2 Cool Fishing Forum banner
1 - 12 of 12 Posts

·
Registered
Joined
·
7,832 Posts
Discussion Starter · #1 ·
Last night I downloaded the spy bot from the link above and today I got blasted. Now it may have just been a coincidence but it sure seemed funny. I have spent the last two hours fighting them sum bich'es and keeping them outta my house. Dang McAfee was going bezerk and I ran Spybot, got 97 hits the first time, and kept running it and it cascaded down till I finally got it clean, I hope. I have done nothing but the Spy Bot(MajorGeek.com) and havent opened any email so Im guessing I got it from there. There was a file installed on my computer that was throwing some type of Trojan virus and I couldnt close it and it wasnt showing up on Virusscan(the file). I finally got it cornered and everything seems to be normal. Ive run everything twice and all is clear so far. Just a heads up from a computer dummy with some prespiration stains on my shirt right now. LOL

Zac
 

·
Premium Member
Joined
·
40,471 Posts
What were you "Blasted" with

virus or spyware? I think you had been infected with spyware and just did not know it. Now that you have it all removed your computer should run better and faster on-line. Just a note: Anti-virus programs will not detect and remove spyware and the same for Spyware will not detect and remove a virus. They are two seperate animals..LOL

You might also want to download Ad-aware and give it a run also as it will help detect and remove spyware from your computer. Ad-aware and Spybot S&D work very well together. These are very good FREE programs so use them. If you want to stepup, Pest Patrol and Spy Sweeper are even better programs.

If you had any virus problem, go back to the top thread and run one or more of the on-line virus scanners. Take a look at the thread on threats for Texas.

BTW, MajorGeeks is a clean site and you will not get a virus from them. I would also think about a different anti-virus program. I have seen that program fail time and time again. Shadman had a thread about Trend Micro having a sale the other day for their software and it was a very good price.

If you had a trojan, which one was it and what did you do to remove it?
 

·
Registered
Joined
·
7,832 Posts
Discussion Starter · #3 ·
Maybe so Bill

I know just enough about this stuff to get me in trouble. I dont remember the name of the Trojan. McAfee kept stopping it but it would pop up a message every few seconds. When I installed Spy Bot last night I ran it and it picked up 56 items. I removed these and shut the puter down and went to bed. Turned it on for the first time today and it went crazy. When I logged on to IE it had changed my default web page to a "Security Warning" and was telling me to "click here" to return my computer to normal. I never did because the wording of the message wasnt "professional" sounding. I think I was actually getting pounded with spy ware because everytime I ran Spy Bot it picked up new ones. The virus alerts were popping up and giving a temp. Internet file location in the warning. I kept clearing the files out but it kept returning. There was a file named something like "noclose.gen" or something to that effect that was hanging everything and making it go haywire. Im really inept at this stuff and dont know if I actually got everything so when I get back from the Astros game Ill do all the things you said and hope it all works out for the best. This stuff is aggravating.

Zac
 

·
Premium Member
Joined
·
40,471 Posts
I need more information and we can clean this out

I belive you are probaly still infected. noclose.gen is a script virus you get in an email. Simply looking at the message gets you infected, you do not need to open any attachments. Go to the thread and do the on-line scan, then copy the results and past back here so we can get you free. The on-line scans may remove them but be sure to copy the exact message of everything not cleaned.
 

·
Premium Member
Joined
·
40,471 Posts
When you post the copied information

please include what operating system you are using. This will help us resolve the problem much easier and quicker.
 

·
Registered
Joined
·
7,832 Posts
Discussion Starter · #7 ·
Well I tried

Im fixing to run it again. I tried running the Panda one earlier and it ran for like 2 hours and then froze, I had to abort. It showed two infected files, one cleaned but I never got any messages because the computer froze. Im gonna run it again with one of the others and see what happens. Im definitely infected because my computer has slowed to a snails pace and all OS programs are freezing up. Hopefully I can get it in. Now Im getting spyware without logging on to IE. I have cable access so maybe its getting it without me knowing it. Does Spybot stop it from coming in or do I have to scan it to remove it? Im fixing to do a major upgrade of my security software as it seems McAfee didnt catch it. I do a total scan and McAfee only scans 22000 or so files. The Panda was at 37k when it froze up, why the difference? Sorry for all the questions Ill rerun an online scan and get back.

Oh yea, Im telling my wife about our problems last night and she informs me that she has been getting dozens of emails from an unknown source in German every day. She hasnt been opening them, just deleting. But she has autopreview which Im assuming is basically still opening it. That may be the culprit.

Zac
 

·
Premium Member
Joined
·
40,471 Posts
Ok

Do you have a firewall? If not download Zone Alarm (in the top thread) and lets get some of the programs to stop getting access. What Operating system are you using? If ME/XP you need to disable the auto restore function before you clean and reboot or the problems may be reinstalled. Try the Trend Micro (Housecall) scanner and let it detect and remove the problems. When you get to the scanner site, disable your anti-virus, that way McAffee's will not try and fight the scan. You can also download one of the free anti-virus programs listed in the main thread, you should get better results and be more protected.
Also, the on-line scans should not take that long, I can scan my home systems in about 25 mins and I have a dial-up connection and two HDs, 1 40gig and 1 60gig.
 

·
Registered
Joined
·
7,832 Posts
Discussion Starter · #9 ·
cool

Ive got some info but it is still running. It picked up two and here is what it said

TROJ STARTPAG.KF Non cleanable C:\WINDOWS\ALLUSERS\APPLICAT...
TROJ STARTPAG.KF NonCleanable C:\_RESTORE\TEMP\A0089624...

That is all I have so far but its still running, I didnt try to read the rest of the location because I didnt want to hang it up in anyway.

Im running ME and I dont know how to disable the auto restore either.

Ive got the McAffe Firewall but Im getting the picture that McAfee isnt doing me much good. I will fix that issue when Im through this.

Zac
 

·
Premium Member
Joined
·
40,471 Posts
This one is not destructive..thats good

TROJ STARTPAG.KF you need to stop autostart entries from the registry prevents the malware from executing at startup.
  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, double-click the following:
    HKEY_CURRENT_USER>Software>Microsoft>
    Windows>CurrentVersion>Run
  3. In the right panel, locate and delete the entry:
    IEService.exe = "%AllUsers%\Application Data\IEService\IEService.exe"
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.

Removing Malware Entries from the Registry
  1. Still in the Registry Editor, in the left panel, double-click the following:
    HKEY_CLASSES_ROOT>E.HH
  2. Still in the left panel, right-click the following registry key and choose DELETE:
    E.HH
  3. Do the same procedure for the following registry keys:
    • HKEY_CLASSES_ROOT\E.ZZA
    • HKEY_CLASSES_ROOT\CLSID\{9E992732-295F-4987-8BE3-16FAC1639198}
    • HKEY_CLASSES_ROOT\CLSID\{D72A7651-8A16-476E-953C-347F0241FD32}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E.HH
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\E.ZZA
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
      {9E992732-295F-4987-8BE3-16FAC1639198}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
      {D72A7651-8A16-476E-953C-347F0241FD32}
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
      CurrentVersion\Explorer\Browser Helper Objects\
      {9E992732-295F-4987-8BE3-16FAC1639198}
  4. Close Registry Editor.
The following procedure disables the System Restore feature:

For Windows ME

  1. Right-click the My Computer icon on the Desktop and click Properties.
  2. Click the Performance tab.
  3. Click the File System button.
  4. Click the Troubleshooting tab.
  5. Select Disable System Restore.
  6. Click Apply > Close > Close.
  7. When prompted to restart, click Yes.
  8. Press F8 while the system restarts.
  9. Choose Safe Mode then hit the Enter key.
  10. After your system has restarted, continue with the scan/clean process. Files under the _Restore folder can now be deleted.
  11. Re-enable System Restore by clearing Disable System Restore and restarting your system normally.
This should get you ride of this problem, after you finish, run the on-line scan again, (I know this is a pain, sorry) and see if anything else shows up in the final scan.
 

·
Registered
Joined
·
7,832 Posts
Discussion Starter · #11 ·
Bill, I just wanted to thank you

For all the help you gave me, it wont soon be forgotten.

Unfortunately I did all the above and when I restarted the computer it froze, and I mean FROZE. I dont know what happened but I tried just shutting it down with the power button as nothing else worked. It never would restart(desktop would not come up) so, I just finished a total reboot(That sucked) Now that Ive downloaded a gazillion Windows updates Im now getting things slowly back up to speed. I still have several more things to get back online but it is slowly coming back. I tried to call the only one I knew with computer smarts but "HE" didnt answer his phone. LOL Next time Bill, I may just get your phone number before I start jacking with stuff. Thanks a million for all your help. Back to downloading.

Zac
 

·
Premium Member
Joined
·
40,471 Posts
Man that bites big time

I just returned from my brother-in-laws, all the out of town family is leaving in the AM so they wanted to see them one more time. I hope you have some backup copies of any files you had, this is the time they come in handy.
 
1 - 12 of 12 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top