god damn spyware

lancer

There is no answer!
Political User
Joined
Oct 7, 2004
Messages
3,093
Please read and be astonished, i just formatted and reinstall xp pro at work and within 5 mins my computer was ransacked by spyware, i updated it fully sp2 etc.. then antivirus norton. Then i downloaded both ms antispyware and spybot ran both, and they found about 50 instances between them, now there are a few sons-a-bi'atches still clinging on, anyone have any suggestions about which programs to use to get all the spyware out. oh and yes it was ms internet explorers fault, as i opened it for the updates, now i'm using firefox again.

please help, i'm on my 5 scan and its still finding the buggers.:cry:
 

Perris Calderon

Administrator
Staff member
Political User
Joined
Jan 24, 2002
Messages
12,359
you should run the spybot resident to have real time protection against spyware

if you want to post a highjack this log, there are some people here that will try to help you clean the computer

as far as what happened being ie's fault, I don't think this happens while getting updates.
 

celticfan11

OSNN Senior Addict
Joined
Jan 20, 2003
Messages
744
i dont see how you can get spyware within 5 mins after reformatting. are you sure you formatted it?
 
Joined
Mar 11, 2004
Messages
3,454
i dont see how you can get spyware within 5 mins after reformatting. are you sure you formatted it?
why i asked if he zero the drive out? or just uses a quick formate. Have seen weird thinsg happen with a quick formate. (IE files that shoudnt be there show up) and how many drives you have any chance you installed something to another drive laced with spyware?
 

muzikool

Act your wage.
Political User
Joined
Dec 27, 2001
Messages
7,626
Hard to believe that spyware could even hold on with a quick format.

There has to be something you're doing to have that junk showing up after 5 minutes. It's not like you plug a network cable in and all the bugs on the internet run straight toward you! :p In all my reformat/reinstalls, I never plugged into the network before loading my antivirus, firewall and spyware programs. I always kept those installers available on a disk so that I wouldn't have to get online to download them first.
 

celticfan11

OSNN Senior Addict
Joined
Jan 20, 2003
Messages
744
VenomXt said:
why i asked if he zero the drive out? or just uses a quick formate.
Both A Quick format and a non quick format will erase all files on the drive. The only difference is wether or not the hard disk will be scanned for bad sectors or not.
 

lancer

There is no answer!
Political User
Joined
Oct 7, 2004
Messages
3,093
yeah i know all this thats why its so strange, the spyware attached itself when i went onto msn, not during the updates, just to clarify.

i did a full format, so no chance old stuff could ave stayed. heres a hijack log
 

Attachments

Mastershakes

OSNN Veteran Addict
Joined
Jul 6, 2004
Messages
1,721
I'm not sure yet, but this may be what cruised in:

http://securityresponse.symantec.com/avcenter/venc/data/adware.elitebar.html

Fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = //searchmiracle.com/sp.php
F2 - REG: system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [tF4f3nS] pifupapi.exe
O4 - HKLM\..\Run: [xchgil] c:\windows\system32\otgbctq.exe
O4 - HKCU\..\Run: [covpRhe3W] penecsnp.exe

oh, and do this in safe mode. then run adaware, anti-spyware, and spybot in safe mode.
 
Last edited:

muzikool

Act your wage.
Political User
Joined
Dec 27, 2001
Messages
7,626
Nail.exe is a bad one. It adds randomly generated files into the Prefetch folder. Not easy to get rid of the traditional way.
 

zeke_mo

(value not set)
Staff member
Political User
Joined
Aug 25, 2004
Messages
1,989
If you downloaded a key thingy for norton, sometimes they come with something called crack.exe....when you open it you will have 50+ spyware files to deal with. Its worth it to format again
 

Mastershakes

OSNN Veteran Addict
Joined
Jul 6, 2004
Messages
1,721
muzikool said:
Nail.exe is a bad one. It adds randomly generated files into the Prefetch folder. Not easy to get rid of the traditional way.
disable prefetch. done. am I wrong Muzi? I could be... ;)

From command prompt: del c:\windows\prefetch\*.* /q
then head into regedit -


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Change the value of EnablePrefetcher to 0

Possible settings:

0—Disable
1—Application Launch Prefetch
2—Boot Prefetch
3—Prefetch everything
 

Perris Calderon

Administrator
Staff member
Political User
Joined
Jan 24, 2002
Messages
12,359
then he'd be left without prefetch...and whatever was putting data in pre fetch would still be on the box
 
Last edited:

Mastershakes

OSNN Veteran Addict
Joined
Jul 6, 2004
Messages
1,721
perris said:
then he'd be left without prefetch
temporarily for sure. I don't think it's enabled in safe mode anyway. Once all cleaned out, just reenable in the reg.

If you have less than 512megs of RAM - leave her disabled.
 

Perris Calderon

Administrator
Staff member
Political User
Joined
Jan 24, 2002
Messages
12,359
I think whatever is entering data to prefetch would still be active when he turned it back on
 

Perris Calderon

Administrator
Staff member
Political User
Joined
Jan 24, 2002
Messages
12,359
Mastershakes said:
exactly perris. so we would only reenable it once she's cleaned.
ah...I'm at work skimming and I missed that part of your post...good job
 

Members online

No members online now.

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Hey ep!

All good with me, applying for microsoft mvp right now, should have done this a while ago.

Notifications don't work, I only found your response by comming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier, mine is perriscalderon at gmail
Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...

Forum statistics

Threads
61,977
Messages
673,276
Members
89,052
Latest member
KateBentley