Help with Virus Infection Please

Shivvv

Hi

I'd really appreciate some help. Somehow I seem to have picked up a virus or some sort of adware on my lap-top.

It has changed my home page on Explorer to www.systemuptodate.net and will not alllow me to change it in Internet options. It has put an virus alert icon in the menu bar which keeps opening a little message box saying that my system has a critical system error and its just a link to a site selling anti virus software. Even though I've been using my firefox browser this morning ads from explorer for online casinos and anti-virus software keep opening up.

I downloaded the Ad Aware software from the sticky on this forum and it quarantined a file called SpyFalcon but this hasn't made any difference.

This is a company lap top that I use and it runs Symantic Anti-Virus which for we receive regular updates through our network. It ran this morning and found a file which it cannot quarantine or remove so its left it alone.

I work for a big IT multinational (not in a technical role you'll be pleased to hear:)) and they take a bit of a dim view of this stuff.

Wondering if there is anything I can do to sort it out before I go to our Global Tech support at work or if this might be doing any damage to my pc??

I'd be really greatful if anyone knows anything I could try to help.

My laptop is a Dell Latitude D610 running WindowsXP Professional Version 2002.

Thanks to anyone who can offer suggestions!!

Shivvv

fricatus

Hi, this looks like spyware, as opposed to a virus - nevertheless it's a fair ol' headache.

Check out this page for more details:

http://securityresponse.symantec.com/avcenter/venc/data/spyfalcon.html

I reckon the easiest thing to do is to reboot into Safe Mode:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true

Then run a full system scan with Symantec AV. Before launching it, take a look in the scan options, and make sure that it will delete or quarantine "extended threats", "adware" or "spyware".

Go off then and weed the garden, then once the scan has ended, just reboot to get back into normal mode.

There's a good program out there called Spybot Search and Destroy that you could also try.

In any case, don't be afraid to contact your tech support. That's what they're there for, and it's better to contact them now rather than to mess things up and be forced into contacting them. You probably clicked on some ad that came up and prompted you to install a screensaver or something. It happens... the worst thing they can do is call you a muppet afterwards among themselves in the canteen.

And they'd only ever do that if you were an a$$hole on the phone, which I'm sure you wouldn't be :-)

steveland?

It's IT Support's job to do things like this on company laptops...

You can pick up adware or spyware by just surfing the internet, you don't have to be a moron to get some sort of infection on your PC. It happens to the best of us so best bet is to just contact the helpdesk and let them sort it out (of course knowing the usual malarky with trouble tickets and outsourced helpdesks in most companies chances are you'll be waiting for a loooong time and they'll report some completely different problem)

fricatus

Hear Hear Steveland...

Just a tip, in most helpdesks, especially if they're very busy (i.e. under-resourced), the squeaky wheel gets the grease...

So if you're waiting for a callback and it doesn't come, just call up again - don't complain or be demanding. Be cheerful and polite.

At the end of the day, this is IT's job since it's their laptop. You wouldn't climb a 20 ft ladder to replace a lightbulb in work, would you?

TerrorFirmer

Run Spybot Search and Destroy to clear up most of the spyware, great freeware application, use it on all my computers and laptops.

I've used it on computers crippled with spyware and it restored them to more or less perfect working order. It'll remove all light threats, then remove all the embedded ones on the next start up. It's great, give it a try.

Duiske

Shivvv wrote:

It has changed my home page on Explorer to www.systemuptodate.net and will not alllow me to change it in Internet options. It has put an virus alert icon in the menu bar which keeps opening a little message box saying that my system has a critical system error and its just a link to a site selling anti virus software. Even though I've been using my firefox browser this morning ads from explorer for online casinos and anti-virus software keep opening up.



Shivvv

Shivvv, did you download any p2p programs lately. One of them (i heard !!) installs a program called "save.exe" and that website you linked to above is one of its symtoms. It opens an explorer window asking you to install the "systemuptodate" program, and if you close the window it will close any other explorer windows you have open. If you install it, you get exactly what you describe. You may have picked it up from some other source, but try checking "add/remove programs" for "save.exe"

Muggy Dev

Hi Shivvv,

SpyFalcon is a nasty and new(ish) type of infection known as malicious software or malware.It is quite complex in that it will have infected several different parts of your computer such as your registry,program files and docs and settings.Spybot/Adaware does not remove it on its own, although you should have both these programs as a matter of course.The last time I checked,Symantec had no removal tool.

Getting rid of it is tricky.If you're not competent get someone who is to help you.Here the link to the repair page:

http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=85&blogId=3

SpyFalcon infext your PC,hyjack you browser then ask you for €50 to fix it for you.It is,quite literally,highway robbery and because they are based in Cyprus nobody can touch them.While there will always be trojans etc,I believe malware is the biggest threat to home users of PC's in the future.I recommend Ewido's anti-malware program.Its payware but after you have finally removed SpyFalcon you will never want to repeat the experience.

Good Luck.

Shivvv

Hi - Just wanted to say thanks to everyone who gave me advice here. Really appreciate it.

I managed to get our Global IT Team in India to escalate it so that I could get a real person to come to my PC and he's sorting it out... Not sure what he's doing but he's sorting it out.

Have downloaded Spybot etc also

Thanks agian

irlrobins

Shivvv wrote:

Not sure what he's doing

Fiver says he's cursing you...:p

You might ask him how he gets rid of it and post back so others can do the same.

tribulus

I also get the same thing coming up however it is often accompanied by a windows defender pop up saying "sytem has detect changes, click here to view them" and it shows a company called Gteko Ltd and then allow/block this action

This is aswell as the sytemupdate thing and does my head in when ads for sex in dublin keep popping up!!!

Should i do anything different to the above
thanks

layke

no ad aware and spybot usually handle most.

After you've removed the spyware, i'd suggest you go to windowsupdate.com and patch up.

Duiske

tribulus wrote:

This is aswell as the sytemupdate thing and does my head in when ads for sex in dublin keep popping up!!!

When I had that systemupdate thing, webpages used to open up with pics of "sexy girls waiting for me in Limerick". Every time the page opened it was same birds, but different place. Strangest one was Toomevarra. I have nothing against Toomevarra, nice place, but not renowned as the sex capital of Ireland.

Shivvv

irlrobins wrote:

You might ask him how he gets rid of it and post back so others can do the same.

Yep - I will do

Baraboo

c'mon guys a little bit of basic research, enter the name in google - third most comon page - removal instructions.


http://www.bleepingcomputer.com/forums/topic43659.html