Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- New at Spyware, need help
June 28, 2004, 12:46 pm
rate this thread
In this instance, the spyware is taking control of my homepage and
hitting me with pop up ads. During the first encounter, it also added
a ".bak" to the end of my notebook and mwp executable files,
essentially hiding them from shortcuts and such.
The problem I have is that over the course of the past week I've
deleted this same spyware from my computer about 9 times, and it keeps
coming back. I've run Norton, and it doesn't detect anything. I
downloaded AdAware and it can get rid of it when it comes back, but
doesn't detect anything else. I've added the Goggle Toolbar with pop
up blocker, and that doesn't help. I've deleted all my temporary
internet files, cookies and prefetch files (XP home), but that's not
helping. Somehow, this particular spyware keeps coming back. It
doesn't seem to be related to any particular website (otherwise I'd
stop going there), and sometimes, it comes back without surfing the
web at all. I've noticed that it puts 2 files on my computer. The
first is a dll with a random name (jemc.dll, dib.dll, dhise.dll, it's
a random 3-5 letter name each time), and the second is sp.html.
Is it possible that this thing has recorded my IP address and the host
sends the files to me at random times? If so, how do I stop this from
happening? Is it possible for a program to run in the background with
my knowledge that loads the files on my computer, and a program that
neither Norton or AdAware will pick up?
PLEASE HELP!!! SERIOUSLY FRUSTRATED!!!
Re: New at Spyware, need help
CWShredder may be part of the solution, but most likely you will also need
HijackThis, and expert advice to interpret it's log.
Try one or more of these free online virus scans, which should complement NAV:
Start by downloading each of the following free tools:
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
LSP-Fix and WinsockLSPFix <http://www.cexx.org/lspfix.htm
Spybot S&D <http://www.safer-networking.org/index.php?page=download
Install and run Stinger.
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKillerMiniRemoval, then CWShredder. Have the latter fix all.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and post it, or a link to your forum posts, here):
Spyware Info: <http://forums.spywareinfo.com/
Spyware Warrior: <http://spywarewarrior.com/index.php
Tom Coyote: <http://forums.tomcoyote.org/
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
And Larry, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
Paranoia comes from experience - and is not necessarily a bad thing.