magicalfreddiemercury 30.06.2008 20:31 |
Does anyone know how I can find this spyware, malware or whatever it is on my system and clean it out? I've used spybot, Adaware, McAfee and SuperAntiSpyware and these "about:blank" pages keep popping up... and I have popup blockers! I've researched this online and there's a lot of info out there about how to delete it, but there's also info there about not trusting sites that tell you how to clean out the system. I'm afraid I might trust the wrong site and make things even worse. My homepage hasn't been hijacked - this is what's strange about what I've been reading. After I exit IE, several pages will open - not all will open right away though - and they're all blank with about:blank in the address bar. I have Windows Vista, if that matters, and IE7. Help? Anyone? |
Saif 01.07.2008 08:47 |
Could you please try this Adware-remover and then post the results? link |
magicalfreddiemercury 01.07.2008 08:57 |
I'm guessing if you mention adwareaway then it's a legitimate removal tool. I downloaded the trial version of it last night and it scanned quickly. The results said it detected "two infections", however, to delete them, I had to purchase the product. After all the heartache of the pop-ups, I thought that might be a hoax as well so I uninstalled the program. A friend recommended Stopzilla. $49.00 later, I've scanned my entire system and deleted 3 apparent infections. So far, so good, but all the info I've read on this spyware "about:blank" says that it hides and morphs and easily reactivates. Literally 20 popup pages - if not more - would appear during an online session or immediately after logging off. We'll see what happens now... |
Saif 01.07.2008 09:29 |
I don't know about StopZilla but the AdwareAway program works for sure. Not too long ago, a friend of mine had the same problem. I fixed it manually for him - which involved downloading programs like Hijack This and RegLite(because it allows you to view hidden registry entries) and told him to use Firefox. But after reinstalling his computer a few days later he acquired the same pest again(from some Adult site lol). This time I refused to help him since he hadn't started using Firefox as I had instructed so he downloaded a few adware-removal programs including AdwareAway, which was the only one that worked. It reported 11 counts of the malware "AdultArtel". I would tell you to download a crack/keygen but you might get infected with more unwanted pests, heheh. |
pittrek 01.07.2008 09:42 |
Spyware Terminator - the best thing I have seen and it's completely free |
Mr Mercury 01.07.2008 10:05 |
Saif wrote: I would tell you to download a crack/keygen but you might get infected with more unwanted pests, heheh.Thats exactly what I did. Boy did I pay for it big style. Caught the dreaded Vundo trojan. No matter what I tried ( vundofix, avg, McAfee, etc) nothing would get rid of it, so I had to wipe my whole system and re-install everything from scratch. Needless to say I am now VERY wary of anything I download.... btw.... did you know this website got hit by an sql injection script? Fortunately Richard was on the ball and fixed it right away. link |
magicalfreddiemercury 01.07.2008 10:38 |
Saif wrote: This time I refused to help him since he hadn't started using Firefox as I had instructed so he downloaded a few adware-removal programs including AdwareAway, which was the only one that worked. It reported 11 counts of the malware "AdultArtel".Do you mean Firefox prevents this kind of thing from happening? I tried firefox a long time ago but uninstalled it. I don't know why I did that but maybe I should start using it again. You said your friend got it from an adult site... I've been seeing ads and emails for porn lately. Should I assume these two things are somehow related or could it have come from other sources that I can control? |
magicalfreddiemercury 01.07.2008 10:39 |
pittrek wrote: Spyware Terminator - the best thing I have seen and it's completely freeThanks for this - it's scanning my system as I type this... though Stopzilla seemed to have worked. For now. |
magicalfreddiemercury 01.07.2008 10:43 |
I just noticed that Spyware Terminator detected the exact file that Stopzilla found and supposedly removed. How could it have come back? Damn. This is not my idea of fun. :-( |
YourValentine 01.07.2008 12:29 |
I use SpywareBlaster for protection against adware and spyware, it's free and seems to be really good. I also have "Spybot Search and Destroy" (also free and very good) but since I have Spywareblaster, the Spybot does not find that many adware anymore. |
Saif 01.07.2008 13:43 |
Could you post the name of the Spyware that both Stopzilla and Spyware Terminator detects? It can very easily come back if the DLL that is executed is restored by some start-up entry in the registry. |
magicalfreddiemercury 01.07.2008 14:13 |
Saif wrote: Could you post the name of the Spyware that both Stopzilla and Spyware Terminator detects? It can very easily come back if the DLL that is executed is restored by some start-up entry in the registry.I'm doing this from memory now since I had both removed... it was something like - hkml\microsoft\windows\currentversion\run I wasn't sure whether to remove it since it had "microsoft" in the name... I thought it might be a necessary file but Stopzilla said the threat was high and Spyware Terminator called it critical. |
pittrek 02.07.2008 02:49 |
Yes, you have deleted the defect file, but some other program restores it regularly. That program is started upon system start, when it's in "run". The best thing you can do is to reboot to safe mode, run SpywareTerminator's full scan, delete the affected files, reboot again and if it's still there, use autoruns.exe (link )and try to find out which auto-starting process you don't need. It's a hell of a work, I lost half of a day last time, but the combination of autoruns+SpywareTerminator helped me. Also for browsing it's a good idea to use Firefox with Adblock, and maybe even Noscript if you're slightly paranoid :-) And of course, no visiting of crack sites, unknown porn sites, etc. Also a firewall should run on your computer. Don't open e-mail attachments from people you don't know, don't download executable files without scanning them first ... |
magicalfreddiemercury 02.07.2008 07:16 |
pittrek wrote: Yes, you have deleted the defect file, but some other program restores it regularly. That program is started upon system start, when it's in "run". The best thing you can do is to reboot to safe mode, run SpywareTerminator's full scan, delete the affected files, reboot again and if it's still there, use autoruns.exe (link )and try to find out which auto-starting process you don't need. It's a hell of a work, I lost half of a day last time, but the combination of autoruns+SpywareTerminator helped me.Thank you for all of this. I will indeed try it... IF my computer ever boots fully. I'm using my daughter's computer now. Mine will not start. It powers up then goes to a black screen with only the cursor visible. It powers down when I force it to, and then runs a startup scan, but the same things happens - black screen with only the cursor. pittrek wrote: Also for browsing it's a good idea to use Firefox with Adblock, and maybe even Noscript if you're slightly paranoid :-)Slighly paranoid only slightly describes me right now. pittrek wrote: And of course, no visiting of crack sites, unknown porn sites, etc. Also a firewall should run on your computer. Don't open e-mail attachments from people you don't know, don't download executable files without scanning them first ...This is what I'm trying to understand... I'm careful about what I do online, but I've noticed several porn popups and ads lately - like for a week or so. I'm not a regular to those sites so I don't know why that was happening... and I don't know what caused what. Where did the porn stuff come from and did that bring this 'virus' or did the virus bring the porn stuff? Where did the virus come from in the first place? And... how do I rid the computer of it if I can't even get it to start fully? |
magicalfreddiemercury 02.07.2008 07:33 |
Well... third time's the charm. I had to force a shut down twice and restart. On the third start and scan, the system did an automatic system restore and here I am. Slightly paranoid... I'm still not sure if whatever hijacked my computer is completely gone so I'm going to back up everything now (because like an ass, I didn't do it yesterday) and then try what pittrek suggested above. |