So I turn off my fire wall for 5 minutes. I go to 2 sites, one being microsofts direct x site, the other being Nvidias driver Dl page.

 

In the process of that, I somehow get spyware on my computer that I can't get off (or find).

 

It's basically like someone put a webpage over my desktop but under the icons.

 

I scanned with 2 ad-aware programs multiple-times (in and out of safe mod). Task Manger shows nothing running. Remove software contains nothing new. Not sure what else to do at this point. It's not a virus.

 

O, interest thing, if I resize my desktop to a higher rez.....I can see my desktop around the boarders because the offending spyware/webpage stays at the previous size.

 

Argh

 

any help?

 

Signed-

 

challenged in chicago

Most spyware has an official removal program you can find. I had a nasty homepage hijacker program that infected my computer through windows help files (.chm's); there was absolutely no way to completely get rid of it without using the dubious .exe that came from the same jerks that screwed up my computer.

 

Anyway, try looking here for help: SWI Forums

 

You have to register to be able to see the full forums.

Restore your system to a previous setting.

lol, easier said than done, but i may have too

If you know when you turned off your firewall, do a file search for files modified or created on that date, then sort it by time. That might help you at least figure out what files are the source of the problem...

If you know when you turned off your firewall, do a file search for files modified or created on that date, then sort it by time.  That might help you at least figure out what files are the source of the problem...

<{POST_SNAPBACK}>

 

Thats a good idea, I'm going to try it now.

 

Tho since I was installing windows updates while this happened, it's going to be messy

Failing that, and assuming you are using windows XP, a system restore is probably a good idea.

 

I find them easy myself, click click, wait, done.

Failing that, and assuming you are using windows XP, a system restore is probably a good idea.

 

I find them easy myself, click click, wait, done.

<{POST_SNAPBACK}>

 

Yea, that seems to be my best option right now.

Are you using Ad-aware SE 1.05? I use that at work quite a bit, and in virtually every case it works like a charm (the notable exception being HotBar, which integrates itself totally into Internet Explorer, so the removal of it renders IE unusable). You can get it from www.download.com; update and do a smart system scan, followed by a full system scan, followed by a custom scan with all options ticked, and then finally run an AD scan. You'd be surprised at what can be missed in the first 2 scans. Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal. Also, run a search for "RegCleaner"; it's freeware developed several years ago, and is the best registry editing tool that I have used thus far (and I use a lot of them).

 

On a side note, I find it extremely irritating just how bad the spyware problem has become. 90% of the performance issues that I run into at work are related to spyware (no, we don't have a good filter set up; the board of directors won't let us block anything except for porn). I find that Ezula, GAIN publishing, HotBar, and IncrediMail are the most difficult to get rid of, and the easiest to "catch". HotBar is particularly bad for sending your email address to every freakin' advertisor on the web. It seems that, with the assault against spam, the offenders are moving to spyware to continue their mindless ad campaigns.

Open task manager and look at the running processes. You can google them if you're unfamilure with them and just delete the exe if it is crap. if it comes back after reboot you can check your registry.

Spybot S&D is pretty good as well, but I prefer Ad-aware SE Personal

 

Those are the two I tried, they found a few things (mostly cookies), but didn't solve the problem.

 

 

On a side note: Either it's this adware or because I installed the new service pack from windows, but I can us restore. It fails everytime. Even dates post installation.

 

I've been owned.

 

Here is some pics so you can see what is going on:

 

The "background webpage" takes to forms. A solid colored slowly flashing from cream to white and a yahoo one when I right click and hit backwards link. It used to display one of those webpages that is clearly spyware related, but it doesn't anymore:

 

 

those links are functional on the yahoo page, except the pop-up into new windows.

 

and here is what happens when I bump up the rez:

 

 

As you can see this thing sits between the wallpaper and the icons. It is also the work of the devil.

i noticed that in at least one of the pics, you have a security center alert. what is it?

 

also, what security-type programs do you have installed?

 

finally, did you update after sp2? there are a few "ins" that occured after sp2.

Open task manager and look at the running processes. You can google them if you're unfamilure with them and just delete the exe if it is crap. if it comes back after reboot you can check your registry.

<{POST_SNAPBACK}>

 

 

I tried it, actually.

 

BUT, looking again I find:

 

WinRatchet.exe

WinAdTools.exe

 

Both adware. Of course as soon as I close them they pop back up in the manager. Which means they must have added/edited teh registry and the ad ware isn't catching it.

 

While I can find winadtools in the reg (deleted) I can't find winratchet. Searching files now too. Might need to go to safe mode to clean it up

i noticed that in at least one of the pics, you have a security center alert.  what is it?

 

also, what security-type programs do you have installed?

 

finally, did you update after sp2?  there are a few "ins" that occured after sp2.

<{POST_SNAPBACK}>

 

The alert is because I recently turned the damn thing off because it kept bugging me about this one DL.

 

I've got sygate personal fire wall pro 5.5. It worked flawlessly, till I dropped it for 5 ****ing minutes.....

 

I havn't updated since sp2, but there is only one update left, apparently

 

EDIT:

 

oops, fixed that 3rd yahoo pic:

 

winrachet is classified as a "downloader" virus, as i recall. do a full virus scan. also, use regcleaner, and it will show up for you.

 

(blast it, i hate being on dial-up.)

winrachet is classified as a "downloader" virus, as i recall. 

 

seems so, which is surprising, because I'm not retarded enough to agree to DL this ****.

 

I dropped my firewall and went to 2 sites and 2 only. Nvidias main site and the Windows updater site.

 

My though is that the few existing spyware files on my comp played a role in this.

several of them use activeX to install themselves onto your computer (or, more specifically, your enabling of activex controls). these are the "new" spyware. a couple of months ago, the worst you got was popup windows that you couldn't choose anything but "yes" to, but now they have become really hideous. anyway, that's why they qualify as a virus, because you have no control over them and they continuously alter your system.

Damn, I ran regcleaner, ad-aware, and spybot all in safe mode. Found a few things.

 

Rebooted, got the same damn thing.

 

At this point I'm ready to give this thing my SS#, Drivers Liceanse, and and Mothers maiden name to make it go away.

You seem to be not the only one...

 

http://www.thetrolls.com/phpbb/archive/o_t...winadtools.html

 

I don't know if you got as far as step 7 and 8 in what "ElTaco" suggests there...

http://www.nsclean.com/trolist.html

 

might be worth a shot.

 

i'm combing norton right now, searching for info.

more info, and possible fix.

more info, and possible fix.

<{POST_SNAPBACK}>

 

I actually found that before, but you have to buy the program

'nother method.

 

don't remember where i got "hijack this!" for work; program works well, though.

more info, and possible fix.

<{POST_SNAPBACK}>

 

I actually found that before, but you have to buy the program

<{POST_SNAPBACK}>

 

 

oops, sorry. just trying to find something to work for you.

HijackThis!

 

BHODemon, 'cause it may be functioning as a BHO (which would be one reason why you're having problems stopping it and deleting it).

 

I've used both of these at work, BTW, so they should be safe for your PC.