TechSpot

Recently infected

By labrat3004
Nov 28, 2008
  1. I believe I am infected with malware, and need help removing it.

    I'm running a XP Acer.
    I was exploring the net on firefox, and my computer automatically restarted.
    A pop up from windows fire wall said that it needed to block "spyware.ISpyNow," as I have never used ISpyNow, I realized it must be a virus. Windows claimed it took snapshots of my computer and stole financial info.
    I Attempted to get online but firefox gave me a infection warning. Thinking this to be a deception I tried to go around, but mozilla crashed. after a few tries, it began to crash immediately on start up.
    I switched users on this PC to use IE. Both IE and Mozilla run now, but my links are redirected. Additionally the text on many windows differs unusually in size, or runs of the page without resizing.
    I received another pop up from "anti-virus-pro-scan.com" asking to scan/install on my computer. I have ignored the pop up because I fear it will install either way.
    Avast has not found anything, I brought my removable hard drive, in case the driver on this computer had been infected, but have have not yet found anything.
     
  2. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,715   +397

    I'm going to move the thread to a more appropriate forum. But for future reference I strongly recommend the nod32 online scan as a way to independently check your system for bad stuff.
     
  3. labrat3004

    labrat3004 TS Rookie Topic Starter

    update

    After posting to this forum, and being unable to access the online scan. I went to safe mode, installed and ran, X-cleaner, which detected and removed several programs.
    I logged back in in normal, but continued to be redirected and receive a warning about ISpyNow.
    I booted into safe mode, installed, and ran Malwarebytes'antimalware which detected several individual files.
    there was no change in internet use, but I was now able to run and complete an avast scan upon reboot. which detected several individual files.
    I'm no longer being redirected, but still receive a warning. I installed superantispyware, booted into safe mode and scanned. I deleted the viruses found. But still receive a notification about ISpyNow.
    Thank you but I still can not access the independent scan you suggested. I'm all out of ideas, if anyone can think of something, please let me know.
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    labrat304 It's regrettable that this thread was not acknowleged in a timely manner. The update to the description did not get a careful reading. Perhaps you were able to follow other threads in this forum that are very similar to your situation.

    When and if appropriate, use this thread for discussing this problem.

    First -
    In case of difficulty attempting this method referenced above
    • one user reported the need to restart in safe mode with networking, as the relief was temporary. This refers to message #1.
    • Message #3 link to 'fixit download' has demonstrated its effectiveness in many cases.
    • As part of your response, please feedback which method was effective. Message #1 is for the specific named trojan, and message # 3 has broader coverage.


    Next -
     
  5. labrat3004

    labrat3004 TS Rookie Topic Starter

    Thank you for your response, I did find TDSSserv was infected... but without having read that thread removed it.

    -I ran Panda anti-rootkit, which deleted several files.
    -Panda anti-rootkit allowed me to install GMER.
    -GMER found an infected service. I had no choice but to remove it. This caused major errors in windows

    -the dock at the bottom no longer displays the open windows
    -I am unable to switch users without logging off
    -audio driver not functioning
    -Cryptographic Service fails to start (error 1075, missing dependencies)
    -many other services fail to start (error 1075, missing dependencies)
    -unable to view properties of services

    is there anyways to fix this without reformating?
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Ouch! - What follows was formulated as a sequence. System Restore can be deferred. Try 'next step' & 'updated 8-step' and post the logs. The supplement calls for ComboFix (includes 'CatchMe).

    GMER.EXE or CatchMe (by gmer) ?

    As risky as it sounds, System Restore may recover the services taken away from you. And yes, you need to re-clean the computer. The next step conditions the computer to follow the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    A next step - Just developed a modification for procedure (secondary note for message # 3 associated with Kimsland quote).
    Logs are part of the communication process. Follow the 8-step guide and the supplement.
     
  7. labrat3004

    labrat3004 TS Rookie Topic Starter

    Here is the log from HiJackThis... as where I live it's pretty late, I don't have time to run the bytes or super scan tonight, I will post them tomorrow sometime.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...