Query on spyware - update-sp1,.., update-sp5

  • Thread starter Thread starter Mohammed Imdadullah
  • Start date Start date
M

Mohammed Imdadullah

After few minutes of me connecting to internet, a MS-DOS Command window opens autmatically and then 5 Internet explorer windows open seperately and one of the existing open windows ip address changes to something like http://101. . . and then open these 5 pages is seperate windows with address bar showing path as c:\WINNT\update-sp1.html to update-sp5.html. How to solve this problem. My OS is Windows 2000 Professional.
 
Sounds like a virus/trojan.

Browse to:

http://housecall.trendmicro.com/housecall/start_corp.asp
and see if the free scan will help. You will also need to follow must of the
recommendation I have below:

--
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Reboot into safe mode - http://tinyurl.com/pfca

3. Clean out all temp file locations - ccleaner.exe
(be sure to configure to delete all temp files
and not just those 48 hours old or older)

4. Run MSAS at least twice in full/deep mode

5. Run a robust, updated antivirus software scan

6. Reboot into normal mode,see if problem has been corrected

7. Install and use killbox to delete stubborn files

8. If you think something is there but can't see it:
- Download:
Blacklight by F-Secure to look for rootkits
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block thousands of malware apps
from installing on your machine. It does not actively
run on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

**For a detailed attack plan **
http://spywarewarrior.com/sww-help.htm

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Note where you saved the log
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
- He will tell you what to do next


Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx

- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx

- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Spyware Doctor
http://www.majorgeeks.com/download4241.html
- Ewido Security Suite
http://www.ewido.net/en/

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
After few minutes of me connecting to internet, a MS-DOS Command window
opens autmatically and then 5 Internet explorer windows open seperately and
one of the existing open windows ip address changes to something like
http://101. . . and then open these 5 pages is seperate windows with
address bar showing path as c:\WINNT\update-sp1.html to update-sp5.html.
How to solve this problem. My OS is Windows 2000 Professional.
 
Back
Top