Infected Machine

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This probably belongs in a different forum but it also is a troubleshooting issue so I put it in here. [EDIT: moved it for you, Trip.]
I'm doing some small jobs for Zial and we've got a home user that appears to have an infected machine. The user is not techically savvy so she had a hard time explaining it to me.

She started to have "symptoms" a few weeks ago but didn't really do anything about it until it became a big deal. She's getting all kinds of unwanted pop ups, browser's home page resets itself to a different site, the works. Her college age kids came home over the holidays and downloaded spybot to try and clean it out. NG. The stuff just came back. I figure it's in a file that periodically reachs out to the internet and pulls the junk back in.

She couldn't even boot yesterday but can now. Outlook periodically refuses to open. Sometimes she'll get screen flicker.

She has cable access and since it's "always on" I asked her to unhook it until I could have a look at the machine. It's a Sony Vaio (yuk) running XP home. It's an older machine that had it's OS upgraded a year or two ago. They have or had Norton on it but probably didn't pay the annual fee to have the automatic virus definition update service (woe is them).

I'm set to go out tomorrow at 9 a.m. my time (about a little over 11 hours from now). Since you all should be waking up in a little bit, I figured it would give you most of your day to ponder the problem. I'm taking my laptop out in case I need to get to the internet and download a tool to clean this thing out and get it back up to speed. Any wisdom you want to provide before I tackle this one is of course, greatly appreciated. Thanks folks.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

You could try downloading the free version of adaware to remove/clean the system, you would have to burn the install file to CD.

Sounds like a browser highjack, is it 1-2-3- found.com, if so I got this once and even though I ran adaware AND pest patrol, both of which said that they had removed it, everytime I rebooted the machine it reinstalled itself, I had to search the registry to remove it fully and browes the Program files folder for it aswell.

HTH

 

I spent quite awhile there and finally had to leave. Used Spyhunter which seemed to do a pretty good job and scanning for the little buggers. Most of them were erraticated but not all. Forgive my ignorance, but if Spyhunter scans the registry and personal profiles which it seems it does, and I then remove the malware, then where are they residing?

Gator did show up but does not reoccur. What is reoccuring is ClientMan, MySearch, PeopleOn, and MyWay in the Registry and Adbureau and DoubleClick in Profiles.

They had three virus infected files as well.

I'm a little leery about manually checking the Registry since I'm not that savvy at Registry hacks. I was also thinking about downloading a freeware firewall such as Zone Alarm to alert users not only when something is trying to invade from the outside but when something already on the computer is trying to get out to the internet (so it can be blocked).

I've only dealt with this problem once years ago. It took me a week to get all the stuff off finally and I don't recall all the steps I took.

 

Have you run Stinger on the machine, Trip - just to check for viruses, etc ?

I'm sure you'll know the link (from Network Associates - its on the site here somewhere - I'll try and hunt it out). Just to rule out any nasties on the box.

EDIT: For quickness, here is the link for Stinger, Trip

 

Keep the cards, letters, suggestions, and miracles coming in, folks. I have to try and tackle this one again Monday.

 

Download the free version of adaware, install it on there machine and update it by clicking the 'check for updates' button when the prog starts.

I would'nt be too fritened about using regedit, I used to be the same as you until one day I had loads of stuff that kept installing itself, so I searched the reg and found them lurking in there and thought bugger it just delete them, and everything was fine.

Backup the users files onto CD then run regedit, do a search for the names you listed above and if it find any just hit delete then F3 to continue the search, that way if it does go belly up (I'm sure it wont) you can reinstall all the users data.

EDIT: there is an option to carry out a thourgh/deep search make sure this option is ticked

 

For Adaware, look at LavasoftUSA

The guys are right - it is ridden with spyware. Doubleclick is a well-known piece of spyware, as I assume the rest are too.

With all the above info, you'll crack it and clean it no probs, Trip