Infected with spyware?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

When I start my PC, a window appears:

Your Windows is corrupted with spyware virus.
You must patch your pc urgently to protect yourself.
Private info is accessed by ports:

- 8080
- 3128

You can patch your PC for free only now and delete all spyware viruses.

Click OK to choose and download free spyware removal using AntiSPY.


When I connect to the internet, a different window appears:

WARNING!

---- YOUR PC WILL NOT BOOT NEXT TIME WITHOUT URGENT PATCHING ----

Our analysis shows that your PC is infected with spy software.
You have been infected with '___winSterHJK v.2011.'
Your PC is now accessed through ports:

- 3128
- 8080

Your private information is in danger.
Patch your PC immediately for free.
No money, no credit card, all downloads are CNET certificated.
We're the team of volunteers helping to fight with spyware.

Click OK to choose and download free spyware removal using AntiSPY.


Then new page opens, it's adress is:

http://www.hotoffers.info/a0002/warning/danger.html


Beside this warnings, I cannot change the adress of my home page in IE other
than: http://www.hotoffers.info/

I'm using Windows XP Professional, SP1 with all updates.
I even tried install SP2, but no changes.

Thank you for any reply.
3 answers Last reply
More about infected spyware
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Pattern File.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download Sysclean.com and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt333.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    sysclean.com.

    2) Update Adaware with the latest definitions.
    3) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point


    * * * Please report your results ! * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html


    "bobo72" <bobo72@discussions.microsoft.com> wrote in message
    news:FF94ED16-F530-4880-871E-32D3806A1935@microsoft.com...
    | When I start my PC, a window appears:
    |
    | Your Windows is corrupted with spyware virus.
    | You must patch your pc urgently to protect yourself.
    | Private info is accessed by ports:
    |
    | - 8080
    | - 3128
    |
    | You can patch your PC for free only now and delete all spyware viruses.
    |
    | Click OK to choose and download free spyware removal using AntiSPY.
    |
    |
    | When I connect to the internet, a different window appears:
    |
    | WARNING!
    |
    | ---- YOUR PC WILL NOT BOOT NEXT TIME WITHOUT URGENT PATCHING ----
    |
    | Our analysis shows that your PC is infected with spy software.
    | You have been infected with '___winSterHJK v.2011.'
    | Your PC is now accessed through ports:
    |
    | - 3128
    | - 8080
    |
    | Your private information is in danger.
    | Patch your PC immediately for free.
    | No money, no credit card, all downloads are CNET certificated.
    | We're the team of volunteers helping to fight with spyware.
    |
    | Click OK to choose and download free spyware removal using AntiSPY.
    |
    |
    | Then new page opens, it's adress is:
    |
    | http://www.hotoffers.info/a0002/warning/danger.html
    |
    |
    | Beside this warnings, I cannot change the adress of my home page in IE other
    | than: http://www.hotoffers.info/
    |
    | I'm using Windows XP Professional, SP1 with all updates.
    | I even tried install SP2, but no changes.
    |
    | Thank you for any reply.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    excuse me for intervening but I have a similar problem. I want to clarify
    two points.
    7 Reenable systemrestore.

    exactly how do I do that.

    -9 Create a new Restore point

    I don't know what you mean by that. Could you please explain that and tell
    me how to do it?

    Do I already have a restore point?

    dennist685
    "David H. Lipman" wrote:

    > 1) Download the following three items...
    >
    > Trend Sysclean Package
    > http://www.trendmicro.com/download/dcs.asp
    >
    > Latest Trend Pattern File.
    > http://www.trendmicro.com/download/pattern.asp
    >
    > Adaware SE (free personal version v1.05)
    > http://www.lavasoftusa.com/
    >
    > Create a directory.
    > On drive "C:\"
    > (e.g., "c:\New Folder")
    > or the desktop
    > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    >
    > Download Sysclean.com and place it in that directory.
    > Download the Trend Pattern File by obtaining the ZIP file.
    > For example; lpt333.zip
    >
    > Extract the contents of the ZIP file and place the contents in the same directory as
    > sysclean.com.
    >
    > 2) Update Adaware with the latest definitions.
    > 3) Disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    > platform and clean/delete any infectors/parasites found.
    > (a few cycles may be needed)
    > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    > Trend Sysclean utility and Adaware
    > 7) Re-enable System Restore and re-apply any System Restore preferences,
    > (e.g. HD space to use suggested 400 ~ 600MB),
    > 8) Reboot your PC.
    > 9) Create a new Restore point
    >
    >
    > * * * Please report your results ! * * *
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    >
    >
    >
    >
    >
    >
    > "bobo72" <bobo72@discussions.microsoft.com> wrote in message
    > news:FF94ED16-F530-4880-871E-32D3806A1935@microsoft.com...
    > | When I start my PC, a window appears:
    > |
    > | Your Windows is corrupted with spyware virus.
    > | You must patch your pc urgently to protect yourself.
    > | Private info is accessed by ports:
    > |
    > | - 8080
    > | - 3128
    > |
    > | You can patch your PC for free only now and delete all spyware viruses.
    > |
    > | Click OK to choose and download free spyware removal using AntiSPY.
    > |
    > |
    > | When I connect to the internet, a different window appears:
    > |
    > | WARNING!
    > |
    > | ---- YOUR PC WILL NOT BOOT NEXT TIME WITHOUT URGENT PATCHING ----
    > |
    > | Our analysis shows that your PC is infected with spy software.
    > | You have been infected with '___winSterHJK v.2011.'
    > | Your PC is now accessed through ports:
    > |
    > | - 3128
    > | - 8080
    > |
    > | Your private information is in danger.
    > | Patch your PC immediately for free.
    > | No money, no credit card, all downloads are CNET certificated.
    > | We're the team of volunteers helping to fight with spyware.
    > |
    > | Click OK to choose and download free spyware removal using AntiSPY.
    > |
    > |
    > | Then new page opens, it's adress is:
    > |
    > | http://www.hotoffers.info/a0002/warning/danger.html
    > |
    > |
    > | Beside this warnings, I cannot change the adress of my home page in IE other
    > | than: http://www.hotoffers.info/
    > |
    > | I'm using Windows XP Professional, SP1 with all updates.
    > | I even tried install SP2, but no changes.
    > |
    > | Thank you for any reply.
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Replies are inline...

    "dennist685" <dennist685@discussions.microsoft.com> wrote in message
    news:10B2000D-96E8-4A09-B027-78042FBE1371@microsoft.com...
    | excuse me for intervening but I have a similar problem. I want to clarify
    | two points.
    | 7 Reenable systemrestore.
    |
    | exactly how do I do that.

    Go to the following URL and do the OPPOSITE of disabling the System Restore cache
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.


    |
    | -9 Create a new Restore point
    |
    | I don't know what you mean by that. Could you please explain that and tell
    | me how to do it?


    Go to...
    Start --> programs --> acccesories --> system tools --> System Restore

    It will give you the options to either Restore to a point or create a new restore point.
    Just choose to create a new restore point.

    Dave


    | Do I already have a restore point?

    You should. The system should automatically create them under certain circumstances such as
    installing some new MS Software.

    --
    Dave


    |
    | dennist685
Ask a new question

Read More

Spyware Windows XP