TechSpot

Infected laptop Repeating warning signs saying infected buy this

By tcbrb46
Jan 17, 2010
  1. Infected laptop Internet security 2010

    My laptop is infected with malware/spyware that keeps popping up and warning of infection and to click on system tray icon to download most up to date sypware. Won't allow me to restore. Tried to remove problem with cc and remove history. Had this problem a couple of years ago can't remember the steps to get rid of it. Trying to sell a spyware program with a ad. Saw this win.netsky. After start up on desktop a notice says: Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware removed. This does not appear to be a Windows warning but rather part of the spyware. The program is called Internet security 2010
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please follow the steps HERE.

    When finished, attach the 3 logs for review.

    NOTE: Be sure to check the lines in both Malwarebytes and Superantispyware to remove what they find.

    I'll see if anything needs to be removed in HijackThis, so you don't remove any entries in that.
     
  3. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Infected laptop repeating warnings signs saying infected buy this

    i followed your instructions. There are no directions on how to upload superantivirus result from preferences and notebook to the reply thread.
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please print instructions:

    You have run Malwarebytes and not checked this line:
    So although it found a lot of malware, it didn't remove any and shows No Action Taken for each entry. Please update the program and scan again, being sure to check the lines.

    Then rescan with Superantispyware. attach new log as follows:
    Please reopen Hijackthis to 'do system scan only.' Check each of the following if present:
    Optional removals are in green:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway>> See Option 1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

    R3 - URLSearchHook: (no name) - *{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)>>Default MS IE Search Hook
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe">> See Option 2


    Option 1: Spyware: Dell MyWay
    MyWay is spyware, by most forums' definition, and is put there without the knowledge/permission of the buyer. AOL, Netscape, Earthlink, etc. are advertising/sales come-ons you can delete easily via Add/Remove Programs. MyWay is not completely removed via Add/Remove. It has numerous Registry entries that must be found and deleted and an ActiveX that must be disabled.
    Dell has been pre-installing MyWay Search Assistant software (spyware) on all new Dell pc's since Nov. 2004. It tracks web browsing habits
    You must also disable the Active X Object using Tools> Manage add-ons

    Option 2: Rogue Spyware: DefenderPro aka Smart Defender Pro:
    Smart Defender Pro is a rogue antispyware software, or a fake security software that takes advantage of naive people and scams them out of their money. Smart Defender Pro is completely useless, a computer parasite.
    http://2.bp.blogspot.com/_2TWLqRKWVBc/SluGGJ9UcNI/AAAAAAAAAKo/aDduy3WBLxM/s1600-h/SmartDefenderPro.jpg[/b]
    Some anti-spyware programs are considered 'rogue' for the following reasons:[list]
    [*]They use deceptive means to get the user to buy their program
    [*]The programs give 'false positives' meaning an entry is presented as 'bad' when is usually is not.
    [*]Their scanning techniques are not thorough and their databases may not be current.
    [*][b]There is no privacy policy[/b]
    [*] See [url=http://www.spywarewarrior.com/rogue_anti-spyware.htm][b][color=blue] SpywareWarrior[/b][/color][/url] for specifics.
    [/list]

    Close all Window except HijackThis and click on [b]"Fix Checked."[/b]

    [b]Boot into Safe Mode[/b] [list]
    [*] Restart your computer and start pressing the F8 key on your keyboard.
    [*] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    [*][B]Show hidden files and folders:[/B]
    [*]Control Panel> Folder Options> View tab>
    [*]Check 'show hidden files and folders.
    [*]Uncheck 'hide protected system files'
    [*]Click on Apply> OK.[/list]

    [B]If you have decided to uninstall Dell My Way and Defender Pro, please follow this[/B]:[list]
    [1]. Start> Control Panel> Add or Remove Programs.
    [2] Click Dell MyWay Search Assistant and then the Change/Remove button.
    [3] Click to select the Remove check box, and click Next.
    [4] Click Yes To All, if applicable.[/list]

    [U]Repeat #1-4 above for [b]Spyware: DefenderPro aka Smart Defender Pro[/b][/u]

    Using Windows explorer: [B]My computer> Local Drive (C)> Programs:[/B]
    Do a right click> Delete on the folders for Dell MyWay and Defender Pro

    When through, [b]rehide the files and empty the Recycle Bin[/b]

    Close Windows explorer and reboot the computer into Normal Mode.

    [B]Summary: Please leave new logs in next reply[/B]
    Update and rescan with Malwarebytes
    Update and rescan with Superantispyware
    Remove entries in the HijackThis log as instructed
    Complete uninstalls
    Rescan with HijackThis

    Acrobat 7.0 update needed
     
  5. tcbrb46

    tcbrb46 TS Rookie Topic Starter Posts: 74

    Problem corrected. Blue screen with loop had to format and reinstall. Thanks for your help.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for taking time to update. I appreciate that. Let us know if you need help on the future.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...