Any cure 4 my infected computer??

Hey experts,

Till recently my machine was wrking w/o much problem but now i think its exposed to threats from the net....coz now ther's an icon popping up in the taskbar everytime, saying 'Virus Alert!' and displays a msg...

'Your computer is infected!

Critical System Error! System detected virus activities. They may cause critical system failure. Please, use anti-malware software to clean and protect your system from parasite programs. Click here to get all available software.'

I dont have any spyware guards in my machine coz i dont know which are the gud spyware guards these days...so i clicked n put it 2 download 1 of the spyware guards displayed in the site (when i clicked th displayed msg box) calld 'Spyquake'...but i ddnt instal it coz a person told me that ths is a certain spyware.

Now when i go online everytime it shuts down my web browser n reset the homepage, in the background it downloads that spyquake software n instals by itself n scans the system n show that threats in the system hav ben found.....

I have norton system works 2005 installed n updated....but it ddnt detect any sort of threat...

So pls help to get my machine back to normal....also pls suggest any GOOD free software i can download to have protect against these latest spyware, trojans etc....

thanx.....
Priyankdes
priyankdesAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
SheharyaarSaahilConnect With a Mentor Commented:
just in case if you are still confused, that what to be chosed from this list >> http://www.alaynah.net/shehar/anti_spyware.htm
I will recommend to start with Ewido, its free and has shown some fantastic results in cleaning out most of the malware.
then follow the cleaning instructions, in the end if you still have problem, you can use Hijackthis as instructed here,

How to use Hijackthis
http://www.alaynah.net/shehar/hijackthis.htm
0
 
SheharyaarSaahilCommented:
How to clean your system from Malware & Viruses
http://www.alaynah.net/shehar/clean_system.htm
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Hello,

What you might want to do is get Firefox, and download Adaware SE Personal and Spybot S&D use these programs in tandem and it should remove the malware/adware. What ever you do dont download anything that is poping up on your screen like "Free software to fix your Issues" stuff like that. when you click on those they are just getting you deeper into more spyware etc. do download those programs and let me know how it works out for you.

Hope this helps
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Will SzymkowskiSenior Solution ArchitectCommented:
Also I forgot to mention download Windows Defender from the Microsoft Website and perform the newest Windows Updates on your Machine.

=)
0
 
dougstubbsConnect With a Mentor Commented:
Download and run AdAware (http://www.lavasoftusa.com/software/adaware/) and Spybot (http://www.safer-networking.org/)

Then download HIJackthis as instructed by SheharyaarSaahil  and post the log file.  From that we can better determine what the culprit is.

0
 
priyankdesAuthor Commented:
Hey

I tried Ewido (anti-malware) as suggested by SheharyaarSaahil n i think there's a definite improvement n the that icon which appeared on the taskbar has disappeared, also the browser wont shut down n that spyquake software is not getting downloaded....i got ths log file from the program 'Hijackthis' as you guys requested.....

http://www.hijackthis.de/logfiles/6906e6c2f60d4708e67283e392605a2c.html

priyankdes
0
 
priyankdesAuthor Commented:
Hey

I tried Ewido (anti-malware) as suggested by SheharyaarSaahil n i think there's a definite improvement n the that icon which appeared on the taskbar has disappeared, also the browser wont shut down n that spyquake software is not getting downloaded....i got ths log file from the program 'Hijackthis' as you guys requested.....

http://www.hijackthis.de/logfiles/6906e6c2f60d4708e67283e392605a2c.html

priyankdes
0
 
masnrockConnect With a Mentor Commented:
Use additional tools, such as Adaware and Spybot. Even Spy Sweeper works fairly well. But different programs will catch different things. You're going a heck of a lot better though. Different programs produce some fairly different results.
0
 
dougstubbsCommented:
Remove the following entries from Hijackthis:

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab 

O20 - Winlogon Notify: winhyo32 - winhyo32.dll (file missing)

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Reboot and run Hijackthis again.  Post that log and we can verify that all the nasty programs are completly gone.
0
 
SheharyaarSaahilCommented:
going fine.... :)
0
 
nepostojeci_emailConnect With a Mentor Commented:

-------
Step 1:
-------

First of all when you start HijackThis, click on the "Open the Misc Tools section" button.
Under "System tools", click "Open process manager" button.
You should see a list of processes currently running on your comp.
Try to kill as much as possible, avoiding svchost.exe. Those which belong to the
Windows would not be able to be terminated. So don't worry. This step is
important, because this way you are shutting down any processes that could
reverse back everything you clean up.

When you have finnished killing all possible processes, you should see in that list only
these processes (sorted by Image Name):
- csrss.exe
- explorer.exe
- HijackThis.exe
- lsass.exe
- services.exe
- smss.exe
- svchost.exe
- System
- System Idle Process
- winlogon.exe
and only "svchost.exe" should be repeated several times.

If you suddenly kill explorer.exe all of the icons from desktop will dissapear, and
your TaskBar will be gone too, but that's not a big deal. Just press Ctrl+Alt+Del,
and Task Manager will pop up, then go to: "File -> New Task (Run...)" and type
"explorer" and click the "Open" button. That will restore your desktop back.

AFTER, and only after you have killed all the other processes, you can start the
next step. If you fail to kill all of the processes (except the above), the chance
of success is somehow lowered.


-------
Step 2:
-------

If HijackThis is started, close it and start it again. Click on the
"Do a system scan only" button, and then select the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

------------
now "O4 - HKLM\..\Run:"
this section contains the items that would need to startup along with the Windows
when it boots up. The more items you have in this section, the slower will your
machine boot up. I recommend you erase all the unneeded items, as follows:

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
------------

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

------------
(this item should be removed if you don't use the services of "Sri Lanka Telecom"
otherwise don't touch the following item):
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEB12BBB-8333-4310-BEB2-B0713F7105AA}: NameServer = 203.115.0.47 203.115.0.46
------------

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winhyo32 - winhyo32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

------------

Now, click the "Fix checked" button (if any Windows Explorer or Internet Explorer
windows are open, close them before fixing). After the fixing has been done,
reboot your computer. When computer reboots, open HijackThis, click on the
"Do a system scan and save a logfile". Save the log to the Desktop, then connect
to the internet and upload your log to www.hijackthis.de and when you do that,
you should see a link to your log, after successful upload. Copy that link here
for further check to make sure everything went ok.

Greetings.
0
 
nepostojeci_emailCommented:
One notice to the Experts. Don't instruct the asker(s) to download the
software from a third party web pages. If you do so, those files can
very easily be patched and changed from the original one, so it can
also contain malicious code.

In this case, the origin of the HijackThis is the "merijn.org"
http://www.merijn.org/files/hijackthis.zip
0
 
priyankdesAuthor Commented:
Hey guys

nepostojeci_email here's the link after following ur instructions....but the msn messenger n the gmail notifier disappeared from the taskbar......do i need 2 reinstal them?

http://www.hijackthis.de/logfiles/0b14199b430ec04b43fd7966f0a9f48e.html
0
 
dougstubbsCommented:
Looks clean now, still having any issues?  

You will need to reinstall msn messanger and gmail as he had you remove the startup entries for them.
0
 
masnrockCommented:
You don't _have_ to reinstall anything. You could either recreate the following registry entries OR just add them to your startup folder. (In the case of MSN, I think you can just run the program and change its settings to start when Windows starts) Even though you no longer notice icons, the software is still very much on your computer.

These are the registry entries that you can try to recreate. (nepostojeci_email only made a recommendation to remove the items to have fewer things run at startup.) But here are the entries that you can add back in.

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

Let us know if you want help with that.... it's not the prettiest thing, but it can be done.
0
 
nepostojeci_emailCommented:
you don't need to reinstall those software, just open MSN msngr, and go
to Tools -> Options -> General, and then select the checkbox:
"Automaticaly run Messenger when I log on to Windows"

For gmail notifier, it is enough to just start it, and it will recreate the
startup link itself. I've made such a recommendation because some
viruses create those entries acting as a well known programs. In
order to deal with that option, I suggested to remove those items too.

Anyway, if you want to turn back changes you have made to your system
you can do it also in HT, by clicking to the "View the list of backups" button
and then choose those items you want back.
0
 
priyankdesAuthor Commented:
Hey guys....

so far everything had worked perfectly....now the system is running smoothly....

thanks guys for ur excellent work!!!!!!!!!

Priyankdes
0
 
nepostojeci_emailCommented:
What happened? No points at all?
Come on.. I object..
Is there any MOD here?
0
 
priyankdesAuthor Commented:
Oh i'm so sorry 'nepostojeci email', i actually wanted to split the points among the 5 of u who contributed the useful views on ths.....but i accidently have transfered all of them to SheharyaarSaahil.......I wanted to mention this as soon as it happpend but i couldnt at the time.........really i do want to share the points among the  5 of u.....pls tell me how to make an appeal for this.....i dont know whats the procedure is......

pls let me know ASAP......
again i'm sorry 4 the disappointment..........

Priyankdes

0
 
masnrockCommented:
Here you go... this should cover that exact thing you're asking about.
http://www.experts-exchange.com/help.jsp#hi17
0
 
masnrockCommented:
Your question should get reopened, then you can go back and choose to split the points as you deem fit.
0
 
nepostojeci_emailCommented:
I thought that you gave the points to some other expert because
that solved your problem, but then I saw the point were given to
the post that was at the very begining of this thread, so I've kind
of overreacted..

sorry..
0
All Courses

From novice to tech pro — start learning today.