PDA

View Full Version : I'm Screwed



Unrealevil
2006-05-24, 12:12
I'm pretty sure that I have this spyware stuff. This one basically closes every pop up window and some regular windows that have to do with getting rid of spyware. It's like... super smart. I ran Trend Micro PC-cillin and caught a few viruses. But then when I go to run Ad-Aware or Trend Micro's thing to get rid of spyware, they both just... close within a few seconds.

So just now, I went to download Spybot. But the spyware... won't let me do anything. So when I go to download it, as soon as I choose my language, I have half a second to ten seconds to get through the menu before it just, 'Poof', closes.

But then... I figured out how to run my computer in 'Safe Mode'. I saved the thing to download the Spybot setup beforehand. Then I ran the computer in Safe Mode and downloaded Spybot from there. But then I needed to like update it to even run it. I can't access the internet in Safe Mode. I tried for a really long time.

So then... I went back to running the computer normally. So I thought, well... at least I have it downloaded. But then I went to open it... and guess what. It closes about two seconds after I double click the icon.

So if anyone could help me here, that'd be great.

I really don't get what people gain from sending me spyware.

md usa spybot fan
2006-05-24, 15:18
This is a long shot but there is a variant of CWS.Smartsearch that can kill CWShredder, HijackThis, Spybot S&D and Ad-Aware as well as several anti-spyware sites when they are opened. I don't know if this is your problem but you could try to download and execute the following program. See:
Ugly new CoolWWWSearch variant
http://www.safer-networking.org/en/news/2004-01-21.html
The actual download URL is:
http://www.safer-networking.org/files/delcwssk.zip
Other than that the only suggestion I can offer is to consider posting in the Malware Removal forum and have one of the volunteers familiar with malware removal take a look at your system. Follow the instructions here:
BEFORE you post a log, and who will advise you. Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
Then post in the following forum:
Malware Removal
http://forums.spybot.info/forumdisplay.php?f=22

Unrealevil
2006-05-24, 20:35
It sounds exactly like it.

But... it searched for it and didn't find it.

Are there any other variations of that?

md usa spybot fan
2006-05-24, 20:56
But... it searched for it and didn't find it.
Than I suggest that you just follow the instructions (http://forums.spybot.info/showthread.php?t=288) for posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum.

Unrealevil
2006-05-24, 21:49
I don't know how to post a log... and those steps don't work.

tashi
2006-05-24, 21:58
Hello.
Were you able to download HJT; with the problems you are experiencing that would be the only action you could take out of the steps listed.
No need to try the on-line scanner or running Spybot-S&D.

4) HiJackThis log

Downloads:

Please make sure you have the latest version. HJT 1.99.1

http://www.downloads.subratam.org/hijackthis.zip

If you are unfamiliar with zip programs get HijackThis.exe here:
http://www.merijn.org/files/HijackThis.exe

First put hijackthis into a permanent folder.
Do this first - go to C: and create a new permanent folder.
Example C:\AntiSpyWare or C:\hijackthis
This is necessary to ensure you have backups should anything go wrong.
Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
Example of the wrong way:
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log


Double click HijackThis.exe.
Hit None Of The Above, just start the program.
Hit Scan.
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click that, save the log somewhere, and copy/paste into your own new topic ( http://forums.spybot.info/newthread.php?do=newthread&f=22)


Please click own new topic, it will open up a window for you to post in.

Unrealevil
2006-05-24, 22:11
Okay, thanks.

That actually worked.

Stupid computer.

md usa spybot fan
2006-05-24, 22:43
Post by member Unrealevil (http://forums.spybot.info/member.php?u=7482) in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum: I'm Screwed (http://forums.spybot.info/showthread.php?t=4659)

Rednose
2006-05-25, 17:32
Lonny told him it is a program called 007 spy, and yes he installed that on purpose once but forgot about it :D

Greetz, Red.

md usa spybot fan
2006-05-25, 18:33
007 Spy is a commercial keylogger. It logs keystrokes, Web sites visited, programs used, and files and folder activity. It also has the ability to capture screenshots and can use FTP or email to send all the logs to a remote server or email address.

**********************

I believe that the indication that the problem was associated with 007 Spy software was that the HijackThis log revealed svchost.exe was being executed from something other than:
C:\windows\system32
In Unrealevil (http://forums.spybot.info/member.php?u=7482)'s case, these entries:
C:\Documents and Settings\Administrator\My Documents\DAO\svchost.exe
C:\Documents and Settings\DAO\svchost.exe
O4 - HKLM\..\Run: [Windows LSASS Service] C:\Documents and Settings\Administrator\My Documents\DAO\svchost.exe