TechSpot

Spyware detected

By sseeker
Apr 25, 2007
  1. I've got the problem, that everytime i start my sytem, i've got a red little shield with a white "X" on it an a message saying "Your computer is infected! Windows has detectet spyware..." (=> Screenshot1.jpg). When i click the message i get a message box (=>Screenshot2.jpg).
    Moreover i got a failure report from IE everytime i open Mozilla firefox and a message about a trojan (=> Screenshot3.jpg).

    I've allready read some post on the board concerning such a problem. So here are some details:
    I'm running Windows XP, Version 2002, Service Pack 2
    The computer is used for online banking
    Antivir software is called "Clamwin"

    I hope anyone can help me with this.

    mfg
    seeker


    edit: oh, I've just seen, that this is the wrong forum (belongs to Security and the Web)... sry^^
     

    Attached Files:

  2. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    First: Stop all online banking! Your information could be seriously compromised. I know of a church that set-up online banking but didn't have any protection and they had a backdoor loader (Google this term to find out more). I told them to immediately stop. This may not be your issue, but I would seriously cease until resolved.

    Second: What are your security features on this computer? Do you have a router, anti-virus and firewall programs, plus something that can sweep for malware/spyware like Webroot's Spysweeper or the free Ad-aware or Spybot programs?

    * You need to do a sweep of your system with your anti-virus program and your malware/spyware programs and see if they remove the trojan.

    * If you don't have these programs then go online, if you can, and have Trendmicro's or Kaspersky's free online scans scan your computer. Trendmicro will take some time but it is worth it and also it will tell you your vulnerabilities as well. Trendmicro also has a free CWShredder program. I suggest running that as well.

    Let us know how it turns out.
     
  3. sseeker

    sseeker TS Rookie Topic Starter

    Well, I haven't got a route, my anti-virus software is called "Clamwin" and i got only the windows standard firwall...
    And i had installed Spybot S&D, but somehow it didn't work anymore, so i haven't got anything like this at the time...

    So i have checked my system with trendmicro and it found quite a lot trojans... I deleted nearly everything, but as the following files are also infected, i can't delete everything.

    Infected files are: C:\Windows\system32\msvcrl.dll
    vwsrv.exe
    winlogon.exe
    tcpitmon.exe

    So is it possible to download these files somewhere or is there something like a recovery?

    P.S. thanks for the quick help

    mfg
    sseeker
     
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    I was afraid you had more tojans, but not that many! You may want to try Kaspersky's online scan as well. Did you use Trendmicro's CWShredder tool as well? I am not sure what to do with those infected files and you don't want to delete them, but you can do the following.

    1. First, the bank you are dealing with you need to tell them how infected your computer was with trojans and that you need to change your access codes, PIN#, or however you do it, because hackers can steal your information.

    2.RUN to your nearest Staples, Radio Shack, Best Buy, Circuit City, or Office Depot and buy yourself a Router, either a Linksys or Netgear. You can purhase them wireless but something tells me your PC isn't set-up for wireless, so go with a wired one. A router is absolutely essential for protection. You can get a good one for around $50 or a little more and they are not hard to set up.

    3. You need a new anti-virus. Obviously your old one has continuously failed. I never even heard of it before. There is a good free one called AVG. Many people use it and swear by it and they just released a new version.

    The best $ anti-virus programs are Kaspersky and NOD32. If Kaspersky is #1 then NOD32 is #1A in detection rates. However, NOD32 takes some serious configuration in the beginning, so I say Kaspersky if you are not going AVG. You have to pay and download it online -- but do this after you got your router up and running.

    * Before installing a new anti-virus you will need to uninstall your current anti-virus program first. You should be able to do this through your control panel.

    4. You will want a firewall. The Windows one may be the only one you will need, but Zone Alarm Free or Comodo (also free) wilol give better protection, especially outbound protection. You can find them online and download them from their respective sites.

    * Before installing a new firewall you will have to disable the Windows one through the Control Panel. Two firewalls running at the same time will cause all kinds of issues.


    5. I really like Webroot's Spysweeper for continuous protection from malware/spyware. Their shields have saved my rear-end more times than I can recall. The only drawback is that it takes over two hours to do a periodic sweep, so do it when you don't need your PC. Like Kaspersky and NOD32, this company is always updating information for continuous protection.

    Good fre spyware removers are Adaware and Spybot (which I think you may be able to use now).

    * Another tool I recoomend CCleaner, it is free, and there are absolutely no pop-ups or spyware associuated with it.

    * If you want to go with a full internet security suit I recommend Kaspersky (NOT Norton or McAfee!).

    Hope this helps.
     
  5. sseeker

    sseeker TS Rookie Topic Starter

    Ok, i did everything you wrote (except the running ;D) and now my system is a little slower at startup, but it runs without that message again.

    Theres just a little problem. It seems, one of those little bastards (a trojan) got itself into a file in system 32, where, everytime i try to delete it, Windows says, i can't delete it, becaues an process is using it. I've tried to delete it myself in safe mode, but i won't work.
    It is called: C:\Windows\System32\RPCC.DLL
    Could this be a important file for running Windows?

    So thanks again for the quick replie and i hope you can help me with this last bastard too.

    Mfg
    sseeker
     
  6. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Really glad to hear things are going better. :)

    Your machine will run a little slower because 1) your new programs have to load and b) they do take some of your system's resources but if you keep everything up-to-date, stay away from suspect sites, i.e., p0rn, you'll be protected and your machine will run much cleaner. And think of all the headaches you'll save yourself! :unch:

    As for your current problem I suggest posting on the Security and the Web forums here and briefly tell them your previous issues, what you did to rectify said issues, and your continued issue with this one you mention.

    I don't have an answer for you but Howard_Hopkinso probably would. He is always there and when he writes I listen. The man knows his stuff.

    By the way, what router and programs did your install?
     
  7. sseeker

    sseeker TS Rookie Topic Starter

    I've installed AVG, Comodo, Spybot S&D (had to try a couple of times, but now it wirks again) and CCleaner.
    And I've installed a "Zyxel broadband router p-334".

    So thanks for the help. I'm glad, my system is running again:grinthumb

    regards
    sseeker :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...