Dammit! :mad:

Windows firewall up and running, and using Firefox. Infected anyway.

I have a new screen, bright blue, with a black square in the center telling me I'm infected. I also get a menu on the right, (with the usual viagra, porn, personals selections), I keep getting popups, (that appear legit, but they are'nt). I've cleared out the popups, (by deleting winstall.exe), but I can't clear my screen. Adaware does'nt help...but I'm performing an online scan from pandasoftware.com, and I'll try Hijack This too.

dude, my son got that on his computer, I couldn't get it out even though I isolated the program. it comes up on startup and I've forgotten the DOS command to bypass windows to delete it so I had to take it to the shop.

They couldn't do it through MSDOS either and they had to strip it and redo it.

Just delete the particular startup registry. It's not that hard, you know... There are even programs out there that will show a list of all the startup itema, and you can delete it from there.

maybe, but it didn't seem to work for the computer shop I took it to. they tried. that particular virus is nasty.

I had this before, took a while to clean it off but I did (without any MSDOS crap either).
You need something to run on startup before most things load.

Just delete the particular startup registry. It's not that hard, you know... There are even programs out there that will show a list of all the startup itema, and you can delete it from there.


Did so. It comes back. I've run Hijack This, Ad Aware, Ewido, panda, and I've deleted, or renamed a couple dozen files by hand. It kills Regedit, (through the use of 'nulls'), so I can't do much there. I've wiped out a little bit of it, but most of it's still there. Whee. :|

I had this before, took a while to clean it off but I did (without any MSDOS crap either).
You need something to run on startup before most things load.

Were you using Firefox, or IE? And did you have your firewall enabled?

Firefox and a firewall.

Just delete the particular startup registry. It's not that hard, you know... There are even programs out there that will show a list of all the startup itema, and you can delete it from there.

start --- run --- msconfig .... that's one of them.

Firefox and a firewall.


Freakin' lovely. :mad:

Any tips you'd care to share on how you eliminated it?

Freakin' lovely. :mad:

Any tips you'd care to share on how you eliminated it?

sounds to me like spyware ....

download and run this: http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5



edit ... sorrry, looks like you allready did.

I think I fixed it with Spy Sweeper.
There is a 30 day trial so that should do the trick

http://www.spam-blockers.com/spy-sweeper.html

Ad-aware partly worked but stuff kept reappearing/reinstalling.

I did get rid of that message without Spy Sweeper but there is many components to this thing. Is a vicious example of adware/spyware.

I think I fixed it with Spy Sweeper.
There is a 30 day trial so that should do the trick

http://www.spam-blockers.com/spy-sweeper.html

Ad-aware partly worked but stuff kept reappearing/reinstalling.

I did get rid of that message without Spy Sweeper but there is many components to this thing. Is a vicious example of adware/spyware.

El-crappo. I'm still fighting this. I thought I nearly had it gone, then windows refused to load at all. I'll give spy-sweeper a try now, thanks for the tip!

www.hitmanpro.nl

It's not like it really matters anyway....we're all gonna get infected by this latest bit of nastiness anyhoo. This one infects all versions of windows released since 1990. Whee. :|

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.


http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html



P.S. Ok, the little popup on the right is gone, but I still can't change display settings, (background image).

The background image is set by a memory resident program, I think it was something like Spyware Sheriff or something like that. If you see some program with the name "sheriff" installed that is probably it.

The background image is set by a memory resident program, I think it was something like Spyware Sheriff or something like that. If you see some program with the name "sheriff" installed that is probably it.

Yeah, I found and deleted it, but I still can't change settings...other than background color. Oh well, the computer seems to be working ok again, except for that.

Run Spybot Search and Destroy then Spy-Sweeper then reboot. See what happens.

http://housecall.trendmicro.com/

Some of the virii and malware are impossible to remove unless you run your cleanup proggy in windows safe-mode

I finally got all the remants of this stupid thing cleaned out. The trick was using something called smitrem.exe, (search on google...I don't have the addy hand). I can now set my background image, and colors again. :nice: