Jump to content
The Community Blog (An Invitation)
New Community Blog (Ghosts & Goblins & Chocolate)
Obsidian’s 10th Extra Life Anniversary

OMG I ****ing hate spyware

kumquatq3

By kumquatq3
in Way Off-Topic

 Share

Recommended Posts

kumquatq3

kumquatq3

Posted
Posted

So I turn off my fire wall for 5 minutes. I go to 2 sites, one being microsofts direct x site, the other being Nvidias driver Dl page.

 

In the process of that, I somehow get spyware on my computer that I can't get off (or find).

 

It's basically like someone put a webpage over my desktop but under the icons.

 

I scanned with 2 ad-aware programs multiple-times (in and out of safe mod). Task Manger shows nothing running. Remove software contains nothing new. Not sure what else to do at this point. It's not a virus.

 

O, interest thing, if I resize my desktop to a higher rez.....I can see my desktop around the boarders because the offending spyware/webpage stays at the previous size.

 

Argh

 

any help?

 

Signed-

 

challenged in chicago

Link to comment
Share on other sites
chemchok

chemchok

Posted
Posted

Most spyware has an official removal program you can find. I had a nasty homepage hijacker program that infected my computer through windows help files (.chm's); there was absolutely no way to completely get rid of it without using the dubious .exe that came from the same jerks that screwed up my computer. =]

 

Anyway, try looking here for help: SWI Forums

 

You have to register to be able to see the full forums.

Link to comment
Share on other sites
kumquatq3

kumquatq3

Posted
  • Author
Posted
If you know when you turned off your firewall, do a file search for files modified or created on that date, then sort it by time.  That might help you at least figure out what files are the source of the problem...

 

Thats a good idea, I'm going to try it now.

 

Tho since I was installing windows updates while this happened, it's going to be messy

Link to comment
Share on other sites
deganawida

deganawida

Posted
Posted

Are you using Ad-aware SE 1.05? I use that at work quite a bit, and in virtually every case it works like a charm (the notable exception being HotBar, which integrates itself totally into Internet Explorer, so the removal of it renders IE unusable). You can get it from www.download.com; update and do a smart system scan, followed by a full system scan, followed by a custom scan with all options ticked, and then finally run an AD scan. You'd be surprised at what can be missed in the first 2 scans. Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal. Also, run a search for "RegCleaner"; it's freeware developed several years ago, and is the best registry editing tool that I have used thus far (and I use a lot of them).

 

On a side note, I find it extremely irritating just how bad the spyware problem has become. 90% of the performance issues that I run into at work are related to spyware (no, we don't have a good filter set up; the board of directors won't let us block anything except for porn). I find that Ezula, GAIN publishing, HotBar, and IncrediMail are the most difficult to get rid of, and the easiest to "catch". HotBar is particularly bad for sending your email address to every freakin' advertisor on the web. It seems that, with the assault against spam, the offenders are moving to spyware to continue their mindless ad campaigns.

Link to comment
Share on other sites
kumquatq3

kumquatq3

Posted
  • Author
Posted
Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal

 

Those are the two I tried, they found a few things (mostly cookies), but didn't solve the problem.

 

 

On a side note: Either it's this adware or because I installed the new service pack from windows, but I can us restore. It fails everytime. Even dates post installation.

 

I've been owned.

 

Here is some pics so you can see what is going on:

 

The "background webpage" takes to forms. A solid colored slowly flashing from cream to white and a yahoo one when I right click and hit backwards link. It used to display one of those webpages that is clearly spyware related, but it doesn't anymore:

 

5907.th.jpg5908.th.jpg

5914.th.jpg

 

those links are functional on the yahoo page, except the pop-up into new windows.

 

and here is what happens when I bump up the rez:

 

5911.th.jpg

 

As you can see this thing sits between the wallpaper and the icons. It is also the work of the devil.

Link to comment
Share on other sites
kumquatq3

kumquatq3

Posted
  • Author
Posted
Open task manager and look at the running processes. You can google them if you're unfamilure with them and just delete the exe if it is crap. if it comes back after reboot you can check your registry.

 

 

I tried it, actually.

 

BUT, looking again I find:

 

WinRatchet.exe

WinAdTools.exe

 

Both adware. Of course as soon as I close them they pop back up in the manager. Which means they must have added/edited teh registry and the ad ware isn't catching it.

 

While I can find winadtools in the reg (deleted) I can't find winratchet. Searching files now too. Might need to go to safe mode to clean it up

Link to comment
Share on other sites
kumquatq3

kumquatq3

Posted
  • Author
Posted
i noticed that in at least one of the pics, you have a security center alert.  what is it?

 

also, what security-type programs do you have installed?

 

finally, did you update after sp2?  there are a few "ins" that occured after sp2.

 

The alert is because I recently turned the damn thing off because it kept bugging me about this one DL.

 

I've got sygate personal fire wall pro 5.5. It worked flawlessly, till I dropped it for 5 ****ing minutes.....

 

I havn't updated since sp2, but there is only one update left, apparently

 

EDIT:

 

oops, fixed that 3rd yahoo pic:

 

5914.th.jpg

Link to comment
Share on other sites
kumquatq3

kumquatq3

Posted
  • Author
Posted
winrachet is classified as a "downloader" virus, as i recall. 

 

seems so, which is surprising, because I'm not retarded enough to agree to DL this ****.

 

I dropped my firewall and went to 2 sites and 2 only. Nvidias main site and the Windows updater site.

 

My though is that the few existing spyware files on my comp played a role in this.

Link to comment
Share on other sites
deganawida

deganawida

Posted
Posted

several of them use activeX to install themselves onto your computer (or, more specifically, your enabling of activex controls). these are the "new" spyware. a couple of months ago, the worst you got was popup windows that you couldn't choose anything but "yes" to, but now they have become really hideous. anyway, that's why they qualify as a virus, because you have no control over them and they continuously alter your system.

Link to comment
Share on other sites
Gorth

Gorth

Posted
Posted

You seem to be not the only one...

 

http://www.thetrolls.com/phpbb/archive/o_t...winadtools.html

 

I don't know if you got as far as step 7 and 8 in what "ElTaco" suggests there...

“He who joyfully marches to music in rank and file has already earned my contempt. He has been given a large brain by mistake, since for him the spinal cord would surely suffice.” - Albert Einstein
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...