Urban75 Home About Offline BrixtonBuzz Contact

*** read this before posting any problems with your pc ***

Status
Not open for further replies.

nickolarse

Active Member
I just ran Bazooka and its telling me to delete WinDir.svchost and Systemdir.explorer if I am sure they are a threat. Uhh how do I anaylse them and be sure they need to be deleted?

(I am only trying to remove the website that keeps re-inserting itself in my homepage on IE*)

"A common technique that spyware, adwares, viruses, keyloggers etc use to hide from users is to drop files on the system that use the same name as a legitimate file but in a different folder. SystemDir.explorer is a warning that there is a file named explorer.exe located in %SystemDir% on your system. The legitimate explorer.exe file is located in %WinDir%. You might want to analyse %SystemDir%\explorer.exe to verify it is something that you really want on your system."

So I should go to the directory 'systemdir' and delete systemdir.explorer :confused:

*Note to self: Will be using Mozilla in the future.
 

spudulike

regal slip
Beware if you decide to reinstall Windows XP

Did you know that before you have downloaded the "critical patches" from Windows Update for a fresh install, you're very likely to get infected as survival time is now averaging about 20 minutes.

There is a link from that page to a PDF document on how to install more safely.
 

Sacred Spirit

Banned
Banned
Anyone read this one, may poss' be of help ?
----------------

How do I Remove "Only The Best" popups and Home Search "random.dll" homepage hijacker?

http://www.pchell.com/support/onlythebest.shtml

extract from 1st page....

This is a hijack I have seen for about a month and still have read so many variations of it that its hard to understand everything it does. It appears to be a brand new variation of the CoolWebSearch homepage hijacker, although CWShredder isnt updated to handle it and wont be, so there are only manual methods on the web. The homepage is set to "Home Search" when this hijacker takes over.

all the best, SS.
 

T & P

|-o-| (-o-) |-o-|
I'm posting this because I have just managed to get rid of the most odious, cunting fuck adware ever: mxTarget.dll

I somehow got infected last week by this and a number of other spyware (ClockSync and others). Ad-aware and Spybot wouldn't even detect them. Other software such as Norton anti-virus or Bazooka did detect them- however they only give manual removal instructions, and no matter how carefully I followed them the bastards would still not be removed.

I've spent all week trying to remove the bastards without success. The computer was damn slow and pop-up ads were coming out of my ears. Finally I googled 'mxTarget.dll' out of desperation, and eventually came across the Giant antispyware product. I am pleased to say that it found all of the above and a few others no other anti-adware programme had located, and got rid of the lot.

I'm not plugging this company in any way, but if anyone has any problems with the above adware and can't get rid of it through their existing software, I wholeheartedly recommend this one. You can download a 15-day free version that will do the trick anyway.

http://www.giantcompany.com/(20enkx45qa3mtr55ghxdotrd)/download.aspx?prodid=70&skip=true
 

xes

F.O.A.D
Right,I don't really know where to start with this.

Firstly,my computer is running very very slowly. I have braodband but its gone back to a dialup speed. Anyone know why?

Also I've started getting pop ups this morning. I've not been going on any dodgy sites and the pop ups aren't messenger ones They look like legit companys who are just being wankers.

heres a url from one of them http:// view.atdmt.com/MON/view/shdgtmon00900286mon/direct/01/
it was a monster.com ad (link broken for obvios reasons)

I've ran ad-aware and spyware doctor and norton. But I'm still getting them.

Does this look like I need to get my pc serviced? if so how much is this going to set me back?
I shall run them again and post the reports like others have done.

:( I want my pc back
 

xes

F.O.A.D
Right.

I think I've sorted them pesky pop ups.

PC is still very slow.

Have defragmented and one of the drives had 34% free space and the other 14%.
It didn't take very long. I thought that fragmenting took fooking hours or something?
Anyone know why it could be too slow and or how to get it back up to speed.
Any help will be gratefully recieved and i won't have to go out on a random violent murdering spree tonite.
How do I obtain more space? Can I buy something (no not another pc,allthough its coming close)

All this and more....after this short break.
 

bmd

you left me standing here
xes said:
Right,I don't really know where to start with this.

Firstly,my computer is running very very slowly. I have braodband but its gone back to a dialup speed. Anyone know why?

Also I've started getting pop ups this morning. I've not been going on any dodgy sites and the pop ups aren't messenger ones They look like legit companys who are just being wankers.

heres a url from one of them http:// view.atdmt.com/MON/view/shdgtmon00900286mon/direct/01/
it was a monster.com ad (link broken for obvios reasons)

I've ran ad-aware and spyware doctor and norton. But I'm still getting them.

Does this look like I need to get my pc serviced? if so how much is this going to set me back?
I shall run them again and post the reports like others have done.

:( I want my pc back
You got a firewall on your pc? Try Hijackthis for getting rid of pesky problems that everything else has missed. Also if it's running really slow you could have a keystroke logger in your pc somewhere that keeps trying to connect to the net, they also slow your pc right down. Check the spyware section in the 'freeware' sticky at the top of this page for other spyware removal programs, ad-aware doesn't get on with every pc.
 

xes

F.O.A.D
Bob Marleys Dad said:
You got a firewall on your pc? Try Hijackthis for getting rid of pesky problems that everything else has missed. Also if it's running really slow you could have a keystroke logger in your pc somewhere that keeps trying to connect to the net, they also slow your pc right down. Check the spyware section in the 'freeware' sticky at the top of this page for other spyware removal programs, ad-aware doesn't get on with every pc.
I've also got spybot and spyware doctor.

Anyway,the poopups seem to have fucked of for now *touches wood*


So its just the speed issue,I'll look into that keystroke logger,thanks. :)
 

tw1ggy5

Fucking Hypocrite
Best way I found to stop being re-infected was to run StartupMonitor, alongside Kerio in learning mode and AVG.

Somewhere I did find a tool which lets you install updates to xp before connecting to the net but I've lost the thing now.

Whenever anything tried to register itself to start at boot, startupmonitor flags it up and you can reject it. If processes are trying to run dll's as an app, launch other processes or access the internet then Kerio flags it up. AVG was there just in case something slipped through.

Then regular runs of hijackthis to check nothing had slipped through, plus its useful for removing those pain in the ass programs from the startup that you dont want wasting resources and running unnecessarily, ie Acrobat.

Regular scans with Spybot S&D and Adaware also a good idea. Some kind of scheduling is useful.

Stay well away from IE, its a horrible piece of shit.
Tend to use Opera for everything, its fine once you've sorted out the messy interface it starts with. Firefox seems nice and clean as an alternative however.

Kerio also includes an advert blocker which seems to block the majority of annoying adverts, including banners.

Any news of an auto DWO Exploit patcher? Doing it manually is annoying lol.
 

rocketman

Taxed and tested
I'm happy to help with Macs - Mac thread anyone? I'll assist if you like, but won't start one, as Urban's been kind to me already.
 

Bob

Rusesabagina for a nobel
Thanks for everyone who has posted stuff on this thread & the other free one. For the first time in weeks my computer is working properly thanks to the marvels of Spyware doctor - seems to have cleared up things that Adaware and AVG couldn't sort.... Hooray for internet access working....
 

Bob

Rusesabagina for a nobel
Bob said:
Thanks for everyone who has posted stuff on this thread & the other free one. For the first time in weeks my computer is working properly thanks to the marvels of Spyware doctor - seems to have cleared up things that Adaware and AVG couldn't sort.... Hooray for internet access working....
I spoke too soon. :( My ageing home computer is finding it hard to take - but gradually getting better. Sodding firewall.exe and svchost.exe have survived 6 anti virus programs so far! And they take up so much sodding power that I can't download more anti viruses. So every day I take home some more anti virus programs I can download at work.... my flatmate now comes in every evening to find me swearing at my computer... :D
 

Njustice

New Member
Hello mates,

Not sure if this is spamming my site or not, if editor feels so then please delete this post.

I have a website that deals with these infections. I've been affiliated with the top sites and developers for sometime....I know, that and a quarter will get you a phone call. ;)

Anyway, if you need help with your malware, crapware, spyware and just plain insidious infections feel free to post a HijackThis log in the HijackThis Logs/Spyware Removal forum at HijackThis Logs/Spyware Removal.

Again, if Editor feels this is spamming I offer my apologies to you and all.
 

miss minnie

Well-Known Member
"leaving reformat at the doormat" - cute :D

looks like a useful repository of computer security info. i've bookmarked it. long may you remain ad-free. :)
 

alphaDelta

◘◘\«ˆ»/◘◘
Right - here's my average user's guide to manually removing what you can. Often AV and anti-malware programs won't remove or detect a lot of things, so the only option is to do it yourself.

This guide is by no means for idiots; you will need to know what you're doing, but you can't really do any damage. It's also not entirely comprehensive but seems, in my experience, to often be all I need to do. After having cleaned many a malware off the office PCs I have a little idea.

----

Before you start

* ensure you have up-to-date versions and definitions for Adaware and Spybot S&D. Run automatic scans using both (not at the same time) and remove anything they find.
* try - though spyware may have buggered it - to install all the latest Windows Updates

If you use IE, make that safe first

Internet Explorer users should close all but one IE windows and go into their settings (Tools > Internet Options). There:

1. on the first tab, delete cookies and temporary files
2. on the security tab, click on each content zone icon and choose 'Default Level'
3. on the Programs tab, click 'Manage Addons' and choose 'Currently Loaded'. Disable everything you don't recognise.
4. on the Advanced tab, click 'Restore Defaults'

This should have helped secure your current IE environment. However I strongly recommend switching to another browser such as Firefox before you go any further. If not, careful not to visit any sites bar the Google results before you finish making it safe!

Loaded Processes

Next, press Control-Alt-Delete and choose Task Manager. On the Processes tab, sort them by name and run through the list. Google anything suspicious; for example, on mine, what is 'mcvsftsn.exe'? The first Google takes me here where I find it is part of McAfee Virusscan, which I run and expect to be there. However let's say I have smsss.exe (note the three trailing Ss) running too. This takes me here and I find it is a worm.

Write the process names down. Make sure you read the Googled descriptions carefully and assess if it really is a worm. If a little technically savvy, you should also look at certain Google results like Symantec to assess what damage it has already done; for instance sharing all of your computer's drives on the network.

If sure, end the task in Task Manager. When you're confident that they're all ended, your current working environment is safer.

Delete the process files

With anything you do find and are sure about, you need to search 'My Computer' for that filename - including hidden or system files - and delete it. It will not let you delete it unless you have successfully ended its process, or associated processes, in Task Manager. The search is guaranteed to find at least one result if you have done it correctly.

If you are turning up results located somewhere within the Program Files directory, e.g. 'C:\Program Files\Generic Web Helper\', it is probably safe to delete the folder that contains them; judge for yourself.

There are more things to check in this area. A nasty example I had is that some malware had put an installer in C:\. It also put an autorun.inf on C:, so that every time you clicked the drive, it would launch the dodgy software. It should have remained as a process, so now has been deleted, BUT, of course it's still a potential way for it to get back.

Remove the links to them

That should have partially prevented them from loading. You now want to remove the broken links that started these things up in the first place. There are a number of different ways. The first thing to check is Start > Programs > Startup. Delete any shortcuts you don't recognise/need. Those were the easy ones. The harder ones are buried in the registry.

The simplest, safest way is to run 'msconfig'. On the 'Startup' tab, check through each entry and uncheck the box where necessary to prevent it loading. The 'command' column gives you a good idea what is dodgy as it tells you where the program is located. For advanced users, the 'location' column tells you what registry entries to delete should you desire - if you don't understand this, don't do it!

Having done that, each time you boot up, the system will tell you that you are not loading all configuration items. It is easy to suppress this warning via the presented options. The proper way to do it is to remove them permanently from the registry but as said, this is more complex.

Check again after reboot

Now reboot, and run through the Task Manager checking part of this process again. You should be clean; if not, you haven't cleared everything properly and you'll have to run through the rest of the steps again for those process names.

As mentioned previously, now would be a good time to check and repair the damage. Unshare network drives in case other machines on your network are still going to infect you - though any good anti-virus should pick this up as it occurs.

Hope that helps.
 

miss minnie

Well-Known Member
today i've received my umpteenth allegedly virus ridden system to fix. the owner has said *it is infected with a virus, it keeps shutting down* when actually it is overheating. probably about 1 in 7 machines i get have problems with overheating rather than viral infections, usually machines that are a few years old.

before you assume virus, check how hot the case feels, check the case fans for dirt accumulation, open it up and just see if there is enough-fluff-to-knit-a-small-kitten covering the internal fan and heatsink. is the machine sat next to a radiator? do you keep it covered with a blanket and a potplant on top? is the room very warm or very dusty? do you put things on top of it such as a printer, modem or faxmachine? is it kept on all the time? are there any clicking noises coming from it (possibly indicating a broken fan)? if it is a laptop, are the fans underneath and always in contact with the desk or your legs, has it had a knock or been dropped lately?

a classic symptom of overheating is when the machine behaves at first, shuts down after a while (30-60 mins perhaps) and keeps on shutting down if switched back on immediately. if a machine keeps switching off try leaving it off for a while before restarting. if it behaves well for a while having been off then you may well have an overheating problem.

solutions: gently using a vacuum cleaner and clean brush clean the dust from the case fans, external vents and from inside the case. clean the cpu fan and heatsink (you might want to get someone to do that bit for you). check the graphics card, especially if it has a processor and fan on board. if any of the fans look damaged, replace them. ensure the machine is situated in a well-ventilated position with adequate air-flow around the area of the fans and vents. avoid placing any kind of object or covering on your machine whilst it is switched on. never ever put it next to a radiator or heater of any kind.

recently my machine developed a clicking noise. this lasted for a little while but was replaced by a whining noise and burning smell. the fan on the graphics card had fallen off. :D (this sort of thing can happen even with really new equipment!). on-screen though, it looked like the operating system was running very slowly, windows were taking ages to load and the software seemed to be hanging. if i'd been away from the machine during the mechanical failure i'd have been wondering what the hell had happened to my operating system - is it... a virus!
 

alphaDelta

◘◘\«ˆ»/◘◘
All good advice bar using a vacuum cleaner; apparently it can kill your electronics, so you may wish to avoid that!
 

laptop

Freudenschade
alphaDelta said:
All good advice bar using a vacuum cleaner ... apparently it can kill your electronics
Eh?

That may be a problem if you use one of these:



:D :D

but if you use one with a hose and keep the motor well away from the boards, what can possibly go wrong?





Except...

Fffhhhhhwuuupp!

That's the sound that indicates that in half an hour's time, if you're lucky, you'll have retrieved the Delete key from the vacuum cleaner bag.
 

alphaDelta

◘◘\«ˆ»/◘◘
laptop said:
but if you use one with a hose and keep the motor well away from the boards, what can possibly go wrong
Apparently - though certainly this may not be true - the air flow through the hose causes a build up of static. A few people have said it to me so I'd err on the side of caution though.
 

Kaka Tim

Crush the Saboteurs!
My puter is infected with 'spy axe' a fucking annoying malware virus thats posing as anti-spyware program. Ive used AVG and ad-aware on it - its no longer hi-jacking the browser but it still keeps installing itself on the system and popping up on my screen no matter what I do. Ive googled it but the only advice on getting rid of it is a complex series of operations whihc are way beyond my humble PC skills or links to anti-spyware progs that you have to pay for (dodge IMHO).

Im posting this in the slim hope that someone might have a download that will kill it - or at very least tales from fellow sufferers.

cheers

Tim
 

feyr

evil evil monkey!
anyone having a problem with safetydefender? its jijacked my home page and tells me i have a virus/adware instatlled and my details are at risk, but all my virus programs arent picking it up? any ideas? am about to go google it , but thought i'd ask if anyone had any experience :)
 

trashpony

Ovaries and tings
feyr said:
anyone having a problem with safetydefender? its jijacked my home page and tells me i have a virus/adware instatlled and my details are at risk, but all my virus programs arent picking it up? any ideas? am about to go google it , but thought i'd ask if anyone had any experience :)
all I know is that I've got the latest version of firefox and it's shhhh oh so quiet in here ... :)

it's a huge relief frankly - after sexbabies automatically downloading when the small boy's playing thomas the tank engine :mad:
 

*Miss Daisy*

Suck a Big Hairy....
:confused: what does it mean, when the mouse cursor moves across the screen or turns the volume up on winamp when the actual mouse is on my desk un touched,,,,Do I have creepy crawlies in my puter??

i dont have problems with things downloading tho,, :)
 

feyr

evil evil monkey!
i'm using firefox now too, but mr feyr insists on using ie, then sodding off down the pub leaving me to sort it out :mad:

looks like a malware :(

mouse fairies, miss daisy :) sometimes i get that problem if the insides of my mouse is mucky, seems to make the ball go a bit haywire and the cursor has a life of its own
 
Status
Not open for further replies.
Top