spyware trashed my computer....HELP!!!!

dirtyinternet

OSNN Junior Addict
Joined
27 Feb 2005
Messages
10
a few months ago my computer got its browser hijacked and i didnt know what to do so i just got rid of IE and got netscape. that worked fine for a while but then last night everything went to hell. i started getting this pop-ups. and norton kept telling me that it found a trojan startpage virus and deleted it. then when i tried to run a system scan in norton it said that it had an internal error. i also started getting these error messages about something run.dll or something like that. but heres the biggest problem everytime i attemped to open any of my folders or any zip files i get one of the norton trojan.startpage deleted messages and one of the run.dll erreor messages. ive run ad aware and cw shredder. neither did much although cw shredder gave me my desktop back. what can i do???? this really sucks. if anyone has advice id love to hear it.
 
If you want to run a antivirus scan, try Norton's online. It wont remove any but will tell you if there are any and where. It requires ActiveX so Im not sure if Netscape has that.

For spyware, theres also Spybot Search and Destroy. I use that and adaware.
 
if u cant visit any antivirus sites check ur hosts file viruses usually add them to the hosts file so u cant do an online check
 
In order for you to clean your system effectively it might be necessary for you to boot Windows in to Safe Mode. If you don't know how to do that, then it's usually done by holding down F8 as your computer boots up. You will be presented with the option of Safe Mode with Networking, which is what I'd choose.

Once you're in Safe Mode, run Ad-Aware again as well as Norton. If nothing is found, download Spybot Search & Destroy and run it as well. Additionally, you should check to see what is running at startup. Usually I would advise doing so through the registry, but without knowing your experience with that, I'd say go ahead and do so with msconfig. Simply go to Start --> Run, and type 'msconfig' (no quotes) and hit Enter. There is a Startup tab that displays a list of everything that starts up with Windows. If there is something you don't recognize or want, then either uncheck the box or ask us what it is. This might help in keeping spyware from running on your system.

This is enough to get you started. Keep posting back with questions or whatever and we'll continue to help you get this figured out. :)
 
hi dirtyinternet,

I have created a spyware removal guide that should help you secure your pc.

follow the step in order and re-download and install all the programs from the links provided in the guide (this ensures you have the latest possible programs)

you can view my spyware removal guide here.

Good luck
 
wow you guys have all been super helpfull with this fiasco i appreciatre the quick response. i havent tried everything you suggested yet but i did do something that sorta helped. i ran CWshredder (short for cool web shredder i believe) this helped alot. alfter i run this everything goes back to normal. but it isnt as good as it sounds. its not permenant. after i reboot it goes back to a huge kettle of fiesces. but luckily i got acces to norton and ran a scan. it found something called hmm what was it i think download.trojan but get this it couldnt quarrintine or delete it!!!. also i looked at my start up and didnt recognize anything except a couple programs in a list of about 60. is theyre anything in thier neccassary for my system to run or can i shut it all down if i dont recognize it? i appreciate your help. lord im being careful with my computer hence forth!
 
If you haven't booted into Safe Mode then I suggest it again as it might be helpful in allowing you to delete the trojan.

As for the startup list, if you could take a screenshot and post it here then we can suggest what you remove from the list. Also, you could view your running processes through the Task Manager (CTRL+ALT+DELETE) and post a screenshot of that.
 
With Task Manager (or whatever) open, hit your Print Screen button. Then open up a graphics app such as Paint or Photoshop and paste (CTRL+V) it there. Then save the screenshot as a jpg and upload it here. :)
 
well icant find the print screeen buton so ill do this my self whew here we go

hpsysdrv
hkcmd
hpqcmon
hpgs2wnd
KBD
RECGUARD
NvCpl
nwiz
ccApp
ccRegVfy
ALCXMNTR
ps2
cdaEngine0400
realsched
UsrPrmpt
LVCOMSX
ISStart
LogiTray
mimboot
NvMctray
svhost32
version
secure
AdmilliServ
VVSN
sgtray
ieloader
kernels32
Q92194
SNDMon
msmsgs
PSFree
ypager
ManifestEngine
system
Logitech Desktop M...



this is all that i didnt recognize just let me know what ill need
 
Backup and format.....but if you dont want to do that, i would shut all startup items off for now, and run the virus scan that came with your norton cd(assuming it has one) it will scan from the cd so that nothing will interfer with it. I would also continue to try cleaning from safe mode. It sucks when this happens, I havent had to do it for awhile now. This sure bring back nightmares :(
 
At first glance, you've got quite a few Logitech and HP processes running, which is not a problem. I'll check on some of those that I don't recognize and post back about any that might be trouble.
 
I would stop the "secure" process and find that actual file on your hard drive and delete it. The file will be secure.exe. First, check your Add/Remove Programs in the Control Panel and see if there is a program there called DealHelper. If so, remove it. More info on DealHelper here.

Also, stop the "AdmilliServ" process and search for that file (.exe) and delete it.

Same for VVSN.

ieloader.exe is a trojan, and you need to stop it and remove it. If you haven't donloaded and run Spybot yet, you need to do that.

kernels32.exe is also a trojan. stop the process and remove it.

Q92194 - I can't figure out what this is. Go ahead and stop the process, do a search for it on your hard drive and let me know where you found it.

system.exe is a trojan. Find out more about this trojan here.
 
man what kinda a-holes make viruses and this sorta stuff that wrecks your computer when you dont even know these people!
 
dirtyinternet, be sure to keep checking my previous post as I update it with it info. :)
 
For reference print screen is to the right of F12.

One other step.

You need to turn off your system restore before cleaning out the spyware again. Then reboot and if all is well turn system restore back on. Many virii and spyware hide in the system restore backups and then windows puts them back on your system at reboot just like it was restoring part of windows that had been damaged.
 
Good point LeeJend.

dirtyinternet, I've posted everything I think you need to look at. You've got at least several trojans, and if Ad-Aware isn't catching them then you need to run Spybot to see if it will. Otherwise, you'll have to manually remove it all yourself, which you can do but it's a lot of work.

Safe Mode is your friend. It will keep a bunch of that crap from loading up so that you're able to remove it easier.

It sucks that you're having to deal with this, but have patience and we'll get you through it.
 
Turn off System Restore
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
 

Members online

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back