Solved

Spyware removal

Posted on 2006-07-10
6
337 Views
Last Modified: 2013-11-16
Can't change home page. Everytime I open internet explorer a windows alert pops up that says i need spyware removal and if I click ok then it takes me to a malwarwipe web page.  Also every now and then a little yellow alert will pop up in the task bar in the lower right cotner of the screen and if I click on that it takes me to a different spyware removal tool site.  What can I do beside give in and buy this spyware romoval tools.  I already have norton internet security 2005.  I try scanning my system and notta.  Please help.

-James
0
Comment
Question by:JAMES125
  • 3
  • 2
6 Comments
 
LVL 42

Accepted Solution

by:
zephyr_hex earned 500 total points
Comment Utility
fyi
norton internet security does very little in the way of protecting you against spyware...

for us to help, we should start with a hijackthis log.  run hijackthis and it will produce a log.  copy/paste the log into here:
http://www.hijackthis.de .  that site will analyze the log.  at the bottom of the analysis is a link to save the analysis.  save it and post the LINK to your saved analysis here.

you can get hijackthis here: http://www.majorgeeks.com/download3155.html
0
 

Author Comment

by:JAMES125
Comment Utility
When I click on your second link it gives me a black web page with nothing on it.
0
 
LVL 42

Expert Comment

by:zephyr_hex
Comment Utility
are you trying to do this from the infected computer?  if so, you will need to find another computer from which to do your download.

other resources for hijackthis:
http://www.merijn.org/downloads.html  (scroll down to the Office Downloads section)
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml
http://www.download.com/HijackThis/3000-8022_4-10379544.html

or google it... it's all over the place.  you'll want version 1.99
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 15

Expert Comment

by:greyknight17
Comment Utility
Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 and save the file to your desktop.

NOTE: If you have Windows 9x/ME, you don't need to use Ewido (skip this step).
Download and install Ewido http://www.ewido.net/en/download/
Double-click the Ewido icon on your desktop to run it.
On the top of the main screen click Shield. Click the word active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-signatures-full-current.exe
When you have finished updating, exit Ewido.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

If running CleanUp! for the first time, it will ask you if you want to run it in Demo Mode. Don't run it in Demo mode...we want to do the actual cleanup now. CleanUp! deletes EVERYTHING out of your temp/temporary folders. It will also delete the cookie files. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff.

Run the smitRem.exe tool you downloaded earlier. There should be a folder called smitrem created on your desktop. Open it and double click on the RunThis file. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.

Make sure all windows are closed. Run Ewido.
Click 'Scanner'. Then click 'Complete System Scan' to begin scanning.
When the scan is complete click 'Recommended Action' and change it to 'Quarantine'.
Then click 'Apply all actions'.
Once finished, click the 'Save report' button. Then click 'Save Report As' and save it to your desktop.

Right click on your desktop and go to Properties. Then go to the Desktop tab and click on Customize Desktop. Go to the Web tab and delete everything there except My Current Home Page (which should be unchecked). Click OK.

Restart your computer to get back to Normal Mode.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Then post the Panda log here along with the logs for smitfiles.txt, Ewido and a new HijackThis log.

You may post a link to the analyzed HijackThis log when ready.
0
 

Author Comment

by:JAMES125
Comment Utility
Sorry I really don't have the time for all this right now.  I will try what you say later.  If you want you can check back with me but I will go ahead and give you the points anyway.

Thanks, James
0
 

Author Comment

by:JAMES125
Comment Utility
Just for the record the first response worked perfect.

Thanks
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now