Spyware has killed my computer! Tskmgr will not open, keeps reloading spyware

[briannekeating]

I downloaded a phony file in imesh that completely loaded my machine with spyware and I absolutely can't remove it. I don't know what to do. I've tried everything that I know of. I just can't get rid of it.

When it first started, I unhooked my internet cable and it kept trying to start and reload all of the initial startup programs. For instance, limewire would keep loading and reloading.

About 8-10 different spyware tools start trying to install and I'm just sick. Honestly, Dante couldn't have described an inferno deep enough for these people.

I've run hijackthis and deleted as much as I could out of it. I've attached the most current file.

If you can help me I will name my firstborn child after you.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read both these threads by RBS. Follow all the instructions exactly.

How to remove trojans, and it`s ilk. and How to remove Begin2search / coolwebsearch and other nasties.

If you are still having problems after that, please post a fresh HJT log.

Regards Howard :wave: :wave:

 

[RealBlackStuff]

I just love babies with the name RealBlackStuff!

Boot in Safe Mode, see how here.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
winampa.exe
ViewMgr.exe
winsupdater.exe
winlog.exe
powerscan.exe

Next, click on Start/Run and type in (followed by press Enter):
regsvr32 /u C:\Program Files\SideFind\sidefind.dll

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\Power Scan\powerscan.exe
C:\Program Files\SideFind\sidefind.dll

Next, click Start/Run and type services.msc and click OK. Look for the service:
winlog.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
XP only: Delete ALL files from C:\WINDOWS\Prefetch.
Boot normal. When all OK, switch System Restore back on.

 

[briannekeating]

Thank You!

Thank you guys, SO MUCH for the help!

The problem was a little deeper than just the sidefinder spyware. It was just one of the many bundled spywares in the file.

I'm not down with all the terms and everything, but I messed around until I think I figured it out. Realblackstuff, I had seen some of your instructions in other posts, and howard hopkinso, I had researched those posts, and re-read them as you recommended.

I think it was something called Asrvtsyer that was the true bundler. It was unrecognizable by ewido, hijackthis,---no spyware remover/detectors noticed it. It was in my startup services and i went through the registry and removed any dll's containing that and the other packaged crap.

It was really nasty and I couldn't find any other references to that online anywhere.

I hope I got it all removed. But thank you guys, again, SO MUCH. It probably sounds all cheesy and sappy, but there are so many bad people in the world who create the technological equivalent of vandalism ....but at the same time, there are people like you who are these Internet Saints, who help people just to help people. Thank you. It sincerely meant a lot to me.

 

[howard_hopkinso]

Hey no worries mate.

Glad we could help.

Regards Howard

 

[RealBlackStuff]

Howard, I think your 'mate' is a girl!

Brianne, thanks for the flowers!

 

[howard_hopkinso]

Howard, I think your 'mate' is a girl

Ooops. I didn`t notice that lol.

briannekeating I hope I haven`t caused you any offense, for addressing you as mate! My apologies if I have.

Regards Howard

 

[briannekeating]

Computer powers off- no warning - only when connected to the internet

Hey, Howard and RealBlackStuff!

I don't know if you guys remember me or not...I had a problem a while back and I really appreciated you offering your advice.

First, yes, I'm a girl...Second, no offense.... :giddy:

I have another problem now and I for the life of me cannot figure it out. My computer will just shut down---no warning. Just turn off. Only when connected to the internet in regular mode. If I'm connected in safe mode or in regular mode without my cable connection hooked up, it's fine. Doesn't shut down at all.

I thought it might be a problem with the fans being dirty. So I took everything apart and cleaned it really well. But alas, alack, and all that...It's still dying on me.

Any ideas at all on what could be causing this? Ever even hear of this before?

 

[Mictlantecuhtli]

Hmm.. have you done a virus scan?

Maybe a new HJT log is in order?

 

[briannekeating]

Yup! Sure have. Says there aren't any viruses. I can post the hjt later, if you like, but it looked fine.

 

[RealBlackStuff]

In most BIOSes are settings for Wake-On-Lan, Wake on modem/keyboard/mouse etc.
Make sure the W-O-Lan is switched OFF.

You may be using a program downloader or FTP program. Some have settings that switch the PC off after downloading. You are probably the victim of one of those.
To get a proper downloader, go to www.stardownloader.com and get their FREE version.

HTH

 

[briannekeating]

Hey! Thanks for replying!

I think it's probably something hardware-ish. It shuts down when it's just turned on, not even logged in.

Any words of advice or know any nice last words to say to a computer?

 

[RealBlackStuff]

Could you borrow another network card (they are cheap to buy, just in case), or worst case scenario, powersupply?
I think that card could be shot. Alternatively, try it in another slot.
If you have onboard NIC, disable it in BIOS (or per jumper on motherboard) and get a PCI NIC (Network Interface Card) to try.

The other day I had a funny modem, put it in one PC, it crashed after 1 minute, put it in another PC, and it worked flawless. Go figure.

As for famous last words:
Open your windows, throw the PC out, while telling it, "Here is your first free flying lesson!"
Make sure there is no innocent pedestrian on the sidewalk!