Spyware got me

ronnie · 2005-12-15, 08:52 AM

I have some spyware on my pc and not having much luck getting rid of it. Some days I really hate the internet, well least the scum bags that do crappy shit.

Anyways, this spyware is redirecting urls on me, instead of going to the correct url, I get redirected to some tgp looking crap with mainstream type links behinds the thumbs. Usually each time I get something different, some times even fake google pages. But it only does it for certian base urls, only two major sponsor FHG urls that I have noticed so far, that is all the FHG's for two certian sponsors get re-directed. I have contacted one of the sponsors to see if they had any one get in touch with them about it and if a solution might have been found. While the rep was very helpfull, he had'nt heard of it and tried helping me with no luck. Kinda hard to use FHG's if I can even see them. And yes these urls work, I've had friends try them and even tried them on another PC here in the office, so it's for sure something on my pc.

The thing is I've tried just about every anti-spyware program and none even seems to find it. I've tried, adaware SE, spysweeper, e-trust pest patrol, MS anti-spyware, have norton, bazooka, zone alarm does'nt show it, ect. I think I've tried just about everything, but it's still there. I also checked my hosts files on my pc, there is nothing in them.

Any suggestions? Any one else had this? I sure dont feel like buying any more anti-spyware programs, so far they have been a waste of money.

And yes, I know if I was'nt using Winodws I probably would'nt have it, but thats what I have...

This spyware also does it in Firefox, so it's not just a IE thing.

It's probably about time for a re-format anyways, but I really hate to do that now. But I dont know what else to do.

ronnie

Jim · 2005-12-15, 09:07 AM

Are you using Microsoft's Anti Spyware FREE software?

SirMoby · 2005-12-15, 09:16 AM

1. Opne IE click on Tools->Internet Options ->Connections ->Lan Settings - Make sure there is no Proxy server setup.

2. Check the file c:\WINDOWS\system32\drivers\etc\hosts there shouldn't be many IP addresses in there. It should only have 127.0.0.1

3. System Restore to a point before the install will work but you might loose a thing or 2. I never have but I've heard of people that have lost some recent work.

If these don't work then let us know and we can offer a few more ideas. Either way, let us know what does work please.

Where's Cleo when you need an ad for Macs?

MrYum · 2005-12-15, 09:23 AM

Damn, sorry to hear that Ronnie

Agree...the fucktards that do this crap should be fed their own balls

Looks like Moby has already given you some good advice...so I'll just say best of luck!

Please do let us know how it turns out.

ronnie · 2005-12-15, 09:24 AM

Quote:

Originally Posted by Jim

Are you using Microsoft's Anti Spyware FREE software?

Yep, sure am. Like I said, seems I've tried them all without much luck.

ronnie

ronnie · 2005-12-15, 09:29 AM

Quote:

Originally Posted by SirMoby

1. Opne IE click on Tools->Internet Options ->Connections ->Lan Settings - Make sure there is no Proxy server setup.

2. Check the file c:\WINDOWS\system32\drivers\etc\hosts there shouldn't be many IP addresses in there. It should only have 127.0.0.1

3. System Restore to a point before the install will work but you might loose a thing or 2. I never have but I've heard of people that have lost some recent work.

If these don't work then let us know and we can offer a few more ideas. Either way, let us know what does work please.

Where's Cleo when you need an ad for Macs?

Nothing in Lan settings and as I mentioned, I've already checked both hosts files and nothing there, the thought they might have been hacked, but nothing. Restore.. hhmm... cant remeber when it all started, been a good month probably.

Ya the mac thing, was waiting for that..lol

I am going to try running everything again this morning, but have a feeling it wont do much, we'll see.

Like I said, it's not a major problem, just redirects the certian FHG url's, just a pain not to be able to use them right now.

ronnie

SirMoby · 2005-12-15, 10:26 AM

If you have your original Windows media you can run

sfc /scannow

That should show you any files that have been whacked

MrMaryLou · 2005-12-15, 10:30 AM

Have you tried http://www.safer-networking.org/en/index.html spy bot search and destroy? It works well and blocks too

plateman · 2005-12-15, 10:31 AM

I would try and see what you got first, did you run hijackthis? if you can run it post your file and we can look at it..

plateman · 2005-12-15, 10:36 AM

ronnie did you boot to safe mode? try that and do all the scans over again, run everything you have.. then run hijackthis.. and see whats left

Alex B · 2005-12-15, 11:25 AM

Maybe you have problem with PS Guard - it's real pain in the ass. Here's one thread about it
http://forums.spywareinfo.com/index....ded&pid=325059
Search also for smitRem.exe - utilitu for removal of that crap and how to use it. I have page saved hereabout removal but can't find it online, if you want i can post it

... of course, if that one is your problem

That's how I removed it - every other spyware removal program is useless. Maybe only Spyware Doctor could help.

RawAlex · 2005-12-15, 11:31 AM

Ronnie, having just spent last night removing a certain piece of spyware from my girlfriend's PC (no, I didn't put it there!), I can tell you that some of the newest spyware is basically "remove proof".

Before anything, make sure you have run windows update and that your computer is 100% up to date. Unpatched windows is like locking the door and leaving the window next to it wide open. People will figure it out.

Make sure your virus protection software is 100% up to date (latest files) and the same for your adaware and other tools. Don't assume just because you downloaded them this week that they are up to date, they are often years behind.

My suggestion is this: Start out with the URLs you are being directed to. Google them, and see (like if you get sent to somefuckdomain.com, search for somefuckingdomain spyware or somefuckingdomain virus and see what you get). Normally you should be able to find at least one site with a decent remove once you have a good name for what you have gotten.

Removal is actually pretty easy. DISCONNECTION YOUR COMPUTER FROM THE INTERNET. Too many of these viruses are self replicating in yoru system by keeping a very, very small part of themselves alive on your box, and using that little snip of code to suck the virus back down and reinstalling itself.

Restart your box in safe mode WITHOUT network support.

Run virus scan.

Run Microsoft anti-adware thing.

Run Adaware.

Go into registry and make sure there is nothing in the windows run or windows runonce files. Normally a good virus manual remove will have instructions how to do this.

Check to make sure that the actual Icon you are using to access the internet (your firefox or *ugh* IE icon) is actually going to these programs, and isn't going to a third party program before startup.

After all is done, restart the computer in normal mode without your network attached, and run the scans again.

If you share a network / have more than one computer on your network you should disconnect all computers from the network and treat all of them as if they were infected. Scan each one closely. Many viruses will use windows networking to spread the virus machine to machine inside your filewall area, especially if you have open shared directories.

Good luck.

Alex

ronnie · 2005-12-15, 12:00 PM

Thanks for all the great replies, looks like I have quite a few things to try. I sure appreciate it. After I get some work done I'll dig in.

And of course if any one has seen or had something similar, please post. I've had plenty of virus's or spywares and always gotten them out one way or another, but this one is really stuck. Guess as Alex said they are getting smarter and getting to be "remove proof".

I know it's an on-going debate, but I sure dont see why this stuff is still legal, I really dont.

ronnie

2005-12-15, 08:52 AM	#1
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	Spyware got me I have some spyware on my pc and not having much luck getting rid of it. Some days I really hate the internet, well least the scum bags that do crappy shit. Anyways, this spyware is redirecting urls on me, instead of going to the correct url, I get redirected to some tgp looking crap with mainstream type links behinds the thumbs. Usually each time I get something different, some times even fake google pages. But it only does it for certian base urls, only two major sponsor FHG urls that I have noticed so far, that is all the FHG's for two certian sponsors get re-directed. I have contacted one of the sponsors to see if they had any one get in touch with them about it and if a solution might have been found. While the rep was very helpfull, he had'nt heard of it and tried helping me with no luck. Kinda hard to use FHG's if I can even see them. And yes these urls work, I've had friends try them and even tried them on another PC here in the office, so it's for sure something on my pc. The thing is I've tried just about every anti-spyware program and none even seems to find it. I've tried, adaware SE, spysweeper, e-trust pest patrol, MS anti-spyware, have norton, bazooka, zone alarm does'nt show it, ect. I think I've tried just about everything, but it's still there. I also checked my hosts files on my pc, there is nothing in them. Any suggestions? Any one else had this? I sure dont feel like buying any more anti-spyware programs, so far they have been a waste of money. And yes, I know if I was'nt using Winodws I probably would'nt have it, but thats what I have... This spyware also does it in Firefox, so it's not just a IE thing. It's probably about time for a re-format anyways, but I really hate to do that now. But I dont know what else to do. ronnie

2005-12-15, 09:23 AM	#4
MrYum Arghhhh...submit yer sites ya ruddy swabs! Join Date: May 2004 Location: Sunny Florida! Posts: 5,108	Damn, sorry to hear that Ronnie Agree...the fucktards that do this crap should be fed their own balls Looks like Moby has already given you some good advice...so I'll just say best of luck! Please do let us know how it turns out. __________________ Porno Flixxx Submissions SOTI Site Submissions Free Porn Resource Submissions

2005-12-15, 10:30 AM	#8
MrMaryLou i fucking told i type to fucking fast wtf Join Date: Mar 2003 Location: New York Posts: 11,247	Have you tried http://www.safer-networking.org/en/index.html spy bot search and destroy? It works well and blocks too __________________ <a href="http://www.greenguysboard.com/onthebench/">Join Me For On The Bench </a>

2005-12-15, 10:31 AM	#9
plateman What can I do - I was born this way LOL Join Date: Oct 2003 Location: ohio Posts: 3,086	I would try and see what you got first, did you run hijackthis? if you can run it post your file and we can look at it.. __________________ Submit to: Porn O Plenty XXX Links Reality Here

2005-12-15, 10:36 AM	#10
plateman What can I do - I was born this way LOL Join Date: Oct 2003 Location: ohio Posts: 3,086	ronnie did you boot to safe mode? try that and do all the scans over again, run everything you have.. then run hijackthis.. and see whats left __________________ Submit to: Porn O Plenty XXX Links Reality Here

2005-12-15, 09:07 AM	#2
Jim Banned Join Date: Aug 2003 Location: Mohawk, New York Posts: 19,477	Are you using Microsoft's Anti Spyware FREE software?

2005-12-15, 09:16 AM	#3
SirMoby Jim? I heard he's a dirty pornographer. Join Date: Aug 2003 Location: Washington, DC Posts: 2,706	1. Opne IE click on Tools->Internet Options ->Connections ->Lan Settings - Make sure there is no Proxy server setup. 2. Check the file c:\WINDOWS\system32\drivers\etc\hosts there shouldn't be many IP addresses in there. It should only have 127.0.0.1 3. System Restore to a point before the install will work but you might loose a thing or 2. I never have but I've heard of people that have lost some recent work. If these don't work then let us know and we can offer a few more ideas. Either way, let us know what does work please. Where's Cleo when you need an ad for Macs?

2005-12-15, 10:26 AM	#7
SirMoby Jim? I heard he's a dirty pornographer. Join Date: Aug 2003 Location: Washington, DC Posts: 2,706	If you have your original Windows media you can run sfc /scannow That should show you any files that have been whacked

2005-12-15, 11:25 AM	#11
Alex B Aw, Dad, you've done a lot of great things, but you're a very old man, and old people are useless Join Date: May 2005 Posts: 29	Maybe you have problem with PS Guard - it's real pain in the ass. Here's one thread about it http://forums.spywareinfo.com/index....ded&pid=325059 Search also for smitRem.exe - utilitu for removal of that crap and how to use it. I have page saved hereabout removal but can't find it online, if you want i can post it ... of course, if that one is your problem That's how I removed it - every other spyware removal program is useless. Maybe only Spyware Doctor could help.

2005-12-15, 11:31 AM	#12
RawAlex Took the hint. Join Date: Mar 2003 Posts: 5,597	Ronnie, having just spent last night removing a certain piece of spyware from my girlfriend's PC (no, I didn't put it there!), I can tell you that some of the newest spyware is basically "remove proof". Before anything, make sure you have run windows update and that your computer is 100% up to date. Unpatched windows is like locking the door and leaving the window next to it wide open. People will figure it out. Make sure your virus protection software is 100% up to date (latest files) and the same for your adaware and other tools. Don't assume just because you downloaded them this week that they are up to date, they are often years behind. My suggestion is this: Start out with the URLs you are being directed to. Google them, and see (like if you get sent to somefuckdomain.com, search for somefuckingdomain spyware or somefuckingdomain virus and see what you get). Normally you should be able to find at least one site with a decent remove once you have a good name for what you have gotten. Removal is actually pretty easy. DISCONNECTION YOUR COMPUTER FROM THE INTERNET. Too many of these viruses are self replicating in yoru system by keeping a very, very small part of themselves alive on your box, and using that little snip of code to suck the virus back down and reinstalling itself. Restart your box in safe mode WITHOUT network support. Run virus scan. Run Microsoft anti-adware thing. Run Adaware. Go into registry and make sure there is nothing in the windows run or windows runonce files. Normally a good virus manual remove will have instructions how to do this. Check to make sure that the actual Icon you are using to access the internet (your firefox or ugh IE icon) is actually going to these programs, and isn't going to a third party program before startup. After all is done, restart the computer in normal mode without your network attached, and run the scans again. If you share a network / have more than one computer on your network you should disconnect all computers from the network and treat all of them as if they were infected. Scan each one closely. Many viruses will use windows networking to spread the virus machine to machine inside your filewall area, especially if you have open shared directories. Good luck. Alex

2005-12-15, 12:00 PM	#13
ronnie Wheither you think you can or you think you can't, Your right. Join Date: Jun 2004 Location: midwest Posts: 2,274	Thanks for all the great replies, looks like I have quite a few things to try. I sure appreciate it. After I get some work done I'll dig in. And of course if any one has seen or had something similar, please post. I've had plenty of virus's or spywares and always gotten them out one way or another, but this one is really stuck. Guess as Alex said they are getting smarter and getting to be "remove proof". I know it's an on-going debate, but I sure dont see why this stuff is still legal, I really dont. ronnie