Malicious Spyware
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 39

Thread: Malicious Spyware

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    17

    Malicious Spyware

    Hi, hope some genius can help me. I have WindowsXP, IE7 and I have spyware running that I can't get rid of. I tried 2 weeks ago to download Microsoft Malware Removal Tool, Spybot, AdAware and could not download them, I got error msgs after each attempt that they were "not a valid Win32 application". Since yesterday afternoon I have been trying to run Microsoft Safety Scanner, hours at a time to download, never completed...I got an error msg 0x08402805, which indicates that my internet connection was interrupted, but it wasn't. Since this morning, I have successfully run Microsoft Clean up Scan, Microsoft Tune up Scan and have been trying for the last 10 hours to download the Protection Scan (these three make up the "Safety Scan", I just thought it would be easier one at a time) but the Protection Scan gets to about 70% and won't go any further, same error msg every time 0x08402805. I've tried all the suggestions I can find except dickering with my registry, none work. I need the spyware gone because I process sensitive info constantly...Please help

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Have you any idea what the spyware is?

    Your downloading problem might be unrelated as I have heard of people having those issues with IE7 and XP and particularly with the MS security products.

    You might try Firefox or Opera and see if you can download Spybot and A-squared using them. Otherwise download them on another computer and burn them to a CD/DVD before installing on the target machine.

    My preferred methods in these circumstances are:

    1. Slave the HDD to another computer and run the antimalware scans from there.

    2. Use a live CD and boot from that.

    Of course, the "safest" method is to save your data, format the drive and reinstall.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    My daughter's HD had something similar.

    We use Avast for AV protection, it wouldn't let Avast get through it's memory check. I started Avast, killed the memory check. Set the computer for a boot scan and rebooted. A boot scan is when the OS only comes up and then only runs the Virus scan. There's no other program in the way. If your AV program doesn't have a boot sector scan option get Avast, it's free.

    Another free product you could try is Spybot Search and Destroy. Once you get the little bugger removed, you could set up Spybot to run Teatimer as resident program. This will stop future changes to you registry and startup without your permission.

    Good luck and keep us posted.
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    17
    Hey Nihil, you're way above my head. I don't know what spyware I've got but someone in Germany stole a domain from me pretty much as I was paying for it. Yahoo says that the only way that can happen is if someone knows what I'm doing, it was an odd name. I've had tons of runtime errors for the past month (R6025) and very slow performance....course it's dial up so that's part of it, but much slower than usual, and wierd popup ads that seem to go along with some of my email content. So, as I said I've tried everything but what you're suggesting, can you get me started? Then I'll try fourdc's advice. Hey, could Yahoo be causing this? This all seemed to start within about a month of installing it......????

  5. #5
    Junior Member
    Join Date
    Jun 2008
    Posts
    17
    One more thing that might be important, when I first tried to dl Spybot and the others two weeks ago, they would completely download, then I would get an error msg that said "not a valid Win32 application". Last night, after I gave up on the MS Protection Scan, I tried to dl the WindowsXP Svc Pack 3, to see if that was the problem. I started at about 10:30 pm and around 4:30 am, got a msg that it failed to download, I didn't see any other msgs so I have no details there....It hasn't been 2 years since I had to re-format this thing for similar problems...I hate, hate, hate to do it again....

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Download the apps on another PC.. Get the A Squared as Nihil recommends..
    Load thes onto a jumpdrive..(USB Memeory Stick)

    START THE PC IN SAFE MODE.. follow the following instructions..
    Windows XP
    If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.
    • If the computer is running, shut down Windows, and then turn off the power
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.
    To use the System Configuration Utility method
    • Close all open programs.
    • Click Start, Run and type MSCONFIG in the box and click OK
    • The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
    • The computer restarts in Safe mode.
    • Perform the troubleshooting steps for which you are using Safe Mode.
      When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer
    Just some apps will not install in safemode.. but it should be enough to see if the Win32 errors still occure when attempting to install those apps..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Junior Member
    Join Date
    Jun 2008
    Posts
    17
    Thanks so much Und3ertak3r, I'll give it a shot!

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Umm.. above all "DISABLE SYSTEM RESTORE"....

    Try doing an online scan at either safety.microsoft.com or kaspersky.com

    see what is that it detects.. give us the name maybe there is a removal tool for it..

    or else..

    1. download - http://www.trendmicro.com/ftp/products/tsc/sysclean.com (save it in C:\clean folder, create the folder[folder name doesnt matter])

    2. download - http://www.trendmicro.com/ftp/produc...ern/lpt357.zip (its' latest one as of this reply, but it should do even if you download it later; save it in C:\clean [same as above folder])

    3. Deflate the second file that you downloaded and extract it in the same folder (C:\clean, as of now)

    4. Run sysclean.com and let it scan..

    DO THE SAME IN SAFE MODE TOO.. See if it helps.

    will write a complete spyware removal procedure soon..
    Last edited by ByTeWrangler; June 23rd, 2008 at 02:33 PM.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Banned
    Join Date
    Jan 2008
    Posts
    605
    This will stop future changes to you registry and startup without your permission.
    Better yet, why not just learn how to use your policy editor for that type of thing instead.

  10. #10
    Junior Member
    Join Date
    Jun 2008
    Posts
    17
    TeWrangler - the second file downloaded for 2 1/2 hours then, with 28 secs left, I got an error msg that said that Internet explorer could not download the file because the connection to the server was reset...!!!!!!!
    I'm gonna try again.
    Would you tell me what deflate and extract mean? Sorry.
    Last edited by jenniferdoes; June 23rd, 2008 at 06:18 PM.

Similar Threads

  1. FTC holding spyware workshop - speak up!
    By ric-o in forum Spyware / Adware
    Replies: 1
    Last Post: March 10th, 2005, 06:09 PM
  2. Replies: 13
    Last Post: February 9th, 2005, 07:32 PM
  3. 2004 Spyware Mini Tut
    By StatiCoR3 in forum The Security Tutorials Forum
    Replies: 4
    Last Post: August 12th, 2004, 12:11 AM
  4. FAQ About Spyware And Spyware Security
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 8
    Last Post: July 24th, 2004, 07:31 AM
  5. Spyware Information., tools/tips for removal of spyware.
    By saintakaagni in forum Spyware / Adware
    Replies: 6
    Last Post: February 4th, 2004, 10:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides