Curing Major Spyware Infection
in [Windows XP]
|
Prev: Unknown program running
Next: Window defender missing?
From: Stacy Young on 30 Jun 2010 14:16 OK so it appears I have a serious spyware infection. Redirecting web site page or not allowing any web sites, inability to access tools menu of IE, unable to run any system files or installation files. In each case it tells me that the file is infected and directs me to purchase thier file to "cure" the problem and will not allow me to do anything internet related or any installations. It will not allow me to start MSCONFIG either. I have been through this before and have downloaded the files (through a separate computer)I believe necessary to attempt to fix the infection (AdAware, CWshredder, MS Malicious Software Removal Tool, HiJack This, etc.). The problem I am having is that after copying the file(s) to the infected computer, the virus/spyware will not allow me to run/execute any of these programs. Any ideas on how to proceed? Can I run these programs in Safe Mode or is there another approach to cleaning this mess up? The computer/laptop was running an anti-spyware and antiivirus (installed by my company) - I believe CA but they failed to cath this thing(s). Thanks in advance
From: Bob on 30 Jun 2010 14:27 I had a similar problem. I had to restore my PC to factory condition to get rid of the malware. "Stacy Young" <ky(a)aol.com> wrote in message news:uCHjSBIGLHA.1716(a)TK2MSFTNGP06.phx.gbl... > > OK so it appears I have a serious spyware infection. Redirecting web site > page or not allowing any web sites, inability to access tools menu of IE, > unable to run any system files or installation files. In each case it > tells me that the file is infected and directs me to purchase thier file > to "cure" the problem and will not allow me to do anything internet > related or any installations. It will not allow me to start MSCONFIG > either. > > I have been through this before and have downloaded the files (through a > separate computer)I believe necessary to attempt to fix the infection > (AdAware, CWshredder, MS Malicious Software Removal Tool, HiJack This, > etc.). The problem I am having is that after copying the file(s) to the > infected computer, the virus/spyware will not allow me to run/execute any > of these programs. > > Any ideas on how to proceed? Can I run these programs in Safe Mode or is > there another approach to cleaning this mess up? > > The computer/laptop was running an anti-spyware and antiivirus (installed > by my company) - I believe CA but they failed to cath this thing(s). > > Thanks in advance >
From: Arthur Shapiro on 30 Jun 2010 15:15 In article <uCHjSBIGLHA.1716(a)TK2MSFTNGP06.phx.gbl>, "Stacy Young" <ky(a)aol.com> wrote: > >Any ideas on how to proceed? Can I run these programs in Safe Mode or is >there another approach to cleaning this mess up? Most programs of this nature can be run in Safe Mode. The two most frequently-cited around here are MalwareBytes and SuperAntiSpyware. You might even try renaming the programs in case the malware in question is keying on their names to prevent execution. Running them off a thumb drive is another convenient thing to try. Are you able to run MSCONFIG and uncheck any "curious" stuff show in the Starup pane? Art
From: PA Bear [MS MVP] on 30 Jun 2010 15:15 Open Add/Remove Programs & make sure the SHOW UPDATES box at the top is checked | Now scroll down and tell me if either of the following updates are listed: KB982381; KB979559 ?? Does the computer belong to you or your employer? Assuming the latter, have you contacted your company's IT Department about this yet? -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Client - since 2002 Stacy Young wrote: > OK so it appears I have a serious spyware infection. Redirecting web site > page or not allowing any web sites, inability to access tools menu of IE, > unable to run any system files or installation files. In each case it > tells > me that the file is infected and directs me to purchase thier file to > "cure" > the problem and will not allow me to do anything internet related or any > installations. It will not allow me to start MSCONFIG either. > > I have been through this before and have downloaded the files (through a > separate computer)I believe necessary to attempt to fix the infection > (AdAware, CWshredder, MS Malicious Software Removal Tool, HiJack This, > etc.). The problem I am having is that after copying the file(s) to the > infected computer, the virus/spyware will not allow me to run/execute any > of > these programs. > > Any ideas on how to proceed? Can I run these programs in Safe Mode or is > there another approach to cleaning this mess up? > > The computer/laptop was running an anti-spyware and antiivirus (installed > by > my company) - I believe CA but they failed to cath this thing(s). > > Thanks in advance
From: Stacy Young on 30 Jun 2010 16:02
Thanks, will try and report back. No MSCONFIG is blocked by this thing "Arthur Shapiro" <art.shapiro(a)unisys.com> wrote in message news:i0g53m$qdm$1(a)USTR-NEWS.TR.UNISYS.COM... > In article <uCHjSBIGLHA.1716(a)TK2MSFTNGP06.phx.gbl>, "Stacy Young" > <ky(a)aol.com> wrote: >> > >>Any ideas on how to proceed? Can I run these programs in Safe Mode or is >>there another approach to cleaning this mess up? > > Most programs of this nature can be run in Safe Mode. The two most > frequently-cited around here are MalwareBytes and SuperAntiSpyware. You > might > even try renaming the programs in case the malware in question is keying > on > their names to prevent execution. > > Running them off a thumb drive is another convenient thing to try. > > Are you able to run MSCONFIG and uncheck any "curious" stuff show in the > Starup pane? > > Art |