"Your computer is infected" but a little different

By wdawg ยท 82 replies
Oct 31, 2008
  1. Hello everyone. I've read through some of the problems that are similar to mine to find an answer of how to fix it, but I can't seem to do that. I've heard variations of this being called the "heat virus" or "spyware" virus. My problem revolves around a program called "AntiSpywareXP2009".

    I have the white "X" in the red circle in my system tray that never goes away and keeps popping up a huge bubble saying my computer is infected. It comes up like once a minute at least. When I first encountered this problem, my computer shut down and restarted on its own. When it rebooted, the red bubble started and the program, AntiSpywareXP2009, kept trying to run on it's own. I've gotten it to the point that the program doesn't run on it's own anymore, but the red bubble is still there.

    Now, what's different (or what I haven't heard from other threads) are the following:

    1. My Norton 360 doesn't work anymore. When I click on it to run it, it never opens. I believe this adware has put a block on it running. The red bubble icon actually sits in-place in my system tray where my Norton 360 icon was.

    2. I can't install any programs. I've had HJT before for another program and Spybot. I've downloaded both programs but when I go to install, I get errors. I'm guessing because the error relies on the internet somehow, I don't know, but the installs always fail. So, I have no way (that I know of) of accomplishing a HJT log or running Spybot. I also have Ad-Aware (an older version) which, with it's most recent update of 2 years ago, detected 41 bugs. Quarantined and did all that but it's still not gone away. When I try to update my definitions, it fails/errors out when it goes to connect, also.

    3. Everytime I reboot, my internet history cleans itself (and I don't have my settings set up for that). Also, my new homepage that's been assigned because of this thing is "google.com". I can change my homepage, but on a reboot, it goes back to Google.

    4. Some internet sites don't work. At first encountering this bug, I couldn't get on ANY websites at all. I would get something like a 401 error. Since then a few reboots since, I'm able to access some sites, but some sites I can't get to. Anything that's an https:// website, I'm able to go to without problems at all times.

    That's about everything. I need some help. Especially since I have no clue of how to access or run HJT to be able to figure out what I need to get rid of or to post here for someone to guide me. Someone, please rescue me from this!

    P.S. I've read the thread about cleaning/re-formatting. I'd like that to be a dead end last option as there are tons of files that I can't remove and save prior to doing that. Besides, I've heard many success stories with getting this cured - I'm hoping that I can be one of those, too.

  2. momok

    momok TS Rookie Posts: 2,265

    Hi Will,
    Are you able to boot into safe mode? Try that to see if you can run the programs in the 8 step malware removal instructions sticky. If not, rename your HijackThis.exe to something like Willthis.exe instead to see if it can run. Sometimes malware can disable the program this way.
  3. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Hi Momok

    Hello and thanks for the reply. I am able to boot into safe mode, however, I'm unable to get to any of the pages for several of the programs in the 8-step thread. The only program I've been able to successfully download is CCleaner. All of the other ones, when I click on their link, I get a "Internet Explorer cannot display the webpage" error - just like I mentioned about in my main post. The site exist, I'm sure, but whatever bug I have is only allowing me to view some webpages and not all. As far as HJT, it wouldn't work from the link, either, so I went to download.com and downloaded the most recent version. It downloaded successfully, but when I click on the program to open it, it thinks for 2 seconds and then does nothing. By the way, I tried re-naming it like you mentioned and it still doesn't work.

    I downloaded a Spybot - Search and Destroy program I used to have before and it downloads successfully; but on installation when it goes to connect for the installation, it errors out. I got rid of my Ad-Aware 2006 and downloaded the 2008 version. It pulled up 240+ infections and I cleaned them, but still nothing to get rid of it.

    The only thing I've come close to getting answers on what this is or what not is Anti-Virus Spy which is ran through the Yahoo Toolbar. I did a full scan with that, and it told me I had 2 Trojans (Nuwar B and another that starts with an "E"). It also pulled up two "rogue security system" files. At the end of the lengthy scan, I had it remove everything. I shut everything down and rebooted, but I still have the same problem.

    Lastly, I tried downloading AVG and it seemed to be downloading fine but on installation, it stalled (like the other programs) and doesn't seem to exist on my computer (only the shell of the program in Program Folders). I believe I still have my Norton 360, but it refuses to open (like HJT) when clicked on.

    This is so frustrating.
  4. momok

    momok TS Rookie Posts: 2,265

  5. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Because of my "newbie" status, momok, I'm unable to send you a private message. Not sure how to get around this. I was unable to open all 3 links that you provide me - they all end with the "IE cannot display the webpage" error.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Just a note. I tried to identify that program you mentioned as "Anti-Virus Spy" and came up with the following possibilities:
    I also came across this site which may help you identifying what you have:
    Sometimes, in desperation, a user will try a program that actually adds more malware to the system.
  7. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Momok: I did receive your PM, but I'm unable to reply to them. When I do and try to submit it, it tells me that I have to have 15 regular posts in order to be able to send PMs to anyone.

    Bobbye: That's quite interesting, but I believe you. I removed my Yahoo Toolbar and then re-added it and when I did, I saw the AntiVirus Spy that ran through the toolbar, so I thought I'd try it out. It seemed to work fine and it's freeware so I didn't think much of it. I guess you never know what freeware is a good bundle or not. I'll take a look at the website you offered to see what I can find out. Thanks for your input.

    Bobbye: I checked out the website you gave me and, although the program that I'm stuck with "AntispywareXP2009", it is like those other ones on that page. That Anti-Virus Spy thing I ran was actually the first program that brought up two objects for a "rogue security system". I did some research on rogue security systems, and it's exactly what I have. I've deleted everything for AntispywareXP2009 from my computer (registery, dll, program folders, etc.), but I'm sure it's somewhere just hiding and waiting to come up again. The red bubbled X still sits in my system tray and if I click on the bubble, it starts trying to auto-install that program again.

    It's beyond frustrating.
  8. almcneil

    almcneil TS Guru Posts: 1,277

    I've encounted this problem many times with customers. it's nasty spyware and here's how I've removed it:

    a) In Normal Mode, go into MSCONFIG and deselect AntivirusXP2009 (it's usually listed there) While you're at it, deselected anything else that looks like spyware.

    b) Go to Add/Remove programs and remove anything that is spyware or looks like spyware

    c) Restart in Safe Mode and run Spybot Search & Destroy (see Download section at this site)

    d) Restart in Normal Mode, run the following 3 anti-spyware utilities (again, see Download section at this site)

    • AVG 8
    • Ad-Aware 2008
    • Spybot Search & Destroy

    Repost with results.

    -- Andy
  9. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Hello almcneil. I downloaded Spybot Search and Destroy yesterday. However, when I go through trying to install the program, it errors out. I click all the "next" buttons setting up my quick launch button and directories and all that; then on the final step it goes to "download more files" before installing and at that point, it fails. It attempts to connect to the internet, because in the status it says something about connecting to an IP address, but not even a second later, it fails and gives me a message saying it errored out and can't continue. My only other option after that is to abort the install.

    I've tried running it from Safe mode, as well, but I don't think you have any kind of internet connection abilities when you're in safe mode; thus, I run into the same problem as mentioned.

    I have already done the msconfig portion of what you mentioned and Add/Remove programs. I guess I would be stuck on the Spybot issue since I can't get it to install because whatever bug I have has control over what connections I can make through the internet. I also have Ad-Aware 2008 and have ran that as well. It found a bunch of bugs and took care of them. It, too, is another program that is kept from getting updates. When I try to get updates, it errors out as well saying the connection failed (when I'm actually connected to the internet).

    Any suggestions on how to be able to get the install on Spybot around this?
  10. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Is there anyway that someone can send me the .exe's for the programs from the 8 step process link? I don't know if that will help or if whatever bug is controlling my computer will prevent me from installing them on my computer, but otherwise I'm not sure how else I can get to these websites to try to download/install them.
  11. almcneil

    almcneil TS Guru Posts: 1,277

    Updates for Spybot & Ad-Aware

    You can find the update files for both Spybot and Ad-Aware in the Downloads section at this site. For Spybot, it's a program that you launch and it automatically installs them. Then you can launch Spybot and you're good to go. For Ad-Aware you need to unzip the compressed file and get "core.aawdef" You launch Ad-Aware, go to Web Update -> Settings -> Definitions File and point it to read the new "core.aawdef" you have. Then Ad-Aware is good to go.

    -- Andy
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    wdawg, can you download the programs from a flash drive and run the from there? I'd like to see you run Malwarebytes, SuperAntispyware and then HijackThis. Momok suggested additional programs. It's because we find they are excellent for deep malware cleaning.

    I find the Spybot S&D and AdAware are more the type of programs to run regularly on a system, not as serious cleaning programs.
  13. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Some of that made no sense to me - I'm sorry. Spybot I have downloaded to my computer just fine. It just won't complete the installation because it somehow relies on the internet to complete the installation process and that's where whatever's controlling my computer kicks in and doesn't allow it to connect. Thus, it kills the installation and I can't run the program. With Ad-Aware 2008, I was able to successfully download and install that program and run it without problem. The only problem I have with Ad-Aware is that I'm not able to connect to a server to run the update for the virus definitions - it errors out. I'm assuming since I just downloaded it yesterday, that I more than likely have the most recent updates on it, though, so I'm not too concerned with not being able to connect for better updates with that program - if that makes sense.

    But I'm not seeing how much use it'll be to run the update file for Spybot if I can't get the program to even install to my computer. Are you saying I should try doing that for Spybot to fix the installation problem?
  14. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Bobbye, I was thinking to do that from work - to try downloading them here, saving them to my external drive and then going home and trying to run them. But, at work, our computer gurus have blocked all the servers to all the links that have these programs for whatever reason. It's a military server, so they're pretty picky. I'm actually pretty surprised it lets me log onto this website with blocking it.

    Just curious, but would there be a reason that these programs aren't listed in the Downloads section of this website and only available through external links? There's probably good reasoning for it, but if they were available through the Downloads section here (which is one site that my home computer allows me to visit) then I could access the programs.

    As mentioned before, is there anyway that one of you (momok, almcneil) can email the .exe's for these programs? I don't see any other way for me to access the websites with my predicament.
  15. almcneil

    almcneil TS Guru Posts: 1,277


    You did install Spybot. it restarts and there's a setup where you can download updates. Skip that. Instead, download the Spybot updates program in the Download section. It contains the latest updates and save you from having to use the download feature in Spybot. Click here for the updates.

    Same for Ad-Aware. Click here and follow the instructions in my previous post to insert them into Ad-Aware.

    -- Andy
  16. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Did you run ccleaner? This might help with your browsing issue.

    If Ccleaner doesn't work try Resetting Internet Explorer to Default settings(RIES)

    After you have completed this, try downloading the programs again.
  17. wdawg

    wdawg TS Rookie Topic Starter Posts: 37


    I'll try that when I get home. I'm not thinking, though, that the program is installed - but I will try anything. There's no program folder or quick launch or desktop item for Spybot after I'm forced to abort the installation - this is why I don't believe it's installed. I'm not sure that when it fails, that it's trying to download "updates". It says at the top of the installing box that it's "downloading more files".

    I will try it, though, when I get home. There's no option for me to "skip" that part of the installation though. When it errors out, I get a box saying so and when I hit OK it's back to the part where I can hit "next" to finish the installation. So, I always hit "cancel" and then it asks "are you sure you wish to abort the installation?" and I hit "yes" and I go back to my desktop at Square 1.
  18. wdawg

    wdawg TS Rookie Topic Starter Posts: 37


    Thanks for your input. I have run CCleaner - it is the only program I've been able to download and fully install without problems in any area. I ran that part of the 8 step process (checking all the boxes except for the one it noted). It found a bunch of stuff and cleaned a bunch of stuff. But I still have the problem with the internet connection on some websites and with the installation of programs.

    I will try the RIES option when I get home this morning. I have IE7, so I'll follow those guidelines. I'll be sure to let you all know if anything progresses after that.
  19. almcneil

    almcneil TS Guru Posts: 1,277

    I got confused in your earlier post. When I install Spybot, and I do this all the time, I deselect the option to automatically download updates. I then do it when the program first starts up and the setup utility again prompts for downlaoding updates. Then I will do it.

    If Spybot isn;'t isntalling then there's nothing you can do about it (for now)

    -- Andy
  20. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    I see, almcneil. I didn't pay real close attention to the options. If there is one pertaining to downloading updates and if this is what it's doing when it errors out before it installs, I will see if I can deselect that option if it's available to me. I'm still thinking that it's trying to download/install additional files required for the program to run, but I will check into this as well. Thanks!
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The best way to handle Spybot Search & Destroy is to download the setup and Save it to the desktop. Double click on that to run (install) Once it is installed, it should be updated, then a scan can be done.

    I have no knowledge of just loading updates and not the program. I have used Spybot S&D on two systems for a total of 10 computer years. I save the setups in a folder for a while in case I have to reinstall a program.

    A serious malware infection can prevent the installation of a program or updates for security programs. It can usually be handled one of two ways:
    Download the program, then go into Safe Mode to install it. You can also run it in Safe Mode if necessary.
    Download the program to a flash drive, then install on your system.

    I do not advise trying to rig any security program by just downloading updates and nothing else.In order to be effective, a security program must be correctly installed and configured and it should be upodated before scanning.
  22. wdawg

    wdawg TS Rookie Topic Starter Posts: 37

    Just an inquisitive question for anyone that might know an answer. I found that all the programs from the 8-step link are all located within and on the TechSpot downloads link. I'm just curious why in the 8-step link, the "click HERE" links are all websites outside of TechSpot. I would think that it would be a better thing to provide links to programs located on its own site - rather than sourcing to another website for a download.

    In my case, this is great news for me because one of the few websites that I can view (because of my spyware control problem) is TechSpot. So, I should be able to go home and download the programs that I couldn't before (from the links in the 8-step thread) from right here on this website (doesn't mean I'll be able to install any of them, but at least I can download and see what happenes afterwards).

    I know this probably isn't newfound information, I was just curious why the links aren't sourced from this website and uses others to get these programs.
  23. almcneil

    almcneil TS Guru Posts: 1,277

    I imagine the reason the links are for sites outside TechSpot is that they are likely to be more up to date. I spotted one of the anti-spyware programs I recommend was out of date recently. This is volunteer tech support site, so it's not going to be as up to date as a business site.

    -- Andy
  24. wdawg

    wdawg TS Rookie Topic Starter Posts: 37


    That's what I did initially. To walk you through what I did with Spybot:
    - Downloaded it from a website (downloads.com, I believe since the link attached to the 8-step thread doesn't work for me).
    - Save the .exe to my desktop (this was successful).
    - Double-clicked the .exe and I got a "run" box for the installation. I hit "run".
    - Installations windows appear where I go through a series of 4-5 windows (agreeing to license, setup (quick launch buttons, desktop icons, etc.), and then lastly - a "finish" button which brings up a box that says it's "downloading more files". As soon as that box opens, it says something a file type that ends with an extension .php and says it's connecting to an IP address ( or something like that). As soon as I see that information and before it starts trying to install, I box pops up saying there's an error connection to the server. When I hit OK on that box, it takes me back to the last window where I can hit "finish" to try downloading these files again (which continues to fail). So, I hit "cancel" and I get another pop up box saying "are you sure you wish to exit the installation wizard" or something to that effect - and let's me know I can try installing later. When I hit OK there, the wizard closes out and I'm back to desktop - Spybot still uninstalled.

    Maybe this step by step was a little clearer; at least I hope so. I may have confused people earlier with this. Would help if I was at home and able to be more descriptive, but this is pretty dead-on with what I've been encountering with the Spybot insallation.

    I guess that makes some sense, almcneil. I'm not sure if the versions that are listed under this site are the most current, but they seem to be. At least I'll have the opportunity to try to download them from here since this site is the only link I'm able to download the programs from.

    Any clue on how to get my HJT to run? It downloads perfectly fine and sets up a program folder with the .exe in it, but when you click on it, nothing happens. A split-second thinking cursor but then nothing. I tried what someone else mentioned here about changing the file name (because malware can recognize certain filenames?), but that didn't work out either.
  25. almcneil

    almcneil TS Guru Posts: 1,277

    I seldom use HijackThis. I only use it when I have a sticky piece of spyware the standard anti-spyware utlities can't remove. Yes, at one point you are supposed to rename a file. Best to ask one of the other HijackThis experts on the site.

    -- Andy
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...