spyware

bnev

hey,
just trying to get some help. I started to get loads of popups on the computer yesterday. I ran norton and ad-aware. But its still happening.

There is an alert coming up on the computer saying the computer is infected with last version of PSW.x-Vir trojan. My home page has been changed to some security alert too. Can anybody help trying to get rid of this please??

thanks in advance
bnev

Ruu_Old

Is your Norton up to date? In any case, I would try a different anti-virus program for a start. AVG Free Edition or Anti-Vir for anti-virus, get Ewido Security suite and Spybot Search and Destroy for the spyware. Run then when you are in Safe Mode and see how you get on.

admiralofthefleet

i would also download the coolwebshredder which is available free from trend micro, run it to see if your homepage has been changed due a browser hijack

Capt'n Midnight

Maybe we should get a sticky for the security forum don't post here if you use IE6 as it's the most unsecure of the commonly used browsers .

windows defender / IE7 ( say what you want about web standards, when you have popups they need to get stomped on first )

googlebar - handy for popups too

spybot/spywareblaster

having a second browser on your system so you can use the other one to find help and get downloads to fix the other - Opera / firefox

An out of date copy of antivirus is inexcusable, it won't protect you and slows your machine down and there are free alternatives.

bnev

thanks everyone, i got all of these and they have helped. But there is still one or two things i cant get rid of.

My homepage is still coming up as a security page. Telling me to download some anti spy-ware programs. And there is an icon beside the clock that keeps popping up with a message saying critical system errors, please download anti spyware.

I got IE7,ewido, Spybot search and destroy, ad-aware and updated and ran norton anti virus. Any other advice would be greatly appreciated.

bnev

admiralofthefleet

did you get the coolwebshredder, if not then get it and run it to see if your browzer has been hijacked

Martyr

Capt'n Midnight wrote:

Maybe we should get a sticky for the security forum don't post here if you use IE6 as it's the most unsecure of the commonly used browsers .

defos..especially when so many people posting with problems seem to use IE...
Too many unpatched flaws exist in IE.

you could run under limited-account, thus limiting the damage an exploit could do to your system, but..wouldn't it be better to just use another browser?

Gary ITR

just fixed this same problem on a friends Laptop. Try following the instructions in this link. At the end where it says to run the panda software you can just run your own anti virus and it will be able to find the spyware

http://www.bleepingcomputer.com/forums/topic63896.html

Black Swan

bnev wrote:

I got IE7,ewido, Spybot search and destroy, ad-aware and updated and ran norton anti virus. Any other advice would be greatly appreciated

What version and year Norton are you running? 2007 Internet Norton is incompatible with Spybot Search & Destroy. If you run Norton "Security Inspector," it will note this. Not sure of the less complex Norton AV (only). Ad-Aware SE is compatible with Norton. Ran AVG free for a month along side my existing security bundle and it identified nothing.

One real nifty programme that is compatible with Norton and Ad-Aware that you might consider installing is Spyware Blaster. It's free, takes very little drive space, does not tax your CPU at all, and does a nice job blocking thousands of known malware, spyware, adware sites. Check the MSN update site under marketplace. It just may block a lot of your popups, too. I have been running and updating it for about two years without any problems.

I would avoid Webroot, Spyware Doctor, and GhostSurf as they run proxies that really draw upon your CPU. Also, Webroot is not compatible with Ad-Aware version 1.06, sometimes freezing or crashing the programme when attempting to update. GhostSurf on high privacy settings will lock you out of Google, boards.ie, etc., where session cookies are necessary to access.

I run only one firewall, and one AV, but a bundle of anti-spyware/malware/adware programmes as recommended by both PC World and Maximum PC magazines, cause no one programme will catch them all, and many new ones are created daily. Some compliment each other, while others are incompatible with each other. I have learned the hard way by experimenting to find which ones will work together (trial and error).

Martyr

you know, sometimes prevention is better than cure.

i setup a friends computer for internet access about 6 months ago, without all the crap those magazines recommend on it & it is still working fine today.

imho, most of av/anti-spyware software is waste of money, its big business of course & i wouldn't be surprised if some pc magz are sponsered by the companies developing these anti-* products.

firewall is good, obviously..but there are ways to bypass these locally & if your browser (ie.IE) has bugs, & you're running under admin account, you're pretty much screwed when visiting site run by malicious people.

auto-updates should be on.
run a firewall, windows firewall is not great, but better than nothing.
windows defender i would have running, not great again..but you know yourself.
disable active-x/scripting in IE or use something like opera/firefox (again these are not 100%)

most importantly, when using internet, run under limited-user account.
you wouldn't use internet under root account, would you?
well, you wouldn't run a web server under that account then..if you're smart.

am i paranoid when i say that, computer "technicianz" from shops deliberately ill-configure a pc so that it screws up after few months & they are called upon to fix it again?

i don't think so.

Black Swan

Average Joe wrote:

you know, sometimes prevention is better than cure.

Agree. And if you wanted to play it super safe, you would stay away from those naughty sites (but few of you guys will out in boardie land...eh?).

Average Joe wrote:

most importantly, when using internet, run under limited-user account.

Agree. But if using IE and Windows, a good hacker/cracker can get around this, too. It just rules out the noobs.

Martyr

Agree. And if you wanted to play it super safe, you would stay away from those naughty sites (but few of you guys will out in boardie land...eh?).

i don't have internet at home, so .. i can't comment :P haha

Agree. But if using IE and Windows, a good hacker/cracker can get around this, too. It just rules out the noobs.

yes, i would agree completely, but the chances of a local privilege escalation being used in wild is very rare.(there is actually an unpatched one that has been around for 2 years now affecting all versions of win2k/xp, but is difficult to get to work successfully cross-platform, because windows kernel shellcode is in its infancy, atleast publicly.)

having said that, the attacker would atleast need some way to deliver & execute the code on the target system, most exploits for browser/email clients rely on scripting languages (javascript/vbscript/jscript..etc) & if these are disabled, then for the most part, you're fairly safe.

i realise it could be possible to force a browser to download code & run it without user intervention due to some bug, like we've seen in the past.

again, this would be extremely rare on up to date machine, & anyone smart enough to accomplish all these things said, would surely have a well paid full-time job, & no interest in doing such things maliciously anyway.

could be wrong though.