spyware guru anyone?

Discussion in 'Computer Security' started by moominboy, Aug 26, 2005.

  1. moominboy

    moominboy Gigabyte Poster

    i was recently trying to fix my mates pc as he'd been infected with winfx or winfixer spyware. tried everything i could, forums and programs like hijackthis, ad-aware,ms anti-spyware,regcleaner, x-cleaner....etc but still he's getting damn pop ups, free scans, re-directed searches!! any advice would be great.
     
    Certifications: ECDL
    WIP: A+
  2. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    don't know winfx/winfixer spyware, but i always use spybot for cleaning: http://www.safer-networking.org/en/index.html
     
  3. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,903
    186
    221
    I've been using Microsoft's Antispyware (clickable link) software for a while now and don't get any. It is a free d/l but you will have to have "an official" version of windows on your PC. Oh and it's free :D
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  4. moominboy

    moominboy Gigabyte Poster


    i did try ms anti-spy, absolutely nothing has picked it up but from my small experience it is pretty severe cos it manages to interrupt your searches and then hijacks whatever you're doing on ie to only having it's own page connected. along with some weird "arty" pics popping up with the re-directed search.even tried system restore off-reboot-system restore on, in case it was hiding ih there but no joy.....
     
    Certifications: ECDL
    WIP: A+
  5. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,903
    186
    221
    Ok have you tried running the anispyware stuff in safe mode, so that it doesn't load on startup?
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  6. moominboy

    moominboy Gigabyte Poster

    yes indeedy, altho, when ive started in safe on my pc, everything was fast because nothing really starts up yeah? well, on his it took a lot longer to boot in safe than normal, again ran hijackthis, regcleaner,xclaener, and a few anti-spy progs in safe but..... nada! strangely enuff, after doing all that in safe, it came back named something else, then after a while returned as winfixer
     
    Certifications: ECDL
    WIP: A+
  7. AJ

    AJ 01000001 01100100 01101101 01101001 01101110 Administrator

    6,903
    186
    221
    try running MSCONFIG from the run command and see it there is anything in the startup that shouldn't be there.
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Breathing in and out, but not out and in, that's just wrong
  8. moominboy

    moominboy Gigabyte Poster

    cheers aj, i'll try that later on and either skulk or skip back here!
     
    Certifications: ECDL
    WIP: A+
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Have you run HiJackThis? Post a log and I'm sure that together a bunch of us can help you out with most of it. However, in many severe infestation cases it's just quicker and easier to do a format and reinstall of the OS.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. Pie Eater

    Pie Eater Nibble Poster

    73
    3
    15
    Certifications: CompTIA A+, Network+, MCP, MCDST
  11. rickbanr

    rickbanr New Member

    2
    0
    18
    For my experience, I will recomend you format and reinstall the SO.
    Everytime you run all that programs and you dont found what is damaging the SO, it messes even more the entire system.

    It take less head hacke to formatt and puit all fresh, thats what ai learn to do, to my mates computers when something big happens.

    I always instal SpyWareBlaster after that, it works in background and it does a very good job, blocking a lots of crap.

    Besides that did you tryed Adaware away ?

    It cleans a big number of crap too, if you want to try it, give it a go, but I will formatt.
     
    WIP: A+
  12. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Yup these infections are worse than viri IMHO. If you are still riddled with pop ups etc after running the full gambit of cleaning apps mentioned here then you have two choices, and they both take time and effort.

    1) Run highjack this as Freddy mentioned and post the output here or on their expert site. Be warned that the advice might be difficult to follow and require you to try things and follow up.

    2) Blow away the install, this also takes many hours, as you will have to re-load all the updates, anti-virus software and updates, drivers for cameras, scanners, all your applications and restore your personal files from backup, re-establish your email settings, Internet connectivity etc etc

    The choice is yours!

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  13. Uruloke

    Uruloke Nibble Poster

    63
    0
    16
    Am I the only one who finds formatting a PC that's choc full of rubbish like spyware and viruses quite theraputic? Kinda like taking a large dump... :blink
     
    Certifications: GNVQ (Going Nowhere Very Quickly!)
  14. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    180
    287
    That was an analogy I could have lived without, Uruloke. :rolleyes:
     
    Certifications: A+ and Network+
  15. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    What I find to be theraputic is taking a Windows PC full of malware, viruses, and spyware and dumping all of that for Linux PC. :biggrin
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  16. drum_dude

    drum_dude Gigabyte Poster

    1,664
    92
    135
    And after you have done this what do you use the PC as next? A big expensive clock? :biggrin

    Most spyware stuff installs its self in the following registry key (the key will also disclose the file locations too):

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    The latest spyware rubbish now has a secondary program thats sole purpose in life is to either restart the service when you end it, re-intsall it when you delete it or re-install it on startup. The trick is to ID this program in the registry and remove it! Then remove the rest!

    Reformating and Reinstalling the OS on a PC to get rid of a 5k process is rather drastic/ OTT, more time consuming and displays to customers/users/employers a lack of experiance and competence! In a support position you cannot just re-format a PC...you have to research and fix so the next time it happens you can nip it in the bud quicker!

    So grab your spyware problem by the balls and use it as part of the learning process!
     
    Certifications: MCP, MCSA 2000 , N+, A+ ,ITIL V2, MCTS, MCITP Lync 2010 & MCSA 2008, Sonus SATP SBC 1k/2k
    WIP: Hopefully Skype for Business and some Exchange stuff...
  17. moominboy

    moominboy Gigabyte Poster


    good advice that drum dude, just a few questions from the previous page, rickbanr suggested formatting which i'd rather not do for the same reason drum dude said, formatting is not curing the problem, it's euthanasia. but i'd still like to know how if anyone knows any good links for this? also, for blurinse on prev. page, what do you mean by blow away? manually go thru registry to find it? tried but it's being sneaky and has no id pointing to winfx/winfixer. and , last one promise ;), ffreeloader, i take it as linux is less well-known so virus/~ware writers don't bother as much with it? cheers all for your time and advice, adn funny analogies! :)
     
    Certifications: ECDL
    WIP: A+
  18. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Nah... That's what it was before I put Linux on it.... :p
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  19. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,749
    200
    246
    I find it theraputic to educate users on how not to be stupid in my usual friendly manner!

    you can live without spyware, virii, dialers, whatever, and have no anti spyware/virii products in place

    IF ofcourse, you have a brain, and use it from time to time
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  20. moominboy

    moominboy Gigabyte Poster

    harsh but fair point phoenix but i did say my mates pc, he's from newcastle so.....
     
    Certifications: ECDL
    WIP: A+

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.