Solved

Spyware or virus problems?

Posted on 2004-09-26
17
592 Views
Last Modified: 2013-12-04
Hi, I'am running WinXP Pro and I'am having some issues with my computer. I believe I have some kind of Spyware or virus on my computer because when I access web sites or just about anything on my computer and there is anything with sexual slangs in words (i.e.- assets, updating, etc.) Parts of the words are underlined and have links attatched to them like "ass" in assests and "dating" in updating. You can click on the link and it will just go to a dirty site. I've run adaware and deleted all the bad stuff there and I've ran Nortons in safe and regular mode but I'am not getting any viruses found. I'm not sure what else I can do at this point. I cant even get the WinXp SP2 downloaded because it just keeps looking and looking for updates. If anyone can help me out here that would be great. It's really frustrating when you cant even get on the internet at safe sites and everything is pointing to sex stuff.

TIA,

JFAZ
0
Comment
Question by:JFAZ
  • 8
  • 5
  • 4
17 Comments
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Hi JFAZ

It does sound like Spyware or a virus. Have you tried only one spyware program? It is good to try at least 2 as different spyware software programs pick up different things. The ones I usually use are: Adaware, Spysweeper, and Spybot search & Destroy. Also, make sure that your virus program and the spyware programs have the latest updates installed on them. And try not to have anything else running while you do this...
0
 

Author Comment

by:JFAZ
Comment Utility
I downloaded those programs that you suggested and tried them out and although it did find numerous things on my computer the problem still exists with the undelining of certain words and parts of words that are links. Any other suggestions I could try besides a reformat?

JFAZ
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
I'm sorry but I've never actually come across any information relating to your exact problem - the sexual web links (virus?) - and I do deal a bit in fixing viruses, and general computer problems. It sounds like you've already tried everything I can think of doing apart from the... 'reformat'.

The web sites that the links go to... Is is always the same web site? Are they always different? Is it like 'hotbar' where it links to anything that a search finds relating to the selected words...?

And you've definitely tried running the spyware programs in safe mode?
Made sure no applications are running while scanning?
Closed other little programs that run in the background - e.g. anything in the Notification area (i.e. where the clock is in Windows)?
Go to regedit, under My Computer, HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Run: See if there is anything suspicious looking that looks like spyware? (By the way they are the instructions for WIN. XP Pro.)
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Have you restarted the computer since running the spy removal programs?
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
Comment Utility
JFAZ,,,, try this, my sister's system had this type pf problem once, and i fixed it with hijackthis :)

So Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post it at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
 

Author Comment

by:JFAZ
Comment Utility
Ok I tried everything that I you all had put up here for me to try. I fixed everything with Hijack This, that I felt comfortable fixing. Here is my saved log file and some of these questionable ones I know what they are like Incredimail and others I dont. Any help would be greatly appreciated. The web links that are are refereing to sexual slangs are all pointing to http://searchmiracle.com/ and I had deleted all of those type of "NASTY" entries that it found already. Please help if you can!

JFAZ
0
 

Author Comment

by:JFAZ
Comment Utility
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Hi JFAZ

So after you ran HijackThis, does your computer work normal now?

If it doesn't I would suggest fixing the last four 'possibly nasties' on your list.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Have you tried Hijack this?

It seems to pick up extra things. You can download it at:

http://tools.radiosplace.com/HijackThis.exe

Save the LOG file then copy and paste it into the box at:

http://www.hijackthis.de/index.php?langselect=english

This site automatically analyses it for you. Fix everything which it labels as Nasty!

To fix, check the lines and click on Fix Checked!

If it still doesn't work, can you save the site after it analyses it and give us a look at it so we can see if it has missed something.
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Sorry!
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Trying to fix another problem - and the HijackThis thing really worked!
0
 
LVL 2

Expert Comment

by:Ke11ie
Comment Utility
Actually, I've just fixed a couple of my own problems and then I took another look at your log - and I would definitely get rid of your 'O2's and 'O3's and hopefully that should work! (And if you haven't already done what I said to try above - I would ignore those!)

They seemed to solve my stupid spyware problems!
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 500 total points
Comment Utility
JFAZ these are the entries in ur LOG which u still need to fix :)

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 46.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 46.dll
O4 - HKLM\..\Run: [7DbH] C:\documents and settings\jennifer\local settings\temp\7DbH.exe
O4 - HKLM\..\Run: [uP4HSh] C:\documents and settings\jennifer\local settings\temp\uP4HSh.exe
O4 - HKLM\..\Run: [4A9E3745DCKMAP] C:\WINDOWS\System32\Vtz7.exe
O4 - HKLM\..\Run: [osmf3qU] nvcdm.exe
O4 - HKCU\..\Run: [Litd] C:\Documents and Settings\Jennifer\Application Data\tata.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
=====================================================

then can u see this line >> F2 - REG:system.ini: UserInit=userinit.exe,
the entry is wrong, but u cannot fix this line coz it will harm ur windows, so u have to manually edit ur registry to correct it,,,, so BACKUP ur registry fisrt and then follow the below step !!

goto Start>Run>regedit and navigate to the following key,

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

look in the right pane for a key called Userinit
right click it and click Modify
u can see the value data as >> userinit.exe,

change it to >> C:\Windows\System32\userinit.exe,
(Note the comma following the file path information)

save the file and restart ur machine !!
Then Disable ur Messenger Service if its running >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
After that Follow these Instructions:

1. Restart ur machine in safemode and Login as Administrator
2. Run the AntiVirus tool and delete all viruses it found
3. Run the Spyware Removal tools and delete everything they detect
4. Then goto My Computer>Tools>Folder Options>View and turn on the feature of Show Hidden Files
5. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temp and delete all files present here
6. Goto C:\Documents and Settings\ur usernmae\Local Settings\Temporary Internet Files, and delete the folder of ContentIE
7. Goto C:\Documents and Settings\ur usernmae\Cookies, and delete all cookies present here.
8. Goto C:\Windows\Temp and delete all files present here
9. Reboot back in Normal Mode and check if problems are gone or not
10.Post Back and Good Luck :)
0
 

Author Comment

by:JFAZ
Comment Utility
Hi, Ok it now seems as if I'm all fixed over here I'm not seeing anymore sexual links and I'm finally able to get the WinXP SP2 on this computer. The only other question that I have for anyone is, should I always be running my virus scans and spyware scans in safemode? Also, does clearing out all of the temp stuff have to be done at the same time as well when I'm having problems?

Thank you all for your in depth help. I always know that I can get on here and you guys always seem to help me out a lot and above all else. I'm learning! I'll award the points here shortly.

Thanks,

JFAZ
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
gooooood news JFAZ :)

and Yes u shud always run ur spwyare removal tools and av scan in safemode, coz in safemode there are no background running proceses that can interrupt with them,,,,, and clearing out temp internet files and local settings\temp files is also recommneded in once a week :)

anything else =)
0
 

Author Comment

by:JFAZ
Comment Utility
One more qeustion that I had forgot to previously answer. From looking at my logs,etc. Do you have any idea what might have infected my computer with that searchmiracle link problem?

JFAZ
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
i saw some junk files running from ur Local Settings\TEMP folder !!
those were totally unknown files,,,,, u know random nasty files...... and i think those were resposible for that problem :)
and that was the reason i asked to delete all ur Temp internet files alongwith the Temp folder files !!  =)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now