virus??

[demooseus]

hi all.
Have got a problem.Have a virus alert in notification area on tool bar. If i click on it,a red box appears that says;
critical systems error,please use antimalware software to clean your system.click here to get all available software.
the link takes you to a site,www.spyware quake.com.
The usual old pony of having to download there product to remove this malware follows-obviously i havent and wont!!

I have cleaned all ny temp files/cookies etc.Have ran avast virus scan,spybot,adaware and ewido,but nothing. Have tried in safe mode too.
Can anyone help!!??

[Spiritsongs]

   Hi :

     As the name implies, 'SpywareQuake" is SPYWARE ; should
     seek help on the forum of your antiSPYWARE provider.
     If you know of none, I recommend www.landzdown.com .

     There is also a "search" feature on this forum you could
     use for info we have .

[raman]

If it is "only" Spywarequake, you can use this cleaner:

http://siri.geekstogo.com/SmitfraudFix.php

But you should also check your PC with another (online)scanner, or better open a new Thread at one of the Forums recommended here:
http://asap.maddoktor2.com/ (Recommended Sites)

Edit: [Uups, did not read Spiritsongs posting carefully enough)

[FreewheelinFrank]

There is no need to go to another forum: you can get the advice you need here.

I do not know how effective the tool raman recommends is, but this one certainly works:

http://noahdfear.geekstogo.com/

Run it in safe mode followed by another scan with Ewido.

[Spiritsongs]

   Hi ramen :

      If "SmitfraudFix" should be used, best to get it from the
      Author's site at :

     http://siri.urz.free.fr/Fix/SmitfraudFix.zip .

[demooseus]

top man RAMAN.Got tool from the link you supplied and did the job in no time at all.
Much appreciated all who replied.
Jeez,this spyware is getting quite advanced! sneaky little b*****ds

[raman]

Hi Spiritsongs

isn´t geekstogo an offical mirror?(maybe i am wrong and i did not know, that the .fr site had the english description too)


FreewheelinFrank, smitrem is a good program, but was not updated since February and thats da*n old for this kind of cleaner.

demooseus, you should use one of the forums or post a hijackthis log here. There are many different downloader, which downloads these "zlobs/smitfrauds/fake Spyware" and we did not know which one it was.

Maybe someoone here will help you checking your log.

[FreewheelinFrank]

Bookmarked for future reference, thanks.

[Spiritsongs]

   Hi raman :

      Geekstogo is an official mirror; however, to assure having
      the latest edition that MAY not be on the "mirror", I always
      advise going to the author's site , which also was advised
      on several of the antispyware forums I visited. The use of
      the "Fix" has several options, depending on circumstances
      which appear best to be resolved under the guidance of
      a HijackThis "Expert" !?

[polonus]

Hi Spiritsongs,

We have the HijackThis expertise here as well. Merijn, this was the Dutchman who originally developed this tool: http://www.spywareinfo.com/~merijn/htlogtutorial.html
Be aware there are rogue variants for everything.

The expertise that is needed is not really that high class magic.
You have to have a clear understanding of what processes and files should be running on your computer, and what sort of things should not be there or better not. There are online sources to get this information: fileadvisor is a nice one, there are online sources for processes, dll, bho's that are safe or not. The System Spyware Interrogator analyzes this for you automatically. The only thing a malware fighter needs is some time at hand to guide the process of cleaning preferably in one go. It is a good thing to use some Startup Apps for this goal: you can get it here: http://www.niksoft.at/download/startdreck.htm (cleansing tool under the guidance of Profis), together with a new one:
under development but rewarding tool: dotomyco, available from here: http://www.niksoft.at/download/dotomyco.htm.
Most sites that learn this have people assist and whenever they developed the skills have them have a go at it. There is even an English acadamy for it, where you can learn to be a malware fighter.
For information on pests and removal I often go here:
http://www3.ca.com/securityadvisor/pest/, just when I get a red alert on siteadvisor or from the DrWeb pre-hyperlink scanner plug-in, I go there and to other sources. I always like to be informed what I am up against.
We do a lot of this stuff at the Dutch ASO site, it just needs strict routine and some expertise. malware fighting is an attitude, and you learn it while doing it.
-----------
With dotomyco you can get a log file like this:
--------------
2006-04-25 19:32:40   start E:\DOTOMYCO\DOTOMYCO\DOTOMYCO.exe    
2006-04-25 19:32:40   Dotomyco (v1.0.4n public beta)   
2006-04-25 19:32:42   ready!   
2006-04-25 19:32:58   notice: RunDialog   
2006-04-25 19:33:13   checking...   
2006-04-25 19:33:13   #1 memory...   
2006-04-25 19:33:31   #2 processes...   
2006-04-25 19:33:42   #3 NT-Services...   
2006-04-25 19:33:42   #4 Run-Keys...   
2006-04-25 19:33:42   HKLM\RunServices/*StateMgr=C:\WINDOWS\System\Restore\StateMgr.exe   FOUND: suspicious run-entry
2006-04-25 19:33:43   #5 BHO...   
2006-04-25 19:33:43   #6 AppInit_DLLs...   
2006-04-25 19:33:43   reg#2: AppInit_DLLs   
2006-04-25 19:33:43   #7 hosts file...   
2006-04-25 19:33:44   C:\WINDOWS\hosts   ERROR(53): File not found
2006-04-25 19:33:44   ready!   
2006-04-25 19:34:37   quit   
-------------
Analysis nothing wrong here because this executable file is normal for Win ME:
statemgr.exe is a component of the Microsoft Windows ME Oparating System. this process monitors and verifies window's system directory integrity. If any problems are found with files StateMGR can restore settings to the last restore point. Often named stmgr.exe, this program is important for the stable and secure running of your computer and should not be terminated.
---------------------------
Mind you the Dotomyco program needs VB40032.DLL and is only free for personal use. Very handy for malware fighters as an extra tool in our toolbox, allthough it is still under development and in beta. Cheers Tony Klein for this nice German program.


polonus