HELP!!!! My Computer Has Been Hijacked!!!

[pt40fathoms]

I have McAfee and AVG virus scanners loaded onto my PC. I've noticed that the *FREE* software called AVG from www.grisoft.com will catch spyware that my paid for McAfee misses.

Maybe give that a try?

But it seems that CBulla may be the best source for info on this matter.

 

[Kim]

As this is something that might happen to anyone I am posting a paste of the link that I gave above. If these instructions result in the need for a Hijack This log please follow the link to post it at Tek-Tips.

Removing adware & spyware
Before Posting a Hijack log file - Best Practices
faq608-4650

As you are likely aware, reading a Hijack log report is incredibly tedious work. To interpret it properly is an art as well as a skill developed from long hours reading information in security forums.

The author of Hijack This! (and cwshredder) notes that there are now close to 10,000 variants of the Cool Web Search hijack exploit alone on the web. These malware infections of your system are often not viruses, at least as far as most antivirus programs are concerned.

Many excellent tools, including some excellent freeware tools, have been developed to supplement your antivirus program.

Before posting a Hijack log here, it would be a great help if the following steps were taken first:

Special Note for XP users:
right-click My Computer, Properties, System Restore, and uncheck the box to have System Restore active on all drives. Do this first. When you have finished the steps below, re-enable System Restore.

Special Note for all:
You want to run the antivirus, spyware, adware, and other utilities without IE active, and without any Peer-2-Peer application active, such as eDonkey, Kazaa or eMule. Your success with any of the tools below approach 100% if no internet application is currently active. A tip of my hat to forum member SYAR2003 for reminding me of the importance of this step.

1. If you have an antivirus program installed (and you should) update the virus definition files and do a complete and thorough scan. Allow your antivirus program to do its job quarantining and removing any malware it discovers.

2. In addition, run at least one online antivirus scan from smah's FAQ: FAQ760-3862

I would run two: Trend Micro and Panda, but there are other choices available in smah's FAQ.

I have never seen a single antivirus program that caught everything.

3. Download, update within each program and run these three troubleshooting tools, in the order given:

. cwshredder
. SpyBot
. AdAware

Cwshredder, Hijack This:http://www.spywareinfo.com/~merijn/downloads.html
Mirror site: http://www.lurkhere.com/~nicefiles/

AdaWare: http://www.lavasoftusa.com/support/download/

Special Note #1: In some cases one or more of these programs may immediately exit. If this happens to you, download and run this program first, and then Cwshredder, Adaware and/or Hijack This will run successfully: http://www.safer-networking.org/files/delcwssk.zip

Special Note #2: If your problem is an unwanted Toolbar appearing in IE, a rather direct route to removing this malware is ToolBarCop: http://www.mvps.org/sramesh2k/toolbarcop.htm

4. Reboot. Test to see if your IE or other browser or mail client issues have been resolved. There has recently been some variants that will require one more tool Kill2Me: http://www.spywareinfo.com/~merijn/files/kill2me.zip

5. If still no joy: (this will not do harm)

. Download and run the LSPfix utility: http://www.cexx.org/lspfix.htm

6. If still no joy: (this will not do harm)

. Download and run the Winsock repair utility: http://members.shaw.ca/techcd/VB_Projects/WinsockFix.zip

Discussion: FAQ779-4625

Reboot. If it is still problematic, post the Hijack log on the site.

Hijack This! can be downloaded from: http://www.spywareinfo.com/~merijn/downloads.html
Mirror sites: http://www.lurkhere.com/~nicefiles/

My own good guess is that if you take the steps above there will be no need to post a Hijack log here. But if you still have problems:

. State the problem first. Your homepage is hijacked to the wrong site; I cannot access the internet at all; I receive pop-ups I do not want; my Favorites list is now populated with porn sites; etc. Be as specific as possible in the first lines of your post.

. Hijack This has the option to update the program on-line. Do so, and then if available exit the original version and run the new.

. Post the complete log here. Sometimes the problem lurks in a section that may not seem important to you.

. Now post the log generated with a click on the Scan button.

Usually someone will see your log file and give specific advice about what to remove with Hijack, or in combination with other instructions.

Remember that you can always run Hijack again and revert any changes suggested by a poster. Hijack lists a great deal of information, and it can happen that something removed is important to your system. Run Hijack again and revert the change. Reboot. The horrible fact of the mattter is that bad guys often hide under the name of good guys. Removal of all the bad guys is an imperfect process, and it may take more than one scan to complete the job.


Best,
Bill Castner
(With a lot of help from Syar2003, carr, smah, manarth, and many others)


Tek-tips site:
http://www.tek-tips.com/

 

[Dee]

For stopping future pop up issues, which are the major portal in which adware/malware get slipped onto your PC, you will want to DL Google's tool bar. It has a fantastic blocker in it and best of all, its FREE!

I d/l Googles toolbar several months ago at NetDoc's suggestion but it occasionally disappears and I have to restart it. Why is that? It works great while it's there.

 

[CBulla]

Thats a really good question - I'll have to look around google's site and see what I can learn.

 

[Groundhog246]

I recently had good results with a product called "BPS Spyware Remover", found and removed some stuff that Ad-Aware didn't. I use McAfee Virus Scan, I recently upgraded and the new version found some virus's the older version missed in spite of up to date DAT files (fortunately they were never "activated". For popups I use a program called PopupDummy and it's great.

Your new "homepage" might be as simple as browsing to the page you want to start with, then in IE, go to "Tools", "Internet Options" and on the "general" tab near the top it says home page and click on "Use Current".

My biggest source of headaches has been my teenager searching for game cheats (secret codes that let you skip levles or gain extra powers, etc).

RE: pt40fathoms, it's generally not a good idea to run more than one antivirus product. Frequently one product will find the other and cause false alarms. I've used McAfee AV products for many years (late 80's) and that along with safe computing practices (don't open an attachment you aren't expecting and don't know exactly what it is) has meant I've never had a virus infect any of my computers. I've had many found. In the early days it was on floppies, I've had one on a commercial CD (they didn't scan the master before sending to production), some on BBS's and later on the internet.

 

[CBulla]

The problem with BPS is that they steal Spybot S&D's stuff. Spybot was written by a college kid in Germany who got fed up with the spyware - this company stole his scan stuff and continues to steal his update patterns and sell them to people as their own original.

Here is what I do to clean out spyware:

1) Install Spybot S&D, run the updater, scan the system, remove files, then immunize. Allow to run on reboot if needed
2) Install adaware 6, run the updater, scan the system, remove files, then immunize. Allow to run on reboot if needed
3) Run CWShredder
4) Run HiJack this - clean out erronious entries in the registry - there is an information button that can help you determine if its a good entry or bad.
5) reboot, login, watch the scans.
6) rerun CWShredder - sometimes it needs it, but more or less just proof that it worked.
7) Run RegCleaner - This is a more advanced tool that I do not recommend unless your comfortable working with entries from a technical stand point. I use this to clean up stuff that doesnt belong on the PC, stray entries in the start up, etc..

I have checked out but do not use LSP Fix - the few malware which actually attach themselves to the files that LSP fix is supposed to "fix" really aren't seen anymore.

If you have Look2Me or nCase, you will need a special uninstaller for those - I have them and can provide if needed.

I also recommend WindowsWasher. It helps keep files off your system,i.e. on shutdown it'll wash and "bleach" the IE Temp folder etc.., and keep the machine running fast and clean.

I do not recommend a firewall installed on your PC unless you know what your doing and have a laptop that you travel with. If you have DSL/Cable, those have built in firewalls that you can configure. IF you have a wireless router or wire/wireless router they are configurable firewalls as well.

My top 3 favorite antivirus programs are: AVG by Grisoft - its $33 for a 2 year subscription that has live updates and scanning! Panda Antivirus by PandaSoftware and Trend, aka PCCillian.

Just my two bits from a few years and running a tech shop in the industry

 

[Groundhog246]

The problem with BPS is that they steal Spybot S&D's stuff. Spybot was written by a college kid in Germany who got fed up with the spyware - this company stole his scan stuff and continues to steal his update patterns and sell them to people as their own original.

Wasn't aware of that. Have only used it shareware from now. Will remove this evening and they will not see my $$$.
Will check out the other programs you mentioned.

Thanks

 

[Green Mountain]

Geez, I read all of this computer advice.

What I want to know is---Did you find the blow up doll you were looking for??

 

[cobaltbabe]

This is a McAfee website. We use it all the time here at work. You can get to it by going to www.housecall.antivirus.com

 

[Drewpy]

This Computer stuff is boring me.....whens the party?
Post some photos! :11ztongue