Help with a specific virus.

Discussion in 'Off Topic [BG]' started by Joe Nerve, Aug 12, 2004.

  1. Joe Nerve

    Joe Nerve Supporting Member

    Oct 7, 2000
    New York City
    Endorsing artist: Musicman basses, Hipshot products
    I'll start by saying that I've used Ad-aware, Spy assasin, AVG anti-virus, and a recommended virus scanner from the Microsoft site. Several viruses HAVE been found and eliminated - but something's gotten into my sytem that I can't get out, and it's getting worse. Here's what it does:

    It takes over internet explorer with a phony search page and popups for spyware protection. It makes it impossible for me to change my explorer home page. No matter what I do, it goes back to "about blank" which brings up the seach engine. I even went into my registry and deleted all the start pages on internet explorer as suggested at the microsoft site and nothing has stopped it.

    I can not longer do a search on AOL because this screen and popups show up. I can't even access the news on AOL. I recently intalled optoniline and it completely takes over their browser. I'm feeling rather hopeless and i'm about to trash this computer and finally upgrade.

    Can anyone help??????????????????????????
  2. jokerjkny


    Jan 19, 2002
    NY / NJ / PA
    you might wanna update your spyware program.

    e.g. with Ad Aware, before i run the program, i always check for updates, and sure enough, every time, there's something new i have to download. you'll fix it in a jiffy.
  3. kserg


    Feb 20, 2004
    London, UK
    I notice you don’t have spybot seek and destroy on list.
    Get S&D it might help because it finds some of more messed up spyware then what adaware finds...

    It besicly goes... small adware is good with adaware but serious ones for spybot

    EDIT: and ya make sure you update all of them:)

    Hope that helps

  4. DigMe


    Aug 10, 2002
    Waco, TX
    Here's how to get rid of your worst virus:

    Go to Control Panel, Click Add/Remove programs, select AOL, click "Remove".


    Just kidding man..I know I'm no help. It's boring being unemployed and I have to entertain myself somehow.

    brad cook
  5. kserg


    Feb 20, 2004
    London, UK
    oh ya... also to rm some spyware and viruses complitely you need to be in safe mode:/

    try rescanning again and see if avg and adaware finds anything again:) good choice on virus scan btw:)
  6. LoJoe


    Sep 5, 2002
    Concord, NC USA.
    I had almost the exact same problem about 2 months ago. Neither Ad-aware or Spybot would find it. Two files you may want to install to help. Do a Google search on HiJack This. It's a file you can run and it will generate a log that computer gurus can look at and see what kind of crap has been installed. What fixed mine though was a file called VX2finder. It found the culprit concealed in my registry and cleaned it out. You can also do a search on this file and find several computer guru websites to download it from. Many of them also have message boards where you can show them your Hijack This log and ask questions. Ad Aware has since come out with a VX2 plug in that you can install. Go to their Lavasoft website and download the plug in and then run it from the Ad-aware main panel on the left under plug ins. Good luck. I was miserable until I got it cleaned and wanted to track the people down and stomp them.

    Once you do get clean, I would recommend two more free programs. SpywareBlaster and ZoneAlarm are both excellent programs to keep you clean.

    Here's some sites I accumulated during my trials that may be helpful: Ad-Aware VX2 Plugin (Try this first) Hijack this Spyware Message Board Great site for info and help.
  7. RAM


    May 10, 2000
    Chicago, IL
  8. How do you get rid of the Hotbar thing? I don't know how it got there...and I don't see it on the list of Add/remove stuff.
  9. GAHHHHHH!!!!!!!!!! OMG!!!!!!!!!

    I just did a free SpyFerret check thing and I have so much crap wrong wiht my computer!!!!!

    How can I get rid of it??????
  10. MJ5150

    MJ5150 Terrific Twister

    Apr 12, 2001
    Lacey, WA
    Bazooka works awesome for digging out the pesky spyware buried in your registry, which is what you have Joe. Not a virus, or trojan...just pesky spyware buried deep within the bowels of your registry.

  11. Mike Money

    Mike Money Banned

    Mar 18, 2003
    Bakersfield California
    Avatar Speakers Endorsing Hooligan
    Thats what you get for using AOL.
  12. It sounds like you may have a variant of the CoolWebSearch virus. Some of them will disable anti-spyware programs.
    If you have something that can display the current programs running and terminate them, like Norton Crashguard, see what is running. The one I got was called 'Win Min', terminate it before you do anything else.

    Try downloading CWShredder. At this site Softpedia they also have a program to disable the program before removing it. CWShredder is written specifically for this type of virus.

    I had ZoneAlarm and Norton Antivirus (latest files) running and it still got through. Lavasofts Adaware did not find it either.
  13. UnsungZeros

    UnsungZeros The only winning move is not to play.

    and of course, to prevent similar cases, I recommend switching from Internet Explorer to Mozilla Firefox.

    Its relatively simple to use, offers tons of great features like tabbed browsing and popup blocking and is much more secure than Internet Explorer. It even automatically imports all your IE bookmarks.
  14. nonsqtr

    nonsqtr The emperor has no clothes!

    Aug 29, 2003
    Burbank CA USA
    Here's the first step I'd take: install a software firewall like Zone Alarm (free) and then see what programs in your machine are trying to get out to the internet. Chances are good there's an executable somewhere that shouldn't be there. Especially, look for executables in your "temp" directory

    \Documents and Settings\"user name"\local settings\temp

    and if there are any, note their names, then delete them. Then, search your registry for the presence of any of those names, and delete them too. Finally, look in your registry in the "run" and "run once" entries, and make sure you know what everything in thoses lists does. That might take care of the first part. Then you'll still have to fix your IE. Good luck.

    (edited 'cause those darn angle brackets never print correctly) :)
  15. Joe Nerve

    Joe Nerve Supporting Member

    Oct 7, 2000
    New York City
    Endorsing artist: Musicman basses, Hipshot products
    Progress report:

    I'm moving at a snails' pace cuz i'm doing a bunch of other stuff also, but this is what I've been able to do thus far - the problem is still there though.

    Realized I never did have Ad-aware (thought I did) - downloaded that, ran it - it found a bunch of stuff, quarantined it all - problem still there.

    Downloaded the suggested plugin. Can't get ad-aware to run the plugin. When I open the plugin it comes up in the adaware screen but has a red X on it and when I try to run it a screen immediately comes up that says "system clean" or something like that.

    I tried to search for some of the things suggested, but a search for anything has become impossible.

    Funny - I had some hope in the CWS shredder, but I can't get to THAT site. makes me think all the more that THAT might be my solution. When I try to get to the download page - the fake search engine (my freaking problem) comes up, and I can't get past the page. It blocks out whatever page I'm trying to go to.

    I'm about to dive into this once again now.
  16. LoJoe


    Sep 5, 2002
    Concord, NC USA.
    I can email you the CW Shredder , VX2 Finder, and the Hijack This executables if you like. PM me if needed. They are zip files.

    Don't worry, no viruses!!!
  17. Juneau


    Jul 15, 2004
    Dallas, TX.
    I think Ive had that before, might try checking out MSCONFIG (if you have XP or 2000, use the MSCONFIG that comes with 98. It will give errors, but it will work fine for this application), see whats in windows=run.

    Also, try deleting all of the stuff out of temp Inet, and check what your homepage is set too as well, sometimes they hide it in there.
  18. just pay the fifty bucks for a program called webroot. its recommended by microsoft. do it. your problem should end.
  19. I second downloading Mozilla. You could at least use it to access the downloads you need!