htm

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Note where you saved the log
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
- He will tell you what to do next


Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx

- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Spyware Doctor
http://www.majorgeeks.com/download4241.html
- Ewido Security Suite
http://www.ewido.net/en/

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
 
Back
Top