I made the mistake of not being on guard while surfing the web.

Anyway, I was running Windows Explorer (for what reason I dont know) then all of a sudden a window popped up that said "Script" had a field for me to type in, when I saw it I alt ctrl del and closed IE.

Then the antivirus goes off and Microsoft Antivirus starts yelling at me.

I'm running AVGFree antivirus and it said it could not access the file it found as a virus. I searched the directory it said it was in and the file wasnt there, unfortunately I didnt write down the name of this trojan.

So I run Mircosoft Antispyware and Spybot, both found a couple things and didnt have a problem deleting them. I restart the computer in safe mode and run the same two programs again, neither find anything. So I restart in regular mode and run AVGFree again, it doesnt find anything. Then I run norton across my network and scan this computer, it finds nothing.

Everything seems ok, right?.....wrong.

I have this stupid thing running on the desktop, like in front of the wallpaper. It says Gambling, Dating, Pharmacy, XXX, Insurance. These are kinda like icons I can click on. I havent clicked on any but it would let me if I wanted too.

I also deleted all internet temp files, and cleared all the cookies. In firefox and IE both.

I've also search all processes running and there is nothing running that shouldnt be.

Does anyone have any ideas?!!? I dont really have the time or want to format this computer.

Here is a pic of my desktop. The thing I'm talking about is on the right side of the screen.

 

Sorry to hear about that.
If you recover, buy Webroots SpySweeper, that is what I run.
http://www.webroot.com/

It can monitor this stuff in the background for you.
I have not seen the one you got, but I know I would be pissed enough to run over, main, or kill the perps who make this stuff.
Yeah, that is a little extreme, but at least I would love to meet and greet them and take their PC from them and smash it on the ground before them, then stuff it down their throats

If they have a demo on the site above, get it and run it and see what it says.

Hey, looks like they have a website scan for you too.
http://www.webroot.com/land/freescan...77e79b2c88ef84

 

There were three new Critical Windows Updates issued today, including one "Malicious Spyware Removal Tool". Maybe that will help?

 

I second Corey's decision on spysweeper...when I bought mine over a year ago I have been spyware free since!

 

figures....the day I dont check for windows updates is the day I need it the most.....

Thanks for the link Corey, once I'm done with the windows updates I'll be using it...

Thanks guys, keep the input coming if anyone has any other additional information

Thanks again

 

MSFT has been pushing that down for a while (since 1/2005), there's a new version about once/month. It's a little piece of code that does a quick check for known apps that are running or sitting around in specific locations. It's a SMALL subset of MSFT's full-blown Antispyware app.

There's more info on the tool here.


EDIT:

The tool can be manually downloaded from here.

The full Antispyware app can be found here.

 

Silly question..But where do you check for windows updates?

 

http://windowsupdate.microsoft.com. You HAVE to use Internet Explorer for that to work. It doesn't have to be the default browser, but you have to access the site using it.

Or, Windows XP will do it for you... Control Panel | System | Automatic Updates

 

Well the windows update didnt work. No surprise considering I got this thing in IE. Anyway.

Corey. I downloaded the free scan and it found a ton of things. Only problem is that it wont remove the "threats" unless I subscribe for 30 bucks.

So I think I'm just gonna format and be more careful in the future.

 

Did you try AdAware and Spybot Search and Destroy? Those usually work for that crap.

 

Id say the $30 dollars is worth it...since the day that I installed it, havnt had a single problem

Also, the let you install a 14 day trial version

 

You can download the trial edition, which is the fully funtioning program that'll remove everything. Hmm... just looked at the site and it seems they're not offering the trial version anymore. PM me if you want the setup file for the trial.

Also, try Mike Lin's Startup Checking program. Look for anything that's suspicious. Or if you want to check it yourself you can check these 3 places in Windows:

• Startup Folder - Start | Programs | Startup
• Check the "Run" folders in the registry:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnceEx
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices (if there is one).

**Disclaimer - I don't recommend editing the registry manually unless you're comfortable doing it or have done it before. As always, make a backup of your registry in case you need to restore it!!!**

Did you check the Add/Remove Programs to see if there was anything suspicious there?

Try this website - Flying Penguin - and follow his instructions. They're very good, and are what I practice daily with the computers I've worked on. I've only found a few that I couldn't clean.

 

Search around for it for a little while before you wipe and reload, check out some computer/virus related forums. I got the coolwebsearch virus back when it was new and although it took some effort I was able to completely remove it using advice from other forums I had found. Personally I wouldn't be so quick to format.
Search on http://castlecops.com/ they seem to have a lot of experience removing this type of crap. They also have a forum.

 

Make sure when you are running any of the removal tools in Win ME/2000/XP to turn off "System Restore" and delete any old restore points. The spyware hide themselves in those files also and when you resart, it comes right back. It is also a good idea to run the removal tools in safe mode, with the internet connection disabled.

I would recomened downloading running "Hijack This" and posting the log on Major Geeks and see if anyof those guys can get you back to normal.

Also have you tried the "Advanced Tools section" of the Microsoft Anti-Spy and disabled any and all unfamiliar startup programs and so forth. That is a very good tool to use.

I run Zone Alarm Pro, it's a software firewall with built in antispy, and Windows Anti-Spy. Nothing but good things to report with that combo also.

 

well I searched around and found a kill spyware forum. They knew thier crap!!

First I ran a prog that pretty much fixed everything, it was called fixwareout. Then I ran a prog called hijackthis which gave me a report which I posted then a mod of some sort told me what to delete. Then I ran a prog called blacklight which scanned for other spyware. Then I ran an online scan called panda scan which found 27 viruses and 1 spyware that AVG and Norton didnt find.

Right now I'm waiting for a responce from that forum about the panda scan.

Anyway instead of me talking gibberish and non sense here is the link to my post on that webpage.

http://forums.subratam.org/index.php?showtopic=6408

This was a great help. I didnt realize how slow my system was running until I did some house cleaning. This thing is blazing fast now, with no problems what so ever.

 

Glad you got help. Nothing more fustrating then being taken over like that.

 

yeah. I'm still impressed on how fast this thing is running. I just got so used to its old loading times I thought it was normal. Its only a 1.5ghz intel celeron.