"Your computer is infected! Windows has detected spyware infection."

By DGutierrez32
Nov 13, 2005
Topic Status:
Not open for further replies.
  1. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    C:\WINDOWS\System32\dllhost.exe
    See this: http://www.pchell.com/virus/welchia.shtml

    Fix these with HJT
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp64A5.tmp (file missing)
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  2. DC85

    DC85 Newcomer, in training

    SpyWare Strike

    Managed to get rid of most of the spyware strike using rededit in safe mode. Searched for any registry entries with "SpyWare Strike" and got rid of them. The only thing iv got left now is the "X" in the notification area. Does anyone know how to get rid of that? Cheers
  3. olem

    olem Newcomer, in training

    spywarestrike 2.5 help

    i still didn’t mange to get rid of this spywarestrike thing and would be happy for any help and suggestions. in the toolbar i get the message: “system instruction detected! dangerous infection was detected on your pc. the system will now download and install most efficient antimalware program to prevent data loss and your private information threft. click here to protect your computer from biggest malware threats.” if clicking your are send to the spywarestrike homepage. I’ve tried all the suggested things (in safe mode deleting files and run regedit) but still the program tries to setup automatic startup at start with sa1.exe, sad.exe saf0.exe etc. (files \\ local settings\temp) and/or au_.exe (in ..\\local setting\temp\~uns.tmp\) (is prevented with zonealarm) and ones in half hour the program (spywarestrike 2.5) is installed. any help is very welcome

    Attached Files:

  4. blackachu

    blackachu Newcomer, in training

    similar problem

    It seems like I'm having the same problem but my annoying box keeps directing me to spywarestrike.com. Does anyone have any fixes for this problem. anything would be helpful, thanks.
  5. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    olem

    fix with HJT
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O23 - Service: COM+-systeemtoepassing (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)
  6. ddkg

    ddkg Newcomer, in training

    I have the same problem. My homepage has been set to a blue screen on C:\system or something like that and then Spysheriff installed on my computer. I followed their instructions for uninstalling but the tray icon, my desktop and homepage are all still messed up. I'm really pissed!!
  7. joeM

    joeM Newcomer, in training

  8. vanilla_rice

    vanilla_rice Newcomer, in training Posts: 33

    My computer is affected slightly different to most in here, i have the red X on the bottom right that pops up with "your computer is infected etc etc.." However there is no mention of sywarestrike or the other one.. instead, in mozilla its reset all my settings to default with no bookmarks. And i get a scrolling message at the top of my screen over applications and on desktop that says "Warning! Your computer is infected! Press here for help!"

    if i click on it i get directed to :
    teslaplus.com <----anyone else getting this??

    Any help would be GREATLY apreciated..
    thanks.
  9. joeM

    joeM Newcomer, in training

    avg

    I ran avg and Spyware doctor to remove the error
  10. vanilla_rice

    vanilla_rice Newcomer, in training Posts: 33

    i ran the avg program you mentioned and went through each problem individually since im not paying for it!! (took ages!!).. i then started windows in safe mode and deleted a file that sits in the root directory "winstall.exe" or something like that.. on rebooting the red "X" is gone so i hope thats the last of it :)
  11. vanilla_rice

    vanilla_rice Newcomer, in training Posts: 33

    no actually i've still got that anoying scrolling message at the top of my screen :( does anyone know a program similar to NoAdware that doesnt require registering ie. paying money
    thanks..
  12. Shadowrunner

    Shadowrunner Newcomer, in training Posts: 149

    Sorry to say this, SpyAe and SpySheriff are scams. And ***** would know not to put an uninstall guide on they're own scam's site.
  13. stuck64

    stuck64 Newcomer, in training

    Not only do have have the blue screen with the Infection msg, the red circle with the X, and the constant pop-up with another "infection" msg.... BUT I ALSO have something that's sending Spam out faster than I can count. Norton antivirus is catching them, and presumably stopping many, then alerting me with it's own pop-up warnings. The net result is that my screen is totally filled with messages. I've changed the SMTP address on my mail system to try to short circuit the outgoing messages, but they just keep flying out! If I open a Firefox window, the virus forces it to some other URL. So now I'm at the library doing research. HELP! I'll try the suggestions I've read here, but they don't address the outgoing spam issue. Can anyone address this issue for me? BTW, I've run Norton AV and Spybot multiple times in SafeMode, but the problems still exist. Grrrr.
    Thanks!
     
  14. 0ptimus Prime

    0ptimus Prime Newcomer, in training

  15. Shadowrunner

    Shadowrunner Newcomer, in training Posts: 149

    How do you know that? AS I said, its insane to have an uninstaller on a criminals site. ;)
    Do it the old fashioned way. Never fails.
  16. Rkeen

    Rkeen Newcomer, in training

    So the "X" problem is fixed

    Im left with my second major problem. I cant open my task manager.

    I get a "Task manager has been disabled by your admin" message when i try to access the task manager. Anyone know how to fix this?
  17. stickyhead

    stickyhead Newcomer, in training

    i just got what you guy are having problems with, even my task manager has been diabled


    CURE
    just do a restore back to before you got it, should sort it out - it sorted it out for me

    i think i got it from www.isohunt.com there is a page that the site goes when you first go there, some sort of spy ware software site, anyway i pressed ok or something like that, think thats where i got the problem from - but not sure
  18. robrasko

    robrasko Newcomer, in training

    My Computer is Infected Please help

    Logfile of HijackThis v1.99.1
    Scan saved at 3:27:19 PM, on 3/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Still not reading the Read: How to... posts!
  19. W35T0N

    W35T0N Newcomer, in training Posts: 26

    Malware

    the systems are infected with malware, several of our clients have had a simillar problem, the easiest option to remove it is to go to add & remove programs and uninstall SpyAxe, SpySweeper etc then perform a complete system scan is safemode using Ad-Aware reboot then do an Ads scan using Ad-Aware again in saf mode.

    also microsft have released a removal tool not sure how good it is yet?
    http://www.microsoft.com/security/malwareremove/default.mspx

    also it would be a good idea to run Hi-Jack This, Registry Repair Pro just to tie up loose ends etc.

    i would recomend a well know AV rather then a free download as they are free for a reason
  20. jfrizzle18

    jfrizzle18 Newcomer, in training

    I'm right there wit ya

    I'm having the same problems, though in a slightly different format, and am hoping someone could help me out.

    I've been getting the "Your computer is Infected" message popping up from the red circle with the white X in my taskbar.

    I ran Ad-Aware which seemed to take care of the problem, but when I restarted my computer the next morning. The circle and message reappeared. I ran Ad-Aware again and they disappeared before the program finished running.

    Also, I can't uninstal the program because I can't find it.

    If you have any suggestions they'd be much appreciated.

    Attached Files:

  21. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.


    First, go HERE and follow the instructions.

    Then, go HERE and follow the instructions in the order they are given.

    Open a new thread in the security and the web forum and post a fresh HJT, only after doing the above.

    Regards Howard :wave: :wave:
  22. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    This thread is being closed, due to the amount of replies it has.

    If anyone has a problem with viruses/spyware etc. Open a new thread in the security and the web forum, after following these instructions. Thankyou.

    Go and follow the instructions in this thread. Before posting your HijackThis log, please read this.

    Then, post a fresh HJT log as a .txt attachment, only after doing the above.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.