Spyware detected! Help!

Dexboi

13 Mar 08, 23:11

erm..now mediafire cannot upload any hijackthis log cux got database maintenance.

was wondering whether got any spyware removal program dats downloadable and workable.

i need help..the exclamation balloon keeps appearing and asking me to dl new softwares to remove trojan.

later i post the logfile link when mediafire allows it. paiseh paiseh.

kenn3th

13 Mar 08, 23:13

Rouge spyware.

Is there any name for the software?

You downloaded a codec right?

eagle

13 Mar 08, 23:13

can u post a picture of the popup? You can host it at xs.to

And is it something like they tell u a trojan is detected, so you must download? Don't if it is so.

Dexboi

13 Mar 08, 23:17

ya! it says need to dl software to remove the trojan..din click..jus kept cancelling.

erm...how to save screen shot?=P

eagle

13 Mar 08, 23:18

Originally posted by Dexboi:

ya! it says need to dl software to remove the trojan..din click..jus kept cancelling.

erm...how to save screen shot?=P

print screen, go microsoft photo editor or any imaging software, select new, and then paste.

ndmmxiaomayi

13 Mar 08, 23:25

Upload the log to Savefile. Or whereever you like, so long as it's not Rapidshare and Megaupload and sites that are similar to them.

Dexboi

13 Mar 08, 23:27

paiseh..i dunnoe how to save screenshot..

erm..the balloon says:

"Security alert: Spyware found.

Your computer is infected with the latest version of PSW.x-Vir trojan. PSW trojans steal your private information such as passwords, IP address, credit card info, regn details, documents etc.

Click this baloon to remove PSW.x-Vir spyware."

http://www.savefile.com/files/1437279

ok! uploaded the hijack log..please take a look.

ndmmxiaomayi

13 Mar 08, 23:30

Think I know this one. Just get the log file up to any of the file hosting servers.

Dexboi

13 Mar 08, 23:34

Originally posted by ndmmxiaomayi:

Think I know this one. Just get the log file up to any of the file hosting servers.

kz..the balloon pops up every minute.

i think i clicked the squared X button at the top right like a dozen times alrdy.=(

ndmmxiaomayi

13 Mar 08, 23:48

Wah... first glance at your log only looks quite bad liao...

Dexboi

13 Mar 08, 23:53

Originally posted by ndmmxiaomayi:

Wah... first glance at your log only looks quite bad liao...

yea..saw a lot of unknown stuffs on the log...

pls help!

eagle

13 Mar 08, 23:54

Originally posted by ndmmxiaomayi:

Wah... first glance at your log only looks quite bad liao...

you gotta work liao... :(

I definitely must learn hjt logs to help out

ndmmxiaomayi

14 Mar 08, 00:06

Can you change all your passwords of any accounts that you have. If you do online banking, please keep a close watch on your bank statements. Notify the banks immediately if the statements don't look right.

Step 1

If you already have SDFix, please delete this copy and download it again as it's being updated regularly.

Please download SDFix by AndyManchesta and save it to your desktop.
Double click on SDFix.exe. By default, it will install to C:\.
Click on Install.

Please print out or save this set of instructions as you will not have internet access during the fix.

Next, boot into Safe Mode.

When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.
Navigate to C:\SDfix (if you installed it to the default location, otherwise, locate where you installed it)
Double click on RunThis.bat
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key to reboot.
When the PC restarts the tool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load, the SDFix report will open on screen. You can also find the report in SDFix folder, named Report.txt.

Step 2

Please download and install CCleaner Slim.
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.

Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

Post the following logs in your next reply (uploaded to Savefile or somewhere else):

1. SDFix report (C:\SDFix eport.txt, report.txt can be found wherever you installed SDFix to)

2. CCleaner install.txt file

3. A new HijackThis log

Dexboi

14 Mar 08, 00:13

wah..mayi really experienced in this!

erm..is it ok if i post the reply tmr evening?

tmr gotta wake up early for work..=P

nitex all..and thx alot mayi..=))

ndmmxiaomayi

14 Mar 08, 00:14

Originally posted by eagle:

you gotta work liao... :(

I definitely must learn hjt logs to help out

Haha... it's OK de lah

But if got extra eyes, I don't mind.

ndmmxiaomayi

14 Mar 08, 00:15

Originally posted by Dexboi:

wah..mayi really experienced in this!

erm..is it ok if i post the reply tmr evening?

tmr gotta wake up early for work..=P

nitex all..and thx alot mayi..=))

No problems. But if you don't intend to run SDFix now, don't download it. It's updated regularly.

Good night.

Dexboi

14 Mar 08, 21:53

Sorry..im not so sure abt hw to get the com to safe mode.

quote:

Next, boot into Safe Mode.

When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.

i've clicked and held onto the f8 button upon restarting. the whole com juz kept beeping awae and once i released the f8 button, it brought me to the BIOS blue screen.

Continued holding on to the f8 button after exiting the BIOS screen.

end up the windows continue to load.

how do i get to the selection of safe mode screen?

HELP!!

ndmmxiaomayi

14 Mar 08, 22:39

Do you get into this screen?

If no, do the following:

1. Shut down the computer. Wait a while before turning it on.

2. When you hear your computer beep, keep on pressing the F8 button.

You should see the above screen.

Use the up down arrows to select Safe Mode, then press Enter. Choose the OS and press Enter again.

Windows will load. Log in to your usual account.

Then follow the rest of the instructions as usual.

Dexboi

14 Mar 08, 22:55

oh yes mayi!

all done properly for the step 1..now proceeding to the 2nd step.

AND YES!

the trojan thingy that i mentioned earlier is gone now!

BUT!!

now suddenly another spyware thingy. theres a small tray icon next to my Windows Security Alerts that flashes back and fro from wad seems like a X on a red shield to a ? on a blue shield.

Putting my cursor over the icon would say sth like "System Alert! The system has detected a number of spyware programmes that would impact the system performance. Click on this icon to download an anti-spyware programme."

the moment i click on the icon, a page with this url :http://www.virusheat.com/?aff=1012 pops up. -__-"'

now gg on to step 2 to c hw things go on.

Dexboi

14 Mar 08, 23:07

OK step 2 done!

CCleaner file:

http://www.savefile.com/files/1439300

SD fix report

http://www.savefile.com/files/1439305

Hijack new log

http://www.savefile.com/files/1439312

Dexboi

14 Mar 08, 23:38

spyware still present at the moment after CCleaning.

anywae to remove it? :'(

ndmmxiaomayi

15 Mar 08, 00:42

This is just only the first part. There's more to come unfortunately. Step by step we move.

ndmmxiaomayi

15 Mar 08, 01:14

Don't use any P2P programs while we are still cleaning. While the Limewire that you have installed is free of spyware, files downloaded from P2P networks are not necessary clean.

See here for a list of clean and infected P2P programs.

Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\cd345.exe for scanning.

For Virus Total

Please copy and paste C:\WINDOWS\system32\cd345.exe in the text box next to the Browse button.
Click on Send File.

For Jotti

Please copy and paste C:\WINDOWS\system32\cd345.exe in the text box next to the Browse button.
Click on Submit.

Regarding the files in the C:\SWTOOLS folder, do you know anything about them?

Uninstall the following programs:

ALOT Toolbar
Megaupload Toolbar

Restart your computer.

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Select Flash Database and click on Edit uninstall command button.
Copy and paste this command in your next reply.

Please print out or save this set of instructions as you will be rebooting the PC.

Please download Fixwareout from Bleeping Computer and save it to your desktop.
Double click to run it.
Click Next, followed by Install.
Once installation is done, tick the Run fixit box.
Click Finish.
The fix will start, follow the prompts. You will be asked to restart the PC, please do so. Your system will take longer to start, this is normal.
Once your PC restarted, go to Start > Control Panel. Double click on Network Connections.
Right click on your default connection and select Properties.
Select the General tab.
Double click on Internet Protocol (TCP/IP) under This connection uses the following items:
Select Obtain an IP address automatically and Obtain DNS server address automatically.
Click OK twice to save the settings. Restart when prompted to.
Go to Start > Run and type in cmd.
Type in the following in blue line by line, pressing Enter after each line:

ipconfig /renew
ipconfig /flushdns
exit

Post the following logs in your next reply:

1. Fixwareout report (C:\Fixwareout eport.txt)

2. A new HijackThis log