[t-force]

Hi guys,

My other half and I are trying to defeat one stubborn mother piece of spyware/malware/virus, which I can't seem to find any info on on any site out on the web:

It has two obvious symptoms:

Two icons appear in the system tray - 1 is a flashing exclamation mark in a yellow triangle, and 2 is a round circle with an X in it, that flashes alternately with a globe and windows symbol (the windows update symbol).

The first symbol warns of infection by 4 pieces of spyware, inviting us to click for remedies. CLicking on it leads to SpySheriff.com spyware removal software (which was a piece of "software" I was previously unaware of).

The second symbol leads to Spyware Strike at www.nospywaresoft.com.

I'm not about to download any software from either site, but a shortcut to Spyware Strike now keeps on appearing on the desktop.

We're using Spyware S+D, Lavasoft Adaware SE, Javacools SpywareBlaster, ZoneAlarm, Ewido and AVG, but nothing can seem to get rid of the problem.

Does anyone have any idea what the hell is attacking our PC?

Cheers,

Tobs

[mcfarfs]

Something similar happened to my uncles PC a while ago.

I can't remember exactly what we did, but I think we went into C://WINDOWS/SYSTEM32 , arranged all the files and folder into order of date last modified, and deleted the most recent couple of things, which had dodgy file names. A bit risky but it worked!

Also try starting up in safe mode.

[DJT75]

I had exactly the same thing a couple of weeks ago - my entire machine was buggered with these 2 supposed Anti-spyware, but actually worse than spyware seemingly controlling everything i did. I tried every trick in the book & in the end had to give my PC to an expert to fix.. Haven't a clue what he did but it's gone now, i lost loads of stuff & my machine is now painfully slow..

[the_sanguine]

I had a problem with "winfixer" a few months back. I found the guys over at bleepingcomputer (dotcom) really helpful

[overkill]

Had this problem. Only some serious messing about with system files got it sorted. Even then the system ran rough, and In the end I just backed everything up an re-installed. That sorted it!

[svoboda]

I had loads of trouble last year and ended up reformatting, I lost loads of stuff too but I now run microsoft anti-spyware tool beta version coupled with agv and its been ok so far, I would definitely recommend microsofts anti-spyware.

t-force: did this stuff get past your firewall?

svoboda: I found MS anti-spyware beta very unreliable. I'm guessing the AGV program is probably doing more of the work to keep your system safe.

[t-force]

Sure did get past my firewall. I'm finally tracking down what the problem is: seems to be caused by the Microsoft Windows Meta File loophole that they've been talking about recently.

Most spyware removal software hasn't come up with suitable workarounds yet, so I'm having to use hijack this and various customised programs. I'm actually enjoying beating this thing, in a strange kind of way.

[the_sanguine]

I used hijack this and put my logs on bleeping computer. The guys there told me how to fix it

I know what you mean about enjoying the fight - had a battle with a tricky trojan a few months ago. Beat the swine because I have a program called Clean Disk Security. It tells you what files are present in any given directory EVEN when the malware writers have programmed viruses to stay invisible despite the user having 'Show all hidden files' selected. Once I tracked down the offending folder, I copied out the safe stuff, nuked it with Clean Disk (a fabulous program), then recreated the folder. Job done!

[vonhosen]

Try here

http://malwareremoval.com/

[Digger]

I do regular System Restores (in XP Pro) makes it much easier to restore to the previous day's Restore Point rather than spending hours/days trying to clean up a mess!

[t-force]

Well, I got rid of the evil so-and-so at about half twelve last night. Should anyone have the same problem, I recommend consulting the advice of the HijackThis forum at www.webuser.co.uk , as the advice they gave was clear and got the job completed relatively simply, even if it did take a long time - loads of scans necessary.

[Rapid 17]

Download Ewido Security Suite 14 day free trial. Switch off your pc, re boot and put into safe mode, run Ewido and it should do the trick. Geoff.

[Nick_UK]

Sometimes it's better to run in "Safe Mode" when tackling viruses and worms, because sometimes it's hard to eradicate a file which has already been loaded into memory. Safe mode loads minimal drivers.

[booyaka]

As was posted above, check any *.exe files that have appeared on you system since the virus/malware started showing up, i had problems a couple of weeks back and used http://www.pctools.com/spyware-doctor/

This gives a free scan and also a good list of everthing that may be on your PC that shouldn't be.

To use the removal tool you have to pay for it. I was very skeptical to pay for it (£20 or so) but decided that it was it since i was at my wits end trying to remove the virus (it was some form of mass mailing virus)

Paid the money, registered it and use it, hey presto - fully cleaned and working PC , superb product. Once registered it is yours to use.

Give the free scan a try and see what it comes up with.

[KoThreads]

I agree Spyware-Doctor is very good at getting things all the others miss.

It doesn't get everything, but does beat the tricky clever ones.

Downloads.com - a great site for all types of free and trial software including spyware removal.

You could also try this : start:runtype)msconfig then into the startup tab.
Have a look there to see what your system is booting up and if there is something there that you think does not belong then uncheck the box (also good for stopping things like realplayer and qtime from booting up at start-up, which slows your system down).

To anyone using hijackthis - read the user guide properly first as you could do more damage than good.

[oxygenuk]

Quote:

Originally Posted by t-force

Hi guys,

My other half and I are trying to defeat one stubborn mother piece of spyware/malware/virus, which I can't seem to find any info on on any site out on the web:

It has two obvious symptoms:

Two icons appear in the system tray - 1 is a flashing exclamation mark in a yellow triangle, and 2 is a round circle with an X in it, that flashes alternately with a globe and windows symbol (the windows update symbol).

The first symbol warns of infection by 4 pieces of spyware, inviting us to click for remedies. CLicking on it leads to SpySheriff.com spyware removal software (which was a piece of "software" I was previously unaware of).

The second symbol leads to Spyware Strike at www.nospywaresoft.com.

I'm not about to download any software from either site, but a shortcut to Spyware Strike now keeps on appearing on the desktop.

We're using Spyware S+D, Lavasoft Adaware SE, Javacools SpywareBlaster, ZoneAlarm, Ewido and AVG, but nothing can seem to get rid of the problem.

Does anyone have any idea what the hell is attacking our PC?

Cheers,

Tobs

hi, bit of a pc wiz here to help ya out

first of all click start then run and type "msconfig" in the run box and press enter

go to the final tab that says startup

click disable all, then go through the list and select a couple that should be marked (eg. anti virus and firewall) which you should be able to tell by looking at the 'command' category listing so for instance if u see c:\program files\norton then just click the appropiate ones like that and so on

that should help a bit at the least

cheers