Arg -_- Trojan and Spyware

[Haru144]

Last night I was torrenting something and my fire wall was off for some reason. BOOM BSOD pops up and crashes it. Next I try to reboot and I started up normal BOOM againz BSOD. So I was pissed, cause thats twice I've gottan pwnt now. This morning I rebooted it on the last know configuration that worked and I got in. (Hurray!) When I logged on my desktop background said this….

Warning!
Spyware has been dectected on your computer!
Instal an anti virus or spysweeper prgram to clean it.
I've never done this before… lol

So I have Spysweeper up scanning right now and just a few minutes ago Trend micro virus alerted me with 2 viruses with location. I'm not sure if I should manually delete them or let spysweeper handel it @.@....

I also turned off my wiresless connection last night and I'm sorted of afraid to turn it back on... I guess I was being hijacked?

[Homicidal Monkey]

i forgot the exact command prompt command, something like netstat -a will show all active ports. Remove the local hosts, microsoft, netbios, remote harddrives, port 80 and 1850 stuff and the remainder are spyware. And the best way to remove spyware is to reinstall the os…

[Admiral Refuge]

Yea, that background is false… It was actually made by that trojans.  The purpose for that trojin, is actually to try to get you to download THEIR spyware program (which will screw up your computer even more)

That thing is going around... My friend recently had to do a system recovery because of this mess

Only trust YOUR anti-virus.. You may get popups saying something like, "We have found # of tojans and spyware on your computer. Please go to freeavga.com to remove it" etc... All those are made BY the virus itself

[Homicidal Monkey]

trust only windows firewall and firefox. If you get a virus with those, its your fault. (btw it is netstat)

[Admiral Refuge]

@Simius:

> trust only windows firewall and firefox. If you get a virus with those, its your fault. (btw it is netstat)

Godlord will be all over this topic once he sees it, explaining that you can go around without an anti-virus software, and be fine…
from the sound of it, it sounded like when BSOD(?) popped up, you already had the program dormant in your system (maybe from an infected torrent, that was harmless at that time), was sent a command to activate...

Since you were connecting to 100s of other computers (depending on the size of the torrent), and since you had your firewall off, couldn't have been that hard

[Homicidal Monkey]

try rebooting and go to run -> cmd -> netstat -b -v. It will show all programs accessing the internet.

[L0lz]

It's why torrents are gay, they're not even fast. PC recovery if u want, wipe out your hard drive or something idk.

[Haru144]

I turned the internet off, um people have told me to doqwnload and install the latest ad ware and let it run.

Do I really have to reinstall the OS o.O?

I'm thinking if that don't work do a system recovery.

[Homicidal Monkey]

@Haru:

> Do I really have to reinstall the OS o.O?
>
> I'm thinking if that don't work do a system recovery.

system recovery, burn dvd with back up of your crap, wipe harddrive(s), reinstall OS. Its the only way to completely kill all viruses 100% of the time, all the time.

[Admiral Refuge]

If you have Windows XP, backup your entire "Documents & Settings Folder; that has all your desktop/my documents stuff in it…

Then do a system recovery.

What adware program do you have to update? Is it the one you had BEFORE the virus attacked?

[In7el3ct]

My friend got this one… twice... except I think it was a different one 'cause it did a lot more. It somehow managed to lock the run command, taskmanager, regedit, and a whole bunch of other stuff. Anyways, he managed to dismantle it mostly by hand before getting this one anti-spyware program to work, then just used that and it cleaned up the rest. If I can remember what he used, I'll post it.

It's a lot better than re-installing the OS. (trust me on this one, I had a computer that had a virus count of over 1500 and we had to re-install the OS 4 times 'cause of all the shit that was left afterwards. really sucked.)

[Homicidal Monkey]

@In7el3ct:

> My friend got this one… twice... except I think it was a different one 'cause it did a lot more. It somehow managed to lock the run command, taskmanager, regedit, and a whole bunch of other stuff. Anyways, he managed to dismantle it mostly by hand before getting this one anti-spyware program to work, then just used that and it cleaned up the rest. If I can remember what he used, I'll post it.
>
> It's a lot better than re-installing the OS. (trust me on this one, I had a computer that had a virus count of over 1500 and we had to re-install the OS 4 times 'cause of all the shit that was left afterwards. really sucked.)

reinstall OS 4x? just wipe the harddrive, reformat.

[Admiral Refuge]

@In7el3ct:

> My friend got this one… twice... except I think it was a different one 'cause it did a lot more. It somehow managed to lock the run command, taskmanager, regedit, and a whole bunch of other stuff.

Yea, that's the one my friend got (and my dad, which I managed to get rid of somehwhat, with avgforfree)

@Simius:

> reinstall OS 4x? just wipe the harddrive, reformat.

Yea, a clean format would be the best…. Seems to be the only way to completely get rid of this thing

[Haru144]

See, I have no idea how to do that though. Reformat? Reinstall? Don't I need a CD for this?

Btw spysweeper finished but I don't think it picked it up.

[Admiral Refuge]

@Haru:

> See, I have no idea how to do that thought. Reformat? Reinstall? Don't I need a CD for this?

You will need your computer's operating system CD (or since you're so keen on torrents, you may want to look for Windows XP Dark Edition). Then, boot your computer with the OS CD in it, delete the partition, re-create it, and install a fresh OS on it… Just make sure you backup ALL your files -- atleast in the Documents and Settings folder -- before doing it

[In7el3ct]

Ok, the program my friend used to get rid of it is Malwarebyte's Anti-Malware. Hope that helps

[Haru144]

Okay im going to try a few of these scans first. If that dosen't work I'll see if my brothers friend is willing to take it because hes a major computer technision

[Homicidal Monkey]

be careful, several spyware sweepers are spyware. ironic eh?

[Haru144]

Good news, I think I have killed it.

The temp./hidden folders in C/: are gone. The browser doesn't jump anymore. Computer started up on normal by it's self with out crashing. The Warning spyware background is no longer there. I've emptied anything in the recycle bin. I'm having Ad-ware run a full scan right now just in case ; ).

I killed it with Tren Mirco Anti Virus.

EDIT–--

Nvm it just crashed v.v going to try In7el3ct  suggestion