« previous next »
Pages: [1]   Go Down

Author Topic: Crazy Virus?  (Read 3212 times)

0 Members and 1 Guest are viewing this topic.

Timothee

  • Guest
Crazy Virus?
« on: March 28, 2006, 03:12:56 PM »
I don't know if this is all part of the virus - but I started getting a message from the toolbar with a green wheelchair symbol telling me my computer was infected - i thought that was weird because none of my anti virus programs had said anything. It said to click here for suggested sypware and malwear removoal tools. All the suggested ones I had not heard of and they all looked suspicioulsy familiar + plus they all cost $40. I tried running windows protector and adaware but they found nothing - i then used a regcleaner which didn't seem to fix the problem either. I'am also getting messages saying that sites are trying to access other sites and when i launch explorer i get this page:

http://www.securitysafeguards.net/

And on it it says this at the top:

Attention! Your system is under control of remote computer with IP address 227.4.167.118. The remote computer has access to the following folders on your PC:
- \WINDOWS\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official anti-spyware software


If someone could point me in a direction that can fix this i'd be very grateful - as at the moment whatever it is is dodging every detection / removal program ive used. I'm running Avast! Virus Cleaner right now.. so.. here's hoping...

Tim

Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Crazy Virus?
« Reply #1 on: March 28, 2006, 03:32:14 PM »
Hi Timothee,

Yes you have fallen victim to a rogue program or scumware, SpyTrooper, part of the smitfraud group of malware vendors.
Look for instructions here:
http://answers.google.com/answers/threadview?id=703813

Install siteadvisor as an add-on for IE or FF, or download the DrWeb hyperlink pre-scanner add-on for your browser to stay away from rogue programs and spammers.
After your comp is cleansed, install one good resident anti-virus program (Avast), scan occasionally with a good online scanner like Bitdefender, have one good software firewall like ZA for instance, install the three anti-spyware programs recommended: Spybot S&D, SpywareBlaster and Ad-Aware (all free), scan occasionally with spyaudit online scanner for ad-spyware and tracking cookies. Surf safe, stay malware free, is the wish of,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Timothee

  • Guest
Re: Crazy Virus?
« Reply #2 on: March 28, 2006, 03:35:51 PM »
Cheers for the speedy reply.
I haven't read it yet though, I thought I would first mention that using ToolBarCop it seems that the file is:

 system32\hpA410.tmp

when I delete it and refresh the list it is back again - ill now go and check out those instructions.
thanks.
Tim
Logged

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4871
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Crazy Virus?
« Reply #3 on: March 28, 2006, 04:18:06 PM »
The tool to use for smitfraud is smitem.exe:

http://noahdfear.geekstogo.com/
Logged
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Timothee

  • Guest
Re: Crazy Virus?
« Reply #4 on: March 28, 2006, 04:32:01 PM »
Using the links you gave me, I'm now virus free.

thanks a million
Tim
Logged
Pages: [1]   Go Up
« previous next »