1 2 3

#1December 9th, 2008 · 06:33 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
Antispyware 2009 (bad)
Hello all
If you relate to this issue...


Antispyware 2009 is known to secretly install in the user’s computer system with the help Trojans or the user may have downloaded a fake video codec bundled with a Trojan, malware or virus. Once the user is infected, he/she may receive numerous and deceiving popup messages stating that the user’s computer is infected with spyware. This is a very common tactic used by other rogues to trick users and urge them to purchase the “full” version of the program from a malicious website.

In addition, XP Antispyware 2009 may create “malware” files to later detect them with its fake computer scan. All links provided by XP Antispyware 2009 will most likely redirect users to XP Antispyware 2009’s homepage (XPAntispyware2009.com) to further purchase XP Antispyware 2009’s full version.

XP Antispyware 2009 may launch on every Windows startup.



Some friends tried this and it worked

http://www.besttechie.net/tools/mbam-setup.exe

I ran it in full scan in safe mode...
Reboot tab F8 and run it...

reference
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=300720&messageID=2809021
#2December 9th, 2008 · 10:47 PM
115 threads / 18 songs
1,414 posts
United States of America
i'd heartily recommend to anybody trying to avoid spyware (not just viruses), to try using protection with an "active guard" or "realtime protection" or "on-access protection".  the concept is that the virus scanner scans things as they try to run themselves, or when you open them, or download them, etc.  That way, you detect the problems before they get started!

I like 'Avast!', which is free.  You have to register, but it's one of the best out there... It'll even warn you when you're on a website that is trying to send you samples of viruses, and it'll let you abort the connections.

Super nice.

I wouldn't ever trust a program that offers a free scan, or anything like this "Antispyware 2009" program.  They're usually all hoaxes.

Thanks for being a good citizen Marino!!
#3December 9th, 2008 · 11:03 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
Ya man it sucks it completely halted my Pc with pop up after pop up...I was so pissed..All my software, music in there..Anyways I went to a bit torrent site and suddenly I get this message out of nowhere and I hit cancel 10 mins after that all hell broke loose..Its all gone now..I had 48 infected items..many were Trojans..Pheww...

be careful guys this is really annoying stuff!!!
#4December 10th, 2008 · 12:11 AM
115 threads / 18 songs
1,414 posts
United States of America
yeah, careful with those torrent sites.. i'd only trust certain ones..
#5December 11th, 2008 · 03:12 AM
160 threads / 33 songs
1,964 posts
United States of America
Marino I had something similar happen a few weeks ago.  with a different spyware ,, kept redirecting me to their site,  it took me a few days to track it down in the computer and delete it.  sucked.
#6December 11th, 2008 · 01:08 PM
181 threads / 54 songs
1,930 posts
Canada
I like AVG Free...works good. I got me 0 viruses and 0 trojans
#7December 11th, 2008 · 01:17 PM
340 threads / 59 songs
4,344 posts
United Kingdom
All ways look on the bright side of life!

It was through malware very similar to this that I learned a lot about the workings of my PC and Windows.
Know what 'starts up' and where to find it : (click) Run/(type) msconfig, get to the 'start up' tab, turn the whole lot off, re-start your PC ..... see what happens! You can eventually turn on all the programs you trust and 'want' to start up.
Find the Windows/Prefetch folder and see what is 'fetched' at start up, it's a very common place for a half deleted malware to re-activate it's self from.
Learn how to view hidden and system files and folders and file extensions.
Get to know programs like HijackThis (Link to Majorgeeks.com download) an excellent program to see what's running at that moment in your PC.
"KNOW THY SYSTEM"
Having them is a bugger , getting rid of them is fun!!
#8December 11th, 2008 · 05:08 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
TheKunadiun wrote…
I like AVG Free...works good. I got me 0 viruses and 0 trojans

K I have it too..not good enough for what I'm taking...This is something that Avg didn't stop..As I said I have it...
#9December 11th, 2008 · 09:20 PM
115 threads / 18 songs
1,414 posts
United States of America
I went away from AVG to Avast when I realized that AVG gives a lot more false-positives on viruses.  (You know those pesky keygens ).  And now it nags a lot about upgrading to their full version.  In the end, I stuck with Avast, since it's designed to be free.  AVG is popular, but not as good, I think.

Kings, I feel your pain about the innards of a Windows system and the spots were viruses start up... I've cleaned my brother's laptop off a few times.  The savior tools were HijackThis and Killbox, combined with "Spyware Terminator", a better alternative to "SpybotSearchAndDestroy".

I would recommend putting a copy of these various programs onto a little memory stick/jump/flash drive (whatever you want to call it) just in case you're ever rendered dead in the water without an internet connection. 

Killbox (90kb download)  Kill programs that are currently running.  Also helps when a virus has locked you out of your task list in Windows.  Killbox builds its own task list for you to monitor.
Spyware Terminator (631kb) (allows for blacklisting processes, and notification of when a blacklisted program tries to run itself.  You can then seek it out and zap it with KillBox)
HijackThis (793kb) As mentioned by Kings, a great tool for quick cleanup of hazardous areas.

And once you've got those on a jumpdrive, you can wreak havoc on those viruses   and be sure to set your virus scanner to run a scan on startup once you think you're done, just to be sure!
#10December 12th, 2008 · 11:42 AM
340 threads / 59 songs
4,344 posts
United Kingdom
M, do you know for a fact that it's gone and completely out of your system?
As for your 'programs, work and samples', I wouldent worry too much, these guys want your money , I wouldn't think you'd find that many 'malwares' that destroy your whole system.

Though I did open a program years ago (without having scanned it) , downloaded from Kazaa, that popped up a window showing my files being deleted and something like "and now the real game begins" written under it. I panicked and hit CtrAltDel.
On restarting I had indeed lost a whole partition (my samples) and even the PC shop couldent find them!!
I got my smitfraud once by only opening a page, I'd made a search for WaveLab and clicked the link on the Google page.
#11December 13th, 2008 · 12:03 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
Man I keep getting issues every time I run the spyware removal...Not sure how to deal with this..Im reading the info given by you both Kings and TLS but Im not sure how to start..I did the High jack think but Im not sure what I'm suppose to fix....Any way to explain this In Pc for dummies (lol)for peeps like me...
Where do I start ???
I keep running the software and finding stuff but I cant find the source...
#12December 13th, 2008 · 01:07 PM
340 threads / 59 songs
4,344 posts
United Kingdom
Marino wrote…
Man I keep getting issues every time I run the spyware removal...Not sure how to deal with this..Im reading the info given by you both Kings and TLS but Im not sure how to start..I did the High jack think but Im not sure what I'm suppose to fix....Any way to explain this In Pc for dummies (lol)for peeps like me...
Where do I start ???
I keep running the software and finding stuff but I cant find the source...
OK, so you still have it!
You want to try this on this page?
Do a Hijack This and save the log text file, post the text here or PM it to me.
Putting it on the page will show people what your running but you may get the right answers from different members.
You first need a name.
Leads can be found in anything you dont recognise , you have to go through your program files folder, through Windows/prefetch/ and Start/Run/msconfig/startup(tab) reading / checking / assessing what you recognise and what you dont.
You can write down what you cant place and either suss it out your self or send it to me to sieve through it.
You'll have to have your hidden / system files and folders showing and it's always worth displaying file extensions too.
In Explorer go to Tools/folder options/ View (tab) and 'show hidden files and folders' and un-tick Hide extensions for known file types
But I want to see that log file first.
#13December 13th, 2008 · 01:21 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
kings wrote…
Marino wrote…
Man I keep getting issues every time I run the spyware removal...Not sure how to deal with this..Im reading the info given by you both Kings and TLS but Im not sure how to start..I did the High jack think but Im not sure what I'm suppose to fix....Any way to explain this In Pc for dummies (lol)for peeps like me...
Where do I start ???
I keep running the software and finding stuff but I cant find the source...
OK, so you still have it!
You want to try this on this page?
Do a Hijack This and save the log text file, post the text here or PM it to me.
Putting it on the page will show people what your running but you may get the right answers from different members.
You first need a name.
Leads can be found in anything you dont recognise , you have to go through your program files folder, through Windows/prefetch/ and Start/Run/msconfig/startup(tab) reading / checking / assessing what you recognise and what you dont.
You can write down what you cant place and either suss it out your self or send it to me to sieve through it.
You'll have to have your hidden / system files and folders showing and it's always worth displaying file extensions too.
In Explorer go to Tools/folder options/ View (tab) and 'show hidden files and folders' and un-tick Hide extensions for known file types
But I want to see that log file first.

Kings I luv ya bro!!I did the show hidden files and extensions thing too...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:48 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG7avgamsvr.exe
C:PROGRA~1GrisoftAVG7avgupsvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32crypserv.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesSpyware Terminatorsp_rsser.exe
C:WINDOWSRTHDCPL.EXE
C:PROGRA~1GrisoftAVG7avgcc.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesDNAbtdna.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://forum.bandamp.com/Audio_Review.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=T3516
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = :0
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:windowssystem32BAE.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [updateMgr] "C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Power2GoExpress] "C:Program FilesCyberLinkPower2GoPower2GoExpress.exe" /Startup
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe"
O4 - HKUSS-1-5-19..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [tudilukomu] Rundll32.exe "C:WINDOWSsystem32heyovoki.dll",s (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [AVG7_Run] C:PROGRA~1GrisoftAVG7avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: rophvd.dll   c:windowssystem32tajelavo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WINDOWSSYSTEM32crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:Program FilesSpyware Terminatorsp_rsser.exe

--
End of file - 7151 bytes
#14December 13th, 2008 · 01:23 PM
128 threads / 44 songs
2,814 posts
Puerto Rico
I scanned a few times after unplugging the cable connection for internet and it hasn't found any more infected items..Is when I go into the browser that shit happens...
#15December 13th, 2008 · 01:28 PM
340 threads / 59 songs
4,344 posts
United Kingdom
Getting the names of the files your AVG is coming up with would also help.
You should make a search on all the files it comes up with and try to surf to a conclusion as to which virus/malware/trojan it is, what it does and where it hides.
1 2 3

Sorry, you do not have access to post...
Wanna post? Join Today!

Server Time: September 27th, 2020 · 3:53 PM
© 2002-2012 BandAMP. All Rights Reserved.