Wird Pop-ups and PC performance...

voodoo

Hi all,

I know I posted a thread here before with regards to a slow PC and was put in the direction of Hitman Pro which solved my problem. I am now in another situation!

For some reason, I am getting alot of pop-ups coming from my tray, which dont make any sense. I have ran Hitman Pro again, as I have the McAfee product and even the Microsoft Window's Defender.

I have some sample's of the pop-ups attached. They point me off to a site - http://antispywarebox.com/ which tells me install Titanshield Anti-Spyware! I have never heard of this and cant even find anything in Google.... I work in the IT Security industry so this has me baffled (I am not technical)...

Any ideas?

TerrorFirmer

Install Spybot search and destroy, make sure its up to date. Let it seek and find all spyware/adware on your comp, and then let it search again on system startup. If this doesn't fix it, I'd be surprised.

Sounds like common adware you have...

Ruu_Old

Make sure your windows updates are up to date and install Windows Defender as well as Spybot, no harm.

SouperComputer

havok wrote:

nstall Spybot search and destroy, make sure its up to date. Let it seek and find all spyware/adware on your comp, and then let it search again on system startup. If this doesn't fix it, I'd be surprised.

Hitman pro does this automatically.


Voodoo: Did you run Hitman in safe mode with networking under all user accounts, disabling system restore? Download the 30day trial of nod32 too and do a full scan.

The only things left to try are ewido and HiJack this. Hijack this is a manual removal tool, very good but take some time out to figure it out.

Also as ruu said, windows "defender" would do no harm.

is_that_so

When using HijackThis, if you still can't get rid of it there are many forums(boards.ie for example) where you can paste the HijackThis output for people to look at- if you are not completely sure what you are doing.

layke

http://www.sysinternals.com/Utilities/ProcessExplorer.html

This helps when all else fails.

voodoo

Thanks for all the replys.

This thing doesn't look familiar to anyone does it? I mean, the web address and stuff. It says it's legitimate Anti-Spyware but I really dont think that it is!!! Not when you are pointed off to it from the Spyware (pop-ups) that you get anyway.

Yes, I have ran Hitman Pro, which has Spybot! I also downloaded the Microsoft product but still hasn't removed it...

I will try some of the other things later tonight and see how I get on!

I also meant to say that I was getting some splash-screens popping up with regards to Lsass.exe and that my system would shut down in 60 seconds. The countdown would then begin, but then another screen would pop up saying that it was aborted...

I ran Symantec's Sasser tool as I know that Lsass issues can be related to Sasser, but it didn't find any trace of sasser on my machine!

globalconspirac

Hi Voodoo, Can you let me know how you get on as I have the very same infection on my PC. It started yesterday. Thanks,

Intinn

My parents seem to have contracted the same bit of adware. I've tried hitman, Spybot and Hijack this to get rid of it but no avail. Since I have to work remotely on their PC I can't really boot in safe mode an run something like Ewido.

Seems to be a new adware/malware program. Symantec lists it as first seen june 6th. I so far found out that in 'my' case a file called C:\windows\system32\users32.exe is responsible for the browser hijack and popups. At this time I can't remove the file, so I set Panda Antivirus to block it and will look into it further when I visit my parents next week. Hopefully somekind of removal procedure will have been created then.

The only real advice I found so far on the web is on a German Trojan board where they say "just reinstall". I'm not very keen on doing that so I'll keep looking.

RogerFGay

XoftSpy comes up with a long list that looks like it might kill titanshield -- I haven't tested because I'm only running a free trial version -- I'm only getting the list but it won't fix unless you pay $60.

I was able to delete users32.exe with KillBox -- but it comes back.

RogerFGay

Solution:

Download and run

http://siri.geekstogo.com/SmitfraudFix.php

in safe mode to clean your computer. Say yes to cleaning registers as well.

Once you've downloaded and unzipped it somewhere; you go into safe mode by start -> run and type msconfig and return. Under the BOOT.INI tab, check /SAFEBOOT in the Boot Options area. When you're done running the program, repeat the procedure in reverse (i.e. uncheck /SAFEBOOT) to return to normal Windows mode.

This cleans things up very nicely. Several people have reported success with it. Make it a regular practice to delete all temp files in your local settings folder under your name in Documents and Settings ... delete temporary internet files and cookies as well. You might have to reset a few things -- like when you told it to remember your name on a login screen ... but it's worth it. Sometimes weird things get into those places.

NutJob

Iv had to pull this nasty little worm out of a few machines


Can verify below works.

voodoo

Guys,

I haven't had the chance to do anything with this yet, but found some more info on some more message boards. See attached links -

http://www.cybertechhelp.com/forums/showthread.php?t=119908

http://www.pcguide.com/vb/showthread.php?p=292608#post292608

This seems like a very nasty piece of work altogether and very difficult for the average Joe to rid of...

Anyway, will try this later and let you know how I get on...

globalconspirac

Thanks Roger, that seems to have worked. Nice one..

RogerFGay

You're welcome. I got another tip from a friend and tried SpyBot at:

http://www.safer-networking.org/

Looks pretty good. I think I'll make it my regular.

It actually found a piece that SmitfraudFix missed, and some other things. It's freeware, built by voluteer labor around the world. They also keep it updated.

RogerFGay

Now if I could just get the Microsoft Office Help System working ....

voodoo

Hey all,

Strangest thing! I went back to my PC to try and fix up all this stuff and it now seems to have disappeared! I am not sure if my McAfee AV and Anti-Spyware package picked it after with the next DAT release, but it was removed on me without any intervention...

Anyone else experience this?