My PC has been attacked and need help

Status
Not open for further replies.
Pablo

Pablo

Joined
Oct 28, 2002
Messages
60,170
Location
Everson WA - Pacific NW USA
Bob Woods and other experts....sometime this AM my pc was seriously attacked....and I need help.

First of I come on my hand and knees to Bob for being very rude in his warning post. I'm sorry.

My 6 year old ME running Dell is dead, trying to get it back from the dead, ironically killed it. Whatever this thing is, it walked right be Black Ice in fully paranoid mode, NAV, etc It made the PC strangled.

So I hooked up another PC (Windows 2000) and have been trying to configure and CLEAN it. But whatever I have cannot be cleaned by AVG or ewido. The main symptoms are these popup warning screens about my registry being messed up and that I need to go to some site such as registrycleanxp.com - they almost look offical but the misspelling gives it away.....

help, please

The
 
Can you boot it properly into Windows? Download CounterSpy and make use of the 15 day trial. Let it do a thorough scan of your system. Delete everything that it finds. This will take quite some time in the Windows 95/98/ME operating system.

Reboot.

Run CounterSpy again. If it finds nothing and your pop ups go away, life is good. But nothing is bullet proof in the every cr@ppy world of Spyware...
 
not an expert but sometimes I can get rid of stuuf like that by booting up in safemode, use the "find files" to search out anything with the offenders name, delete the files then restart and normal mode. Some are tougher,and I'll use a search engine with the offenders name and usually come up with a solution from a forum or somebody else that had the problem. g luck
 
Run every free spyware program you can find one at a time till it finds something try ad-aware first.
 
The only spyware removing programs I use are Spybot and Ad-aware, try these they are both free.
 
what about your HOSTS file? It should only have one entry, 127.0.0.1. IIRC, Windows ME has it in the C:\windows directory. Use Notepad to inspect it's contents.
 
TNS - I'm not running ME anymore. But yeah that's all that was in the HOSTS file.

I didn't sleep last night, my eyes feel like they are full of sand.

I pretty much lost everything, my back-up CD's aren't readable. Please bear with me.

I have some bad comments for some of the badware searching software, but I guess I can't complain about the free price. They all find something different, that's for sure. I think the worst was spysweeper, which alledgedly found "ardomax keylogger", but would only remove it if you paid $39. I checked everyway but Sunday and I have no other signs of having "ardomax keylogger" which indeed would be nasty.

I still have work to do, but the stupid pop-up thing has stopped. To me it was closer to a virus than spyware.
 
I would stop working on it. Buy a HD and reinstall Windows and re-attach your original drive as a slave, recover the data. At this point, you are chasing ghosts, and there is no apparent end. Even if everything started working, would you be confident about continuing on using it?

A spare HD is probably $30-50; How much chasing is that worth.

Good luck
 
sg - you are very much correct. Thanks. That's where I am this am. I did have a spare drive.....I made a boo-boo when reinstalling Thunderbird. All my ancient email and addresses are not recoverable. Partially because one drive was FAT32, partially because of Thunderbird's set-up and mostly because of my groggy stupidity.

I will now see if I can find my old bookmarks.

It certainly is not the end of the world, and the way I'm so upset about this is telling me something is seriously messed up in my priorities.
 
Right now the culprit of infestation is unknown. The method is unknown. And it's unknown if I REALLY fixed the problem.

My teen daughter and younger one has been on the web with this PC clicking away. Who knows.
My teen daughter got a Sony music device (512M ram)which charges via a port, and she has downloaded some music. She also does myspace withe her friends.

I'm not mad at them at all, I'm just noting recent habit changes. I did google the problem and it appears it's out there and no one seemed to list a real cure.
 
Sorry to hear you had a bad experience with SpySweeper. I used it to get rid of the "winfixer" bug. It took a couple tries, but it worked.

The newest round of spyware/malware is installed on your computer through a corrupted picture on a web site or email. A computer can get infected just by vistiting a website or previewing an email message. So it may not have been anything anyone did. Here is a MS Security bulletin which explains it.
 
One of the reasons that I like Windows XP is because you can set user permissions and lock it down. For example, you can have it set up so that while running under normal permissions stuff can't install. In order to install anything you have to know the admin username and password.

Music sites and file sharing are notorious for harboring spyware, viruses and trojans. As you've found out, spyware can be downright insidious. Have you tried rolling back the registry to the last known good configuration?

Another tool to try is Autoruns by Sysinternals. It will show you everything that is autostarting on the PC and allow you to remove it. Not only the items that MS config show, but the items in the registry and other "hidden" places.
 
I had a worm that was infesting the prefetch once, and it was touch and go for a few hours. I had to keep shutting down processes via task manager in order to get a fix downloaded from Symnatec, and to install and run it. Since then I've ended up relying on the following:

1. Eventually switched to AVG as Symnatec just got too bloated.

2. Spybot and Adaware. Both are free, and both seem to have regular updates.

3. Part of Windows Firewall.

4. Microsoft updates.

5. Hardware router.

6. Check for 'stealth' at places like 'Shields Up'.

7. Uninstalled MS Messenger.

8. Check for updates on a regular basis, especially at Microsoft.

9. Check processes running on a regular basis.

I'd like to run a registry cleaner but haven't found any free ones that I trust yet.
 
Status
Not open for further replies.

Similar threads

redhat
New PC case and Desk Layout
Replies
5
Views
761
redhat
O
Help me find a durable stand for a weird application?
Replies
4
Views
491
OilMagnate
slo town
My experience 30 floors up during the 1989 Loma Prieta earthquake
2
Replies
23
Views
1K
Cheetah-kins
E
Analysis paralysis - Need help choosing my next oil
Replies
19
Views
2K
BMWTurboDzl
S
My gen 1 3.5 Ecoboost; An inauspicious Start
2
Replies
28
Views
2K
benjy
Back
Top