Spyware - grrrr

[lomuamart]

Picked up some dodgy trojans and ad/spyware last week. I've run fully updated versions of AVG, Spybot and AdAware and thought I'd fixed everything.
Except I keep getting messages from Windows that I'm infected. There are 4 red boxes with white crosses that always appear in the bottom right hand corner of the monitor, next to the the date/ volume icons. A message flashes up constantly from these saying that windows has detected spyware etc etc.
I even downloaded Microsoft's antispyware and have run that. I get no notification of any problem from any programme I try.
I can't get rid of these boxes and the message. They're starting to drive me crazy.
Anyone got any suggestions? Thanks.
_________________
"I spent a lot of my money on booze, birds and fast cars - the rest I just squandered". George Best.

[Guess]

When you say Windows send messages can you tell which component of windows delivers the message. My understanding is that Windows itself has no knowledge of viruses and additional software that needs regular updating needs to be applied.

Any as you mentioned that you have different versions of antispy/adware installed you may have stumbled on a conflict. My sugesttion is to delete them all and install them again one by one ensuring to use the sequence install run install run.

Monitor the effect.

What did you do directly before spotting the problem.
_________________
G

[buksida]

Yeh a few more details would help, what do these boxes say? What program is producing them? What tasks have you get running?

Firstly uninstall MS Antispyware, Microsoft have made it pay only so you can no longer update it ... its pretty much useless now.

If you've run updated Adaware and Spybot and found nothing it should be okay, I'm pretty sure that Antispy is your problem so ditch it.
_________________
I've got a bad feeling about this

[lomuamart]

The boxes say
Your comp is infected.
Wind has detected s/ware infection.
It is recommended to use special antispyware tools to prevent data loss. wind will now download and install the most up to date antispy for you.
Click here to protect your computer from s/ware.

Clicking does nothing, but i did notice a programme that installed itself - Windows XP hotfix. I can't delete it through the control panel.
_________________
"I spent a lot of my money on booze, birds and fast cars - the rest I just squandered". George Best.

[buksida]

Uninstall Antispy, you cant update it unless you pay for it. The version that was on there was a Beta that M$ bought out for testing purposes.

Upto you but I also have Windows update turned off as it usually ends up downloading something that will fcuk up one of your other programs.

"If it aint broke then dont try to fix it"
_________________
I've got a bad feeling about this

[Norseman]

Have you tried Download.com's pages for spyware programs?
You may find some programs there to help you out.

Link: http://www.download.com/Adware-Spyware-Removal/3150-8022_4-0.html?tag=nav_dir

Or simply download.com and navigate further from there.

Some programs are freeware, some shareware.
They have other programs as well.

[PeteB]

Buksida / lomuamart

I still use the beta MS Anti-spyware (as well as others) and still get upgrades via download (latest 14 October) - so don't write it off just yet.

Which Hotfix (KBxxxxxxxx) is worrying you, lomu?

Are you certain that some rogue ad software is not trying to frighten you to death, by telling you that you are infected? - I had this some months ago, but can't remember the full details. I do remember that it was fairly easy to clear (I think spybot got it).

Spybot works very well with SpywareBlaster running in the background. This may prove to be an effective defence in future.

Cheers and good luck

Peter

[PeteB]

Sorry Lomuamart, there's something that I should have added.

If you run Spybot, go into Tools / System startup and look for any processes that you have not allowed to run at start up time.

Clear the green arrow, exit spybot, reboot and the process should be disabled on restart. This MAY stop the problem and allow you to identify and act against the offending process.

Good luck

Peter

[buksida]

[PeteB]

Buksida,

It is 1.0.615 - expiring 31/12/2005.

Even Zipped it is 5,770K (5.5Mb).

Do you want me to mail it to the last e-mail address that I had for you?

Peter

[buksida]

Yeh, I have broadband now so no worries.

lomu, is this the same version that you have?
_________________
I've got a bad feeling about this

[PeteB]

Done,

Please e-mail me if you don't get it soon.

/P

[lomuamart]

Thanks for the replies. I've tried it all again, but the messeges won't go away.
The Windows KB is/was 890830-V1.9-ENU. I zapped that to the recycle bin. Had KB826939 as well that has been zapped off the control panel. (A member pmed me yesterday and advised me to try CrapCleaner, which I've done this morning. It was CC that got rid of the second KB).
Think I might have mislead you on what I downloaded from MS. It's a malicious software removal tool, that didn't recognise anything dangerous. I've zapped that as well.
As far as the KBs were concerned, I'm certain that the one I got to through the control panel wasn't there before I was notified that the virus and spyware had got on. As I have said, it's not there now.
I'm pretty certain that I'm not infected after running 4 programmes to identify problems and other than the first time when I did have them, all programmes are saying I'm clean now.
It's just these 4 boxes and the accompanying message that are a pain.
_________________
"I spent a lot of my money on booze, birds and fast cars - the rest I just squandered". George Best.

[chelsea]

Loumart, If you have not done so, make sure that your Recycle Bin is empty, because if you have only deleted the files but not emptied the bin, it may cause the problem to still be there. Is worth a check

[Guess]

Lomu,

My understanding is that you should only have Hotfix if you have not upgrade to SP2. If you do not have SP2 then delete all the antisp/ad ware and install from CD. The SP2 CD (one only I think) can be obtained for 150 Baht from the girl at Satakurn Square. Make sure you you get the English Language version.
_________________
G