Packages opening on their own and popups

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi
I thought I had removed spyware from my PC only to find that I am still
getting a pop up telling me my PC is infected and when I try to close this
message it takes me to http://pcadprotector.cc/index.php?qq=RS&pin=40078

The virus/spyware has also made my desktop white and will not allow me to
use any wallpaper and to top it all it keeps opening the calculator then
closing it and opening Paint, drawing a squiggle then closing it!

I've downloaded MS AntiSpyWear but this hasn't helped.
Any ideas?
Lisa
 
Lisa,

Some of these spyware & adware programs open windows that allow the
installation of a virus and that sounds like what happened to you. The first
thing I would do run a virus checker and fix any problems it detects.
 
Hi Lisa;
I think you should be able to resolve this with MSAS, cause it's certainly
adware. But you'll have to run a full deep scan (not quick) with MSAS after you
download the latest signature updates. Also run scan in Safe Boot Mode so as to
have the best shot at removing any adware.

Getting to Safe mode:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

The ideal of course is to have MSAS loaded before you get spyware, since the
Real Time Protection agents, all of which you should have turned on, can catch
this before it gets installed on your system. Spyware is harder to get rid of
once it's installed.

Another thing you might check is, do a search to find the file named simply
"hosts". Open it with notepad and make sure your only entry down at the bottom
of it (on a line without any # symbols) is:

127.0.0.1 localhost

Otherwise, let us know what else is there (on lines without # symbols). Good
luck.
 
Hi again Lisa,
I went to the site you referenced, sorry I should have done that first. The
site was referencing Spy Sheriff and Raze.

Rather that trying MSAS, I think you should follow Andy Manchesta's advice as
follows:

You have a Trojan's related to the
Smitfraud Infection which has Hijacked your IE settings to that site to try
get you to install PSGuard/ SpySheriff (Spytrooper)/ Raze /WorldAntispy.

Use Smitrem & Ewido and Ccleaner to remove temp files (Copy and save this to
notepad so you can still view it in safe mode)

Download SmitRem

http://noahdfear.geekstogo.com/click counter/click.php?id=1

Save it to your desktop,Right click on the file and extract it to it's own
folder on the desktop.

Download Ewido Security Suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes (the status bar
at the bottom will display "Update successful") Exit Ewido. DO NOT scan yet.

Download Ccleaner (To Remove Temp and unused files from your system)

http://download.ccleaner.com/download124bin.asp

Install Then close

Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe
Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run Smitrem :

Open the smitRem folder, then double click the RunThis.bat file to start the
tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive,
eg; Local Disk C: or partition where your operating system is installed.

Run Ewido

Click on the Scanner button in the left menu, then click on complete system
scan.
When ewido finds something, it will pop up a notification.
Select "clean" and check the boxes "Perform action with all infections" and
"Create encrypted backup" before clicking on ok. When the scan finishes,
click on "Save Report" from the bottom of the screen and save it to your
desktop incase you need more help with this.

Run Ccleaner and press "Run Cleaner" then exit.

While still in safe mode reset the Internet Settings : Goto Start Menu then
Control Panel then to Internet Options, Click the Programs Tab and press
"Reset Web Settings" and include the homepage then press Yes, Then goto the
General Tab and enter the homepage you want to use into the space provided
and press Apply .

Then Reboot back to Normal Mode

Let us know if you have any problems

Regards

Andy
 
Back
Top