TechSpot

Spyware has killed my computer! Tskmgr will not open, keeps reloading spyware

By briannekeating
Oct 1, 2005
  1. I downloaded a phony file in imesh that completely loaded my machine with spyware and I absolutely can't remove it. I don't know what to do. I've tried everything that I know of. I just can't get rid of it.

    When it first started, I unhooked my internet cable and it kept trying to start and reload all of the initial startup programs. For instance, limewire would keep loading and reloading.

    About 8-10 different spyware tools start trying to install and I'm just sick. Honestly, Dante couldn't have described an inferno deep enough for these people.

    I've run hijackthis and deleted as much as I could out of it. I've attached the most current file.

    If you can help me I will name my firstborn child after you.
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    I just love babies with the name RealBlackStuff!

    Boot in Safe Mode, see how here.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    winampa.exe
    ViewMgr.exe
    winsupdater.exe
    winlog.exe
    powerscan.exe

    Next, click on Start/Run and type in (followed by press Enter):
    regsvr32 /u C:\Program Files\SideFind\sidefind.dll

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\winsupdater\winsupdater.exe
    C:\Program Files\Power Scan\powerscan.exe
    C:\Program Files\SideFind\sidefind.dll

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    winlog.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
    O4 - HKLM\..\Run: [] winlog.exe
    O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
    O4 - HKLM\..\RunServices: [] winlog.exe
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    XP only: Delete ALL files from C:\WINDOWS\Prefetch.
    Boot normal. When all OK, switch System Restore back on.
     
  4. briannekeating

    briannekeating TS Rookie Topic Starter

    Thank You!

    Thank you guys, SO MUCH for the help!

    The problem was a little deeper than just the sidefinder spyware. It was just one of the many bundled spywares in the file.

    I'm not down with all the terms and everything, but I messed around until I think I figured it out. Realblackstuff, I had seen some of your instructions in other posts, and howard hopkinso, I had researched those posts, and re-read them as you recommended.

    I think it was something called Asrvtsyer that was the true bundler. It was unrecognizable by ewido, hijackthis,---no spyware remover/detectors noticed it. It was in my startup services and i went through the registry and removed any dll's containing that and the other packaged crap.

    It was really nasty and I couldn't find any other references to that online anywhere.

    I hope I got it all removed. But thank you guys, again, SO MUCH. It probably sounds all cheesy and sappy, but there are so many bad people in the world who create the technological equivalent of vandalism ....but at the same time, there are people like you who are these Internet Saints, who help people just to help people. Thank you. It sincerely meant a lot to me.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hey no worries mate.

    Glad we could help.

    Regards Howard :) :)
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Howard, I think your 'mate' is a girl!

    Brianne, thanks for the flowers!
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ooops. I didn`t notice that lol.

    briannekeating I hope I haven`t caused you any offense, for addressing you as mate! My apologies if I have.

    Regards Howard :blush:
     
  8. briannekeating

    briannekeating TS Rookie Topic Starter

    Computer powers off- no warning - only when connected to the internet

    Hey, Howard and RealBlackStuff!

    I don't know if you guys remember me or not...I had a problem a while back and I really appreciated you offering your advice.

    First, yes, I'm a girl...Second, no offense.... :giddy:

    I have another problem now and I for the life of me cannot figure it out. My computer will just shut down---no warning. Just turn off. Only when connected to the internet in regular mode. If I'm connected in safe mode or in regular mode without my cable connection hooked up, it's fine. Doesn't shut down at all.

    I thought it might be a problem with the fans being dirty. So I took everything apart and cleaned it really well. But alas, alack, and all that...It's still dying on me.

    Any ideas at all on what could be causing this? Ever even hear of this before?
     
  9. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Hmm.. have you done a virus scan?

    Maybe a new HJT log is in order?
     
  10. briannekeating

    briannekeating TS Rookie Topic Starter

    Yup! Sure have. Says there aren't any viruses. I can post the hjt later, if you like, but it looked fine.
     
  11. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    In most BIOSes are settings for Wake-On-Lan, Wake on modem/keyboard/mouse etc.
    Make sure the W-O-Lan is switched OFF.

    You may be using a program downloader or FTP program. Some have settings that switch the PC off after downloading. You are probably the victim of one of those.
    To get a proper downloader, go to www.stardownloader.com and get their FREE version.

    HTH
     
  12. briannekeating

    briannekeating TS Rookie Topic Starter

    Hey! Thanks for replying!

    I think it's probably something hardware-ish. It shuts down when it's just turned on, not even logged in.

    Any words of advice or know any nice last words to say to a computer?
     
  13. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Could you borrow another network card (they are cheap to buy, just in case), or worst case scenario, powersupply?
    I think that card could be shot. Alternatively, try it in another slot.
    If you have onboard NIC, disable it in BIOS (or per jumper on motherboard) and get a PCI NIC (Network Interface Card) to try.

    The other day I had a funny modem, put it in one PC, it crashed after 1 minute, put it in another PC, and it worked flawless. Go figure.

    As for famous last words:
    Open your windows, throw the PC out, while telling it, "Here is your first free flying lesson!"
    Make sure there is no innocent pedestrian on the sidewalk!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...