1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

adware/spyware/hacker????

Discussion in 'Windows XP' started by jock, Feb 11, 2010.

  1. jock

    jock Flightless Bird

    Message constantly popping up from security shield on lower right screen.
    system intrusion or stealth intrusion, security breach, system danger,
    privacy threat etc. .
    -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    trying to access internet shows IRC-worm.dos.septic or
    trojan-bnk.win32.keylogger.gen
    Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    Help. JOCK
     
  2. Russ - SBITS.Biz

    Russ - SBITS.Biz Flightless Bird

    Sounds like you've been HiJacked
    First Disconnect your PC from the NETWORK
    Download this onto a USB Drive
    and run it
    http://free.antivirus.com/hijackthis/

    Find the Offected Registries.
    (Google if you won't know what a program is it will tell you if it's ok or
    not)
    Russ
    --
    Russell Grover -[SBS-MVP]
    24hr SBS Remote Support - www.SBITS.Biz
    Second Opinion - www.PersonalITConsultant.com
    Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


    "jock" wrote:

    > Message constantly popping up from security shield on lower right screen.
    > system intrusion or stealth intrusion, security breach, system danger,
    > privacy threat etc. .
    > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > trying to access internet shows IRC-worm.dos.septic or
    > trojan-bnk.win32.keylogger.gen
    > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > Help. JOCK
     
  3. Russ - SBITS.Biz

    Russ - SBITS.Biz Flightless Bird

    Also get this
    http://www.malwarebytes.org/
    Russ
    --
    Russell Grover - [SBS-MVP]
    24hr SBS Remote Support - www.SBITS.Biz
    Second Opinion - www.PersonalITConsultant.com
    Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


    "Russ - SBITS.Biz" wrote:

    > Sounds like you've been HiJacked
    > First Disconnect your PC from the NETWORK
    > Download this onto a USB Drive
    > and run it
    > http://free.antivirus.com/hijackthis/
    >
    > Find the Offected Registries.
    > (Google if you won't know what a program is it will tell you if it's ok or
    > not)
    > Russ
    > --
    > Russell Grover -[SBS-MVP]
    > 24hr SBS Remote Support - www.SBITS.Biz
    > Second Opinion - www.PersonalITConsultant.com
    > Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
    >
    >
    > "jock" wrote:
    >
    > > Message constantly popping up from security shield on lower right screen.
    > > system intrusion or stealth intrusion, security breach, system danger,
    > > privacy threat etc. .
    > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > > trying to access internet shows IRC-worm.dos.septic or
    > > trojan-bnk.win32.keylogger.gen
    > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > > Help. JOCK
     
  4. sgopus

    sgopus Flightless Bird

    This may be nothing more than windows messenger service popup vunerability
    turn off windows messenging service

    "jock" wrote:

    > Message constantly popping up from security shield on lower right screen.
    > system intrusion or stealth intrusion, security breach, system danger,
    > privacy threat etc. .
    > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > trying to access internet shows IRC-worm.dos.septic or
    > trojan-bnk.win32.keylogger.gen
    > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > Help. JOCK
     
  5. jock

    jock Flightless Bird

    security center is blocking access to all internet sites on one user login
    account. the other logins seem to be ok. running windows xp. home edition.
    --
    jock


    "Russ - SBITS.Biz" wrote:

    > Also get this
    > http://www.malwarebytes.org/
    > Russ
    > --
    > Russell Grover - [SBS-MVP]
    > 24hr SBS Remote Support - www.SBITS.Biz
    > Second Opinion - www.PersonalITConsultant.com
    > Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
    >
    >
    > "Russ - SBITS.Biz" wrote:
    >
    > > Sounds like you've been HiJacked
    > > First Disconnect your PC from the NETWORK
    > > Download this onto a USB Drive
    > > and run it
    > > http://free.antivirus.com/hijackthis/
    > >
    > > Find the Offected Registries.
    > > (Google if you won't know what a program is it will tell you if it's ok or
    > > not)
    > > Russ
    > > --
    > > Russell Grover -[SBS-MVP]
    > > 24hr SBS Remote Support - www.SBITS.Biz
    > > Second Opinion - www.PersonalITConsultant.com
    > > Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
    > >
    > >
    > > "jock" wrote:
    > >
    > > > Message constantly popping up from security shield on lower right screen.
    > > > system intrusion or stealth intrusion, security breach, system danger,
    > > > privacy threat etc. .
    > > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > > > trying to access internet shows IRC-worm.dos.septic or
    > > > trojan-bnk.win32.keylogger.gen
    > > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > > > Help. JOCK
     
  6. Jose

    Jose Flightless Bird

    On Feb 12, 8:56 am, jock <j...@discussions.microsoft.com> wrote:
    > security center is blocking access to all internet sites on one user login
    > account. the other logins seem to be ok. running windows xp. home edition..
    > --
    > jock
    >
    >
    >
    > "Russ - SBITS.Biz" wrote:
    > > Also get this
    > >http://www.malwarebytes.org/
    > > Russ
    > > --
    > > Russell Grover - [SBS-MVP]
    > > 24hr SBS Remote Support -www.SBITS.Biz
    > > Second Opinion -www.PersonalITConsultant.com
    > > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

    >
    > > "Russ - SBITS.Biz" wrote:

    >
    > > > Sounds like you've been HiJacked
    > > > First Disconnect your PC from the NETWORK
    > > > Download this onto a USB Drive
    > > > and run it
    > > >http://free.antivirus.com/hijackthis/

    >
    > > > Find the Offected Registries.
    > > > (Google if you won't know what a program is it will tell you if it's ok or
    > > > not)
    > > > Russ
    > > > --
    > > > Russell Grover -[SBS-MVP]
    > > > 24hr SBS Remote Support -www.SBITS.Biz
    > > > Second Opinion -www.PersonalITConsultant.com
    > > > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

    >
    > > > "jock" wrote:

    >
    > > > > Message constantly popping up from security shield on lower right screen.
    > > > > system intrusion or stealth intrusion, security breach, system danger,
    > > > > privacy threat etc. .
    > > > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > > > > trying to access internet shows IRC-worm.dos.septic or
    > > > > trojan-bnk.win32.keylogger.gen
    > > > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > > > > Help. JOCK


    Stop guessing what it might be.

    Perform some scans for malicious software, then fix any remaining
    issues:

    Download, install, update and do a full scan with these free malware
    detection programs:

    Malwarebytes (MBAM): http://malwarebytes.org/
    SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

    They can be uninstalled later if desired.
     
  7. Saucy

    Saucy Flightless Bird

    Reading your post and I think you have what is called "rogue anti-virus"
    software - which isn't anti-virus software at all - it itself is the
    malware! They are trying to get you to buy their "full" program in order to
    remove what they themselves have put there. Instead use known good software
    such as Malwarebytes to remove this cr*p from your PC.

    One thing you should do is have a good look at the thing and do a bit of
    research first using the search engines. Do not use any removal tools that
    are not 'known good' or that ask for money as you might just be digging
    yourself deeper into the rogue's doo doo.

    Ideally, you would have a full system image you could just reapply - so your
    PC is back like new - apps - settings - 'n all - and a current backup of
    more recent data which you could then just import. You could be back running
    as if it never happened in under an hour. Look into "system image" and
    "backup" and consider a back up and recovery strategy that doesn't involve
    reinstalling everything all over. Windows 7, BTW, has wonderful backup
    utilities built right in - you might consider moving to a PC running Windows
    7 just for that.




    "jock" <jock@discussions.microsoft.com> wrote in message
    news:F0B7318A-238A-4D75-9973-97A10C40674E@microsoft.com...
    > Message constantly popping up from security shield on lower right screen.
    > system intrusion or stealth intrusion, security breach, system danger,
    > privacy threat etc. .
    > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > trying to access internet shows IRC-worm.dos.septic or
    > trojan-bnk.win32.keylogger.gen
    > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > Help. JOCK
     
  8. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    You are seeing the effects of an already-present hijackware infection!

    NB: If you had no anti-virus application installed or the subscription had
    expired *when the machine first got infected* and/or your subscription has
    since expired and/or the machine's not been kept fully-patched at Windows
    Update, don't waste your time with any of the below: Format & reinstall
    Windows. A Repair Install will NOT help!

    Microsoft PCSafety provides home users (only) with no-charge support in
    dealing with malware infections such as viruses, spyware (including unwanted
    software), and adware.
    https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

    Also available via the Consumer Security Support home page:
    https://consumersecuritysupport.microsoft.com/

    Otherwise...

    1. See if you can download/run the MSRT manually:
    http://www.microsoft.com/security/malwareremove/default.mspx

    NB: Run the FULL scan, not the QUICK scan! You may need to download the
    MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    machine and rename it to SCAN.EXE before running it.

    2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
    in Safe Mode with Networking, if need be:
    http://onecare.live.com/site/en-us/center/howsafe.htm

    2b. Vista or Win7=> Run this scan instead:
    http://onecare.live.com/site/en-us/center/whatsnew.htm

    3. Now run a thorough check for hijackware, including posting requested logs
    in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

    Checking for/Help with Hijackware:
    • http://mvps.org/winhelp2002/unwanted.htm
    • http://inetexplorer.mvps.org/tshoot.html
    • http://www.mvps.org/sramesh2k/Malware_Defence.htm
    • http://www.elephantboycomputers.com/page2.html#Removing_Malware

    **Chances are you will need to seek expert assistance in
    http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    http://www.spywarewarrior.com/viewforum.php?f=5,
    http://www.dslreports.com/forum/cleanup,
    http://www.bluetack.co.uk/forums/index.php,
    http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

    If these procedures look too complex - and there is no shame in admitting
    this isn't your cup of tea - take the machine to a local, reputable and
    independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002

    jock wrote:
    > Message constantly popping up from security shield on lower right screen.
    > system intrusion or stealth intrusion, security breach, system danger,
    > privacy threat etc. .
    > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > trying to access internet shows IRC-worm.dos.septic or
    > trojan-bnk.win32.keylogger.gen
    > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > Help. JOCK
     
  9. jock

    jock Flightless Bird

    Thank you all for the responses. I had CA security suite installed which has
    not detected this problem. what I find strange is that I can log on as
    another user and the computer seems to be fine. I have contacted CA and they
    are going to try to resolve this problem. they issued me a case number and
    will have their "infectious malware/spyware professionals" contact me.
    --
    jock


    "PA Bear [MS MVP]" wrote:

    > You are seeing the effects of an already-present hijackware infection!
    >
    > NB: If you had no anti-virus application installed or the subscription had
    > expired *when the machine first got infected* and/or your subscription has
    > since expired and/or the machine's not been kept fully-patched at Windows
    > Update, don't waste your time with any of the below: Format & reinstall
    > Windows. A Repair Install will NOT help!
    >
    > Microsoft PCSafety provides home users (only) with no-charge support in
    > dealing with malware infections such as viruses, spyware (including unwanted
    > software), and adware.
    > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
    >
    > Also available via the Consumer Security Support home page:
    > https://consumersecuritysupport.microsoft.com/
    >
    > Otherwise...
    >
    > 1. See if you can download/run the MSRT manually:
    > http://www.microsoft.com/security/malwareremove/default.mspx
    >
    > NB: Run the FULL scan, not the QUICK scan! You may need to download the
    > MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    > machine and rename it to SCAN.EXE before running it.
    >
    > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
    > in Safe Mode with Networking, if need be:
    > http://onecare.live.com/site/en-us/center/howsafe.htm
    >
    > 2b. Vista or Win7=> Run this scan instead:
    > http://onecare.live.com/site/en-us/center/whatsnew.htm
    >
    > 3. Now run a thorough check for hijackware, including posting requested logs
    > in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
    >
    > Checking for/Help with Hijackware:
    > • http://mvps.org/winhelp2002/unwanted.htm
    > • http://inetexplorer.mvps.org/tshoot.html
    > • http://www.mvps.org/sramesh2k/Malware_Defence.htm
    > • http://www.elephantboycomputers.com/page2.html#Removing_Malware
    >
    > **Chances are you will need to seek expert assistance in
    > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    > http://www.spywarewarrior.com/viewforum.php?f=5,
    > http://www.dslreports.com/forum/cleanup,
    > http://www.bluetack.co.uk/forums/index.php,
    > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
    >
    > If these procedures look too complex - and there is no shame in admitting
    > this isn't your cup of tea - take the machine to a local, reputable and
    > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-IE, Mail, Security, Windows Client - since 2002
    >
    > jock wrote:
    > > Message constantly popping up from security shield on lower right screen.
    > > system intrusion or stealth intrusion, security breach, system danger,
    > > privacy threat etc. .
    > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > > trying to access internet shows IRC-worm.dos.septic or
    > > trojan-bnk.win32.keylogger.gen
    > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > > Help. JOCK

    >
    > .
    >
     
  10. jock

    jock Flightless Bird

    Contacted microsoft support and after 3 hrs. on the phone resolved the
    problem. Lookout for :AV.exe." Lethal!!!!!!!
    --
    jock


    "jock" wrote:

    > Thank you all for the responses. I had CA security suite installed which has
    > not detected this problem. what I find strange is that I can log on as
    > another user and the computer seems to be fine. I have contacted CA and they
    > are going to try to resolve this problem. they issued me a case number and
    > will have their "infectious malware/spyware professionals" contact me.
    > --
    > jock
    >
    >
    > "PA Bear [MS MVP]" wrote:
    >
    > > You are seeing the effects of an already-present hijackware infection!
    > >
    > > NB: If you had no anti-virus application installed or the subscription had
    > > expired *when the machine first got infected* and/or your subscription has
    > > since expired and/or the machine's not been kept fully-patched at Windows
    > > Update, don't waste your time with any of the below: Format & reinstall
    > > Windows. A Repair Install will NOT help!
    > >
    > > Microsoft PCSafety provides home users (only) with no-charge support in
    > > dealing with malware infections such as viruses, spyware (including unwanted
    > > software), and adware.
    > > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
    > >
    > > Also available via the Consumer Security Support home page:
    > > https://consumersecuritysupport.microsoft.com/
    > >
    > > Otherwise...
    > >
    > > 1. See if you can download/run the MSRT manually:
    > > http://www.microsoft.com/security/malwareremove/default.mspx
    > >
    > > NB: Run the FULL scan, not the QUICK scan! You may need to download the
    > > MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    > > machine and rename it to SCAN.EXE before running it.
    > >
    > > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
    > > in Safe Mode with Networking, if need be:
    > > http://onecare.live.com/site/en-us/center/howsafe.htm
    > >
    > > 2b. Vista or Win7=> Run this scan instead:
    > > http://onecare.live.com/site/en-us/center/whatsnew.htm
    > >
    > > 3. Now run a thorough check for hijackware, including posting requested logs
    > > in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
    > >
    > > Checking for/Help with Hijackware:
    > > • http://mvps.org/winhelp2002/unwanted.htm
    > > • http://inetexplorer.mvps.org/tshoot.html
    > > • http://www.mvps.org/sramesh2k/Malware_Defence.htm
    > > • http://www.elephantboycomputers.com/page2.html#Removing_Malware
    > >
    > > **Chances are you will need to seek expert assistance in
    > > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    > > http://www.spywarewarrior.com/viewforum.php?f=5,
    > > http://www.dslreports.com/forum/cleanup,
    > > http://www.bluetack.co.uk/forums/index.php,
    > > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
    > >
    > > If these procedures look too complex - and there is no shame in admitting
    > > this isn't your cup of tea - take the machine to a local, reputable and
    > > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
    > > --
    > > ~Robear Dyer (PA Bear)
    > > MS MVP-IE, Mail, Security, Windows Client - since 2002
    > >
    > > jock wrote:
    > > > Message constantly popping up from security shield on lower right screen.
    > > > system intrusion or stealth intrusion, security breach, system danger,
    > > > privacy threat etc. .
    > > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > > > trying to access internet shows IRC-worm.dos.septic or
    > > > trojan-bnk.win32.keylogger.gen
    > > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > > > Help. JOCK

    > >
    > > .
    > >
     
  11. philberto

    philberto Flightless Bird

    Hi,

    What you have explained in this post is basically the exact symptoms of my computer sleath intrustion privacy threat etc. all pop up warnings coming from windows xp internet security. I would just like to know what the solution was this thread seems to just end with you saying you spoke to microsoft and after 3 hours it ot solved.

    I suspected the xp internet security immediately as no virus scanner can scan as quickly as that it took about 3 mins for it to find 25 threats. then i did a scan with spyware doctor and it found a threat called rougue.antivirusXP. My last resort will be to format my computer but hopefully this thread will provide some answer. After the spydoctor scan was complete and the computer rebooted but immediatly xp internet security poped up on screen again so this did not solve the problem.

    Thanks in Advance for any help with this issue.
    Phil
     
  12. Elmo

    Elmo Flightless Bird

    undisclosed wrote:
    > Hi,
    >
    > What you have explained in this post is basically the exact symptoms of
    > my computer sleath intrustion privacy threat etc. all pop up warnings
    > coming from windows xp internet security. I would just like to know what
    > the solution was this thread seems to just end with you saying you spoke
    > to Microsoft and after 3 hours it was solved.
    >
    > I suspected the xp internet security immediately as no virus scanner
    > can scan as quickly as that it took about 3 mins for it to find 25
    > threats. then i did a scan with spyware doctor and it found a threat
    > called rougue.antivirusXP. My last resort will be to format my computer
    > but hopefully this thread will provide some answer. After the spydoctor
    > scan was complete and the computer rebooted but immediately XP internet
    > security popped up on screen again so this did not solve the problem.
    >
    > Thanks in Advance for any help with this issue.
    > Phil


    Well, there are hundreds of references to Malwarebytes in this one
    newsgroup, and four to six in this thread alone.. maybe you could try:

    Malwarebytes© Corporation
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    and

    SuperAntispyware
    http://www.superantispyware.com/superantispywarefreevspro.html

    --
    Joe =o)
     
  13. SunaScorpion

    SunaScorpion Flightless Bird

    "jock" wrote:

    > Contacted microsoft support and after 3 hrs. on the phone resolved the
    > problem. Lookout for :AV.exe." Lethal!!!!!!!
    > --
    > jock


    Any chance you remember what they told you? I'm having the same problem. Any
    help would be appreciated.
     
  14. VanguardLH

    VanguardLH Flightless Bird

    SunaScorpion wrote:

    > "jock" wrote:
    >
    >> Contacted microsoft support and after 3 hrs. on the phone resolved the
    >> problem. Lookout for :AV.exe." Lethal!!!!!!!
    >> --
    >> jock

    >
    > Any chance you remember what they told you? I'm having the same problem. Any
    > help would be appreciated.


    You can't read the post? Just what does it say to lookout for?
     
  15. Elmo

    Elmo Flightless Bird

    SunaScorpion wrote:
    >
    > "jock" wrote:
    >
    >> Contacted Microsoft support and after 3 hrs. on the phone resolved the
    >> problem. Lookout for :AV.exe." Lethal!!!!!!!
    >> --
    >> jock

    >
    > Any chance you remember what they told you? I'm having the same problem. Any
    > help would be appreciated.


    Press Ctrl/Alt-Delete and stop AV.exe from running. Stop any other
    process that will stop, unless you know some belong there, and then
    Malwarebytes will possibly update and run. If not, try the same thing
    in Safe Mode.

    If you stop the wrong process and the system is disabled, restart and
    try again, ignoring the process that caused problems during the previous
    attempt. Usually, no Svchost.exe process will stop. But you might find
    Sychost.exe running, and it's malicious.. intended to look like the
    other legitimate service. Don't stop Explorer.exe, though it would
    probably restart itself if you did.

    --
    Joe =o)
     
  16. DAP

    DAP Flightless Bird

    Hello:

    I ran your suggested hijacker program and now the simulated trojan is gone,
    but I cannot remove any programs from my system. Add/Remove Programs ->
    c:/WINDOWS\system32\rundll32.exe Application not found. Any suggestions?
    Is this a path issue? Thanks. Deb

    "jock" wrote:

    > Message constantly popping up from security shield on lower right screen.
    > system intrusion or stealth intrusion, security breach, system danger,
    > privacy threat etc. .
    > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
    > trying to access internet shows IRC-worm.dos.septic or
    > trojan-bnk.win32.keylogger.gen
    > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
    > Help. JOCK
     

Share This Page