Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Spyware removal

Posted on 2006-07-10
6
Medium Priority
?
344 Views
Last Modified: 2013-11-16
Can't change home page. Everytime I open internet explorer a windows alert pops up that says i need spyware removal and if I click ok then it takes me to a malwarwipe web page.  Also every now and then a little yellow alert will pop up in the task bar in the lower right cotner of the screen and if I click on that it takes me to a different spyware removal tool site.  What can I do beside give in and buy this spyware romoval tools.  I already have norton internet security 2005.  I try scanning my system and notta.  Please help.

-James
0
Comment
Question by:JAMES125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 44

Accepted Solution

by:
zephyr_hex (Megan) earned 2000 total points
ID: 17077781
fyi
norton internet security does very little in the way of protecting you against spyware...

for us to help, we should start with a hijackthis log.  run hijackthis and it will produce a log.  copy/paste the log into here:
http://www.hijackthis.de .  that site will analyze the log.  at the bottom of the analysis is a link to save the analysis.  save it and post the LINK to your saved analysis here.

you can get hijackthis here: http://www.majorgeeks.com/download3155.html
0
 

Author Comment

by:JAMES125
ID: 17077796
When I click on your second link it gives me a black web page with nothing on it.
0
 
LVL 44

Expert Comment

by:zephyr_hex (Megan)
ID: 17077843
are you trying to do this from the infected computer?  if so, you will need to find another computer from which to do your download.

other resources for hijackthis:
http://www.merijn.org/downloads.html  (scroll down to the Office Downloads section)
http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml
http://www.download.com/HijackThis/3000-8022_4-10379544.html

or google it... it's all over the place.  you'll want version 1.99
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 15

Expert Comment

by:greyknight17
ID: 17077918
Print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 and save the file to your desktop.

NOTE: If you have Windows 9x/ME, you don't need to use Ewido (skip this step).
Download and install Ewido http://www.ewido.net/en/download/
Double-click the Ewido icon on your desktop to run it.
On the top of the main screen click Shield. Click the word active to change it to inactive.
On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-signatures-full-current.exe
When you have finished updating, exit Ewido.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

If running CleanUp! for the first time, it will ask you if you want to run it in Demo Mode. Don't run it in Demo mode...we want to do the actual cleanup now. CleanUp! deletes EVERYTHING out of your temp/temporary folders. It will also delete the cookie files. It does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Run CleanUp! and click on the CleanUp! button. Let it run. After it's done, click the Close button and choose Yes to logoff.

Run the smitRem.exe tool you downloaded earlier. There should be a folder called smitrem created on your desktop. Open it and double click on the RunThis file. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Post that log along with all others requested in your next reply.

Make sure all windows are closed. Run Ewido.
Click 'Scanner'. Then click 'Complete System Scan' to begin scanning.
When the scan is complete click 'Recommended Action' and change it to 'Quarantine'.
Then click 'Apply all actions'.
Once finished, click the 'Save report' button. Then click 'Save Report As' and save it to your desktop.

Right click on your desktop and go to Properties. Then go to the Desktop tab and click on Customize Desktop. Go to the Web tab and delete everything there except My Current Home Page (which should be unchecked). Click OK.

Restart your computer to get back to Normal Mode.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoftware.com/products/activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.

Then post the Panda log here along with the logs for smitfiles.txt, Ewido and a new HijackThis log.

You may post a link to the analyzed HijackThis log when ready.
0
 

Author Comment

by:JAMES125
ID: 17078045
Sorry I really don't have the time for all this right now.  I will try what you say later.  If you want you can check back with me but I will go ahead and give you the points anyway.

Thanks, James
0
 

Author Comment

by:JAMES125
ID: 17078297
Just for the record the first response worked perfect.

Thanks
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A look at what happened in the Verizon cloud breach.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question