TechSpot

Spyware less that 1 week after reformatting

By MetalX
Oct 22, 2006
  1. Hi everyone, before I post this, you should know how annoyed I am. I have just reformatted on Monday to get rid of old spyware and now, less than one week later, it is back but much worse. Here is my post and HJT log which were retrived in the dieing moments of my main computer's ability to run in normal mode. It now only boots into safe mode and locks when booted into normal mode. Here is what I typed on the last moments of my main compuer:

    I am having trouble removing LOTS of spyware on my computer. It all started when I was on MSN and someone sent me a message that said something like, "Hey is that you in this picture?" then it had a link under it. I clicked the link thinking that it would be interesting to see this "picture" but what happened when I clicked it was the following (in chronological order):

    1) A program downloaded ( i didn't get the name)
    2) This program caused my active processes according to Task Manager to increase from 22 to 49 in less that five seconds
    3) 5 IE windows opened and displayed ads that covered the whole screen
    4) The program that had downloaded when I clicked on the MSN link deleted itself.
    5) After removing all the ads, MSN opened up windows to every person I knew who was online and sent the "Hey is that you in this picture?" and the link to everyone. (passed on the spyware/virus/whatever this thing is)
    6) After signing off MSN to stop infecting other people's computers, I noticed that my desktop had gone from 5 icons to 12, all the new ones being .dll's or applications.
    7) I deleted them all and checked in the C: Drive. I noticed that where there had been 4 folders, there were now 4 folders and a number of .ddl files and applications.
    8) I deleted those and proceeded to download Spybot S&D, Ad-Aware, and HJT.
    9) I ran scans to remove the spyware, and found that some things could not be removed because they were running in the mempry or something like that.
    10) I rebooted into safe mode, attempted a system restore which worked but did not solve the problem.
    11) Rebooted into safe mode again and ran spyware scans again in safe mode which allowed me to remove some of the ones that I could not previosly remove.
    12) Rebooted into normal windows and checked the running processes via task manager. I noticed one called StarWindService.exe which resisted my attempts to delete it. It said, "Access Denied" whenever I tried to delete it.
    13) Ran spyware scans one more time and deleted a few more things. I noticed that one of the things that couldn't be deleted (even in safe mode) was something called command.exe.
    14) Proceeded to type this report to see if all you professions can help me out with my (hopefully) easy to fix problem.
    15) Sometime while I was typing this very post, some of the spyware disabled Task Manager. When I press Ctrl+Alt+Del now, it says, "Task Manager has been disabled by your administrator."

    Below is my HJT log as an attachment.

    I have posted this from my mom's computer as mine no longer has internet access due to safe mode and my refusal to plug in the network cable for fear of more spyware. Does anyone know what the hell is going on and how I can fix it?

    EDIT: sorry for the typo in the title, I can't figure out how to fix it :(
    EDIT2: I'm not sure if this matters but I only use firefox, not IE. View attachment 9944

    HJT log name changed.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please read this thread HERE, then post a fresh renamed HJT log.

    Regards Howard :)

    This thread is for the use of MetalX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...