Question

Another "Warning! Your Computer is Infected with Spyware" Situation

Asked by: Larryml

Home desktop computer is infected with (at least) the spyware in title above.  Have researched solutions on the Web, but none have symptoms exactly matching my situation.  My problem seems progressive.  

First, the pop-up appeared.  I wasn't able to close it, but was still able to run IE,  execute other programs, access the control panel, etc.  I did not click to execute its options.

A few days later, when I booted the computer, the pop-up immediately appeared over the desktop display, the wallpaper had been replaced with a white background, and the desktop icons appeared fuzzy.  At that point, I believe I was still able to execute programs using the desktop icons, but maybe I needed to execute from the Start or All Programs menus - can't recall.  I noted that some of the icons in the system tray had disappeared.

The next change occurred a few days later.  Windows would not boot.  The "new" desktop and pop-up immediately displayed upon turning on the computer.  Clicking on the desktop icons produced an hour glass for about 3 seconds, then it disappeared.  I had no access to anything else without Windows except to cable TV which I was able to access via a programmed button on my keyboard.

Finally, today everything disappeared.  I turn on the computer and immediately get a blank black screen.  Tried a number of times - same result - nothing.  Noticed that when I switch off the power to the computer, the pop-up appears for an instant on a white background without being imposed on the fuzzy desktop, then the Windows "Preparing to Standby" screen appears for an instant, and then the computer immediately turns off.

Those are the details as I've observed them.  I'm a long time computer user, but only at an applications level.  Have even less technical knowledge than what it seems most casual users seem to pick up.  My Desktop is a Sony Vaio Digital Studio Computer, VGC-RA820G Series, running Windows XP Media Center Edition.  Any assistance would be greatly appreciated.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-08-18 at 18:44:25ID23658301
Tags

Spyware, Malware

Topics

Networking Security Vulnerabilities

,

Anti-Virus

,

Internet Security

Participating Experts
3
Points
500
Comments
19

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Spyware-infected PC
    Hi! My PC is infected by "spyware". Afterupgrading to last version of Norton antivirus, I get error-popups everywhere. Most infections seem to be in the file Hlp.dll. This file exists, but is probably hidden. I have full backup of Windows XP and Office. What can I...
  2. VX2 Spyware Infection...
    Ok i have spyware on my system that seams virtually un-removiable, the dreaded VX2. I know i have come across this before and i ended up doing a re-format to remove it. Well this time it's on my system (i suspect my roomate) and i really dont' want to reinstall the system f...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: jgmontgoPosted on 2008-08-18 at 18:57:33ID: 22256776


Yea, I am seeing this kind of problem more and more often lately.

The following procedure will help resolve a number of issues and is really good for overall browser health. The first two programs are great solutions for finding and removing a variety spyware. I recommend using the two because it is common that one will find something that the other may not. Together they are a great solution. The third program is an effective tool for cleaning your internet cache. Run these programs in this order now, then at least weekly run them again (starting with CleanUp! then running the two spyware removal programs).

1) Download, install and run the latest version of Ad-Aware:

http://www.lavasoftusa.com/

2) Download, install and run Spybot - Search & Destroy:

http://www.safer-networking.org/en/download/index.html

3) Download, install and run CleanUp!:

http://www.stevengould.org/software/cleanup/download.html

4) Download SysClean from Trend Micro, and run:

http://www.trendmicro.com/download/sysclean.asp

Follow the instructions in the readme_sysclean.txt that is linked from the download page. You will need to make sure you download and uncompress the pattern files before running this program.

If you can place your hard drive into another computer, as a second drive, it is best to run SysClean from that computer. This helps to ensure your malware is not running when you do the scan.

If you do not already have an Anti Virus running I recommend that you get one. In fact, if you are using Norton and even McAfee (although they are not as bad) I do recommend uninstalling them and replacing with Trend Micro" Internet Security 2008. This is one of the most effective programs for preventing and removing a variety of malicious software and attacks. You can get this program by following the link below:

http://www.trendmicro.com/en/products/us/personal.htm

If this doesnt resolve the problem please let us know. It is helpful if you will let us know what you found with the two spyware removal programs and what Anti Virus you are running.

 

by: rpggamergirlPosted on 2008-08-18 at 19:54:14ID: 22256963

Show us a Hijackthis log.
Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Please attach the logfile as "Code Snippet".


Or use either one of these tools below.
Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php

Download SmitfraudFix, and select Option 2. Clean (Safe mode recommended)
http://siri.geekstogo.com/SmitfraudFix.php

How to use SDFix.
http://www.bleepingcomputer.com/forums/topic131299.html

 

by: LarrymlPosted on 2008-08-18 at 20:14:40ID: 22257022

Iqmontqo,

Thanks for your speedy response.  Unfortunately, as stated in my question, the problem has preceded  from simply having the pop-up appear to only receiving a blank, black screen when I power on my computer, so downloading or doing anything else is beyond my current capabilities.  Is there some way  to access my computer from a blank screen?  I mentioned I'm a technical dummy.

FYI, I have the latest versions of Ad-Aware and Spybot installed and run them occasionally.  In addition, I have Webroot Spy Sweeper installed, as well as Max Registry cleaner and Evidence Eliminater.  My virus protection is the McAfee security package offered for free from my Internet provider - Comcast.  

Something I forgot to state in my question...  After the pop-up appeared and before it (I assume) began shutting down my computer's capabilities,  I ran the latest versions of Ad-Aware and Spybot, but no help.  I attempted to run a virus scan, but received a message that my version of McAfee needed to be verified.  Attempts to "verify" over the web produced a message from McAfee that I had the latest version - an endless loop.  I ran Max Registry cleaner.  Received feedback that risky files were present, but when I tried to delete them, I received a message that I needed to register the product to do so.  The product had been registered and paid for some time ago - another endless loop.  And, I noticed the Evidence Eliminator icon had disappeared from my system tray.  Has this thing developed a brain, or what?

Anyway, I appreciate your feedback, but my a solution to my situation remains a mystery.

 

by: LarrymlPosted on 2008-08-18 at 20:23:11ID: 22257049

rpqqamergirl,

Thanks for the feedback.  Please see my response to Iqmontqo for my inability to respond to your recommendations.  I now get a blank screen when I power on my computer and, frankly, don't know where to go from there.  Any ideas?

 

by: jgmontgoPosted on 2008-08-18 at 20:30:43ID: 22257073

Yea, unfortunately a lot of this stuff has too much of a brain.

At this point I generally ask 2 questions. First, is there anything on your computer that you would not want to loose? Second, do you have access to a second computer?

The reason I ask is that it is, at this point, probably going to be best to reload everything from scratch. This would involve formatting your hard drive and reloading Windows and all of your software. If you have any data that you want to save, like documents or pictures, we will need to find a way to save them first.

The second computer comes in play if you want to (A) try to get rid of the problem, although it is not going to be likely in my opinion, and (B) the second computer can be used to gain access to any data that you want to save.

 

by: LarrymlPosted on 2008-08-18 at 20:32:48ID: 22257079

To my helpers out there...

It just dawned on me that I should explain that I am communicating via my laptop computer wihich is NOT my infected desktop computer.

 

by: rpggamergirlPosted on 2008-08-18 at 20:33:33ID: 22257081

It would've been better if you came here when the first symptom appeared. As sometimes running those generic programs can do more harm than good with some infections. Sometimes running an antivirus or other scanners can render the pc unbootable whereas if using a specialize tool would've helped.

Can the pc boot properly into safe mode?
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

 

by: rpggamergirlPosted on 2008-08-18 at 20:38:31ID: 22257100

Okay so no choices which mode? just blank screen straightaway when powered on?
Then you would need to try the Recovery Console, do you still have your windows CD?

 

by: LarrymlPosted on 2008-08-18 at 20:58:12ID: 22257145

jgmontgo,

Bad news, but doable if you are willing to work me through the process - can't stress enough my technical IN-capabilities.  I have an early client meeting tomorrow morning about a hundred miles from here, so will need to refocus myself onto preparation and sleep at this point, but would like to pursue whatever will resolve this situation even if the resolution means a "cleaned" computer.   Also, would like the same opinion from rpqqamergirl (if you're are still out there) .  Though an effectively dead computer would indicate a drastic solution, a second opinion is always welcome and not a criticism.  I'll again be available tomorrow afternoon or evening,

 

by: jgmontgoPosted on 2008-08-18 at 21:08:26ID: 22257175

Not a problem, that is what we are here for. Whatever we can do to get you back up and running in a manner that best fits your needs. And definitely, the second and even third opinions are one of the things that makes EE such a great place.

 

by: LarrymlPosted on 2008-08-18 at 21:24:14ID: 22257211

rpggamergirl:

Regarding safe mode...  Upon restart of computer, no beep, just get blank screen and an hour glass that lasts about 3 seconds and disappears.   Regarding Windows CD...  I have not been able to locate it (don't you just love users like me?).  The computer came with the operating system already loaded.  It would seem that it would also be provided on CD.  I'll investigate further when I get home tomorrow, but preliminary search has not turned up anything.

 

by: jgmontgoPosted on 2008-08-18 at 22:22:03ID: 22257358

Was there ever a beep when the computer started up in the past?

If you are unable to locate the restore media, or Windows disk, you may be able to get a replacement from Sony.

 

by: rpggamergirlPosted on 2008-08-19 at 00:44:27ID: 22257807

Looks like formatting and starting over is the solution when the pc is dead.

You're in good hands with jgmontgo's guidance.

 

by: jahboitePosted on 2008-08-19 at 05:18:17ID: 22259048

It sounds like the blank screen thing might be caused by a screensaver.  This malware seems to install that BSOD screensaver and it might in this case be causing a black screen instead.

Try rebooting your machine and hitting F8 repeatedly - it might work to get you into safe mode, it might not.

 

by: jgmontgoPosted on 2008-08-19 at 21:10:03ID: 22266080

Dosen't sound like a screen saver at all but, jahboite did spur on a thought. I reread your original descripton and I see mention of the Windows "Preparing to Standby" message. So lets look at one thing really quick:

  1. Unplug the computer's power cord then plug it back in 
  2. Attempt to boot the computer 
  3. Let us know what happens 

I woudl not expect this to resolve the issue, but I would expect a change in the symptoms. I am thinking that we are dealing with a number of compounded issues. In any case it will be notable if the symptoms change or stay the same.

Jon

 

by: LarrymlPosted on 2008-09-03 at 09:46:44ID: 22379138

jgmontgo and rpggamergirl,

Sorry, I have not been responsive recently - business travel.  I decided this had gone on long enough.  I ordered a system recovery DVD from Sony, but wasn't home to apply it until this past weekend.  So, my desktop is recovered, up and running fine.  Immediately installed latest version of the Comcast-provided McAfee Security Center and downloaded and ran SpyBot  - no hits as expected.  

FYI, I also downloaded a paid version of Max Registry Cleaner again.  Ran it and got over 300 hits on my clean computer - uninstalled it and issued a complaint to the company.

Anyway, the loss of my applications and data on this computer was acceptable (Grrrrrr).  Had this happened to my other desktop or my laptop, I would have been in deep trouble.  Have now learned the hard way to actually apply best practices.  Rescue/recovery disks have now been produced for all computers and I have a schedule posted to periodically refresh them.

Thanks so much for your assistance.  It's comforting to know that you are out there...

 

by: LarrymlPosted on 2008-09-03 at 09:55:09ID: 31487870

Experts were very helpful.  Problem was an expanding virus that I had let go without attempting to repair well beyond the point of correction being possible.  So, a solution wasn't reached and I had to recover my system, but the assistance was comforting, quick, and appreciated.

 

by: jgmontgoPosted on 2008-09-04 at 05:18:58ID: 22386360

You are definitely welcome.

 

by: rpggamergirlPosted on 2008-09-04 at 05:40:08ID: 22386534

No problem, glad to know it's been resolved.

Thank you for using Experts-Exchange!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...