michael hurd Posted January 24, 2005 Share Posted January 24, 2005 Low and behold I was infected last night around midnight and spent all night and half the morning battling this ugly virus. This thing decided to take a hold of my Windows/IE explorer and add functions to my toolbar. On top of that, it was trying to connect to the internet. The first thing that I did was to kill the power to the DSL modem, and start to look for new files that were created last night in the Windows system and program files. Ran Adaware and Spybot S&D, found and deleted more programs. Restarted, and found that the startup menu had been changed and more items added. GRRRR... By this point, it had slowed trying to connect to the modem, and I ran Spybot S&D again. To my surprise, everything that I had deleted had reappeared again! Common hijacker, keyloggers, coolwwwsearch, Igetnet, were some of the displayed items that Spybot had shown. I then powered up the modem and braved a connection to the net. I quickly Googled coolwwwsearch, and found and antidote. As soon as I had the program downloaded, I killed the modem again. My fix came in the form of a program called Spy Subtract, which also contains Cwshredder, which removes the redirection of searches and such. I had run the program twice, and restarted with my fingers crossed. Problem solved! I hate people that write and design malicious code, and send nothing but spam. Quote Link to comment Share on other sites More sharing options...
michael hurd Posted January 24, 2005 Author Share Posted January 24, 2005 The virus that I had received overwrites the history files, so that if you do a system restore, restoring the computer to an earlier date, Windows thinks that it has been there all along. This is why programs such as Spybot S&D do not "fix" the problems. Whenever you sign on to the internet, the program morphs. It justs gets uglier, kind of like a carnival game where the heads pop out of holes, and you try and bash it, but then it reappears in another hole. Quote Link to comment Share on other sites More sharing options...
ARPRINCE Posted January 24, 2005 Share Posted January 24, 2005 Yup I know exactly what you mean. Losing several hours trying to fix the PC. If you are using XP, you need to disable the system restore. That's why it always comes back when you reboot your system. Also use HIJACK. With it, you can track down all "programs" that were suddenly installed into your PC/Registry. You can delete the offending files with it (just make sure you are deleteting the malware and not a system file itself). Then replace your IE with FIREFOX!!!! FIREFOX rules!!! Lastly, I would stay away on those "nasty but entertaining" sites (if you know what I mean)! Quote Link to comment Share on other sites More sharing options...
Frzninvt Posted January 24, 2005 Share Posted January 24, 2005 Yikes! That sounds like a nasty one, that was some quick thinking and diligence on your part to track the thing down. I probably would have done the system restore thing and would have been at a loss if it did not correct the problem. I run Norton's Personal Firewall on my Desktop and Laptop but for some reason I cannot log onto MSN when Norton's Personal Firewall is running on my laptop which worries me since it will be vulnerable. Malicious code writers should be put in front of a firing line for the aggravation that they cause. Quote Link to comment Share on other sites More sharing options...
michael hurd Posted January 24, 2005 Author Share Posted January 24, 2005 I have Norton Anti-Virus, but it is worthless. It didn't pick up a thing! The virus definitions are up to date, the last possible revision. Spybot showed what the problems were, but could not correct them. Quote Link to comment Share on other sites More sharing options...
rpittman Posted January 24, 2005 Share Posted January 24, 2005 You didn't have a virus, you've got spyware. (Granted the difference between the two is largely semantic.) At some point, you or another user clicked on a link to check on a 1.5% mortgage rate, make $1 million working at home, get free MP3s, or some other such crap. All those nifty little toolbars and useless desktop icons got shoved down the pipe onto your computer at that time. Try downloading Ad-Aware, and running it. It does a pretty good job of cleaning up the spyware stuff. SpySweeper is also another product that does a pretty good job of controlling spyware. Using one of these should help you get the situation under control. I had a helluva time getting rid of this stuff until I educated my kids to never, ever click "OK" or go to any of the links that install spyware. Quote Link to comment Share on other sites More sharing options...
3dzapper Posted January 24, 2005 Share Posted January 24, 2005 I subscribbed to Lavasoft's Adwatch SE+ program in addition to the Adaware search and destroy. SE+ is a realtime monitor of incoming data. If a site attempts to load spyware or adware the little icon flashes and blocks the transmission. If a really baaad thing is coming in, Se+ imediately shuts down IE. Plus I have Spybot running in the background, McAffee Virus Scan and Firewall Plus and a router between my computer and the cable modem. Just because I'm paranoid, doesn't mean everybody isn't out to get me! Rick Quote Link to comment Share on other sites More sharing options...
verso Posted January 24, 2005 Share Posted January 24, 2005 Haven't been around here in a while. Sorry to hear about your computer 'woes'. Usually, when something like that happens to me - I just reformat. I have everything that is important to me backed up to another partition. So, I lose nothing. Heh. Oh and, heh. I like your little quote. "I'm a Canadian - like an American but without a gun." I'll just assume that it's in jest and you do not actually believe all Americans have guns. Though I do. Heh. - Steven Quote Link to comment Share on other sites More sharing options...
Marvel Posted January 24, 2005 Share Posted January 24, 2005 I don't have a gun. I have three or four! Quote Link to comment Share on other sites More sharing options...
T2K Posted January 24, 2005 Share Posted January 24, 2005 ---------------- On 1/24/2005 1:16:23 PM Frzninvt wrote: Yikes! That sounds like a nasty one, that was some quick thinking and diligence on your part to track the thing down. I probably would have done the system restore thing and would have been at a loss if it did not correct the problem. I run Norton's Personal Firewall on my Desktop and Laptop but for some reason I cannot log onto MSN when Norton's Personal Firewall is running on my laptop which worries me since it will be vulnerable. Malicious code writers should be put in front of a firing line for the aggravation that they cause. ---------------- Did you download the MSN freeby 'Webroot Spy Sweeper'? Works better for me than even the storebought stuff. No kidding. Keith Quote Link to comment Share on other sites More sharing options...
chuckears Posted January 25, 2005 Share Posted January 25, 2005 I had a similar problem a week ago; it took me about half a day, but I finally got it whooped, and here is my current regimen: Running SpywareGuard (SG) and Spyware Blaster in the background to stop incoming offenders (these are not removers; they are preventers, and freeware). Regularly scanning with both Ad-aware and Spybot Search and Destroy; they seem to cover nearly everything. Then an occasional scan with HijackThis; but as a previous poster commented, it requires knowing something about your system files and applications to prevent removing some benign apps. Finally, I am using AVG as my anti-virus, and looking for updates regularly. ...and I agree that these bored, malicious code-writers need to get themselves a girlfriend. Quote Link to comment Share on other sites More sharing options...
michael hurd Posted January 25, 2005 Author Share Posted January 25, 2005 I'm glad that I go the problem licked and up and running again. The girlfriend was worried that I would have to take it to someone that could fix it for us, but I persevered. We don't have the original boot discs ( used computer ), so I was crossing my fingers that I would't lose all the pictures and files on here. Someday, I will have to make backup discs of everything, and I keep saying I should. Just seems like there are never enough hours in a day. Quote Link to comment Share on other sites More sharing options...
white_shadow Posted January 26, 2005 Share Posted January 26, 2005 You've got the problem under control thats nice to hear. But some tips for the future, use Firefox. And I use the tools available from merlin.org. You can find hijack this, CWSshredder, and some other good stuff. I don't have problems with spy/ad/mal-ware. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.