Under Siege - Spyware and God Knows What Else

I can’t find any sites with useful information and Norton wants to charge me a $50.00 consulting fee (nevermind I’ve got a compromised PC here and who knows whether there’s a key monitor watching what I’m doing - like I’m going to give them a credit card number now). I’ve run ewido and Norton - neither seems to be able to help but both find a new batch of spyware and, on occasion, viruses every time I run them even after they’ve cleaned out the old bunch. I just had my first ever blocked worm intrusion!

The worst is the popup warning messages from god knows where and the fake (with mispellings and links to questionable sites) “Windows Security” alerts that are popping up. The sites they want to send me to are antispylab.com and something like spyware sheriff. I searched the web for references and came up all but empty and the solutions offered didn’t work.

I know this probably isn’t the place to go for help but I’m positively panicked. Never had any of this before. A trojan once that was a real pain but nothing like this…and Norton eventually helped me delete it. Now a fake system shutdown notice in an official looking window but…nothing happens.

Help! Or at least point me in the right direction. I’ve got games to be playing and this is just pissing me off. I don’t have any idea what to do.

Have you tried Microsoft’s scanning tools?

http://safety.live.com

It seems to work pretty well.

I use a combination of the full version of Lavasoft’s Adaware and Kaspersky Antivirus/Antihacker, and I’ve never had a problem despite pretty high risk activities. Adaware at least is free, but you can never go wrong using a few different (legit) spyware programs such as Microsoft’s as well.

I wouldn’t touch any of Norton’s tools with the computer of my worst enemy. Spyware sherrif and antispylab are, I believe, pretty common afflictions. I was able to eliminate similar ones with a combination of Adaware, Microsoft, and the Free internet based Panda virus scan. You’ve already got ewido, so that’s good…I say toss Norton aside before it gives you any more of a false sense of security.

Unfortunately, there is no quick and painless solution to problems like yours when they are so deeply embedded. I have always done pretty well just googling whatever specifics about the malware I know. For instance, Spy Sherrif turned up the following link which I think could be of great service to you.

Try PC-cillin. It’s worth the 30$ - it was the only anti-virus that cleaned an infected laptop and i’ve run it ever since without issue.

Also see what processes are using CPU cycles in the Windows Task Manager. Kill them and see if they come back. Real virus/spyware will just reinstall itself into memory as soon as you stop it running. Sometimes you can just hunt “redirect-ware” down and delete it manually.

The forums at www.spywareinfo.com are good for customized advice, and free, too! Check the sticked faqs in obvious places, but what it’ll boil down to is downloading the HijackThis tool, and posting up the log of gobbledygook that results. You’ll get specific suggestions for your infection with astonishing speed.

Thanks for the link, LK, I somehow missed that one. I’ll run down the list here and try everything. But I swear, after this and the last bout of viruses I’m thinking I’ll stick with console gaming and get a Mac for the internet. Thanks again everyone. We’ll see how it goes. Letting Microsoft’s scanning tools do their thing right now.

If possible, I’d disconnect the drive and attach it to another, uninfected system (but don’t boot off it!) and then run the scans. Who knows how deeply embedded with scan-hiding and reinfection tricks they are nowadays…

Booting off of disc created by Bart PE, with the Spybot S&D plugin, along with one or more antivirus plugins will also allow you to attack some of the malicious software without running the infected OS.

Also: Trend Micro Online Scan, Ewido Online Scan, McAfee Online Scan, Symantec Online Scan.

Trial software: NOD32 A/V 30 Day Trial.

hitmanpro.nl - it will run all of the freely available scanners with one click.

Mac-time! (Yeah, I know, you don’t want to hear it. That’s ok.)

The only time it’s “Mac-time!” is when you’re taking the boat out, and you need an anchor.

LOL. For my boat, I use year-old Dells. :-P

I’m thinking Midnight Son’s right.

Microsoft did find some things it didn’t like but it couldn’t remove them. I had to manually go and find them. Some were unfindable entirely (hkey prefixes - which I’m guessing is registry and not on my disk directory) for a newb like me. Even more fun, the report from the Microsoft scanner was unsaveable nor could I cut and past the text into notepad for later reference.

After that less than reassuring excerise, while still reciting “fuck Norton”, “fuck Microsoft”, like a mantra, I rebooted in safe mode and started going through the recommendations from LK’s link. Had to sleep and now I’m at work. Will resume it tonight. Post the “Hijack This!” file somewhere afterwards and see what happens. And then I’ll likely be doing almost everything else on this list.

Bart PE evidently needs some files from my XP installation disk to work and I’m not entirely sure where I put it. Maybe I should just get a new PC? My Dell is several years old now. Everything about it is long in the tooth. Still haven’t gotten a DVD drive and I want to play Silent Hunter III and Space Rangers 2. Hmmm…

Or I could get a Mac. I hear they’ve translated Diablo for it now.

Here’s a fun little horror story. I went to work on a client’s PC that was running incredibly slowly. He had XP SP2 and the latest patches. However, he also had 3 Antivirus programs and 3 Firewalls going at the same time! After fixing that, I found he nevertheless had over 1000 malware items on the PC! After fixing that, (on the seventh day) I rested.

The only thing you have to really do to secure a new Mac is to turn the firewall on and put it in stealth mode. (System Preferences> Sharing> Firewall> Advanced> Enable Stealth Mode.)

Yeah, but wouldn’t it be even easier and safer if you just ran everything on your PS2?

Like XP, I only play games on my PS2. (In yo’ face!)

I say we take of and nuke the entire site from orbit. It’s the only way to be sure.

Yeah, you can slog through your registry with Hijack this and many other tools and get everything back to the way it was. Or you can say “fuck it” and reformat and lose everything, including all the evil crap. How much do you value your time and how much do you value the stuff already installed on your computer?

I think I nailed the bastard and entirely by accident. I was manually in the Windows folders looking to delete recent files in the sys32 folder, as suggested in a forum, and also as AdAware recognised some threats in there it couldn’t delete. So I was in safe mode with a knife clenched between my teeth, rising out of the murky water, feeling all Apocalypse Now. Me and the spyware. Face-to-face. Mano-a-mano. I’d done it before but the files always seemed to reconstruct themselves.

This time, though, I hit the sys folder instead. By accident. And there, lo and behold, I found graphics files for the spy sherriff and antispylab. So, frustrated, I deleted an entire swath of files regardless of what they were for from the day before up to the present. Likely messed up something important in the process but none the worse for wear so far.

But I do want to shout out my appreciation for AdAware and ewido. They both found all kinds of things Norton seemed oblivious to. AdAware even showed enough initiative to offer to attempt to delete undeletable files as my computer was starting up before they could execute. This didn’t work but it did let me know where they were and I tracked them down once I initated safe mode.

The nightmare is over.

This time.

If only Macs had games…

Good thing it’s sorted, and thanks for the confirmation that Ad-Aware and
Ewido can actually recognise actual threats. I was starting to feel forgotten
with all my clean scan results :P

Intel-based Macs. Bootcamp. A fresh install of XP. Autopatcher. Dual Boot. Games!