Today was a strange day for my computer.... for some reason, I'm getting all these popups for Adware/Spyware/Malware software to get rid of all these threats that have apparently showed up. There's also a new 'toolbar' which I sure did not ask to be put there. There = underneath the um... 'bar where you type the address', but over the row of tabs. Before it told me my security rating and had 2 buttons that tell me they will get rid of spyware, and adware/popups. I also get balloons that are attached to my start bar that tell me to click them and make stuff go away.
I ran a check with my current antivirus software and it found a few things, and I thought it would've done something. It didn't really do much, apparently.
So I'm wondering... how can I make it go away? How do I know what's legit and what's not?
Thanks... :(
Spybot S+D (http://www.safer-networking.org/en/download/index.html) should sort you out. :)
You could also try "HijackThis" available from this site (http://www.spywareinfo.com/~merijn/programs.php).
My computer had the same problem and it was a bitch to get rid of.
Make sure you don't only keep your anti-virus software updated but WinXP, too.
If in doubt, visit windowsupdate.microsoft.com now.
Try Ad-Aware: http://www.lavasoftusa.com/products/ad_aware_free.php
The last time I met a situation like what you described, I installed Ad-Aware and AVG Antivirus Free. Never had a problem since.
Easiest -- primitive, but sure -- way to determine if you have something evil lurking around is to follow this recipe:
* Start > Run
* type 'msconfig' without quotes, press enter
* Choose last tab, 'startup'
* Now look at stuff that starts up with your windows. There's about pageful of stuff there, try to inspect those and determine what is what. Windows XP in a typical computer by default needs only about 5-10 entries, of which most are usually something to run your video and soundcard (NVidia tray/Ati tray/sound manager of some sort/installed antivirus or spyware stuff/management programs for any USB device you could own, CD write utils, agents), and everything else that has icon near computer clock.
* Find things that look suspicious or unknown to you. VERY suspicious are
1) Things that won't show a path to exe file
2) Things that come from weird folders. Like c:\random\random.exe
3) Things that are on C root. Like c:\systemhelp.exe or c:\123.exe
4) Things that filenames are strange mess of letters and don't seem to mean anything.
This is a bit hard, because almost everything is shortened anyway. But from SOMETHING.
Like, 'nwiz.exe' is 'nvidia wizard' and 'acrotray.exe' stands for 'adobe acrobat tray' etc.
What does 'Sq1ZbvMq.exe' mean? It means that you should disable this from the startup and immediately scan for viruses.
5) Suspicious things are also the strangely correct and 'important' entries. Like c:\help.exe or c:\images\image.exe
Nobody names their programs like this except for creativity-poor virus writers.
6) File path should be easiest way to determine what are you looking at, so don't just stare at .exe file name. If something's in Adobe Photoshop folder, it should be related and is needed, so move on to next one etc.
7) Toolbars, smileys, search helpers, etc. I mean, if you really want and have google or yahoo toolbar installed (god knows why), leave it there, but if there's anything else you don't know, better kill it. Windows itself doesn't need any extra toolbars or search engines installed and a healthy computer doesn't as well. While "CoolWebSearch" might sound cool and useful, it's one of the most annoying viruses around causing more trouble than I've ever had with any other virus.
* Now, since you cannot possibly know all the names, open up google and type unknown ones in. With extension.
What's a 'qttask.exe'? Type it into google or look from neuber.com (http://www.neuber.com/taskmanager/process/index.html) and you'll know soon that this stands for Quicktime tray icon. That's how you can get info on anything going on inside the machine.
* While all this could sound complicated, as I said, you should have no more than 5-10 entries total. I would even say that if computer isn't filled with junk from end-to-end, 10 entries is maximum you could have.
* Disable everything that isn't okay or not actually installed by your free will.
* Restart and open msconfig again. Suspect heavily anything that you disabled, but has enabled itself again.
* You could also press ctrl-alt-del and check out the names of currently running processes, in 'processes' tab. But that's a bit more delicate matter, many of them are critical system processes and if you mess around, you could crash your machine. Well, no big deal here, rebooting repairs everything.
Now, you should know way better if you have something fishy going on. And take approriate steps to kill it.
All suggested spyware killers are good, I'd also recommend Ewido, since it finds so much others don't. Also, remember that a good anti-spyware or -virus tool runs in well safe mode. Most of the hyped anti-spyware tools don't and that's good excuse to avoid them. Many problems are simply unremovable without safe mode, or too difficult to do so at normal startup. I prefer safe mode always and everywhere.
Ah, and Windows Defender is made of programmer tears, baby skin and dark matter. Avoid it at all cost.
The best advise I can give you is to take their advise. Serously. Don't take your time, get it sussed immediately. My girlfriend's PC had a similiar problem, and I offered to take a look at it. She said it wasnt necessary and that her brother knows more about PCs than I do. Pfft.
Weeks pass and their problem has gotten so bad that the trojan has killed their access to the internet. I look at the problem, and advise that they need Hijackthis. I tell them to leave the pc off and wait until I come back the next week with the program. Do they listen? NO! They keep playing games on it and BOOM the computer just won't even turn on anymore. Dead computer.
Quote from: auriond on Tue 23/10/2007 23:51:54
Try Ad-Aware: http://www.lavasoftusa.com/products/ad_aware_free.php
The last time I met a situation like what you described, I installed Ad-Aware and AVG Antivirus Free. Never had a problem since.
I started trying methods as I went down the list, and this one seems to have worked, no more popups! Thanks for everyone's advice, and InCreator, sorry I didn't get to try yours, since you typed so much out. :-\ Perhaps it will come in useful for someone (me again? haha) one day.
Thanks again, everyone :D
Ad-Aware has been a lifesaver for many people. Glad it worked for you too, SilverTrumpet!
(And no, I don't work for them ;D )
Hey guys.. sorry to dig this up again, but I think I've screwed compy here up worse. Today I awoke to find 27 internet pages (accursed pop-ups!) that had apparently sprung up in the night. When I tried Ctrl-Alt-Del to bring up Task Manager so I could get rid of them all, it came back with "Task Manager has been disabled by your administrator." which can't be right.
Anyone know how to re-enable it? What I ended up doing last time to fix the problem (and the incessant freezing that was also happening, if I forgot to mention it) was going through Task Manager and deleting stuff I didn't recognize. Oh yes, and InCreator, I just tried your method too.
Thanks again... :(
Nasty. :(
Before you can try anything, you need to log on with administrator rights. So...
Start > Log Off > Switch User > and click on whichever profile says "Administrator" under it.
If you can't do this, or are already logged on as admin, you could try this:
1. Go to Start > Run > type "taskmgr" > Click "Okay".
That might launch the Task Manager for you.
Once you regain control of your system, we can start talking protection. :)
Didn't work. I got the same message :-\
And I am the only account on this computer
Hmm.
Okay. Download Kill Process (http://orangelampsoftware.com/products_killprocess.php). This will let you see what's running on your system at the moment, and will allow you to kill, as it were, anything you don't like the look of.
The taskmanager problem could probably be fixed with a registry edit, but Kill Process will allow you to shut down any nasty stuff you have running without having to open the TM.
---------------------------
NSIS Error
---------------------------
The installer you are trying to use is corrupted or incomplete.
This could be the result of a damaged disk, a failed download or a virus.
You may want to contact the author of this installer to obtain a new copy.
It may be possible to skip this check using the /NCRC command line switch
(NOT RECOMMENDED).
---------------------------
OK
---------------------------
^ result of download. Also, none of my other downloads seem to work either. Not stupid downloads either, like Adobe updates
Argh! >:(
Righto, try this:
How to fix the Task Manager in the registry:
Warning! Tampering with your registry is dangerous! Be careful! And...um...don't blame me.
Start > Run > Regedit.exe
In regedit, go to the following entry:
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies\ System
Over in the right window, delete the value named DisableTaskMgr.
If the entry isn't there, see if it's in HKEY_LOCAL_MACHINE\...
That may get the TM up and running again.
Well I'll follow the instructions.. I don't think I have much choice either way, do I?
Edit: YES!!!!! It worked! Thank you thank you thank you!!!!! I have my task manager back! :D
Now to get rid of most of those 44 processes :|
Hooray! \o/
If your downloads work again, I'd recommend a complete clean with SpyBot or AdAware, download any Windows updates you may have missed, have ZoneAlarm (or a similar firewall) running when you're connected to the internet, and use Firefox - the plugin Adblock Plus is awesome - (or Opera) over IE. :)
A good idea would also be to check what's running at start up.
CCleaner (http://www.ccleaner.com/) has a simple function that lets you check your startup list, and it also allows you to disable malicious processes that may be listed.
Hmmm I thought I had it figured out, but I think I killed it... I was going through task manager deleting stuff (I really didn't know what I was deleting, but it worked just fine for me last time...), when I got a message saying that a critical process had been terminated without warning and the computer would shut down in a minute. I figured it would restart normally (as was mentioned in I think InCreator's post), but nooo it didn't. I can't remember exactly what it said when it was restarted, but the effect now is that my 'sound device' won't work, and I have no internet connection. Oh, and it doesn't even look like an XP anymore, the start menu and taskbar have gone back to Win98 style (the option to change it back isn't there on the properties menu)... Gah! Looks like I'll be taking my compy home over the Christmas break...
(Thanks for all your help, LF!)
P.S. I'm using my next-room neighbour's laptop.. :\
Oh well. :(
Sorry to hear that. Like all things, though, prevention is usually better than cure. Especially when it involves Windows.
Last thing you could try is booting to Safe Mode, and rolling back to a System Restore point.
Good luck with fixing it, anyway. :)
If all else fails, you may have to reformat your HD and reinstall Windows.
It sucks, but will let you start fresh.
It might be a good idea to run Spybot, AdAware etc. after restarting Windows in safe mode without network access (keep F8 pressed when booting your PC). Worked for me, once...
Safemode... system restore.. sounds like great ideas, but I don't know how to do that either (miez I see your post now. press f8 during startup to get to safemode? can I get to system restore from there?). I've borrowed (I'm hesitant to say 'hijacked' considering the circumstances) a different friend's computer this time, so hopefully I can get this mess sorted out before I have to return it.
I had considered reformatting the only option, I forgot about those other two. (sorry if I'm repeating myself or I'm not making sense.. I'm not thinking well at all.)
Well thanks for the help anyway :S
Quote from: Sylvr on Sun 09/12/2007 01:05:07
can I get to system restore from there?).
Not quite sure - but with the F8 Safe Mode option you'll make sure most of the stuff that usually runs when windows starts, gets no chance to start. Does not stop any really nasty viruses etc. but might stop some ad- and spyware...
Just sounds like a nasty case of adware and spyware to me, so if you want this fixed:
You are best doing all of this without the computer connected to the internet. So download the latest versions of Adaware, Spybot, CCleaner and Sygate personal firewall on a seperate computer and put them on a disk or USB.
Do EXACTLY as INC has posted as there will be lots of nasty processes running on startup which you need to kill to be able to fix anything.
After you have done as INC said run both adaware, spybot and run ccleaner.
If any of the programs (namely spybot and adaware) mention that they need to be loaded on startup after a reboot then click yes, or whatever option there is to allow them to do this.
You want to make sure that there is as little programs and processes running on startup as possible.
After you have ran all the above programs (got rid of all temp files with ccleaner) then you will need to install the Sygate personal firewall. This program is a free firewall which blocks all unwanted programs and sites from accessing your computer (this will stop almost all spyware and adware from getting at you).
Once all this is complete you will need to restart the computer from 'start-shutdown', it is important that the computer shuts down and is not simply turned off by the power.
All of this should take you from half hour to an hour and fingers crossed will have your computer fixed and working as normal.
Thanks for these suggestions! I'll try them right now. Uhh... probably a dumb question, but will doing this restore my sound and ability to connect to the internet?
Edit:
encountering a few problems running sypwarebot and adaware... spyware bot is asking me to register so that it can clean selected infections, but the site that it brings up is 'unavailable at the moment'. As for ad-aware, it won't let me re-install the latest version without uninstalling the previous version, but it won't let me uninstall the previous version I have in the first place "installer service could not be accessed. ....or if it's not correctly installed". What now?
Edit 2: I figured out the problem wiht the spywarebot, but as a poor university student I don't want to pay. Heck, I don't want to pay anyway. Is there another way to remove files?
Spywarebot?!? No, no, no! :o
SpyBot S+D!!!
SpyBot S+D is free to use, and shouldn't be asking you to buy it.
Please tell me you're using SpyBot S+D (http://www.safer-networking.org/en/home/), and not malicious clone SpywareBot!
As for system restore, go to START > CONTROL PANEL > PERFORMANCE AND MAINTENENCE> and click on SYSTEM RESTORE in the upper corner of the screen.
You should then be presented with a window containing any system restore points you may have (if any). Choose one that's dated before you had all this trouble.
To access Safe Mode, repeatedly press F8 while the PC boots up. Once you have booted into Safe Mode, try to run a System Restore as I have detailed above.
All these errors you are getting are the result of broken or damaged registry entries, and might be fixable with a simply registry cleaning program.
CCLEANER has a function for cleaning the registry, but if you might have trouble trying to install it. Try it anyway.
I must be fast here as I have hijacked roomies comp and she doesnt know it (as opposed to hijacking with permission...). I was careful to take note of the recommended programs, I'll doublecheck what it is I have. I already had S+D from last time (thought I'd update, if possible), I don't know how I couldve possibly ended up with something else.
Thanks for the new suggestions
Simply running spybot (or adaware) once will not fix your problem, there are files on your pc which make unwanted things happen and there are other files which run on start up which download more of the unwanted files.
You need to cut all network connections so that the files that run on start up cannot access an internet connect to download the other files. The best way of doing this is booting the computer in safe mode with network connections off.
When you boot in safe mode your computer runs only the essential system files, which allows you to delete the unwanted files that would have normally started when you started windows. This can be done with Adaware and Spybot S+D.
You will find that when these files are running you cannot delete them nor can you stop their process using task manager.
This is all speaking from experience, feel free to correct me in i'm wrong.
Never ever use any anti-virus software you haven't heard a word about or that came up with googling for "free anti spyware" etc. Evil antivirus software is the Trojan horse of all trojan horses.
There's sites that you can trust, and hundreds that you cannot.
Loads of free and commercial stuff that CAN be trusted are in better-known places, for example, look at this
http://www.majorgeeks.com/downloads31.html
You could get much better help if you opened msconfig>startup as I suggested and made few screenshots of your startup list.
Also, Spybot S&D has quite effective startup check tool, you can click on items and get descriptions what is what. I think you have to enable Advanced Mode in Spybot S&D to find the list.
An investment into heavily-awarded and known antivirus software (Kaspersky Antivirus, PrevX, McAfee, etc) would work much better than loading your machine with tens of free ones. All antivirus/malware programs rape CPU and RAM quite heavily, so it's better to choose one strong instead of many weak ones. I wouldn't go for Norton though, all tries to live along with it made me feel sorry afterwards and relieved after raging uninstall.
Windows reinstall is something I never do if it's a virus or spyware. Every virus infection IS treatable, damage is irreversible only when virus is evil enough to delete system files or mess with hard disk partition/tables.
Step one: give this bastard a name. You have to figure out, which infection(s) do you have.
Step two: Google for "<bastard name> removal" or something similar
Step three: Remove this/them manually or with particular remover you might find
Step four: Install few virus killers (even shareware/disabled ones) and scan with them all. You can remove most of them later. Almost all anti-malware software does a scan and gives results, even if they won't remove problems before buying the software. But having problem info, you can move on and find free things to remove those.
Also, make sure that you don't have half-crappy programs installed. Many seemingly nice little games or software pieces come with ad-support. Simplest thing to determine one of those is that it generates extra shortcuts on your desktop and start menu list. For example, you download a free puzzle game, and it also generates some shortcuts on desktop which link to some homepage and bear description like "try FREE games!", "Free music download" and other idiocy like this. Even though game is real and nice.
System Restore is a digital piece of science fiction and I find it useless, causing more problems than it would reverse. Unless it's a work computer and never gets anything new installed. I mean, Excel and Solitare machine.
---
Internet is a minefield. If you didn't know it before, please do now.
Ah, and seeing that you're female... for the love of God, keep away from unknown IM addons, like 1000 free emoticons, moving pictures and stupidity like this. My sister loaded her machine with about 100 different toolbars and instant-messaging bits (mostly stupid smileys and sound packs for MSN) and this generated over 1700 names of different malware, it took 3 nights to clean her computer up afterwards. Many trojans are not harmful by themselves, but open ports and doors to all others, installing rapidly all kind of malware via internet while you're not aware of this. After this, every popup window that jumps up might execute another dangerous script, and soon you'll be sunk in this mess.
It's good idea to use Firefox for internet browsing and fortify it with NoScript addon. It's a bit hassle to "allow" every website you casually use for it later, but it pays back really well with increased security.
Also, how did your sound go away? I totally believe the internet connection bit: Heavy infections start to burden your ports and ISP and many ISP's simply disconnect you for this automatically. Atleast, mine does. Or, virus blocks incoming signals from ISP, writes crap over hosts file and tries to take over the connection, this is another known case. But sound card, I never encountered a virus that might do that. Sounds like you messed up by yourself at some point.
the sound went when I was getting rid of some tasks. I know I helped screw it up.
I don't think it much matters now, the computer's home (and I'm here home with it), and I didn't bring a monitor home (as per my dad's instructions) so I can't really work on it... I think he's just going to go for the re-install, unfortunately. Unless somehow he lets me set it up and try with the instructions from InC.
I've been 'well-trained' to stay away from downloading toolbars and smileys and the like, so that's not the cause of all this. I'm quite certain I know what I did....
Wow.. thanks for all the advice here, you guys. This has been great.
I use avast! on all my computers and have not had any problems since I began using it.
The trick to getting the most out of it is running a boot-time scan.
There are some options under the 'advanced' button that will prevent you having to baby-sit the program until it finds its first problem. Just make sure that you chose 'move all to chest' when it does find the first one. Then you can go back to sleep until it finishes the scan.
You have to register, but it's free for personal use. Get avast! (http://"http://www.avast.com")
This thread has inspired me to song:
Pop-ups and Toolbars and Spyware and Spambots
Viruses, and Videos of Paris fill my mailbox
Offers of money from Nigerian ex-kings
These are a few of my least favourite things...
Do what I do.
Assume everything that appears on your screen is malicious unless you asked it to be there.
Sometimes a message with come up saying "do you want to download this!" or something... then it will give you the standard OK CANCEL buttons... but often these buttons are put the wrong way round so that clicking cancel with download the harmful software...
If I get something I don't trust i stop everything and restart the computer.
@SSH: Loved the song heh.
@All: I ended up re-installing XP.... but thanks for everything.