Jump to content
The Community Blog (An Invitation)
New Community Blog (The Power of Storytelling)

OMG I ****ing hate spyware

kumquatq3

By kumquatq3
in Way Off-Topic

 Share

Recommended Posts

kumquatq3

kumquatq3

Posted
Posted

So I turn off my fire wall for 5 minutes. I go to 2 sites, one being microsofts direct x site, the other being Nvidias driver Dl page.

 

In the process of that, I somehow get spyware on my computer that I can't get off (or find).

 

It's basically like someone put a webpage over my desktop but under the icons.

 

I scanned with 2 ad-aware programs multiple-times (in and out of safe mod). Task Manger shows nothing running. Remove software contains nothing new. Not sure what else to do at this point. It's not a virus.

 

O, interest thing, if I resize my desktop to a higher rez.....I can see my desktop around the boarders because the offending spyware/webpage stays at the previous size.

 

Argh

 

any help?

 

Signed-

 

challenged in chicago

chemchok

chemchok

Posted
Posted

Most spyware has an official removal program you can find. I had a nasty homepage hijacker program that infected my computer through windows help files (.chm's); there was absolutely no way to completely get rid of it without using the dubious .exe that came from the same jerks that screwed up my computer. =]

 

Anyway, try looking here for help: SWI Forums

 

You have to register to be able to see the full forums.

chemchok

chemchok

Posted
Posted

If you know when you turned off your firewall, do a file search for files modified or created on that date, then sort it by time. That might help you at least figure out what files are the source of the problem...

kumquatq3

kumquatq3

Posted
  • Author
Posted
If you know when you turned off your firewall, do a file search for files modified or created on that date, then sort it by time.  That might help you at least figure out what files are the source of the problem...

 

Thats a good idea, I'm going to try it now.

 

Tho since I was installing windows updates while this happened, it's going to be messy

Nick_i_am

Nick_i_am

Posted
Posted

Failing that, and assuming you are using windows XP, a system restore is probably a good idea.

 

I find them easy myself, click click, wait, done.

Hadescopy.jpg

(Approved by Fio, so feel free to use it)

deganawida

deganawida

Posted
Posted

Are you using Ad-aware SE 1.05? I use that at work quite a bit, and in virtually every case it works like a charm (the notable exception being HotBar, which integrates itself totally into Internet Explorer, so the removal of it renders IE unusable). You can get it from www.download.com; update and do a smart system scan, followed by a full system scan, followed by a custom scan with all options ticked, and then finally run an AD scan. You'd be surprised at what can be missed in the first 2 scans. Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal. Also, run a search for "RegCleaner"; it's freeware developed several years ago, and is the best registry editing tool that I have used thus far (and I use a lot of them).

 

On a side note, I find it extremely irritating just how bad the spyware problem has become. 90% of the performance issues that I run into at work are related to spyware (no, we don't have a good filter set up; the board of directors won't let us block anything except for porn). I find that Ezula, GAIN publishing, HotBar, and IncrediMail are the most difficult to get rid of, and the easiest to "catch". HotBar is particularly bad for sending your email address to every freakin' advertisor on the web. It seems that, with the assault against spam, the offenders are moving to spyware to continue their mindless ad campaigns.

Weiser_Cain

Weiser_Cain

Posted
Posted

Open task manager and look at the running processes. You can google them if you're unfamilure with them and just delete the exe if it is crap. if it comes back after reboot you can check your registry.

Yaw devs, Yaw!!! (

kumquatq3

kumquatq3

Posted
  • Author
Posted
Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal

 

Those are the two I tried, they found a few things (mostly cookies), but didn't solve the problem.

 

 

On a side note: Either it's this adware or because I installed the new service pack from windows, but I can us restore. It fails everytime. Even dates post installation.

 

I've been owned.

 

Here is some pics so you can see what is going on:

 

The "background webpage" takes to forms. A solid colored slowly flashing from cream to white and a yahoo one when I right click and hit backwards link. It used to display one of those webpages that is clearly spyware related, but it doesn't anymore:

 

5907.th.jpg5908.th.jpg

5914.th.jpg

 

those links are functional on the yahoo page, except the pop-up into new windows.

 

and here is what happens when I bump up the rez:

 

5911.th.jpg

 

As you can see this thing sits between the wallpaper and the icons. It is also the work of the devil.

deganawida

deganawida

Posted
Posted

i noticed that in at least one of the pics, you have a security center alert. what is it?

 

also, what security-type programs do you have installed?

 

finally, did you update after sp2? there are a few "ins" that occured after sp2.

kumquatq3

kumquatq3

Posted
  • Author
Posted
Open task manager and look at the running processes. You can google them if you're unfamilure with them and just delete the exe if it is crap. if it comes back after reboot you can check your registry.

 

 

I tried it, actually.

 

BUT, looking again I find:

 

WinRatchet.exe

WinAdTools.exe

 

Both adware. Of course as soon as I close them they pop back up in the manager. Which means they must have added/edited teh registry and the ad ware isn't catching it.

 

While I can find winadtools in the reg (deleted) I can't find winratchet. Searching files now too. Might need to go to safe mode to clean it up

kumquatq3

kumquatq3

Posted
  • Author
Posted
i noticed that in at least one of the pics, you have a security center alert.  what is it?

 

also, what security-type programs do you have installed?

 

finally, did you update after sp2?  there are a few "ins" that occured after sp2.

 

The alert is because I recently turned the damn thing off because it kept bugging me about this one DL.

 

I've got sygate personal fire wall pro 5.5. It worked flawlessly, till I dropped it for 5 ****ing minutes.....

 

I havn't updated since sp2, but there is only one update left, apparently

 

EDIT:

 

oops, fixed that 3rd yahoo pic:

 

5914.th.jpg

kumquatq3

kumquatq3

Posted
  • Author
Posted
winrachet is classified as a "downloader" virus, as i recall. 

 

seems so, which is surprising, because I'm not retarded enough to agree to DL this ****.

 

I dropped my firewall and went to 2 sites and 2 only. Nvidias main site and the Windows updater site.

 

My though is that the few existing spyware files on my comp played a role in this.

deganawida

deganawida

Posted
Posted

several of them use activeX to install themselves onto your computer (or, more specifically, your enabling of activex controls). these are the "new" spyware. a couple of months ago, the worst you got was popup windows that you couldn't choose anything but "yes" to, but now they have become really hideous. anyway, that's why they qualify as a virus, because you have no control over them and they continuously alter your system.

kumquatq3

kumquatq3

Posted
  • Author
Posted

Damn, I ran regcleaner, ad-aware, and spybot all in safe mode. Found a few things.

 

Rebooted, got the same damn thing.

 

At this point I'm ready to give this thing my SS#, Drivers Liceanse, and and Mothers maiden name to make it go away.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...