computer going nuts

[jyeh74]

Fro some reason I have this "Advanced Antiirus" installed on my computer. It keeps asking me to buy and upgrade this antivirus and wont let me download/browse websites. I went to "Uninstall programs" but could not find it. Windows Antivirus 2008 wont do anything, says I have to register and buy SW. Something malicious must have installed on my computer. How do I uninstall it if I cannot find it from the "Uninstall programs" box?

It always brings me to this browser when I open IE http://safepageplace.com/xp/

I cant uninstall Windows Anitvirus 2008 either.

[poisondeathray]

It sounds like a virus itself, especially since it sounds like you didn't install it yourself.

If you can't browse, how are you accessing this website? (from a different pc?)

If you have access from a different PC, download Dr. Web Cureit from here http://freedrweb.com/cureit/ (free), then transfer it using a USB stick to your problematic PC and run it there.

If you cant do any of this, try rebooting in safe mode. Do you have a backup roll back restore point for Windows?

[aedipuss]

sound like job for spybot search and destroy or ad-aware. might be a drive-by browser helper object silent install. some try to extort money to remove phoney viruses they installed themselves.

[jyeh74]

i cant download anything, everytime I try, it closes the browser.

[dialysis1a]

This tool may help. It's highly recommended on a few forums that I frequent.
Malwarebytes
http://www.malwarebytes.org/forums/index.php?showtopic=5034
Maybe someone can download it onto a stick for you.

[jyeh74]

Got it, with Spybot, the Search and Destroy, once it "fixes it" actually removes it from my computer?

What does "Immunize" do?

[aedipuss]

should delete it. immunize may prevent a re-infection.

[Nelson37]

Spybot, AVG, and HijackThis. Don't DL these or any other prog without doing some research first.

Empty both User temp and Windows temp directories. Empty the prefetch directory. Check Windows\system32 for recent files, also files with garbage names. Empty the Recycle bin. Disable System restore and delete those files.

Scan in Safe Mode. If anything found, reboot, empty the directories again, and scan again. Repeat until clean or down to one or two. Check Symantec or other REPUTABLE website for single-use removal tools. By REPUTABLE I do not mean what cousin Dave recommends. Talk to a pro, you are hearing from one now.

Be more careful what you click on and where you go.

[jyeh74]

ok, ran Spybot and found 94 entries and fixed all of them. Doesnt seem like the weird antivirus is gonig away because when I surf, it always has this pop up:

"Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register AntiSpyCheck.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended). "

It gets annoying and it doesnt let me download any program.

[grossjamesh]

I would add a few more things to what Nelson37 has said, NEVER open an e-mail that you dont know the sender.
Turn off the preview function.
If you are on a cable service for internet access use the security suite supplied by the internet host. The host will keep this software up to date.
Use a router with the NAT function this will hide your computer from the web.

[jyeh74]

I also get a "System Alert" - system has detected a number of active spyware application that may impact the performance of your computer, click the icon to get rid of unwanted spyware by downloading an up to date anti spyware solution"
When I click it, it takes me to www.antispycheck.com

When I try to browse websites, they frequently shut down, and get the option to send Windows a report.

This is after fixing all the entries with Spybot. Am I missing something else?

[ricky1756]

also check your internet browser for addons, and if you find one you don't recognize, disable it.

[Midzuki]

Nelson37 wrote:

Empty both User temp and Windows temp directories.

Disable System restore and delete those files.

Besides, avoid/quit using IE --- seriously.

Be more careful what you click on and where you go.

Worms may even do without that helping hand
Some days ago, my computer was hijacked by a worm-wrapped rootkit
while I was consulting Google. Both BitDefender and all warmfixes from Microsoft
were of no use on that day.

Anyway: give a try to gmer. Later, install XP SP3 via an nLited CD.
HTH.

[aedipuss]

jyeh74 - find all the anti-spyware anti-malware anti-rootkit software you can google on the net and use them. you are still infected. here's some info on the trojan infecting your computer - http://www.threatexpert.com/report.aspx?uid=0f547488-50ee-408e-b621-7bf5b1507471


if it were mine i would be formatting the hard drive and re-installing windows from scratch. this time install all the updates and sp3. get rid of the shortcut to internet explorer and only use firefox. switching to thunderbird for email is a good idea also. never let your anti-virus get out of date and use anti-spyware/firewall. if you don't have any at least use avg free v8 with all the online protection.

[budz]

go to www.trendmicro.com and use their free online virus/spyware scanner.

[Ethlred]

Definitely Extortion-ware. I Googled AntiSpyCheck and there are a lot of sites referring to it.

Here is link to the Norton page
http://www.symantec.com/security_response/writeup.jsp?docid=2008-011112-3720-99&tabid=3


And another for the RemoveOnline.com
http://www.removeonline.com/remove-antispycheck-antispycheck-removal-instructions/

I don't know the RomoveOnline site but I googled it and it seems OK. MajorGeeks didn't have anything. Seems like a pain to get rid of. You may need to use another PC to get instructions or to download a specialized tool. It does look to be doable without the Nuclear Option of wiping the drive and reinstalling.

[guns1inger]

Nortons have a removal tool for it here : http://www.regnow.com/trialware/download/Download_snm-2.67_swpl.exe?item=13095-1&affiliate=52822 that might be worth a try

[Dv8ted2]

You may also need to use msconfig and disable the startup entry for that program.

[Nelson37]

A google search will give you the name of the NEW dll file in Windows\system32 that is causing most of the problem.
Sorting this directory by date will probably put the bad guy right up at the top. Safe Mode, Task Manager, kill the process, delete the file. You may need to open both windows, and be fast on the delete key. Likely only have a few seconds.

Regedit for the startup keys, HKLM\software\MS\Winduws\CurrentVersion\Run, should be obvious. There are a crapload more keys, but first you have to disable the running prog. One reason I recommended doing this in Safe Mode. This and the file deletion mentioned above will get most of the way there.

Then change your home page. That and Googling for the problem are too obvious, but I should have mentioned that.

94 entries??? Well short of my observed record of over 80,000, but still indicates you haven't been protecting yourself. No mention of the REQUIRED, NECESSARY second scan. That second scan should only indicate a few entries, making elimination easier.

Did you empty the temp directories or try Safe Mode, do the second scan, ANYTHING other than the simplest, easiest step?

[scott274]

I never mess around with antiviruses. The best protection to a PC is a smart user

Format your C drive and reinstall windows. Make changes as desired in control panel. Reinstall all the extra softwares you want, enter serials and fix their settings. Run windows updates etc. After all this is done, create an image of your C drive with Norton Ghost (2003 recommended), so that the next time you have any software problems you can restore your system in dos in a matter of minutes to that clean image you have created.

And don't visit those silly w@rez & pr0n sites again unless you know what you are doing

[SCDVD]

I also get a "System Alert" - system has detected a number of active spyware application that may impact the performance of your computer, click the icon to get rid of unwanted spyware by downloading an up to date anti spyware solution"
When I click it, it takes me to www.antispycheck.com

When I try to browse websites, they frequently shut down, and get the option to send Windows a report.

This is after fixing all the entries with Spybot. Am I missing something else?

This isn't a "System Alert"; it's some of the load of malware that has infested your system. Don't click on every message that shows up on your screen. One of the most common bait that malware uses is this type of message.

[aedipuss]

to add to scdvd's advice. never click the "close" button on strange popups. always close them with the red x in the upper right corner, the close button can actually be the ok to install all the malware they want button.

[TBoneit]

Super AntiVirus from http://www.superantispyware.com/ seems to kill that nasty. Download the free home version, It cleans but does no active protection, but the price is right and unlike many free trials that detect and want money to clean it cleans for free. What was caught was a Trojan that then downloaded the Bogus antivirus. I wouldn't even click the Red X that whole screen could be an image that has a transparent overlay for OK install my nastiness. Close the browser and look on the Taskbar for the pop-up and right click on it and choose close from there.

After cleaning run Spybot Search & Destroy to fix some security changes made by the Malware and then go to Internet Explorer, Tools, Internet Options, and reset the security and advanced tabs.

Make sure to do a good antivirus scan to get rid of teh Trojan that downloaded the bogus antivirus.

Good Luck

[SCDVD]

I agree with aedipuss's suggestion to reformat your system and start over. You need to change your ways as far as how you use your system to avoid reinfection. Every email message that you receive isn't what it seems to be. Every pop up "System Message" isn't a system message. Don't be a sucker for everything that you see on your system. One of the most common sucker bait is malware that offers to "scan" or "clean" your system. Often this offer to "scan" your system is in an email that tells you how horrible viruses are and out of the "goodness of their heart" they offer to scan you system for "free". The chance that an email with this content is a some form of malware is approximately 100%. Malware can dig in real deep and elude being cleaned by scanning products. One of these is Virtumonde; it's close to impossible to remove it from a system. You can scan it and think it is removed but it just reappears. There are other malware programs that are equally as tenacious.

[DarrellS]

to add to scdvd's advice. never click the "close" button on strange popups. always close them with the red x in the upper right corner, the close button can actually be the ok to install all the malware they want button.

Clicking anywhere on the pop-up can install malware. The best way to close the pop-up is to use Task Manager.

When not using my trusted sites, I turn off active scripting and java scripting. This stops most internet threats. Using a good anti-virus program to stop virus and backdoor trojans. Keep your temporary files and unwanted cookies cleaned out and don't accept third party cookies.

You'd be surprised how much more crap comes from major websites than porn sites.

[mgh]

reformat and reinstall is the best solution as it will also speed up your pc. In case you have software on your pc which you cannot install again and which you would like to keep., you should make an effort to remove it. This article
http://www.bleepingcomputer.com/tutorials/tutorial101.html
may be useful

My experience
One of my friends used my computer for email and surfing and managed to get a trojan. He got the spybot warning, but clicked the wrong button. Anyway, i had to delete five files to get rid of the trojan and above site was very useful, i have seen it highly recommended at couple of other forums also.
I found couple of the files through task manager,googled, found the other files
The function of four of the five files as i found through google.
1. Keep telling me i have trojan, so i should let windows fix it by downloading updates by clicking on a button! (obviously to install more files+ trying to make me pay for a useless piece of antispyware)
2. Change my home page in IE to google (completely harmless you think?!)
3. Go to google and find sites to infect and infect them!
4. Disable my av, spybot and system restore!
Function of the fifth file was to reinstall trojan if i deleted the concerned files above.
The five files
braviax.exe
cru629.dat
aspimgr.exe
msscntr32.exe (calls itself windows security centre extension!)
and beep.sys(it is legitimate windows file, replaced by trojan, to reinstall itself if needed. can be safely deleted)

[jyeh74]

OK so I ran Spybot and Adaware and the warning in the lower right system tray disappeared. But when I surf, it still gives me the following below amd I have to click one of the two options.

"Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register AntiSpyCheck.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended). "

It still often times sends an error report and shuts down IE. What do I do? Just keep installing more antivirus programs? There are a million out there. My last resort is to reinstall windows. Or can I do a system restore to 2 weeks ago?

[johns0]

System restore will not help,you gotta reformat and install windows again,its much faster doing this than spending hours trying to get rid of the matware.

[GideonK]

Had this happen to me a couple of times in the past. took care of it in about 15 minutes.
Reboot into safe mode. Find a restore point that is prior to your Infection day and go for it.
This is the reason restore points were introduced in the first place.
May not work in each and every case, but that is the first thing you should have tried. I know it worked for me. Good luck.

[Nelson37]

I'm guessing you didn't clean the temp directories, delete the dll and other files that were named for you, or most of the other stuff.

Problem now seems limited to IE, THE program for these issues is HijackThis. Just delete everything it identifies as a BHO, or browser helper object. I am abandoning more complex instructions.

You either need to learn how to fix these, or get real comfortable re-formating, re-installing Windows, and re-installing all your apps.

Depending on the number of apps, this can be far more time-consuming, but then it's a lot more simple if all you can handle is clicking on Next.

A simple, basic Google search will yield step-by-step instructions for fixing this and other problems, others have even done this for you and also pointed out specific apps to fix this.