"Your computer is infected! Windows has detected spyware infection."

[RealBlackStuff]

C:\WINDOWS\System32\dllhost.exe
See this: http://www.pchell.com/virus/welchia.shtml

Fix these with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp64A5.tmp (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

 

[DC85]

SpyWare Strike

Managed to get rid of most of the spyware strike using rededit in safe mode. Searched for any registry entries with "SpyWare Strike" and got rid of them. The only thing iv got left now is the "X" in the notification area. Does anyone know how to get rid of that? Cheers

 

[olem]

spywarestrike 2.5 help

I still didn’t mange to get rid of this spywarestrike thing and would be happy for any help and suggestions. in the toolbar I get the message: “system instruction detected! dangerous infection was detected on your pc. the system will now download and install most efficient antimalware program to prevent data loss and your private information threft. click here to protect your computer from biggest malware threats.” if clicking your are send to the spywarestrike homepage. I’ve tried all the suggested things (in safe mode deleting files and run regedit) but still the program tries to setup automatic startup at start with sa1.exe, sad.exe saf0.exe etc. (files \\ local settings\temp) and/or au_.exe (in ..\\local setting\temp\~uns.tmp\) (is prevented with zonealarm) and ones in half hour the program (spywarestrike 2.5) is installed. any help is very welcome

 

[blackachu]

similar problem

It seems like I'm having the same problem but my annoying box keeps directing me to spywarestrike.com. Does anyone have any fixes for this problem. anything would be helpful, thanks.

 

[RealBlackStuff]

olem

fix with HJT
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: COM+-systeemtoepassing (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing)

 

[ddkg]

I had the same exact problem, and I got rid of the little "X" icon and the pop-up messages, BUT...my wallpaper has been replaced by a blue screen with a black box in the middle of it with text telling me that my computer has been infected by spyware.

When my computer loads up, I initially see the original wallpaper, but then it grays out, and then the aforementioned background/text comes up.

This problem persists even AFTER I ran Ad-Aware several times, AND downloaded PC-cillin and scanned my computer several times.

And I don't know if this is related, but when I start my computer, an error message appears telling me that some kind of .net framework file is missing. I don't have the exact text right now, but I'll post it later if someone can help me with it. The two issues might be related as they appeared at the same time.

Anybody out there with this same problem?

I have the same problem. My homepage has been set to a blue screen on C:\system or something like that and then Spysheriff installed on my computer. I followed their instructions for uninstalling but the tray icon, my desktop and homepage are all still messed up. I'm really pissed!!

 

[joeM]

Jm

Try this link to remove spystrike, it has an automatic removal tool.http://www.2-spyware.com/remove-spywarestrike.html

 

[vanilla_rice]

My computer is affected slightly different to most in here, i have the red X on the bottom right that pops up with "your computer is infected etc etc.." However there is no mention of sywarestrike or the other one.. instead, in mozilla its reset all my settings to default with no bookmarks. And i get a scrolling message at the top of my screen over applications and on desktop that says "Warning! Your computer is infected! Press here for help!"

if i click on it i get directed to :
teslaplus.com <----anyone else getting this??

Any help would be GREATLY apreciated..
thanks.

 

[joeM]

avg

I ran avg and Spyware doctor to remove the error

 

[vanilla_rice]

i ran the avg program you mentioned and went through each problem individually since im not paying for it!! (took ages!!).. i then started windows in safe mode and deleted a file that sits in the root directory "winstall.exe" or something like that.. on rebooting the red "X" is gone so i hope thats the last of it

 

[vanilla_rice]

no actually i've still got that anoying scrolling message at the top of my screen does anyone know a program similar to NoAdware that doesnt require registering ie. paying money
thanks..

 

[Shadowrunner]

I removed it from my computer useing the above program and it worked great. so good luck it took may differant programs try to remove before Techspot saved me :bounce:

Sorry to say this, SpyAe and SpySheriff are scams. And ***** would know not to put an uninstall guide on they're own scam's site.

 

[stuck64]

Not only do have have the blue screen with the Infection msg, the red circle with the X, and the constant pop-up with another "infection" msg.... BUT I ALSO have something that's sending Spam out faster than I can count. Norton antivirus is catching them, and presumably stopping many, then alerting me with it's own pop-up warnings. The net result is that my screen is totally filled with messages. I've changed the SMTP address on my mail system to try to short circuit the outgoing messages, but they just keep flying out! If I open a Firefox window, the virus forces it to some other URL. So now I'm at the library doing research. HELP! I'll try the suggestions I've read here, but they don't address the outgoing spam issue. Can anyone address this issue for me? BTW, I've run Norton AV and Spybot multiple times in SafeMode, but the problems still exist. Grrrr.
Thanks!

 

[0ptimus Prime]

This works but the URL has been changed to

http://www.spyaxe.com/uninstall/cmer_uninstallers.zip

When you uninstaill the two programs and run them they don't seem to do anything, but restart your machine and HAY PRESTO!!!! They are gone.

Thanks alot for the fix

 

[Shadowrunner]

How do you know that? AS I said, its insane to have an uninstaller on a criminals site.
Do it the old fashioned way. Never fails.

 

[Rkeen]

So the "X" problem is fixed

Im left with my second major problem. I cant open my task manager.

I get a "Task manager has been disabled by your admin" message when i try to access the task manager. Anyone know how to fix this?

 

[stickyhead]

i just got what you guy are having problems with, even my task manager has been diabled


CURE
just do a restore back to before you got it, should sort it out - it sorted it out for me

i think i got it from www.isohunt.com there is a page that the site goes when you first go there, some sort of spy ware software site, anyway i pressed ok or something like that, think thats where i got the problem from - but not sure

 

[robrasko]

My Computer is Infected Please help

Logfile of HijackThis v1.99.1
Scan saved at 3:27:19 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Still not reading the Read: How to... posts!

 

[W35T0N]

Malware

the systems are infected with malware, several of our clients have had a simillar problem, the easiest option to remove it is to go to add & remove programs and uninstall SpyAxe, SpySweeper etc then perform a complete system scan is safemode using Ad-Aware reboot then do an Ads scan using Ad-Aware again in saf mode.

also microsft have released a removal tool not sure how good it is yet?
http://www.microsoft.com/security/malwareremove/default.mspx

also it would be a good idea to run Hi-Jack This, Registry Repair Pro just to tie up loose ends etc.

i would recomend a well know AV rather then a free download as they are free for a reason

 

[jfrizzle18]

I'm right there wit ya

I'm having the same problems, though in a slightly different format, and am hoping someone could help me out.

I've been getting the "Your computer is Infected" message popping up from the red circle with the white X in my taskbar.

I ran Ad-Aware which seemed to take care of the problem, but when I restarted my computer the next morning. The circle and message reappeared. I ran Ad-Aware again and they disappeared before the program finished running.

Also, I can't uninstal the program because I can't find it.

If you have any suggestions they'd be much appreciated.

 

[howard_hopkinso]

Hello and welcome to Techspot.

I'm having the same problems, though in a slightly different format, and am hoping someone could help me out.

I've been getting the "Your computer is Infected" message popping up from the red circle with the white X in my taskbar.

I ran Ad-Aware which seemed to take care of the problem, but when I restarted my computer the next morning. The circle and message reappeared. I ran Ad-Aware again and they disappeared before the program finished running.

Also, I can't uninstal the program because I can't find it.

If you have any suggestions they'd be much appreciated.

First, go HERE and follow the instructions.

Then, go HERE and follow the instructions in the order they are given.

Open a new thread in the security and the web forum and post a fresh HJT, only after doing the above.

Regards Howard :wave: :wave:

 

[howard_hopkinso]

This thread is being closed, due to the amount of replies it has.

If anyone has a problem with viruses/spyware etc. Open a new thread in the security and the web forum, after following these instructions. Thankyou.

Go and follow the instructions in this thread. Before posting your HijackThis log, please read this.

Then, post a fresh HJT log as a .txt attachment, only after doing the above.

Regards Howard