Announcement

Collapse
No announcement yet.

Malware problem

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Malware problem

    Recently, some malware found its way onto my computer and I don't have any idea how to get rid of it. It has slowed down my computer considerably to the point where I can't watch any videos from this or any other site. Whereas a video would normally download in 3 to 4 minutes, it would now take about 2 hrs. Even streaming video doesn't work. Also, if a model posts any photos on the forums, it loads very slowly.

    This malware suddenly made it's appearance as a popup advertisement. While viewing a web page, I was suddenly knocked out of the internet and back to my desktop, with a popup message telling me that if my computer is running slow (it wasn't at that point), I may be infected with viruses, adware or spyware and telling me that MalwareAlarm will perform a quick and completely free scan. It asked me to download MalwareAlarm, which of course, I didn't do. This popup happened one more time, a couple of days later, and since then, my computer is very slow.

    Has anyone ever experienced anything like this and can anyone give me any ideas on how to rid myself of this malware? I ran scans with two different spyware detectors which I've had and also my McAfee protection, but they didn't find anything other than the normal cookies.

    #2
    There are a couple of programs that may sort out your infection:

    Lavasoft Adaware
    And
    Spybot

    Both are free downloads and work well. I would also suggest cleaning out your cache and temp files before running the above programs as these malware often hide in those folders, you can do it manually or there is a program that does it for you Cleanup.

    IMO Mcafee and Norton and all the other paid for programs are a bit useless at removing ALL malware, You need a whole battery of programs to do the job properly.


    I also found some instruction on how to remove this infection by Google searching so it may be worth looking at some of these sites. Your after instructions on how to, not a download of another program!

    This one looks good but it means manually editing the registry, not for the faint hearted!

    Good luck and post back here to let us know how you get on.

    L

    Comment


      #3
      If it's Windows XP - Turn off system restore, empty internet history/cache and temp folders (as above message).

      Try and do the following in safe mode:
      Run Spybot. Another good one is AVG Antispyware - free trial for 30 days i think, very thorough.
      Windows Defender is kinda good too.

      Run an antivirus program: Avast and Antivir are good free ones. I personally use NOD32 which is great - has free trial too.

      If it weren't for the downloading issue i'd say do an online scan too. Panda is ok.

      All these programs can be found at www.filehippo.com.

      These programs aren't overly big but with yr downloading problem i'd try and get it off a friend or library or whatever. I personally have an old flash drive with emergency programs on it - which reminds me, i have to update it.

      Good Luck

      Comment


        #4
        Originally posted by ozimatter View Post
        Try and do the following in safe mode:
        Run Spybot....
        All of these suggestions are great, but I want to emphasize running Spybot, Adaware, and a virus-scan in Safe Mode.

        To get into safe mode, turn off your computer. When you turn it back on keep tapping the F5 button (F8 in some systems). You should get a black screen with white letters, use the up/down arrows to highlight the Safe Mode option and press Enter. (Safe Mode With Networking might allow you to download spybot, etc. if you couldn't otherwise.) Run the scans in Safe Mode, it will be faster and there will be fewer problems.

        Comment


          #5
          True, laktor please don't go editing your registry. Much harder to fix from a distance

          Just run Spybot S&D and it will take care of it. Including making a backup of everything it removes.

          To prevent future infection run 'Immunize' from Spybot as well. Prefer to use FireFox for most if not all of your browsing.

          Get a proper anti-virus/malware protection program, the current one obviously failed its job. Try AVG Free, the only drawback with it is that you have to update it manually by clicking some buttons (the pro edition does that automatically). It's also MUCH MUCH lighter on using cpu/resources compared to McAfee.

          Or at least ask McAfee why it didn't detect malware first sighted 02-feb-2007.

          p.s. changing online passwords might also be a good idea, this silly bot also appears to send data to somewhere, no conclusive information on that however.

          Comment


            #6
            So Frans, you recomment running Spybot S&D in safe mode???

            Comment


              #7
              Originally posted by laktor View Post
              So Frans, you recomment running Spybot S&D in safe mode???
              If possible yes. If not, running it normal mode will most likely help as well but you're more sure in safe mode. Preferably download S&D before going into safemode, so you can run in Safe Mode without network.

              Comment


                #8
                I just went to Spybot's website, but I'm confused. When I click on download, it selects several "mirrors" in which to downloand. What mirror selection should I use to download?

                Comment


                  #9
                  It doesn't matter much what mirror you use. A mirror site is one that stores an exact copy of the software in a location that may be more convenient to certain users (Europe, etc.), so all the mirror sites are offering the same thing.

                  Comment


                    #10
                    Thanks MS...I'm going to do this today, but I really thought from what I researched on the web, that removing malware would be much more difficult than just running SpyBot. But maybe it's just the kind of malware that I described that doesn't make it that difficult?

                    Comment


                      #11
                      Laktor, try spybot in safe mode. Then try AdAware (using Lesley's link) in safe mode. There's a very good chance that one or the other will "kill" the malware that's affecting your machine.

                      Comment


                        #12
                        Spybot/Adware doesnt give 100% cleanup. I've been through the same problem you describe. If Spybot/Adware doesnt solve your problem, try http://pestpatrol.com/

                        2 years ago I downloaded the ultimate program: http://www.zonealarm.com/store/content/home.jsp

                        Yes, you have to pay. Maybe thats why it works and are updatet 24/7/365.

                        Comment


                          #13
                          These are all good suggestions laktor. Keep in mind that no single program can remove all spyware/malware. I have numerous programs that I use, but the only free one I have is Spybot, the rest are ones I paid for. I have Ad Aware Professional, CounterSpy, Spy Sweeper, Pest Patrol, Zone Alarm Pro's included one, and Norton Systemworks included one. I usually run Counterspy and then Spy Sweeper, and then Norton Anti-Virus.(in case it's a virus and not spyware.)

                          The reason you should run it in Safe Mode is beacuse in Safe Mode, a lot of programs and drivers don't load as you start up the computer. By having only basic programs and functions running, it's easier for the spyware remover software to do it's job.

                          Comment


                            #14
                            Dekoda, that sounds like SEVERE overkill. Running Norton and ZoneAlarm together on a single system is well... asking for problems and bad performance? Most of the good programs (AVG, Nod32, Kaspersky) will get around 99,9 of their intended targets.

                            Audun, why do you think that pestpatrol (which is just another anti-malware program) CAN fully remove the Malware laktor has, yet AdAware or Spybot can not? MalwareAlert isn't a very difficult program to remove really, if you know how to handle regedit you can easily do it yourself.

                            Besides PestPatrol is made by CA. CA owns McAfee, guess which protection software didn't pick up this threat in time??

                            Laktor, just run Spybot and AdAware in Safe Mode and see how it goes from there.

                            Comment


                              #15
                              Also you should turn off restore/backup feature before running removal tools. It locks restore file and infected files can't be removed. Most programs tell you infected file is there but can't remove. Un-check restore feature and rerun pgm if this happens. Go to help/restore it will direct you to location.

                              Comment


                                #16
                                Originally posted by fransAW View Post
                                Dekoda, that sounds like SEVERE overkill. Running Norton and ZoneAlarm together on a single system is well... asking for problems and bad performance? Most of the good programs (AVG, Nod32, Kaspersky) will get around 99,9 of their intended targets.
                                ZoneAlarm is not an anti-virus program, which is why I only run Norton as my AV software. The other programs are not running until I launch them. I have so many because over the years, one program (Spybot was the first) would be highly rated. Then Spybot fell by the wayside and one by one, the others became top rated, so I'd switch to them. Now they all seem to be about the same, but I try not to use ZoneAlarm or Norton's spyware protection. Those two just came bundled with their respective main programs.

                                I think AdAware is about to run out, so I'm going to let that one go. The same goes for Pestpatrol. I'll eventually be down to just CounterSpy Spy Sweeper, and Spybot. I stopped using Spybot because it fell behind other products. There wasn't any new spyware definitions, or updates to the product for along time, and even the magazines said that it wasn't as good as it once was, so I switched to the other ones. Spybot may be a better product now, but I've already switched to the others, so I make sure I'm getting my money's worth with them.

                                Comment


                                  #17
                                  I hate Norton (the Symantec Corp scanner is good, but very sparse and hard to configure) and McAfee, they need dedicated cpu's to run almost, blech. If you want a good combined suite I'm told AVG has a good antivir+spyware kit. Kaspersky is as usualy very good but rather expensive, does include a proper firewall though. I run nod32 but that has no firewall and is possibly less customer friendly (menu/options are a bit complex).

                                  edited to add: just noticed AVG suite now includes a firewall as well.

                                  Whatever you do make sure you password-protect the setup/configuration of those tools. There are malware/virus tools out there which try to disable scanners by turning them of (since killing the scan process is usually guarded against).

                                  Ah well, lets not make this a bigger problem then it is. Remove the damned malware, get a proper scanner/protection kit and use it. Either AVG or Kaspersky will do fine.

                                  Comment


                                    #18
                                    I just tried downloading Spybot and something is happening that I can't stop. I didn't ask that it run because I wanted to go into safemode first. However, I'm getting a message on my screen that say Spybot has encountered and terminated a process that is listed as part of a malicious software, then it ask me if Spybot encounters this process again, what should it do? Three choices are given: Inform me again, autimotically kill this process or allow this process to run (not recommended). First of all, The file name has been identified as SpywareDetector which is something I pay a yearly fee to have and second, when I click ok on this message, nothing happens. It is staying on my screen! So what is happening? What do I do now...turn off my computer??

                                    Comment


                                      #19
                                      Originally posted by laktor View Post
                                      I just tried downloading Spybot and something is happening that I can't stop. I didn't ask that it run because I wanted to go into safemode first. However, I'm getting a message on my screen that say Spybot has encountered and terminated a process that is listed as part of a malicious software, then it ask me if Spybot encounters this process again, what should it do? Three choices are given: Inform me again, autimotically kill this process or allow this process to run (not recommended). First of all, The file name has been identified as SpywareDetector which is something I pay a yearly fee to have and second, when I click ok on this message, nothing happens. It is staying on my screen! So what is happening? What do I do now...turn off my computer??
                                      It's asking if you want to kill the process ... it's not asking if you want to delete it.
                                      Turn off the computer and go into safe mode. See if you can run Spybot.
                                      Lastly, just because you bought it doesn't mean it doesn't include malicious software.

                                      Comment


                                        #20
                                        ok, I'll try and go into safe mode, but in normal modewhen I hit ok, this message stays on the screen, right in the middle. I shut off my computer, then started it up again and this damn message is still there! What should I do??? Help.

                                        Comment


                                          #21
                                          Originally posted by laktor View Post
                                          ok, I'll try and go into safe mode, but in normal modewhen I hit ok, this message stays on the screen, right in the middle. I shut off my computer, then started it up again and this damn message is still there! What should I do??? Help.
                                          Is it still there when you boot up in Safe Mode?

                                          Comment


                                            #22
                                            This page might be worth reading once you got your internet back up more normally: http://wiki.castlecops.com/Malware_R...tion:_Overview (Malware removal guide including links to freeware tools for it)

                                            There are lots of possible theories which could explain what you describe. Lets keep things simple however and run step by step. Step 1 being getting into Safe mode and running Spybot S&D or AdAware.

                                            Do you have more pc/tech knowledgable friends who could help you with pc problems? I ask 'cos a proper virus scan might be usefull, preferably from cd.

                                            Comment


                                              #23
                                              Originally posted by dekoda View Post
                                              Is it still there when you boot up in Safe Mode?
                                              No, but when I ran SpyBot in safe mode it, besides cookies, it only found my spyware detector that I just renewed for another year but I deleted it anyway since I now have Spybot. It also found my firewall disabled but that was in safe mode. In normal mode , like right now, my mcafee says my computer is totally protected, while in safe mode, it said it wasn't. In safe mode I "fixed" everything that SpyBot found except the 2 entries about my mcafee firewall. After that, Spybot said there was one thing it could not fix and that was 1 out of the 76 entries found regarding my Spyware Detector, but it said maybe that's because it was in memory and might be deleted upon a restart. Then when I restarted my computer in normal mode, it automatically started another scan before any of my normal desktop icons and anything else came on...I couldn't do anything about that.

                                              Apparently, my problem is still around because I still can't see videos. For example, to see the video newsletter would take about 35 minutes! And the still sets are still slow to load.

                                              Now what's next????

                                              Comment


                                                #24
                                                Originally posted by ham View Post
                                                Also you should turn off restore/backup feature before running removal tools. It locks restore file and infected files can't be removed. Most programs tell you infected file is there but can't remove. Un-check restore feature and rerun pgm if this happens. Go to help/restore it will direct you to location.
                                                Where exactly do I find this to uncheck??

                                                Comment


                                                  #25
                                                  Okay, how about trying a second spyware remover. You can try most of them for free for 15 days, so maybe try a second one. As I mentioned before, no single remover can remove all spyware, so it's a good idea to run more than one. Try CounterSpy http://www.download.com/3000-8022_4-10705277.html and see what happens.

                                                  Comment


                                                    #26
                                                    Lets start from the top again; this is the image you see?

                                                    Click image for larger version

Name:	malwarealarm1.gif
Views:	1
Size:	8.8 KB
ID:	619850

                                                    Spybot should have found that. As dekoda says there are lotsa tools, take his recommendation and download that one and run the free trial

                                                    Comment


                                                      #27
                                                      Yes, Frans, that is exactly what I saw, on two occasions and as a result, my slowness began! Do you know what it is and if the suggestions here can get rid of it?

                                                      Comment


                                                        #28
                                                        Originally posted by laktor View Post
                                                        Yes, Frans, that is exactly what I saw, on two occasions and as a result, my slowness began! Do you know what it is and if the suggestions here can get rid of it?
                                                        It is in fact the already mentioned MalwareAlarm malware program (aka 'SpywareNo'). So it is a known problem, always a good thing. Btw. the 'cancel' button in that window won't work as expected but you prolly noticed that already. If you got FireFox installed use it to download the spyware-scanner programs.

                                                        I don't know why Spybot S&D didn't find it. But as dekoda also said other spyware scanners should be able to handle it fine. Either try the one he mentioned or try http://www.pctools.com/spyware-doctor/ which is reported as being able to remove this particulair pest.

                                                        Comment


                                                          #29
                                                          Ok, frans, thanks. I'll try your suggestion first. Hope there's a free trial!

                                                          Comment


                                                            #30
                                                            Say laktor, you said you run Spyware Detector? It's webpage says it can handle MalwareAlarm just fine: http://spywaredetector.net/spyware_e...re%20Alarm.htm did you do a scane with Spyware Detector?

                                                            Comment

                                                            Subscribe to our e-mail newsletter

                                                             
                                                            Sign up for the abby newsletter. Don't worry, we'll NEVER share your email address with anyone.
                                                            Working...
                                                            X