1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

going to war part 2

Discussion in 'Computer Security' started by zxspectrum, Aug 18, 2007.

  1. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    OK folks im still having trouble with all this spyware

    I found the file and deleted it from windows itself and the desktop went back to nnormal for about 5 mins. Then the red screen came back and i couldnt get access to my properties on the desktop.

    Ive turned off system restore and have installed macafee antivirus aswell as using spybot search and destroy.

    Is there anything i am missing here ???

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  2. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    if you've done the anti-virus scan and the spyware scan, then there could potentially be windows files that are infected or got deleted with the spyware removal.

    Have you tried repairing windows with OS cd?
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  3. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    98
    181
    right buddy i dont trust those.. so im gonna recommend my tools of trade to you:

    Hijack This

    NOD32 - 30 day free trial

    Download the NOD and ill help you set it up..
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  4. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    Cheers both of you , Zimbo is hijack this as good as or better than C Cleaner, as i was going to try that .

    Daft question time, how would a virus recreate itself when deleted, bearing in mind ive taken off restore. Im thinking maybe its stored somewhere else thats hidden.

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  5. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    It's still running somewhere in the background where you can't see it. Every time you delete it, it'll come back unless you can somehow track down what's putting the virus back.

    ...multiply that times 180, and you'll see why I suggested a wipe and reinstall. 8)
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Ed if you want to try another free malware remval tool before commiting yourself to a format in re-install, you could try Adaware2007

    http://www.lavasoft.com/products/ad_aware_free.php

    There is no one program that can remove all instances of malware, so sometimes you need to use more than one to clean a system.

    I do agree though, that even if the infection appears to be removed, there may well be traces lurking in the system somewhere. Only a format and reinstall can satisfy me that they are all gone. However, this i a very time consuming way to go about it.
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  7. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Try taking the PC offline when doing a spyware scan, also try a scan in safe mode.

    Does the desktop wallpaper turn red btw when the spyware kicks in? :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  8. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    Yeah its telling me i need to get rid and every 2 mins or so a window come up telling me i have a trojan called looksky, there are three types of window that open up as well all wanting me to pay for their product etc.

    Ill be having a go tomorrow as last night i drank way too much and im feeling so rough., but thanks for your input everyone.

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  9. rax

    rax Megabyte Poster

    684
    12
    59
    I would try using www.hitmanpro.nl as it downloads several different spyware removal tools.
     
    Certifications: ITIL v3 Foundation, CompTIA Network+
  10. zxspectrum

    zxspectrum Gigabyte Poster Premium Member

    1,666
    54
    139
    Well thought id better let you know i got rid of the program.

    I used hijackthis which was suggested by zimbo, but i didnt get to put the NOD32 on which he suggested as im still waiting for a password from NOD themselves.

    Thank you to everyone who suggested things to do in regards to this matter , you have made me look like a genius .8)

    Ed
     
    Certifications: BSc computing and information systems
    WIP: 70-680
  11. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    zx, i was under the impression that highjackthis just gave a detailed report of you registry entries etc.. usually you need to read through the report to try and establish which entries are the bogus ones, a task that requiers an extensive knowledge of the registry.

    I didnt think it actually fixed anything, unless things have changed?
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  12. hbroomhall

    hbroomhall Petabyte Poster Gold Member

    6,623
    115
    224
    The Hijackthis report has a set of tickboxes to allow you to delete stuff wihout actualy running regedit yourself.

    Makes things a lot easier!

    Harry.
     
    Certifications: ECDL A+ Network+ i-Net+
    WIP: Server+
  13. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Thanks Harry!
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...