Spy-Shredder/Sawert Alliance LTD

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

While backing our way out of medical site we were taken to this site for some
reason: http://scanner.xspy-shredder.com/1/scan.php?id=1199
It began to automatically scan my PC, there was also a McAfee scan running @
the same time & accidently a run was answered for pgm = xpupdate.exe from
Sawert Alliance LTD. Some confusion as too which scan promted the msg.
Anyway it was very disconcerting to see a scan running that I did not
authorize with no way to stop it.
It ran very quickly =30 secs, (takes McAfee an hour & one half to scan the
PC) . Anyway "Spy-Shredder Online Security Scanner" said that Malicous
Software & Spyware had both been detected & asked me to proceed with removal
of suspect software & then install of Spy-Shredder. The suspect Malicous
software is
"Backdoor:Win32/NTroot"
"Backdoor:Win32/Sivuxa" &
"Trojan.Caiijing"
Sorry I didn't write down the 5 suspect spyware file names.
I did not remove or install anything from Spy-Shredder (except for pgm =
xpupdate.exe - accidently). Spy-Shredder kept prompting me to install ActiveX
pgms Install199.exe & .cab, so that it could perform above steps I imagine.
I did NOT install any Activex either but Spy-Shredder was very persistent &
tricky in the wording. e.g. "Not sure you want to cancel? If you do your PC
won't be secure" By replying YES your saying don't cancel. Sorry, don't mean
to be so verbose.

Not only do I have McAfee running but Windows Defender as well. So here
finally is my question. Do I really have a high level alert of Malicous
Software & Spyware on the PC? If I do how come McAfee & Defender did find
it? Is Spy-Shredder/Sawert Alliance LTD to be trusted? How could
Spy-Shredder find all this in seconds? Why did we run across this scan while
surfing the WEB? Have I corrupted my PC by allowing Spy-Shredder to scan it?

After restart the PC kept asking if I wanted to run/cancel pgm =
xpupdate.exe from C:/windows. I deleted xpupdate from c:/windows even though
you're not supposed to touch system files. Figured worst case I would have to
do a system restore.
 
hello snerds;
You've got more of a rogue scam than anything. My suspicion would be that
it was brought on by using vulnerabilities created as a by-product of
running a backlevel release of the Java Runtime Engine, or perhaps a
backlevel of Adobe Flash on your system. See this post, but I'd also
suggest you checkout your system on a HijackThis forum afterward even if
you go ahead and decide to clean SmitFraud yourself, because a number of
additional problems could be involved, though probably not those reported
by Spy-Shredder:

http://www.bleepingcomputer.com/forums/topic98791.html
 
http://helicine.net/tech-bits/shady-software/
- -

Trojans

Reformating the Hard Drive should be the a last option, as a preventive
measure if you have some family members who love browsing the web give them
or make sure to make them understand and use a limited account, than
administrators - On limited account you still have a buffer zone ( you can
pretty much do what you regularly do but you cant install things directly,
which can make a difference if anyone in your familty or yourself was
mislead by things while browsing the web, quite common this guys who make
this "infections", use quite a lot the reverse psychology method in luring
browsers )

Actually, since you can't ensure that your drive is clean, even if you
use multiple anti-malware tools, formatting should be your first option
if you want a clean system.

Secondary options are only to make the machine clean enough to salvage
data from it before you format/wipe it.

If you take a typical machine that's been compromised by kids/ignorant
people browsing, loading P2P apps, and then the malware loading it's
friendly other malware, you have a machine with 20+ different malware on
it. Of those 20, you don't really know what they are doing, what they
have loaded, you don't know what unknown malware they've loaded.... So,
while you can clean it of all KNOWN malware you can't possibly be sure
you got it all.
--
How to remove SpyShredder or Spy-Shredder (Removal Instructions)
http://www.bleepingcomputer.com/forums/topic98791.html
- -

FAMILY
Don't get married unless you want to start raising a family, and don't start
raising a family unless you want to get married. —R. A. Lyman
 
I've also just had a similar occurance as Snerdly has desribed. I don't run
McAfee but do use AVG Free 7.5.503, I also run Adaware & SpyBot often & also
use Defender.
 
Please call Microsoft PSS for help with viruses and spyware:

1-866-pcsoftware, if you are in the US or Canada. Elsewhere, call the local
number for Microsoft Support and ask for the free help with virus problems.

Rather than what your protection apps are, I'd like to hear what sites you
were looking at when these events ocurred. It seems likely to me that you
are getting hit by malicious code served up by ads being channelled through
probably legitimate web sites, and we need to pin down the sites and the ad
networks involved.
 
Bill, thanks. Turns out, I ran an AVG scan, it found a Trojan horse:
Generic9.AAAW, it was able to clean it, thanks anyway, best regards & to all
happy holidays! -Alex ;~p
 
Excellent--glad it was identified, and cleaned. However--be wary--maybe
wait a week or so for definitions to catch up, and do a full scan of the
system. You want to be sure that the trojan didn't succeed in installing
something which is new enough or well enough hidden that it wasn't spotted.
 
Thanks very much for the correction, Dave. Don't know where my head was--I
can't even claim late night for that one.
 
Back
Top