adware/spyware/hacker????

  • Thread starter Thread starter jock
  • Start date Start date
J

jock

Guest
Message constantly popping up from security shield on lower right screen.

system intrusion or stealth intrusion, security breach, system danger,

privacy threat etc. .

-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

trying to access internet shows IRC-worm.dos.septic or

trojan-bnk.win32.keylogger.gen

Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

Help. JOCK
 
Sounds like you've been HiJacked

First Disconnect your PC from the NETWORK

Download this onto a USB Drive

and run it

http://free.antivirus.com/hijackthis/



Find the Offected Registries.

(Google if you won't know what a program is it will tell you if it's ok or

not)

Russ

--

Russell Grover -[SBS-MVP]

24hr SBS Remote Support - www.SBITS.Biz

Second Opinion - www.PersonalITConsultant.com

Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com





"jock" wrote:



> Message constantly popping up from security shield on lower right screen.

> system intrusion or stealth intrusion, security breach, system danger,

> privacy threat etc. .

> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> trying to access internet shows IRC-worm.dos.septic or

> trojan-bnk.win32.keylogger.gen

> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> Help. JOCK
 
Also get this

http://www.malwarebytes.org/

Russ

--

Russell Grover - [SBS-MVP]

24hr SBS Remote Support - www.SBITS.Biz

Second Opinion - www.PersonalITConsultant.com

Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com





"Russ - SBITS.Biz" wrote:



> Sounds like you've been HiJacked

> First Disconnect your PC from the NETWORK

> Download this onto a USB Drive

> and run it

> http://free.antivirus.com/hijackthis/

>

> Find the Offected Registries.

> (Google if you won't know what a program is it will tell you if it's ok or

> not)

> Russ

> --

> Russell Grover -[SBS-MVP]

> 24hr SBS Remote Support - www.SBITS.Biz

> Second Opinion - www.PersonalITConsultant.com

> Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com

>

>

> "jock" wrote:

>

> > Message constantly popping up from security shield on lower right screen.

> > system intrusion or stealth intrusion, security breach, system danger,

> > privacy threat etc. .

> > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> > trying to access internet shows IRC-worm.dos.septic or

> > trojan-bnk.win32.keylogger.gen

> > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> > Help. JOCK
 
This may be nothing more than windows messenger service popup vunerability

turn off windows messenging service



"jock" wrote:



> Message constantly popping up from security shield on lower right screen.

> system intrusion or stealth intrusion, security breach, system danger,

> privacy threat etc. .

> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> trying to access internet shows IRC-worm.dos.septic or

> trojan-bnk.win32.keylogger.gen

> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> Help. JOCK
 
security center is blocking access to all internet sites on one user login

account. the other logins seem to be ok. running windows xp. home edition.

--

jock





"Russ - SBITS.Biz" wrote:



> Also get this

> http://www.malwarebytes.org/

> Russ

> --

> Russell Grover - [SBS-MVP]

> 24hr SBS Remote Support - www.SBITS.Biz

> Second Opinion - www.PersonalITConsultant.com

> Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com

>

>

> "Russ - SBITS.Biz" wrote:

>

> > Sounds like you've been HiJacked

> > First Disconnect your PC from the NETWORK

> > Download this onto a USB Drive

> > and run it

> > http://free.antivirus.com/hijackthis/

> >

> > Find the Offected Registries.

> > (Google if you won't know what a program is it will tell you if it's ok or

> > not)

> > Russ

> > --

> > Russell Grover -[SBS-MVP]

> > 24hr SBS Remote Support - www.SBITS.Biz

> > Second Opinion - www.PersonalITConsultant.com

> > Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com

> >

> >

> > "jock" wrote:

> >

> > > Message constantly popping up from security shield on lower right screen.

> > > system intrusion or stealth intrusion, security breach, system danger,

> > > privacy threat etc. .

> > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> > > trying to access internet shows IRC-worm.dos.septic or

> > > trojan-bnk.win32.keylogger.gen

> > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> > > Help. JOCK
 
On Feb 12, 8:56 am, jock wrote:

> security center is blocking access to all internet sites on one user login

> account. the other logins seem to be ok. running windows xp. home edition..

> --

> jock

>

>

>

> "Russ - SBITS.Biz" wrote:

> > Also get this

> >http://www.malwarebytes.org/

> > Russ

> > --

> > Russell Grover - [SBS-MVP]

> > 24hr SBS Remote Support -www.SBITS.Biz

> > Second Opinion -www.PersonalITConsultant.com

> > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

>

> > "Russ - SBITS.Biz" wrote:

>

> > > Sounds like you've been HiJacked

> > > First Disconnect your PC from the NETWORK

> > > Download this onto a USB Drive

> > > and run it

> > >http://free.antivirus.com/hijackthis/

>

> > > Find the Offected Registries.

> > > (Google if you won't know what a program is it will tell you if it's ok or

> > > not)

> > > Russ

> > > --

> > > Russell Grover -[SBS-MVP]

> > > 24hr SBS Remote Support -www.SBITS.Biz

> > > Second Opinion -www.PersonalITConsultant.com

> > > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

>

> > > "jock" wrote:

>

> > > > Message constantly popping up from security shield on lower right screen.

> > > > system intrusion or stealth intrusion, security breach, system danger,

> > > > privacy threat etc. .

> > > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> > > > trying to access internet shows IRC-worm.dos.septic or

> > > > trojan-bnk.win32.keylogger.gen

> > > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> > > > Help. JOCK



Stop guessing what it might be.



Perform some scans for malicious software, then fix any remaining

issues:



Download, install, update and do a full scan with these free malware

detection programs:



Malwarebytes (MBAM): http://malwarebytes.org/

SUPERAntiSpyware: (SAS): http://www.superantispyware.com/



They can be uninstalled later if desired.
 
Reading your post and I think you have what is called "rogue anti-virus"

software - which isn't anti-virus software at all - it itself is the

malware! They are trying to get you to buy their "full" program in order to

remove what they themselves have put there. Instead use known good software

such as Malwarebytes to remove this cr*p from your PC.



One thing you should do is have a good look at the thing and do a bit of

research first using the search engines. Do not use any removal tools that

are not 'known good' or that ask for money as you might just be digging

yourself deeper into the rogue's doo doo.



Ideally, you would have a full system image you could just reapply - so your

PC is back like new - apps - settings - 'n all - and a current backup of

more recent data which you could then just import. You could be back running

as if it never happened in under an hour. Look into "system image" and

"backup" and consider a back up and recovery strategy that doesn't involve

reinstalling everything all over. Windows 7, BTW, has wonderful backup

utilities built right in - you might consider moving to a PC running Windows

7 just for that.









"jock" wrote in message

news:F0B7318A-238A-4D75-9973-97A10C40674E@microsoft.com...

> Message constantly popping up from security shield on lower right screen.

> system intrusion or stealth intrusion, security breach, system danger,

> privacy threat etc. .

> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> trying to access internet shows IRC-worm.dos.septic or

> trojan-bnk.win32.keylogger.gen

> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> Help. JOCK
 
You are seeing the effects of an already-present hijackware infection!



NB: If you had no anti-virus application installed or the subscription had

expired *when the machine first got infected* and/or your subscription has

since expired and/or the machine's not been kept fully-patched at Windows

Update, don't waste your time with any of the below: Format & reinstall

Windows. A Repair Install will NOT help!



Microsoft PCSafety provides home users (only) with no-charge support in

dealing with malware infections such as viruses, spyware (including unwanted

software), and adware.

https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1



Also available via the Consumer Security Support home page:

https://consumersecuritysupport.microsoft.com/



Otherwise...



1. See if you can download/run the MSRT manually:

http://www.microsoft.com/security/malwareremove/default.mspx



NB: Run the FULL scan, not the QUICK scan! You may need to download the

MSRT on a non-infected machine, then transfer MRT.EXE to the infected

machine and rename it to SCAN.EXE before running it.



2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)

in Safe Mode with Networking, if need be:

http://onecare.live.com/site/en-us/center/howsafe.htm



2b. Vista or Win7=> Run this scan instead:

http://onecare.live.com/site/en-us/center/whatsnew.htm



3. Now run a thorough check for hijackware, including posting requested logs

in an appropriate forum, not here. DO NOT SKIP THIS STEP!!



Checking for/Help with Hijackware:

• http://mvps.org/winhelp2002/unwanted.htm

• http://inetexplorer.mvps.org/tshoot.html

• http://www.mvps.org/sramesh2k/Malware_Defence.htm

• http://www.elephantboycomputers.com/page2.html#Removing_Malware



**Chances are you will need to seek expert assistance in

http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

http://www.spywarewarrior.com/viewforum.php?f=5,

http://www.dslreports.com/forum/cleanup,

http://www.bluetack.co.uk/forums/index.php,

http://aumha.net/viewforum.php?f=30 or other appropriate forums.**



If these procedures look too complex - and there is no shame in admitting

this isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Client - since 2002



jock wrote:

> Message constantly popping up from security shield on lower right screen.

> system intrusion or stealth intrusion, security breach, system danger,

> privacy threat etc. .

> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> trying to access internet shows IRC-worm.dos.septic or

> trojan-bnk.win32.keylogger.gen

> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> Help. JOCK
 
Thank you all for the responses. I had CA security suite installed which has

not detected this problem. what I find strange is that I can log on as

another user and the computer seems to be fine. I have contacted CA and they

are going to try to resolve this problem. they issued me a case number and

will have their "infectious malware/spyware professionals" contact me.

--

jock





"PA Bear [MS MVP]" wrote:



> You are seeing the effects of an already-present hijackware infection!

>

> NB: If you had no anti-virus application installed or the subscription had

> expired *when the machine first got infected* and/or your subscription has

> since expired and/or the machine's not been kept fully-patched at Windows

> Update, don't waste your time with any of the below: Format & reinstall

> Windows. A Repair Install will NOT help!

>

> Microsoft PCSafety provides home users (only) with no-charge support in

> dealing with malware infections such as viruses, spyware (including unwanted

> software), and adware.

> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

>

> Also available via the Consumer Security Support home page:

> https://consumersecuritysupport.microsoft.com/

>

> Otherwise...

>

> 1. See if you can download/run the MSRT manually:

> http://www.microsoft.com/security/malwareremove/default.mspx

>

> NB: Run the FULL scan, not the QUICK scan! You may need to download the

> MSRT on a non-infected machine, then transfer MRT.EXE to the infected

> machine and rename it to SCAN.EXE before running it.

>

> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)

> in Safe Mode with Networking, if need be:

> http://onecare.live.com/site/en-us/center/howsafe.htm

>

> 2b. Vista or Win7=> Run this scan instead:

> http://onecare.live.com/site/en-us/center/whatsnew.htm

>

> 3. Now run a thorough check for hijackware, including posting requested logs

> in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

>

> Checking for/Help with Hijackware:

> • http://mvps.org/winhelp2002/unwanted.htm

> • http://inetexplorer.mvps.org/tshoot.html

> • http://www.mvps.org/sramesh2k/Malware_Defence.htm

> • http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> **Chances are you will need to seek expert assistance in

> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

> http://www.spywarewarrior.com/viewforum.php?f=5,

> http://www.dslreports.com/forum/cleanup,

> http://www.bluetack.co.uk/forums/index.php,

> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

>

> If these procedures look too complex - and there is no shame in admitting

> this isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

> --

> ~Robear Dyer (PA Bear)

> MS MVP-IE, Mail, Security, Windows Client - since 2002

>

> jock wrote:

> > Message constantly popping up from security shield on lower right screen.

> > system intrusion or stealth intrusion, security breach, system danger,

> > privacy threat etc. .

> > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> > trying to access internet shows IRC-worm.dos.septic or

> > trojan-bnk.win32.keylogger.gen

> > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> > Help. JOCK

>

> .

>
 
Contacted microsoft support and after 3 hrs. on the phone resolved the

problem. Lookout for :AV.exe." Lethal!!!!!!!

--

jock





"jock" wrote:



> Thank you all for the responses. I had CA security suite installed which has

> not detected this problem. what I find strange is that I can log on as

> another user and the computer seems to be fine. I have contacted CA and they

> are going to try to resolve this problem. they issued me a case number and

> will have their "infectious malware/spyware professionals" contact me.

> --

> jock

>

>

> "PA Bear [MS MVP]" wrote:

>

> > You are seeing the effects of an already-present hijackware infection!

> >

> > NB: If you had no anti-virus application installed or the subscription had

> > expired *when the machine first got infected* and/or your subscription has

> > since expired and/or the machine's not been kept fully-patched at Windows

> > Update, don't waste your time with any of the below: Format & reinstall

> > Windows. A Repair Install will NOT help!

> >

> > Microsoft PCSafety provides home users (only) with no-charge support in

> > dealing with malware infections such as viruses, spyware (including unwanted

> > software), and adware.

> > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

> >

> > Also available via the Consumer Security Support home page:

> > https://consumersecuritysupport.microsoft.com/

> >

> > Otherwise...

> >

> > 1. See if you can download/run the MSRT manually:

> > http://www.microsoft.com/security/malwareremove/default.mspx

> >

> > NB: Run the FULL scan, not the QUICK scan! You may need to download the

> > MSRT on a non-infected machine, then transfer MRT.EXE to the infected

> > machine and rename it to SCAN.EXE before running it.

> >

> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)

> > in Safe Mode with Networking, if need be:

> > http://onecare.live.com/site/en-us/center/howsafe.htm

> >

> > 2b. Vista or Win7=> Run this scan instead:

> > http://onecare.live.com/site/en-us/center/whatsnew.htm

> >

> > 3. Now run a thorough check for hijackware, including posting requested logs

> > in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

> >

> > Checking for/Help with Hijackware:

> > • http://mvps.org/winhelp2002/unwanted.htm

> > • http://inetexplorer.mvps.org/tshoot.html

> > • http://www.mvps.org/sramesh2k/Malware_Defence.htm

> > • http://www.elephantboycomputers.com/page2.html#Removing_Malware

> >

> > **Chances are you will need to seek expert assistance in

> > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

> > http://www.spywarewarrior.com/viewforum.php?f=5,

> > http://www.dslreports.com/forum/cleanup,

> > http://www.bluetack.co.uk/forums/index.php,

> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

> >

> > If these procedures look too complex - and there is no shame in admitting

> > this isn't your cup of tea - take the machine to a local, reputable and

> > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

> > --

> > ~Robear Dyer (PA Bear)

> > MS MVP-IE, Mail, Security, Windows Client - since 2002

> >

> > jock wrote:

> > > Message constantly popping up from security shield on lower right screen.

> > > system intrusion or stealth intrusion, security breach, system danger,

> > > privacy threat etc. .

> > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> > > trying to access internet shows IRC-worm.dos.septic or

> > > trojan-bnk.win32.keylogger.gen

> > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> > > Help. JOCK

> >

> > .

> >
 
Hi,



What you have explained in this post is basically the exact symptoms of

my computer sleath intrustion privacy threat etc. all pop up warnings

coming from windows xp internet security. I would just like to know what

the solution was this thread seems to just end with you saying you spoke

to microsoft and after 3 hours it ot solved.



I suspected the xp internet security immediately as no virus scanner

can scan as quickly as that it took about 3 mins for it to find 25

threats. then i did a scan with spyware doctor and it found a threat

called rougue.antivirusXP. My last resort will be to format my computer

but hopefully this thread will provide some answer. After the spydoctor

scan was complete and the computer rebooted but immediatly xp internet

security poped up on screen again so this did not solve the problem.



Thanks in Advance for any help with this issue.

Phil





--

philberto
 
undisclosed wrote:

> Hi,

>

> What you have explained in this post is basically the exact symptoms of

> my computer sleath intrustion privacy threat etc. all pop up warnings

> coming from windows xp internet security. I would just like to know what

> the solution was this thread seems to just end with you saying you spoke

> to Microsoft and after 3 hours it was solved.

>

> I suspected the xp internet security immediately as no virus scanner

> can scan as quickly as that it took about 3 mins for it to find 25

> threats. then i did a scan with spyware doctor and it found a threat

> called rougue.antivirusXP. My last resort will be to format my computer

> but hopefully this thread will provide some answer. After the spydoctor

> scan was complete and the computer rebooted but immediately XP internet

> security popped up on screen again so this did not solve the problem.

>

> Thanks in Advance for any help with this issue.

> Phil



Well, there are hundreds of references to Malwarebytes in this one

newsgroup, and four to six in this thread alone.. maybe you could try:



Malwarebytes© Corporation

http://www.malwarebytes.org/mbam/program/mbam-setup.exe



and



SuperAntispyware

http://www.superantispyware.com/superantispywarefreevspro.html



--

Joe =o)
 
"jock" wrote:



> Contacted microsoft support and after 3 hrs. on the phone resolved the

> problem. Lookout for :AV.exe." Lethal!!!!!!!

> --

> jock



Any chance you remember what they told you? I'm having the same problem. Any

help would be appreciated.
 
SunaScorpion wrote:



> "jock" wrote:

>

>> Contacted microsoft support and after 3 hrs. on the phone resolved the

>> problem. Lookout for :AV.exe." Lethal!!!!!!!

>> --

>> jock

>

> Any chance you remember what they told you? I'm having the same problem. Any

> help would be appreciated.



You can't read the post? Just what does it say to lookout for?
 
SunaScorpion wrote:

>

> "jock" wrote:

>

>> Contacted Microsoft support and after 3 hrs. on the phone resolved the

>> problem. Lookout for :AV.exe." Lethal!!!!!!!

>> --

>> jock

>

> Any chance you remember what they told you? I'm having the same problem. Any

> help would be appreciated.



Press Ctrl/Alt-Delete and stop AV.exe from running. Stop any other

process that will stop, unless you know some belong there, and then

Malwarebytes will possibly update and run. If not, try the same thing

in Safe Mode.



If you stop the wrong process and the system is disabled, restart and

try again, ignoring the process that caused problems during the previous

attempt. Usually, no Svchost.exe process will stop. But you might find

Sychost.exe running, and it's malicious.. intended to look like the

other legitimate service. Don't stop Explorer.exe, though it would

probably restart itself if you did.



--

Joe =o)
 
Hello:



I ran your suggested hijacker program and now the simulated trojan is gone,

but I cannot remove any programs from my system. Add/Remove Programs ->

c:\WINDOWS\system32\rundll32.exe Application not found. Any suggestions?

Is this a path issue? Thanks. Deb



"jock" wrote:



> Message constantly popping up from security shield on lower right screen.

> system intrusion or stealth intrusion, security breach, system danger,

> privacy threat etc. .

> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when

> trying to access internet shows IRC-worm.dos.septic or

> trojan-bnk.win32.keylogger.gen

> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.

> Help. JOCK
 
You must log in or register to reply here.
Back
Top