Jump to content
Sign in to follow this  
DITPML

Possible Spyware or Virus.... need help

Recommended Posts

Okay, last time I had a problem, you guys helped me out, big time!  Anytime I've known anyone to need help, I direct them here.  So again, I thank you.

My problem now is I have some kind of spyware or possible virus and it's stopping me from even completing full spyware or virus scans.

On startup, this menu appears on the right side of my screen:

1.jpg

I have no idea where it came from and I have no idea how to remove it.  Any and all help you guys could give me would be great.

Jonathan.

Share this post


Link to post
Share on other sites

neither ad-aware or spyware s&d finish? try looking for the task that it is running as. then look for directories similar to it, chaeeck the startup folder, scan the registry for the name. it will likely be in multiple directories, the names of files may give clues as to what the others are. same with registry entries. there might also be one or more icons on your desktop, the browser start page may also be hijacked. the problem is if it is one of the better adwares it will replace any files deleted or tasks killed almost as fast as you can kill em. it is still worth a try. in one instance i had success by tricking the program. i found the executables that were being replaced and overwrote them with another executable (like the calc.exe) that i had copied and renamed appropriately. the prog didn't realize that while the file it was monitoring was still there it wasn't what it thought it was. when i then started killing tasks the task that tried to relaunch the thing couldn't because the file wasn't there anymore. while you are trying to manually eradicate the bastard you will want to cut off the net access for that comp (unplug network) so it can't recover things you kill from outside.

Share this post


Link to post
Share on other sites

If this is what i think it is (coolwebsearch/coolwww or something similar) you're pretty much down to one solution and thats trying (yes, that bad) of removing it, but the guy who wrote the coolwww remover couldn't remove the latest versions of it anymore so his advice was to format your c: and re-install windows.

Try the safebooting, and the msconfig thing first. also try to see if there are any suspicious things running in the task manager (around 42 - 45 objects listed is average with windows xp when you have internet and an IM program open.)

Close the suspicous things and try to scan.

Share this post


Link to post
Share on other sites

I just got rid of a nasty bugger myself. So yes, whatever you do, do it in Safe-Mode. You may need to disable your system restore until after you fix it. I found that having my system restore enabled was allowing the "thing" to return again and again. Now that was me. Once I cleared it up in safe-mode( I actually used Spy Sweeper-free trial and AVG to get the bugger) I activated my system resore giving me a clean restore point.

And by all means, keep your porn surfing to a minimum!! Buy some magazines for Gods sake!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...