Counterglow Forums  

Go Back   Counterglow Forums > General Discussions > Technoglow

Reply
 
Thread Tools Display Modes
Old 20-03-2007, 08:06:35   #1
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
Persistent spyware

My computer has a rather unpleasant spyware problem. What's happening is that I keep removing a raft of spyware apps (using both SpyBot S&D and Ad-Aware) but they keep returning when I reboot!

I've discounted a virus (my anti-virus software says no) and I can't imagine any of my startup software being the culprit (ClamWin antivirus, COMODO personal firewall, Skype, NvCpl). Any ideas?
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 20-03-2007, 08:27:22   #2
Drekkus
The Happy Little Pee Guy
 
Drekkus's Avatar
 
Join Date: Mar 2002
Location: They think I'm crazy. They don't know that I like it here, it's nice in here. Reputation: -984653893929276
what are the names of the apps? Not that i'm an expert, but there are some sites (like http://www.neuber.com/taskmanager/process/index.html) that will tell you is something is bad or not.
__________________
There's no such thing as a mistake, just happy accidents.

Spoon, it's not a swear word.

1st CG Hardcore Belt Royal Rumble Winner
Drekkus is offline   Reply With Quote
Old 20-03-2007, 09:15:55   #3
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
They're bad, trust me.
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 20-03-2007, 09:16:51   #4
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
Oh you mean like that. No, I don't think that's it...
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 20-03-2007, 11:44:21   #5
Venom
Look out behind you!
 
Venom's Avatar
 
Join Date: Nov 2001
Location: Rudolph's stable
Try Hijack this. It's pretty good at removing nasty stuff that infiltrates your browser.
__________________
TO MY BALLS!!!!!
or
TO LazyView!!!!

Venom is offline   Reply With Quote
Old 24-03-2007, 05:09:59   #6
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
There's still something that reinstalls half a dozen pieces of malware to my computer every time I start up and I can't figure out what. I've tried three different spyware removers and none of them know what it is, only removing the surface problem.
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 24-03-2007, 05:15:18   #7
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
By Jove, I've found it. It was "NvCpl.exe", a process all websites assured me was a vital component of the Nvidia drivers...
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 03-04-2007, 05:46:36   #8
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
FINALLY figured it out. It was a piece of spyware called VirtuMonde that generated randomly named dll files that put themselves in startup...
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 03-04-2007, 11:43:34   #9
MDA
Registered User
 
MDA's Avatar
 
Join Date: Nov 2001
Location: updated his email address and can look but not post
Ergh. Had a lovely time with my sister's comp this weekend - she hadn't updated virus protection since 2003

Only 23 viruses, and I didn't count the stuff adaware removed.

She thought the update your protection messages were "advertisements", but never thought to ask anyone about them.
MDA is offline   Reply With Quote
Old 03-04-2007, 11:51:45   #10
Drekkus
The Happy Little Pee Guy
 
Drekkus's Avatar
 
Join Date: Mar 2002
Location: They think I'm crazy. They don't know that I like it here, it's nice in here. Reputation: -984653893929276
My laptop got infected with some really agressive trojan this weekend. It started pumping out emails like crazy, with half of them being blocked by my Symantec AV. I found what exe file caused it, but after deletion it just came back after start up. It's a laptop from work, so the techguy at work is really happy, especially since even he can't seem to get rid of it.

I'm happy I was surfing for porn this once when it happened. Just imagine if it was a Southpark site. But I guess I will be buying my SP episodes from iTunes now.
__________________
There's no such thing as a mistake, just happy accidents.

Spoon, it's not a swear word.

1st CG Hardcore Belt Royal Rumble Winner

Last edited by Drekkus; 03-04-2007 at 12:33:43.
Drekkus is offline   Reply With Quote
Old 03-04-2007, 15:39:30   #11
Venom
Look out behind you!
 
Venom's Avatar
 
Join Date: Nov 2001
Location: Rudolph's stable
Find out the name of the virus by googling the name of the EXE file and see if there are instructions to remove it.

If not, you've got to look for the source of the exe. Check the system folders in
the windows directory. Look for any recent dlls or other files that you don't recognize. Try and delete them.

(May want to be in safe mode to do this)

If that does work then there's something in the registry keeping the file alive. You're fucked.
__________________
TO MY BALLS!!!!!
or
TO LazyView!!!!

Venom is offline   Reply With Quote
Old 03-04-2007, 18:47:18   #12
Scabrous Birdseed
for your usergroup and post count
 
Scabrous Birdseed's Avatar
 
Join Date: Aug 2002
Location: Among the clouds
Post your HiJack This! Log.
__________________
Birdseed's Tunedown
Scabrous Birdseed is offline   Reply With Quote
Old 03-04-2007, 20:14:56   #13
Qaj the Fuzzy Love Worm
Not National Zombie Awareness Month
 
Qaj the Fuzzy Love Worm's Avatar
 
Join Date: Jan 2002
Location: Gnawing at your brain
Low-level format. It's the only way to be sure.
__________________
Not annoying anyone with my signature since 2011!
Qaj the Fuzzy Love Worm is offline   Reply With Quote
Old 04-04-2007, 14:07:03   #14
Drekkus
The Happy Little Pee Guy
 
Drekkus's Avatar
 
Join Date: Mar 2002
Location: They think I'm crazy. They don't know that I like it here, it's nice in here. Reputation: -984653893929276
The IT guy at work has the laptop now, so it's out of my hands. But believe it or not, the file that caused all the spamming was called aDIRKa.exe.
__________________
There's no such thing as a mistake, just happy accidents.

Spoon, it's not a swear word.

1st CG Hardcore Belt Royal Rumble Winner
Drekkus is offline   Reply With Quote
Old 05-04-2007, 13:31:15   #15
MDA
Registered User
 
MDA's Avatar
 
Join Date: Nov 2001
Location: updated his email address and can look but not post
Quote:
Originally posted by Qaj the Fuzzy Love Worm
Low-level format. It's the only way to be sure.
Just did this with my wife's comp yesterday.

She updated zonealarm and installed a windows update, rebooted, and it hung up at mup.sys (google that one for a laugh, it seems to be a symptom of about a hundred problems)

same thing happened trying to get to safe mode, so we go to console and replace the mup.sys with the one off the windows CD, no effect. So we disable mup.sys, no effect.

Then ran chkdsk, which fixed something, but we still can't boot.

Repairing windows from the install CD, failed.

at that point we decided it was faster to reformat and resintall (and reregister) everything, which pretty much killed the entire evening

virus scan and adaware had both been run recently and nothing had shown up, so we're baffled as to what actually happened, but past the problem
MDA is offline   Reply With Quote
Reply
Forum Jump

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT. The time now is 04:01:39.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© Counterglow 2001-2012. All rights reserved.