Computer infected :(

Let'sgoflying!

Touchdown! Greaser!
Joined
Feb 23, 2005
Messages
20,731
Location
west Texas
Display Name

Display name:
Dave Taylor
About every 20 seconds the window at the bottom right of the attached pic pops up. I have never seen it, or the two tray icons (exclamation in yellow triangle and shield with X through it) before.
The window cannot be right clicked.
If you left click it, IE opens and goes to
http://www.uav2008.com/?advid=2654
which looks like an offer to buy someone's product.
Also, withOUT clicking it, it seems to be timed to automatically go to that link, unprompted.
So I think it is an unwelcome (and unnecessary*) warning, and would like to purge it.
* I have Avast running and scanned with Ad-Aware last night, no problems.
I checked Add and Remove Programs and could not ID it.
The spelling errors are a tip-off as to its true nature I think.
Any tips on getting rid of this pest??
(Think a Restore would purge this?
It all started after I loaned my computer to someone.
 

Attachments

  • Warnings.JPG
    Warnings.JPG
    184.1 KB · Views: 57
Last edited:
I had a particularly nasty one last week. I ended up:

Installing Windows in another directory
Downloading and installing:

AVG Anti-Virus
Winclam Anti-Virus
Ad-Aware
Spybot Search and Destroy
Windows Defender.

I'm pretty sure Windows Defender finally got it. Initially, I couldn't even boot the machine. Got a Blue Screen when booting. That's why I needed to reinstall Windows.

From what I found, it's called Vista Anti-Virus 2008, which is said to be a clone of Windows Anti-Virus 2007.

Each scan took three to six hours, and I ended up running each twice under each OS.

A week later, I'm back up and running.

My kids claim they were only on facebook.
 
If you ever want to be free of this stuff, do not download that product! :D

Ad-Aware is ok but not great. Things WILL get past it. I've been working with computers for more decades than I care to remember and am supposed to know what I'm doing so you'd think that I'd never let something like that happen to my own computers. :rolleyes:

A couple of years ago, I got one spyware infestation that was so bad that it took me a whole weekend of intensive effort to remove all of the stuff. The problem is that once you have one on your system, they will often download other spyware products and you can end up with a whole lot of different problems at once. Some of them are quite good at reinstalling themselves immediately after you delete them. Trust me on that one.

The best product I know for this kind of stuff is Spy Sweeper. It works and works very well and it only costs $30 per year. I have it running on my machines all the time, along with an antivirus program. (I like PC-cillin.) The combination is pretty secure but it's good to practice safe computing when possible, too.
 
This one seems to be at bay. I have done one last reboot and all is quiet. I am tiptoeing around the computer so as to not set it off again.
I had to install Windows Defender, and run it.....after their verification that I had not stolen this copy of Windows (which requires you to install another program of theirs).
Then I had to run AdAware, oops version out of date, need to update. And then need to get the lastest definitions. A reboot between each step it seems. Had to run AdAware twice; first it IDd the virus but could not remove it. Then it promised to remove it next reboot. But it didn't. So I reran AdAware and it IDd it again and I was able to select and remove it. Reboot and all is normal once again.
I think it was a Trojan virus by the name of zlob and I believe it came from downloading an ActiveX program or ancillary program. I have been using that lately with a company I deal with. I think I need to set AdAware to continuous monitoring - I had deselected that option in the past because it kept asking me about changes to registry entries (I think thats the one) and I had no clue which way to chose (accept/deny) so I shut it off.
Thank you.
Special thanks to Troy for behind the scenes help.
 
Dave!!! You posted on HERE with THAT DIRTY computer? AHHHHHHHHHH!!!!!!!!

J/K (kind of) - hope you got that thing cleaned up - good luck!
 
What I want to know is where the airport (I presume) with the giant compass rose on the ground is (original screen shot).
 
For starters, I recommend mozilla firefox. It's alot faster, and more secure than IE. You can get loads of addons, like noscript, that disables flash and java by default. (neat themes too) And secondly, if it happens again, there's no need to set up a dualboot to keep using windows. Just back up all your important data onto some DVDs or an external hdd. For a reformatting tool, I recommend gparted. (gnome partition editor) It's free.

Or if what you do is mostly webbrowsing (no gaming), I recommend a distro of linux. Ubuntu is the most user friendly in my opinion, but feel free to try them out. Suse is a close 2nd. They're free. Except for redhat..but you shouldn't use that.

Firefox - http://www.mozilla.com/en-US/
Noscript - http://noscript.net/
Gparted - http://gparted.sourceforge.net/
LinuxQuestions.org - http://iso.linuxquestions.org/

If you decide to go linux, or at least dualboot, I recommend getting a membership at LQO for technical advice, or to read some of the reviews on the many distros there.

I hope this helps!

EDIT: There are looaadds of open source anti-virus/spam/malware scanners out there.
 
Last edited:
It's a SmitFraud variant.

I usually start by booting in ERD or Linux with NTFS Write enabled, and start deleting stuff that doesn't belong in C:\Windows and C:\Windows\System32 , as well as ALL the temp files. The date of infection gives me my starting point. But this can be very dangerous if you're not sure what should be in those directories. I also use something like CCleaner to remove startup entries.

I then boot into Safe Mode and run SmitRemFix , ComboFix , and Spypot S&D , with reboots in between.

Finally, I disable and re-enable system restore to purge any backed-up copies of the malware files and any registry entries. I may also run a full virus scan if time allows and if I think the machine needs it.

Some of these steps may be unnecessary, but I run them all anyway because typically the machines I work on have multiple infections. I then do routine maintenance stuff like CHKDSK, check the MFT frag rate, clean the registry, and so forth, just because I'm there anyway and I have the machine, so I may as well finish the job.

Rich
 
Last edited:
HijackThis also comes in handy sometimes.

Yes, it does. I used to use it pretty often.

But, honestly, the $50 a year I pay for Spy Sweeper means I don't have to think about any of those things any more. I'm capable of cleaning out a system manually but who wants to? I value my time at much higher than $50 per hour, so if SS saves me one hour of aggravation and wasted time per year than I feel like I've saved money -- and lowered my blood pressure! :D

And while we're talking about all this stuff, may I please put in a request to everyone: if you haven't backed up your system recently, please do so. :yes:

Especially those of you who have been working on important public presentations... :D
 
And while we're talking about all this stuff, may I please put in a request to everyone: if you haven't backed up your system recently, please do so. :yes:

Especially those of you who have been working on important public presentations... :D
I heard that!!!! :D What a nice and gentle reminder. Tomorrow I'm backing up my computer. :yes: Thanks again Brian. :cheerswine:
 
What is so amusing to me is I had been formulating a post in my mind recently, to post here asking if viruses are no longer a concern;are they a thing of the past; dare I put my work computers on the internet....
 
What is so amusing to me is I had been formulating a post in my mind recently, to post here asking if viruses are no longer a concern;are they a thing of the past; dare I put my work computers on the internet....

I prefer the generic term malware these days, as the difference between true viruses in the traditional meaning of the word; and trojans, worms, hijackers, and rootkits, is becoming blurred as so much of the new garbage out there combines multiple aspects of all of these.

Also, another big difference is that there seems to be less purely malicious malware, but a lot more monetized malware. The SmitFraud / Vundo families alone account for dozens of different subgroups and variants, all of which are tedious to remove. I suspect the script kiddies who used to enjoy busting chops for the sheer joy of it have now discovered money and have become entepreneurs.

So I've taken to doing more broad-based malware cleaning and maintenance, because most of the infected machines I treat have multiple problems, including but not limited to multiple families of malware. SmitFraud / Vundo variants are among the more common right now, but there are plenty of others. Most of these, among other damage that they do, disable security software; so infected machines can become a real mess.

Also, I'm finding that some variants reinstall themselves after a number of reboots if you don't completely purge them; so I've gotten quite excellent at booting into ERD or a Live Linux distro, viewing the system directories in detail view by date, and manually deleting the junk. Only once, many months ago, did I have to restore from backup: It just seems that you develop a nose for what shouldn't be in there. Other colleagues who've taken to this "machete" approach say the same thing. You just sort of know when something is malicious, rather than belonging to some obscure but benign application.

I also delete all the temp garbage, check the host file, and so forth, remove the startup entries, purge system restore, and do some general maintenance as well. The general maintenance usually consists of registry cleaning, a CHKDSK and checking to see how fragged the MFT is. If it's less than five or six fragments, I'm inclined to leave it alone until the next visit, as I don't detect any real performance degradation on most machines until the MFT fragments exceed six or eight, and it's a little time-consuming to do (requires bootable media and can take 10 or 15 minutes on some machines). But on the other hand, I've seen machines in which the MFT was busted in 60 or more fragments, which horribly degrades performance.

I only mention this because I do tend to spend more time on these machines than what is strictly necessary to remove the particular malware in question. But because the machines tend to have other problems, it's usually worth the time to perform the extra work and watch the client's eyes bug out when they see how much faster the machine runs.

Microsoft is still missing the boat on security, in my opinion. Vista corrects a few problems, but only applies a bandaid approach to the major one, which is the vulnerability of the critical system directories to infection. I understand that they want to maintain backward compatibility, but it's absurd that literally any malicious garbage that someone wants to plant in the system's most critical directories will be welcomed by Windows as if it came from Redmond.

Between that ongoing vulnerability and that of the Registry, I don't think it's possible to make Windows a truly secure OS in its own right. Yes, we can tweak it, use third-party security tools, and so forth, but it'll always be a constant battle.

Rich
 
IDK. That's one of those "use under proper advice or expertise" kind of things. It's quite handy but in theory one can accidentally remove things they actually want.

Yes, one can: very, very easily. I've seen people well and truly screw up their PCs and then call me and say "my PC doesn't work." When I start asking what happened, they will often say "well, I only deleted a couple of things...". :D
 
Yes, one can: very, very easily. I've seen people well and truly screw up their PCs and then call me and say "my PC doesn't work." When I start asking what happened, they will often say "well, I only deleted a couple of things...". :D

That's true, and I wouldn't even mention HJT on most boards, just for that reason.

But I think that pilots are a notch above the technically-challenged users we deal with day-to-day, and (hopefully) are less likely to go deleting entries at random without knowing why those entries are there and what they do. :rolleyes:

-Rich
 
Back
Top