• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

adware/spyware/hacker????

J

jock

Flightless Bird
Message constantly popping up from security shield on lower right screen.
system intrusion or stealth intrusion, security breach, system danger,
privacy threat etc. .
-CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
trying to access internet shows IRC-worm.dos.septic or
trojan-bnk.win32.keylogger.gen
Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
Help. JOCK
 
R

Russ - SBITS.Biz

Flightless Bird
Sounds like you've been HiJacked
First Disconnect your PC from the NETWORK
Download this onto a USB Drive
and run it
http://free.antivirus.com/hijackthis/

Find the Offected Registries.
(Google if you won't know what a program is it will tell you if it's ok or
not)
Russ
--
Russell Grover -[SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


"jock" wrote:

> Message constantly popping up from security shield on lower right screen.
> system intrusion or stealth intrusion, security breach, system danger,
> privacy threat etc. .
> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> trying to access internet shows IRC-worm.dos.septic or
> trojan-bnk.win32.keylogger.gen
> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> Help. JOCK
 
R

Russ - SBITS.Biz

Flightless Bird
Also get this
http://www.malwarebytes.org/
Russ
--
Russell Grover - [SBS-MVP]
24hr SBS Remote Support - www.SBITS.Biz
Second Opinion - www.PersonalITConsultant.com
Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com


"Russ - SBITS.Biz" wrote:

> Sounds like you've been HiJacked
> First Disconnect your PC from the NETWORK
> Download this onto a USB Drive
> and run it
> http://free.antivirus.com/hijackthis/
>
> Find the Offected Registries.
> (Google if you won't know what a program is it will tell you if it's ok or
> not)
> Russ
> --
> Russell Grover -[SBS-MVP]
> 24hr SBS Remote Support - www.SBITS.Biz
> Second Opinion - www.PersonalITConsultant.com
> Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
>
>
> "jock" wrote:
>
> > Message constantly popping up from security shield on lower right screen.
> > system intrusion or stealth intrusion, security breach, system danger,
> > privacy threat etc. .
> > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> > trying to access internet shows IRC-worm.dos.septic or
> > trojan-bnk.win32.keylogger.gen
> > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> > Help. JOCK
 
S

sgopus

Flightless Bird
This may be nothing more than windows messenger service popup vunerability
turn off windows messenging service

"jock" wrote:

> Message constantly popping up from security shield on lower right screen.
> system intrusion or stealth intrusion, security breach, system danger,
> privacy threat etc. .
> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> trying to access internet shows IRC-worm.dos.septic or
> trojan-bnk.win32.keylogger.gen
> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> Help. JOCK
 
J

jock

Flightless Bird
security center is blocking access to all internet sites on one user login
account. the other logins seem to be ok. running windows xp. home edition.
--
jock


"Russ - SBITS.Biz" wrote:

> Also get this
> http://www.malwarebytes.org/
> Russ
> --
> Russell Grover - [SBS-MVP]
> 24hr SBS Remote Support - www.SBITS.Biz
> Second Opinion - www.PersonalITConsultant.com
> Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
>
>
> "Russ - SBITS.Biz" wrote:
>
> > Sounds like you've been HiJacked
> > First Disconnect your PC from the NETWORK
> > Download this onto a USB Drive
> > and run it
> > http://free.antivirus.com/hijackthis/
> >
> > Find the Offected Registries.
> > (Google if you won't know what a program is it will tell you if it's ok or
> > not)
> > Russ
> > --
> > Russell Grover -[SBS-MVP]
> > 24hr SBS Remote Support - www.SBITS.Biz
> > Second Opinion - www.PersonalITConsultant.com
> > Free Trial Microsoft Online Services - www.Microsoft-Online-Services.com
> >
> >
> > "jock" wrote:
> >
> > > Message constantly popping up from security shield on lower right screen.
> > > system intrusion or stealth intrusion, security breach, system danger,
> > > privacy threat etc. .
> > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> > > trying to access internet shows IRC-worm.dos.septic or
> > > trojan-bnk.win32.keylogger.gen
> > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> > > Help. JOCK
 
J

Jose

Flightless Bird
On Feb 12, 8:56 am, jock <j...@discussions.microsoft.com> wrote:
> security center is blocking access to all internet sites on one user login
> account. the other logins seem to be ok. running windows xp. home edition..
> --
> jock
>
>
>
> "Russ - SBITS.Biz" wrote:
> > Also get this
> >http://www.malwarebytes.org/
> > Russ
> > --
> > Russell Grover - [SBS-MVP]
> > 24hr SBS Remote Support -www.SBITS.Biz
> > Second Opinion -www.PersonalITConsultant.com
> > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

>
> > "Russ - SBITS.Biz" wrote:

>
> > > Sounds like you've been HiJacked
> > > First Disconnect your PC from the NETWORK
> > > Download this onto a USB Drive
> > > and run it
> > >http://free.antivirus.com/hijackthis/

>
> > > Find the Offected Registries.
> > > (Google if you won't know what a program is it will tell you if it's ok or
> > > not)
> > > Russ
> > > --
> > > Russell Grover -[SBS-MVP]
> > > 24hr SBS Remote Support -www.SBITS.Biz
> > > Second Opinion -www.PersonalITConsultant.com
> > > Free Trial Microsoft Online Services -www.Microsoft-Online-Services.com

>
> > > "jock" wrote:

>
> > > > Message constantly popping up from security shield on lower right screen.
> > > > system intrusion or stealth intrusion, security breach, system danger,
> > > > privacy threat etc. .
> > > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> > > > trying to access internet shows IRC-worm.dos.septic or
> > > > trojan-bnk.win32.keylogger.gen
> > > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> > > > Help. JOCK


Stop guessing what it might be.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.
 
S

Saucy

Flightless Bird
Reading your post and I think you have what is called "rogue anti-virus"
software - which isn't anti-virus software at all - it itself is the
malware! They are trying to get you to buy their "full" program in order to
remove what they themselves have put there. Instead use known good software
such as Malwarebytes to remove this cr*p from your PC.

One thing you should do is have a good look at the thing and do a bit of
research first using the search engines. Do not use any removal tools that
are not 'known good' or that ask for money as you might just be digging
yourself deeper into the rogue's doo doo.

Ideally, you would have a full system image you could just reapply - so your
PC is back like new - apps - settings - 'n all - and a current backup of
more recent data which you could then just import. You could be back running
as if it never happened in under an hour. Look into "system image" and
"backup" and consider a back up and recovery strategy that doesn't involve
reinstalling everything all over. Windows 7, BTW, has wonderful backup
utilities built right in - you might consider moving to a PC running Windows
7 just for that.




"jock" <jock@discussions.microsoft.com> wrote in message
news:F0B7318A-238A-4D75-9973-97A10C40674E@microsoft.com...
> Message constantly popping up from security shield on lower right screen.
> system intrusion or stealth intrusion, security breach, system danger,
> privacy threat etc. .
> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> trying to access internet shows IRC-worm.dos.septic or
> trojan-bnk.win32.keylogger.gen
> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> Help. JOCK
 
P

PA Bear [MS MVP]

Flightless Bird
You are seeing the effects of an already-present hijackware infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via the Consumer Security Support home page:
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

Checking for/Help with Hijackware:
• http://mvps.org/winhelp2002/unwanted.htm
• http://inetexplorer.mvps.org/tshoot.html
• http://www.mvps.org/sramesh2k/Malware_Defence.htm
• http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002

jock wrote:
> Message constantly popping up from security shield on lower right screen.
> system intrusion or stealth intrusion, security breach, system danger,
> privacy threat etc. .
> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> trying to access internet shows IRC-worm.dos.septic or
> trojan-bnk.win32.keylogger.gen
> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> Help. JOCK
 
J

jock

Flightless Bird
Thank you all for the responses. I had CA security suite installed which has
not detected this problem. what I find strange is that I can log on as
another user and the computer seems to be fine. I have contacted CA and they
are going to try to resolve this problem. they issued me a case number and
will have their "infectious malware/spyware professionals" contact me.
--
jock


"PA Bear [MS MVP]" wrote:

> You are seeing the effects of an already-present hijackware infection!
>
> NB: If you had no anti-virus application installed or the subscription had
> expired *when the machine first got infected* and/or your subscription has
> since expired and/or the machine's not been kept fully-patched at Windows
> Update, don't waste your time with any of the below: Format & reinstall
> Windows. A Repair Install will NOT help!
>
> Microsoft PCSafety provides home users (only) with no-charge support in
> dealing with malware infections such as viruses, spyware (including unwanted
> software), and adware.
> https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
>
> Also available via the Consumer Security Support home page:
> https://consumersecuritysupport.microsoft.com/
>
> Otherwise...
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/malwareremove/default.mspx
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download the
> MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> machine and rename it to SCAN.EXE before running it.
>
> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
> in Safe Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 2b. Vista or Win7=> Run this scan instead:
> http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> 3. Now run a thorough check for hijackware, including posting requested logs
> in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
>
> Checking for/Help with Hijackware:
> • http://mvps.org/winhelp2002/unwanted.htm
> • http://inetexplorer.mvps.org/tshoot.html
> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
> • http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> **Chances are you will need to seek expert assistance in
> http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
> http://www.spywarewarrior.com/viewforum.php?f=5,
> http://www.dslreports.com/forum/cleanup,
> http://www.bluetack.co.uk/forums/index.php,
> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>
> If these procedures look too complex - and there is no shame in admitting
> this isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-IE, Mail, Security, Windows Client - since 2002
>
> jock wrote:
> > Message constantly popping up from security shield on lower right screen.
> > system intrusion or stealth intrusion, security breach, system danger,
> > privacy threat etc. .
> > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> > trying to access internet shows IRC-worm.dos.septic or
> > trojan-bnk.win32.keylogger.gen
> > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> > Help. JOCK

>
> .
>
 
J

jock

Flightless Bird
Contacted microsoft support and after 3 hrs. on the phone resolved the
problem. Lookout for :AV.exe." Lethal!!!!!!!
--
jock


"jock" wrote:

> Thank you all for the responses. I had CA security suite installed which has
> not detected this problem. what I find strange is that I can log on as
> another user and the computer seems to be fine. I have contacted CA and they
> are going to try to resolve this problem. they issued me a case number and
> will have their "infectious malware/spyware professionals" contact me.
> --
> jock
>
>
> "PA Bear [MS MVP]" wrote:
>
> > You are seeing the effects of an already-present hijackware infection!
> >
> > NB: If you had no anti-virus application installed or the subscription had
> > expired *when the machine first got infected* and/or your subscription has
> > since expired and/or the machine's not been kept fully-patched at Windows
> > Update, don't waste your time with any of the below: Format & reinstall
> > Windows. A Repair Install will NOT help!
> >
> > Microsoft PCSafety provides home users (only) with no-charge support in
> > dealing with malware infections such as viruses, spyware (including unwanted
> > software), and adware.
> > https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1
> >
> > Also available via the Consumer Security Support home page:
> > https://consumersecuritysupport.microsoft.com/
> >
> > Otherwise...
> >
> > 1. See if you can download/run the MSRT manually:
> > http://www.microsoft.com/security/malwareremove/default.mspx
> >
> > NB: Run the FULL scan, not the QUICK scan! You may need to download the
> > MSRT on a non-infected machine, then transfer MRT.EXE to the infected
> > machine and rename it to SCAN.EXE before running it.
> >
> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
> > in Safe Mode with Networking, if need be:
> > http://onecare.live.com/site/en-us/center/howsafe.htm
> >
> > 2b. Vista or Win7=> Run this scan instead:
> > http://onecare.live.com/site/en-us/center/whatsnew.htm
> >
> > 3. Now run a thorough check for hijackware, including posting requested logs
> > in an appropriate forum, not here. DO NOT SKIP THIS STEP!!
> >
> > Checking for/Help with Hijackware:
> > • http://mvps.org/winhelp2002/unwanted.htm
> > • http://inetexplorer.mvps.org/tshoot.html
> > • http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > • http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >
> > **Chances are you will need to seek expert assistance in
> > http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
> > http://www.spywarewarrior.com/viewforum.php?f=5,
> > http://www.dslreports.com/forum/cleanup,
> > http://www.bluetack.co.uk/forums/index.php,
> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
> >
> > If these procedures look too complex - and there is no shame in admitting
> > this isn't your cup of tea - take the machine to a local, reputable and
> > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-IE, Mail, Security, Windows Client - since 2002
> >
> > jock wrote:
> > > Message constantly popping up from security shield on lower right screen.
> > > system intrusion or stealth intrusion, security breach, system danger,
> > > privacy threat etc. .
> > > -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> > > trying to access internet shows IRC-worm.dos.septic or
> > > trojan-bnk.win32.keylogger.gen
> > > Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> > > Help. JOCK

> >
> > .
> >
 
P

philberto

Flightless Bird
Hi,

What you have explained in this post is basically the exact symptoms of my computer sleath intrustion privacy threat etc. all pop up warnings coming from windows xp internet security. I would just like to know what the solution was this thread seems to just end with you saying you spoke to microsoft and after 3 hours it ot solved.

I suspected the xp internet security immediately as no virus scanner can scan as quickly as that it took about 3 mins for it to find 25 threats. then i did a scan with spyware doctor and it found a threat called rougue.antivirusXP. My last resort will be to format my computer but hopefully this thread will provide some answer. After the spydoctor scan was complete and the computer rebooted but immediatly xp internet security poped up on screen again so this did not solve the problem.

Thanks in Advance for any help with this issue.
Phil
 
E

Elmo

Flightless Bird
undisclosed wrote:
> Hi,
>
> What you have explained in this post is basically the exact symptoms of
> my computer sleath intrustion privacy threat etc. all pop up warnings
> coming from windows xp internet security. I would just like to know what
> the solution was this thread seems to just end with you saying you spoke
> to Microsoft and after 3 hours it was solved.
>
> I suspected the xp internet security immediately as no virus scanner
> can scan as quickly as that it took about 3 mins for it to find 25
> threats. then i did a scan with spyware doctor and it found a threat
> called rougue.antivirusXP. My last resort will be to format my computer
> but hopefully this thread will provide some answer. After the spydoctor
> scan was complete and the computer rebooted but immediately XP internet
> security popped up on screen again so this did not solve the problem.
>
> Thanks in Advance for any help with this issue.
> Phil


Well, there are hundreds of references to Malwarebytes in this one
newsgroup, and four to six in this thread alone.. maybe you could try:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

and

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

--
Joe =o)
 
S

SunaScorpion

Flightless Bird
"jock" wrote:

> Contacted microsoft support and after 3 hrs. on the phone resolved the
> problem. Lookout for :AV.exe." Lethal!!!!!!!
> --
> jock


Any chance you remember what they told you? I'm having the same problem. Any
help would be appreciated.
 
V

VanguardLH

Flightless Bird
SunaScorpion wrote:

> "jock" wrote:
>
>> Contacted microsoft support and after 3 hrs. on the phone resolved the
>> problem. Lookout for :AV.exe." Lethal!!!!!!!
>> --
>> jock

>
> Any chance you remember what they told you? I'm having the same problem. Any
> help would be appreciated.


You can't read the post? Just what does it say to lookout for?
 
E

Elmo

Flightless Bird
SunaScorpion wrote:
>
> "jock" wrote:
>
>> Contacted Microsoft support and after 3 hrs. on the phone resolved the
>> problem. Lookout for :AV.exe." Lethal!!!!!!!
>> --
>> jock

>
> Any chance you remember what they told you? I'm having the same problem. Any
> help would be appreciated.


Press Ctrl/Alt-Delete and stop AV.exe from running. Stop any other
process that will stop, unless you know some belong there, and then
Malwarebytes will possibly update and run. If not, try the same thing
in Safe Mode.

If you stop the wrong process and the system is disabled, restart and
try again, ignoring the process that caused problems during the previous
attempt. Usually, no Svchost.exe process will stop. But you might find
Sychost.exe running, and it's malicious.. intended to look like the
other legitimate service. Don't stop Explorer.exe, though it would
probably restart itself if you did.

--
Joe =o)
 
D

DAP

Flightless Bird
Hello:

I ran your suggested hijacker program and now the simulated trojan is gone,
but I cannot remove any programs from my system. Add/Remove Programs ->
c:/WINDOWS\system32\rundll32.exe Application not found. Any suggestions?
Is this a path issue? Thanks. Deb

"jock" wrote:

> Message constantly popping up from security shield on lower right screen.
> system intrusion or stealth intrusion, security breach, system danger,
> privacy threat etc. .
> -CA virus scan OK. CA Spyware scan OK. SPYBOT scans ok. Popup box when
> trying to access internet shows IRC-worm.dos.septic or
> trojan-bnk.win32.keylogger.gen
> Asking me to purchase upgrade XP security. Can not seem to rid pc of this.
> Help. JOCK
 
Top