Sign in with
Sign up | Sign in
Your question

computer invaded toded with .pf and modem hijacked

Last response: in Windows XP
Share
Anonymous
April 20, 2005 5:23:57 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello,
I have huge problem, I was on the internet at 1100 AM today and about
50-60 pages began poping up on my browser. After deleting I decided to
run, spysweeper program. Founf Securebanks Phishing Trojan, a DNS,
(modem hijacking program), and 3 adware programs. My favorites were
changed to porn sites, My system recovery times and dates were deleted
to the time of installation of this spyware(or whatever it is), and a
desktop icon appeared XXX. I later found that my computer was online
dialing a 1-800 number, and all these things were back on my computer.
Sidenote: My default webpage was changed to a porn searcher and this
would not change back to the default webpage.
My spyware is now constanly telling me that something is trying to
change my default webbrowser, and after re- booting the computer all of
the previous stated spy/adware stuff keeps coming back.
Can someone please help me. Is there a program that I can buy that will
find all this stuff and delete all the files. There is one file that my
spysweeper says cannot be deleted because it is running and I have to
keep my modem disconnected because my computer keeps calling someone.
Frank


--
kerrf
April 20, 2005 5:23:58 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Click the Start button\select Run\type; msconfig\hit enter
select Start tab\uncheck any process other than
the antivirus components. these usually are the first
three to five processes at the top of the list.

Install the following spyware programs and update them,
next remove the Internet connection line from the computer
and run all programs, if no good results are achieved,
logon in safe mode and run them again.
To logon in safe mode press F8 several times at the
beginning of the boot up and select Safe Mode from the list.

Adaware SE
Spybot Search & Destroy
CWShredder
SpywareBlaster
http://www.majorgeeks.com/downloads31.html



-----------Original Message---------------------
"kerrf" <kerrf.1nrv1q@pcbanter.net> escribi├│ en el mensaje
news:kerrf.1nrv1q@pcbanter.net...
>
> Hello,
> I have huge problem, I was on the internet at 1100 AM today and about
> 50-60 pages began poping up on my browser. After deleting I decided to
> run, spysweeper program. Founf Securebanks Phishing Trojan, a DNS,
> (modem hijacking program), and 3 adware programs. My favorites were
> changed to porn sites, My system recovery times and dates were deleted
> to the time of installation of this spyware(or whatever it is), and a
> desktop icon appeared XXX. I later found that my computer was online
> dialing a 1-800 number, and all these things were back on my computer.
> Sidenote: My default webpage was changed to a porn searcher and this
> would not change back to the default webpage.
> My spyware is now constanly telling me that something is trying to
> change my default webbrowser, and after re- booting the computer all of
> the previous stated spy/adware stuff keeps coming back.
> Can someone please help me. Is there a program that I can buy that will
> find all this stuff and delete all the files. There is one file that my
> spysweeper says cannot be deleted because it is running and I have to
> keep my modem disconnected because my computer keeps calling someone.
> Frank
>
>
> --
> kerrf
April 20, 2005 7:29:13 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:kerrf.1nrv1q@pcbanter.net,
kerrf <kerrf.1nrv1q@pcbanter.net> had this to say:

My reply is at the bottom of your sent message:

> Hello,
> I have huge problem, I was on the internet at 1100 AM today and about
> 50-60 pages began poping up on my browser. After deleting I decided to
> run, spysweeper program. Founf Securebanks Phishing Trojan, a DNS,
> (modem hijacking program), and 3 adware programs. My favorites were
> changed to porn sites, My system recovery times and dates were deleted
> to the time of installation of this spyware(or whatever it is), and a
> desktop icon appeared XXX. I later found that my computer was online
> dialing a 1-800 number, and all these things were back on my computer.
> Sidenote: My default webpage was changed to a porn searcher and this
> would not change back to the default webpage.
> My spyware is now constanly telling me that something is trying to
> change my default webbrowser, and after re- booting the computer all
> of the previous stated spy/adware stuff keeps coming back.
> Can someone please help me. Is there a program that I can buy that
> will find all this stuff and delete all the files. There is one file
> that my spysweeper says cannot be deleted because it is running and I
> have to keep my modem disconnected because my computer keeps calling
> someone. Frank

Why buy when you can do it free? You've probably already bought all sorts of
stuff with the 1-800 number that ended in a South Pacific Island which
you'll get charged a lot of money for. (You can probably get the charges
removed by the way.) Here's a bunch of free tools:

Virus:
www.grisoft.com - AVG
www.antivir.com - AntiVir
http://www.my-etrust.com/microsoft/index.cfm - CA eTrust

Spyware:
www.lavasoft.de - AdAware
http://security.kolla.de/ - Spybot
http://www.microsoft.com/athome/security/spyware/softwa... -
Microsoft Anti-Spyware Beta

Trojan:
www.emsisoft.com/en/software/free/ - a Squared
http://swatit.org/ Swat It

Before cleaning download this:

LSP-Fix - a free program to repair damaged Winsock 2 stacks:
http://www.cexx.org/lspfix.htm

Use that should cleaning out your PC remove or damage your in-place winsock
and you can't connect to the internet.

From the virus and trojan category pick one application, they're all free,
download it and install it. Make sure that you update it. From the spyware
category pick all three, download them and update them to the latest
definitions. Reboot, press the F8 key over and over again, from the menu
select Safe mode without networking. Do your cleaning in there. Reboot to
regular mode and run the scans again. This isn't going to be quick or easy
but it might just solve your problems and it should prevent you from further
problems so long as you keep them updated and scan often. Most of them can
be enabled to update and scan automatically.

Make sure you pay attention to the part about doing your scan in safe mode.

Galen
--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
!