Damn spy ware got past my antivirus - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 35 (permalink) Old 10-19-2008, 08:38 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Damn spy ware got past my antivirus

It's trying to sell me xp antivirus 2009. It has locked me out of the windows update site, disabled all my current securities. I have done system restores and the damn thing appears to have assign a drive "E" that is not affected by the restore. I tried scanning with my antivirus with no luck. So I deleted my antivirus hoping I could reload it and catch it that way. But it appears to covered the access to the system 32 as well. Acess denied.


Any thoughts on how I can get rid of this pesky spyware. Any help would be appreciated.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
Sponsored Links
Advertisement
 
post #2 of 35 (permalink) Old 10-19-2008, 08:44 PM
Where is Ms. Right?
 
Memo's Avatar
 
Join Date: Apr 2002
Location: Irving, TX
Posts: 1,581
http://answers.yahoo.com/question/in...8122446AA5VCrY

"Don't be with someone you can live with, be with someone you can't live without"
Memo is offline  
post #3 of 35 (permalink) Old 10-19-2008, 08:45 PM
Where is Ms. Right?
 
Memo's Avatar
 
Join Date: Apr 2002
Location: Irving, TX
Posts: 1,581
or

http://wiki.answers.com/Q/How_do_you..._wo_a_purchase

"Don't be with someone you can live with, be with someone you can't live without"
Memo is offline  
 
post #4 of 35 (permalink) Old 10-19-2008, 08:47 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Thanks, I will do some reading.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #5 of 35 (permalink) Old 10-19-2008, 09:26 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Here.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #6 of 35 (permalink) Old 10-19-2008, 10:09 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
malwarebytes.com

download and run it. then do f-secure OLS. google it.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #7 of 35 (permalink) Old 10-19-2008, 10:12 PM
Time Served
 
Join Date: Jul 2007
Location: Sierra Vista Arizona
Posts: 569
My friend and I tried everything,even manualy removing it. We bought and dowloaded tons of software. We wound up just puling the harddrive and getting a new one. Thats Xp antivirus is no joke it was sending mail from his computer. Roadrunner shut our internet off because spyware was being sent via his computer.

bmw2stang is offline  
post #8 of 35 (permalink) Old 10-19-2008, 10:15 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
This shit is a pain in the ass. I have run all kinds of spy ware programs. Even bought Spyhunter because the trial version showed the registry for antivirus 2009, did the remove and it is still there.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #9 of 35 (permalink) Old 10-19-2008, 10:15 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Tx Redneck


Its blocking that site.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #10 of 35 (permalink) Old 10-19-2008, 10:18 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
you need to boot into safe mode and run your programs.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #11 of 35 (permalink) Old 10-19-2008, 10:21 PM
11-05-09
 
Osiris's Avatar
 
Join Date: Feb 2002
Location: Oh- sai- rus.
Posts: 21,428
Quote:
Originally Posted by bmw2stang
My friend and I tried everything,even manualy removing it. We bought and dowloaded tons of software. We wound up just puling the harddrive and getting a new one. Thats Xp antivirus is no joke it was sending mail from his computer. Roadrunner shut our internet off because spyware was being sent via his computer.
lmfao! you bought a new hard drive instead of reformatting?
Osiris is offline  
post #12 of 35 (permalink) Old 10-19-2008, 10:21 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Hunt4m3x
you need to boot into safe mode and run your programs.

I'll try that after this final scan.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #13 of 35 (permalink) Old 10-19-2008, 10:22 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Quote:
Originally Posted by SSMAN
I'll try that after this final scan.

If it doesn't work, I can remote in and fix it like in 10 secs.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #14 of 35 (permalink) Old 10-19-2008, 10:33 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Thumbs up

Quote:
Originally Posted by SSMAN
Its blocking that site.
That's hilarious! It's a link to PCPitstop's guide for removing it.


Quote:
Originally Posted by Hunt4m3x
If it doesn't work, I can remote in and fix it like in 10 secs.
This would be your BEST bet.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #15 of 35 (permalink) Old 10-19-2008, 10:58 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
I pulled the little fucker out of my windows 32 folder and dragged it to the desk top I can not delete the little bastard.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #16 of 35 (permalink) Old 10-19-2008, 11:05 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Hunt4m3x
If it doesn't work, I can remote in and fix it like in 10 secs.


If you are on here tomorrow, I may hit you up. I am sleepy and going to bed right not. If you would, PM me and let me know what I need to do to let you remote in.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #17 of 35 (permalink) Old 10-20-2008, 12:07 AM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Quote:
Originally Posted by SSMAN
If you are on here tomorrow, I may hit you up. I am sleepy and going to bed right not. If you would, PM me and let me know what I need to do to let you remote in.

Use this

http://ccollomb.free.fr/unlocker/#download

install then right click, hit unlocker and click delete and done.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #18 of 35 (permalink) Old 10-20-2008, 07:35 AM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Hunt4m3x
Use this

http://ccollomb.free.fr/unlocker/#download

install then right click, hit unlocker and click delete and done.
It says there is not a handle, and asks if I want to delete during the next reboot. Still there. No Worky

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #19 of 35 (permalink) Old 10-20-2008, 08:10 AM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
boot into safe mode. run malware bytes, then run that unlocker.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #20 of 35 (permalink) Old 10-20-2008, 01:08 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Hunt4m3x
boot into safe mode. run malware bytes, then run that unlocker.

Ran my unlocker and Spy hunter (not sure what malware bytes is?) Still no worky.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #21 of 35 (permalink) Old 10-20-2008, 01:23 PM
not exclude
 
exlude's Avatar
 
Join Date: Jun 2003
Posts: 9,838
Quote:
Originally Posted by SSMAN
Ran my unlocker and Spy hunter (not sure what malware bytes is?) Still no worky.
Did you even read those links Memo posted for you?
exlude is offline  
post #22 of 35 (permalink) Old 10-20-2008, 05:16 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by exlude
Did you even read those links Memo posted for you?

Yes I did. Nothing is working so far. I have tried quite a bit with no luck. Keep in mind that this virus/spyware has put in key words so you can not access certain sites. Malwarebytes is one of them. I brought home a word document from work named "XP antivirus", I could not even down load the word document. At least till I renamed it "Bucky", then I could download it. I need to find someone close with a computer and have them burn the malware to a cd under a different name and see if I can down load it on my computer. To be honest, the way this thing has been going, I am very doubtful it will work. Right now I am looking at reformatting the drive. But I am going to try to get the Malware bytes downloaded some where. Oh, through both of those links they recommend Spy Hunter. This is a piece of shit that does not work. Don't waste your time.

"Time is the best teacher.........unfortunately it kills everyone of its students"

Last edited by SSMAN; 10-20-2008 at 07:03 PM.
SSMAN is offline  
post #23 of 35 (permalink) Old 10-20-2008, 07:45 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
http://hunt4m3x.net/sup/mbam-rules.exe
http://hunt4m3x.net/sup/mbam-setup.exe

Run the setup first, then run the rules.

BOOT INTO SAFE MODE ( http://www.computerhope.com/issues/chsafe.htm#02 ), Then run malwarebytes.



spybot as well.
http://hunt4m3x.net/sup/spybotsd160.exe


What antivirus do you have? Do you have spyware blaster and spybot immunize installed? What do you use to surf? ie 6.0?

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #24 of 35 (permalink) Old 10-20-2008, 10:04 PM
IA2
 
mikeb's Avatar
 
Join Date: Mar 2001
Posts: 22,413
If nothing else works you can try the trend micro online scan; i've gotten a lot of stuff off my systems with it.

www.trendmicro.com

Look for the free online services. You want "housecall".

oh, and stop surfing "those" sites
mikeb is offline  
post #25 of 35 (permalink) Old 10-21-2008, 09:03 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Ok, here is the latest update. I finally got Malware on my computer. I ran it in safe mode twice. (QUICK AND Full Scan) Then I ran the piece of shit spy hunter. When I restarted I did not have the little red "X" in the lower right hand corner. Plus any mention of XP antispyware is gone so far. But I have noticed some changes in my computer. My XP graphics in the control panel has gone back to classic. 3 of the icons do not fill in completely till you put the cursor on them.

I tried a system restore, it failed. It throws up "changes to the E: drive can not be reversed because the drive was either excluded from the system restore monitoring or was turned off or removed." Then it goes through the whole process and reboots only to tell me it could not restore to the date I chose. (no matter what date I pick) I have no clue where drive E: could be? I have never seen it before.

Then I tried loading my antivirus (Panda anitvirus and firewall 2008, still current) Half way through the installation it throw up a box that says:

Residentericherosntpal
c:windows/system32/pav
Access denied

It is almost as if part of it is still on my computer or has damaged some components. I have no clue what either of the errors mean.

I do want to thank everybody that replied and tried to help. If any of you guys are in the Fort Worth area, give some notice and pm me and I will buy you a beer.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #26 of 35 (permalink) Old 10-21-2008, 09:05 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by mikeb
If nothing else works you can try the trend micro online scan; i've gotten a lot of stuff off my systems with it.

www.trendmicro.com

Look for the free online services. You want "housecall".

oh, and stop surfing "those" sites

Guy at work suggested that. (the trendmicro) Those sites, LOL! I am usually real guilty of that. But what pisses me off is I was surfing to find out out how to get a starter off a 99 Mazda 626 when I picked this nasty thing up.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #27 of 35 (permalink) Old 10-21-2008, 09:13 PM
Googlist-Wikipedian
 
Hunt4m3x's Avatar
 
Join Date: Jul 2002
Location: de_aztec
Posts: 4,814
Run this

http://support.f-secure.com/enu/home/ols.shtml

See if you can run update on malware bytes and rerun it as well.

If you were closer to mesquite, id help ya out.

2005 Infiniti G35 Sedan Ivory Pearl Premium

2006 Infiniti FX45 Liquid Platinum

2010 Polaris Ranger RZR S Orange Madness







Ban count: 2
Hunt4m3x is offline  
post #28 of 35 (permalink) Old 10-21-2008, 09:24 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Man, I just got off the phone w/ a coworker that got XP Antivirus 2009 w/ Avast updated and running. His puter is so hammered by the malware it's difficult to do a remote connection. It has some 60+ processes running and internet type pop-ups coming up left and right. Just before we got off the phone, his desktop icons and start bar disappeared w/ Avast was scanning.

I was trying to use the links you hosted Hunt and it disconnected the remote app.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #29 of 35 (permalink) Old 10-21-2008, 10:55 PM
Founding Member
 
fordracing19's Avatar
 
Join Date: Jan 2001
Location: Lake Dallas Texas
Posts: 6,850
Quote:
Originally Posted by SSMAN
Guy at work suggested that. (the trendmicro) Those sites, LOL! I am usually real guilty of that. But what pisses me off is I was surfing to find out out how to get a starter off a 99 Mazda 626 when I picked this nasty thing up.
Should of just sent a pm!

93 Teal/Gray Cobra
fordracing19 is offline  
post #30 of 35 (permalink) Old 10-22-2008, 07:34 AM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by fordracing19
Should of just sent a pm!
Man you have helped me a lot over the past couple of years. I try to do some research before I bother you. If you are ever in the area, I will buy you a lot of beers.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #31 of 35 (permalink) Old 10-22-2008, 07:36 AM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Tx Redneck
Man, I just got off the phone w/ a coworker that got XP Antivirus 2009 w/ Avast updated and running. His puter is so hammered by the malware it's difficult to do a remote connection. It has some 60+ processes running and internet type pop-ups coming up left and right. Just before we got off the phone, his desktop icons and start bar disappeared w/ Avast was scanning.

I was trying to use the links you hosted Hunt and it disconnected the remote app.

I had some one email the direct links to the download itself. If you try to bring up the website itself it will not let you. It's a nasty little fucker that is for sure. Malware did it for me. But during shut down it said some of the running components of XP needed to be replaced, put in XP cd.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #32 of 35 (permalink) Old 10-22-2008, 12:20 PM
Time Served
 
Join Date: Mar 2005
Location: Mckinney
Posts: 410
next time just get a Mac

<a href="http://profile.mygamercard.net/xxejunkxx">
<img src="http://card.mygamercard.net/nxe/xxejunkxx.png" border=0>
</a>
mpulsive81 is offline  
post #33 of 35 (permalink) Old 10-22-2008, 12:39 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
So far so good. Nothing popping up, nothing detected on the spyware programs. I will do a repair job on windows xp to see if it gets my two error points cleared up.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
post #34 of 35 (permalink) Old 10-22-2008, 06:42 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
I got it all clean about 10:30 last night. Thanks Hunt for hosting MBAM on your site as I couldn't get directly on line. I was able to send the link trough messenger and dl it that way. One scan w/ Avast and one w/ MBAM and all clean.

I put a proactive spy/malware app on his puter. Hopefully that'll take care of any future instances.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #35 of 35 (permalink) Old 10-22-2008, 08:43 PM Thread Starter
Darkside
 
SSMAN's Avatar
 
Join Date: Feb 2001
Location: Slipped over to the dark side.
Posts: 20,120
Quote:
Originally Posted by Tx Redneck
I got it all clean about 10:30 last night. Thanks Hunt for hosting MBAM on your site as I couldn't get directly on line. I was able to send the link trough messenger and dl it that way. One scan w/ Avast and one w/ MBAM and all clean.

I put a proactive spy/malware app on his puter. Hopefully that'll take care of any future instances.

Good job. Hunt was a big help that is for sure.

"Time is the best teacher.........unfortunately it kills everyone of its students"
SSMAN is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome