Remnants of spyware causing severe windows issues

Status
Not open for further replies.
Just before the computer stopped functioning properly, I saw a message box for "WinAntiSpyware 2007", which had previously infected my computer and caused a similar problem. I was able to ultimately fix it using a system restore, but this time I have no recent checkpoints that work, so that's out of the question.

After seeing the message box for WinAntiSpyware 2007, I turned off the computer rather than risk clicking one of the icons. When I turned the computer back on, the trouble began. First off, let me state I don't believe WinAntiSpyware 2007 is actually on my computer, I've followed the instructions for removing it as best I can and I don't see any of the registry keys (possibly something attached to WinAntiSpyware, or part of it, is the problem?).

When I boot up windows, it initially looks fine, but then the screen flickers as if the computer is rebooting windows. The screen goes black, the icons disappear and then everything comes up again as if windows just loaded. A bubble from Mcaffe Antivirus that only comes up on the system start-up keeps popping up. However, if I start up Firefox (as I'm now using), Firefox stays up throughout these "resets", but the task bar under it disappears entirely.

After this process of flickering on and off (but doesn't turn off Firefox, or the task manager if I have them on while it's happening) continues for a few cycles, the taskbar and the windows desktop disappear entirely, and the reseting process stops entirely. After the reset process stops, the only thing I can activate is the task manager (through ctrl-alt-delete, as no icons are visible to press).

Using a system restore didn't work this time (although when I had the same problem a month or so ago it did), and when I try to run windows in safe mode, the same flickering reset process happens. I am very certain this problem is related to WinAntiSpyware 2007, or some spyware attached to it, but due to the constant reseting cycle the only way I can remove anything is by using the task manager and bringing up the run box.

Please help! I have photos from a recent trip Europe that I have yet to backup to CD, and I want to save my files before they are gone forever! Any help will be very greatly appreciated.

[Also, first post: Sorry for not introducing myself but as you can imagine this isn't exactly a good time for me. Either way, hi!]
 
Download and run AVG Grisoft free versions of AVG antispyware, AVG AntiVirus, and AVG Rootkit. Install Adaware2007 and Spybot 1.4 if not already done. Also go to www.microsoft.com and install Windows Defender, reboot, and go back to Microsoft for the updates.
Upon completion of the scan, shut down. Then cold boot to Safe Mode and immediately run them again.
Then shut down. Cold boot.
Next try the free scans from Computer Associates EZArmor, Panda, McAfee, Spyware Doctor, Adaware2007, and Spybot 14 and Norton. Some of the free scans do not remove infestations. (They want you to pay), but rather give you an idea of other infestations.
If you still have infestations, run the latest version of HiJack This, and post the resulting logs on this TechSpot site for the experts to review.
If you own, or have access to the full version of Windows XP Professional or XP Home, (this means not a recovery ore restore disk, not an OEM disk, not a n upgrade disc, and not an Academeic version)

Then boot to the Windows disc and run the install in Repair mode.

These procedures should take care of most problems. If not, the assistance you get from the pros such as Moluk, Howard_Hopkinso, and Miss Kitty will likely give you the remaining guidance you need.

Known to be good are removing this particular "WinAntiSpyware 2007" infestation for a hefty price (which is sometimes worth it) are PCTools, Spy Sweeper, Spyware Remover, StopZilla, and SpywareSignature.
 
Hello and welcome to Techspot.

Your system sounds like it`s in a right old state.

I think you should be prepared to backup your imporant data and reformat if necessary.

Try to follow as many of the instructions below as you can.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of Brobert2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I have to give much thanks to the creators of Combofix, and this board for providing me with all the resources to knock out a large amount of spyware on my computer. While going through that 15 step process, Combofix managed to successfully correct the problem. Looking at the log, it seems I was correct in guessing Win Antispyware was the root of the problem, even though I wasn't able to find it on my computer using the methods other websites recommended.

That said, in the interest of safety I've attached my HJT, AVG Antispyware and Combofix logs just in case there's anything of importance there.

And again, thank you so much for your help, going through traditional channels for tech support has always driven me crazy as they assume every computer user is so stupid he can barely turn his computer on. "Have you tried reseting the computer?" GRR!
 
All items in your AVG Antispyware log say "Ignored". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

I have therefore removed your log files.

Please post fresh HJT, Combofix and AVG Antispyware logs.

Also, I asked you to let me know the results of the AVG Antirootkit scan, please do so.

Regards Howard :)

This thread is for the use of Brobert2 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back