HELP!

Discussion in 'PC Help Desk' started by zookeeper, Nov 27, 2006.

  1. zookeeper

    zookeeper Well-Known Member

    A friend popped by and her son was using my computer...he downloaded a game and whew...problems now.

    My toolbar now has two triangles with an exclamation point in the center...ooops now there are three of them they flash and when not yellow, they look like bombs...

    System alert: Trojan-Spy.Win32@mx it says then if I click on it a window appears that says Trojan TJ/BZ infection attempt was detected....

    I'm running McAfee and when I move my mouse over it is says it is enabled...

    Is my pc in danger?
    How do I make the icons go bye-bye from my toolbar?

    Thanks
     
  2. Clif

    Clif Guest

    DO NOT CLICK ON THEM!!!!

    (More in a bit)
     
  3. Clif

    Clif Guest

    If you are running XP, you need to install Microsoft Defender (Click on "Download It Here")

    If you are running an earlier version of Windows, you can try AdAware (Select Ad-Aware SE Personal (Free Download))
     
  4. appcomm

    appcomm Well-Known Member

  5. Clif

    Clif Guest

    Now that I've stopped you (hopefully) from doing more damage, and given you a solution.

    What you're experiencing is a spyware virus (yes, a combination of the two). It attacks when you load a certain page and tries to convince you to use their product to get rid of the spyware. If you click on the link to download their stuff, you only end up putting a lot more nasty stuff on your computer. One of the biggest problems is that the icon looks like Windows Firewall icon so most people think it's a MS warning and will go ahead and click it.

    The Defender I noted above was the best thing I found to get rid of it off my machine (GF downloaded a "Cool Savings" coupon).

    AdAware might well work, and is the best shot if you're not running XP.

    Both apps, once run, will clean your computer and then run in the background to prevent it from happening again.
     
  6. zookeeper

    zookeeper Well-Known Member

    Thanks - unfortunately I did click on it...it gave me an ad for anti virus software to buy ...

    Doing as you suggested now.

    Guess what else flashed on my screen and stayed there with no prompting...

    yup, you guessed it PORN!!!! I will be on the phone with my little visitor as soon as I clean up this mess.

    and a message "the ads (pop up) that you see on your computer is a part of the codec that you or someone who was using your computer downloaded.....blah blah,..this code allows you to watch adult movies for free...the price is ads that the software shows you. should you want to remove the codec, go to start>settings>control panel>add and remove software> public messenger

    should I even bother to do this???

    Thanks for the advice.

    Im doing an AGV anti virus scan as I type this started it 25 min ago so far it says its scanned 42007 obhjects and no threats found - is this worthwhile letting finish its thing?
     
  7. CrzyForBaseball

    CrzyForBaseball Well-Known Member

    If you keep your computer on all the time, set AVG to run at 2 or 3 in the morning (assuming it's not on dial-up). It will check for new definitions and will then run a full system scan. My runs every night as a well as Windows Defender that Clif suggested.
     
  8. zookeeper

    zookeeper Well-Known Member

    This kid is gonna be dead meat!

    Thanks for the advice, will let the scan finish and then run windows defender.
     
  9. Clif

    Clif Guest

    No!!! Do not do anything that "they" suggest. Odds are that what they suggest you do to solve the problem (thet they created in the first place) will only do more harm.
     
  10. zookeeper

    zookeeper Well-Known Member

    I didn't, that's why I asked ... figured as much.

    Thanks a bunch! Really appreciate your help! :D
     
  11. Clif

    Clif Guest

    Please keep us posted as to whether (and how well) the solutions suggested here work.
     
  12. zookeeper

    zookeeper Well-Known Member

    The Windows Defender said I had no problems...so did the AGV, however I still have those icons flashing and popping up balloons...very annoying - no more naked women have shown up though. How do I get rid of the icons? It will probably have to wait till tomorrow, have to go back out to work, got nothing done I needed to this afternoon :-(
     
  13. Clif

    Clif Guest

    Now that you have your machine clean, try rebooting.
     
  14. zookeeper

    zookeeper Well-Known Member

    Reboot brought a message from windows Defender warning of a 'medium threat' and I clicked for it to remove it so will reboot again now.
     
  15. zookeeper

    zookeeper Well-Known Member

    well, today is not my day. now, not only do I have these flashing things in my tray, but I keep getting popups from 'greatdateclub.com' with women from our area (raleigh, willow springs) pictured in their underware in some raunchy poses...Then when I click it off ads for Malware appear suggesting that I download immediately or my passwords and other personal information will be in jeopardy...paraphrasing here...

    Naturally I googled it and saw that according to systemac...my pc...this is bogus and not the award winning Malware and that they are just trying to sell some sort of bootleg thing to you or whatever.

    So, guess I'll have to get my nephew to come over and either get rid of the junk or scrub it clean -

    I tried using Windows Defender to go through my programs and found the toolbar icons and saw they were just loaded - I tried both removing as well as disabling them and either they go away for a few minutes, or they pop back in there as just installed. Grrrrr.....

    nothing is ever easy when it comes to my life lately.

    thanks for all of the suggestions. I am hoping that the googled info was correct and that the threats are exaggerated and mostly a severe pain in the butt rather than a serious problem as I can't do anything about it till the weekend ...oh happy monday.
     
  16. appcomm

    appcomm Well-Known Member

    I would definitely recommend running the online scan from EWIDO. On serveral occasions that has cleared up issues that other programs have missed or been unable to detect and remove.

    http://www.ewido.net

    On the home page, look to the left and you'll see the "Scan Now" button. It make also take running the SmitFraudFix mentioned above, which is targeted at removing this specific malware intrusion.
     
  17. JenniferK

    JenniferK Well-Known Member

    Zoo, I feel your pain. My machine runs like crapola.

    I've done everything I know to do...

    I first went here:

    http://4042.appcomm.net/forums/viewtopic.php?t=9846

    And after Spysweeper installed, took forever to run, and then told me I had issues, but wouldn't fix them until I paid, I quit with this thread, lol.

    I will try EWIDO though...

    Then I tried this:

    http://4042.appcomm.net/forums/viewtopic.php?t=10932

    And although it found a lot of crap, I'm still running slow.

    I've used AOL's computer checkup....

    I've run Spybot Search and Destroy...

    I run AdAware everyday.....

    My McAfee is up to date....

    My AOL Spyware protection is up to date....

    I've defragmented my drives......

    To be honest, with the pop ups I get and the sloooooooooooow-ness of the whole thing, I'm about ready to throw it out the damn window.

    And no, I don't want to pay someone to come over and fix it for me, because I'm broke and I need baby stuff more than I need a fast computer, I'm just complaining. My Stepdad was a programmer and I've always been able to fix stuff like this on my own and it just irritates me that I can't seem to do it now.

    So good luck, and if you find something really good, let me know!
     
  18. ddrdan

    ddrdan Well-Known Member

    Jen, search the web for "Rootkit" software. Rootkits are the number 1 threat right now. It's a spyware that hides itself from windows and works in the background. here are some to look for, and like any spyware software you need to run more than one to get it all.

    ~AVG anti-rootkit beta
    ~GMER anti-rootkit
    ~Blacklight rookit revealer (hard to find - out of date now but this is a good one)
    ~Gromozon rootkit remover

    Here's a good definition of rootkits:

    The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

    A good way to find the culprit of your problems
    First you have to be comfortable working with Windows Explorer. We need to Un-hide your system files. Open Explorer, go to "tools"(top of screen), go to "Folder Options", then "View". Put a check in "Show hidden files". Un-check "hide file extensions" & "Hide protected operating system files". Click "apply" and "ok". It's going to give you a warning, click ok or yes.

    Go to the system32 directory of you windows directory. This is the directory where all things happen for windows. Go to the "views" menu (top of screen) and choose "details". You now have a vertical list on the right side with file names and their modified dates. Click on the word "modified" till the most current date appears at the top. Spyware keeps renewing & updating itself so the date will always be relatively new. Look for the freaky named files like Z123gh43 ..etc. Look for .exe and .dll file extensions. Right those down and put them in a web search. If they are bad you'll get a return. Most returns give a link to a fix.
     
  19. ddrdan

    ddrdan Well-Known Member

    Now, on to my attitude on this crap!!!!!!

    When is the government going to do something about this spyware problem. I know it's petty in the spectrum of things important, and by all means, I'm complaining about what I do for a living. But, spyware gets me and my families PC's too!!!

    I spent 9 hours yesterday restoring the PC's in my home from a registry rootkit that destroyed the whole system. For what? Some stupid marketing data that the spyware originator will sell for pennies? This really needs to stop and everyone needs to voice this to their government rep's to get it done. A little note for you: Who is the largest trader in this data? ........ The United States Government!!!!!!! Now you know why it won't stop.

    JMHO
    Dan
     
  20. CrzyForBaseball

    CrzyForBaseball Well-Known Member

    Just a note that EWIDO has merged with Grisoft and the new product is AVG Anti-Spyware. There is a free version at grisoft.com.
     

Share This Page