Spyware Fun, Please Help Or My Week In Hell

[Joelle]

This past week I disregarded a warning at a website that my security provider said was questionable, at best.

I disregard a lot of those warnings because they commonly come up for me at Megaupload and Media Fire (this incident happened at MediaFire) I hope I have the name right it's obviously an uploader.

In moments I had fake "found viruses" alert that has never taken hold on my computer because I had GOOD security software then replaced (it expired) it with security software I THOUGHT was good.

It's not a good security suite that I deployed, I'm not saying it's crap but this hasn't happened in 4-5 years of using SPYWARE DOCTOR.

The spyware took hold of my computer and in seconds.

- then all kinds of alerts were going off - I couldn't tell the fake alerts from the real alerts so I chose NOT TO CLICK ON ANY OF THEM.

Rather chose to panic, shut down/turn off then get a drink.

That's been it ever since it happened, and on like Wednesday.

Here's what it did and does, I think it's typical spyware:

1) Knocks out my ISP, takes it down.
2) Shuts down and off "System Restore".
3) Eats two or three "drivers."
4) Sent a bag of dog shit to my front door.
5) Poisoned my two cats.

So here's my question, if it shut down and out System Restore.

And it if knocked out my browser (IE).

And if a driver or two is done (I'm guessing I don't know this part for sure)

How in God's name do I turn IE back on, restore the system to like last week, in that nothing sensible has worked, such as "Last Known Good Configuration, etc."

I thought about shutting down System Restore, turning it off, then turning it back on so it's at least ON, but this spyware is so good this means that all restore points will be lost so I'm screwed going that way, as well.

It's very good spyware, not a lot different that another nightmare I had and way back in 2006, but very good nonetheless I admire the prick who devised it he seemed to cover all of his or her bases.

I'm in safe mode w/networking now, I was able to get the browser back up easily in safe mode, but the same tactics don't work if I run the computer normally.

Should I try something else, am i overlooking something?

Am I screwed to the tenth power?

Should I buy a CASE of wine tonight instead of just a bottle?

Anyone with know-how and suggestions that has good anti-prick measures will be a big help/much gratitude in advance.

And I'll replace the security at once, even if it's just AVIRA or AVG I thought this "suite" would be better than freeware but now I'm not so sure.


Joelle

 

[akuma2002]

I guess one of the reasons you got a spyware is obviously because you're using a weak security-oriented browser, called Internet Explorer. I'm using Firefox and Chrome, and i've never had any problems with those uploading sites.
I think you should also raise your security level by installing better antivirus (like NOD32 or Kaspersky) and firewall (Outpost firewall Pro, hope you don't use Windows firewall)
try downloading a spyware cleaner like Spybot or Adaware from a clean computer and try installing and running them. A deep antivirs analysis is also needed.
And last but not least, always read with attention the system messages when browsing the net. Compulsive clicking on yes button can lead to nasty problems, as you have already experienced...

 

[guy]

System restore does not help, especially if you have a rootkit or some other low-level spyware.

Option 1) Download Malwarebytes Anti-Malware, Spybot S&D, Ad-Aware, or other spyware removal application (use multiple programs for best results). When you run the scans, each application will tell you the names of the spyware/malware/trojan/etc that your computer is infected with. Google those names and you will find specific instructions on how to remove each infection.

Options 2) Reinstall Windows, choosing to perform a full format. Make sure you also scan/check any additional partitions, hard drives (internal and external), thumb drives, memory cards, or any other writeable media you may have.

Consider upgrading to Windows 7, which provides a decent spyware blocker (regularly updated and free with a Windows 7 license); when combined with an active virus scanner, malware blocker, or firewall solution, it provides effective security.

 

[isityours]

i can say that, from my limited experience/knowledge you would do well to take heed of both akuma and guys suggestions.

to remove the spyware you must first identify it. as products offer different results, it is a good idea to use several different options. when running the scans make sure that any existing AV is either disabled (services.msc) or just uninstall it. download .exe to a clean computer and install, update, scan, identify, remove then uninstall before repeating with the next software. i only recommend this route if you are interested in finding out how to do this (in case it should ever happen again) as it could be a long, laborious task. doing a clean install is likely the fastest option.

at the end of the day prevention is the best medicine.

i use firefox (Pale Moon build which i thoroughly recommend) with the following security/privacy enhancing extensions:

BetterPrivacy, ghostery, NoScript, TrackMeNot and WOT. the most effective of those being NoScript.

firewall and AV are:

comodo firewall (standalone) avast! 5 and SpywareBlaster. avast has a built-in link scanner that stops possible web originating attacks before they get to the computer (in many cases).
i used to have several of the above-mentioned programs, installed as scan only products, but gave up using them when they repeatedly found nothing.

i also have Namoroka 64 and find it fast (only applicable if you have a 64bit OS, which i also recommend), but flash still gives me issues so i am waiting for a non-beta release of flash player until i go back to it more regularly.

 

[Syobon]

I use Avira + comodo firewall, never used IE, no malware problems :harp:
many good suggestion above, just reinforcing the improve your security asap.

 

[lowleg26]

Sorry to hear about the trouble you're having. Its already been said, but a complete OS reinstall is probably the best route. Hopefully you have your drives partitioned so your data is safe.

I also second isityours' suggestion of firefox with some choice add-ons. No-script is just plain awesome. I also agree with his suggestion of Avast anti-virus.

And, of course, there's always linux! If you don't want to switch OS, its still not a bad idea to download and make a linux distro live CD. That way, if you ever run into issues again, you've got a clean, quick, functional OS ready to use until you can clean up your primary OS. Just a thought.

I hope things are working out. Let us know how its going.

 

[Rollyco]

If you're the type of person that gets infected with malware, you need to be more proactive (antimalware and antivirus are fine, but reactive in nature.)

Install and run Microsoft Autoruns and Microsoft Process Explorer and run them on a regular basis to get familiarized with the regular list of startup items and running processes on your system. That way unfamiliar items will stand out.

Minimize your attack surface; uninstall all unnecessary browser plugins. Uninstall the Java plugin if you don't absolutely need it. Exploits are discovered for Java and Flash all of the time.

Keep your software and plugins up-to-date (this is critical.) If you install the free Secunia PSI it will periodically scan your installed software and notify you if any is out of date (and optionally auto-update some of them.)

Sandbox your internet-facing applications (browser, Adobe Reader, Outlook, Office, etc) to limit the damage in case an exploit gets through. hXXp://hotfile.com/dl/91181385/60e2798/Sandboxie.v3.50.Multilingual.Cracked-EAT.rar.html (password: rl-team.net)

 

[Ceewan]

A lot of good solutions to the same problem. I guess it depends on personal preference as to which solutions, or mix thereof, is right for you. I have a lot of little disagreements with many of the suggestions but I agree in spirit to all of them.

I tread dangerous ground when I surf, just for fun, and I have not contracted any serious bug in many years. A few important things to remember:

1. Most importantly is realizing how these viruses get into your system. Most web-bugs, (viruses you pick from merely browsing), are script activated. Usually but not always, java or visual-script. So browsing most places without javascript, (see the noscript suggestion for firefox above), will prevent many possible occurences.

2. I personally do not like anti-virus programs...they are too system intrusive. Yet a resident anti-virus program is a must if you are going to surf the wild blue internet and boldly go where link scanners won't let you, (I hate link scanners, they are spyware IMO, disable them is my advice).

3. A good firewall is a must. But I would suggest to get the firewall alone and advise against any security suite. Outpost and Comodo are two excellent ones already suggested. They can be a bit of a pain at first but once you get them set-up the way you want they are vital to preventing and most importantly limiting, any damage that maleware, (which is what you had), can do.

4. Spybot. It is a great free little software addition to your little security package.

5. Don't pay for anything, I don't. There is no need. Your computer and internet access is all you should have to pay for......anything else is scam by those greedy capitalists. Trust the programmers that are only interested in providing software that is a benefit to others and wants nothing in return. Sourceforge.net is a good place to find free stuff.

A little feedback would be interesting, curious to know what steps you took to get back online and what you surfed here with when IE went down.

 

[Rollyco]

So browsing most places without javascript, (see the noscript suggestion for firefox above), will prevent many possible occurences.

Sorry to burst your bubble, but noscript isn't going to protect you from anything other than annoying ads and social engineering type stuff. I'm pretty sure the majority of in-the-wild web malware is vectored through the Java and Flash plugins.

 

[Ceewan]

Sorry to burst your bubble, but noscript isn't going to protect you from anything other than annoying ads and social engineering type stuff. I'm pretty sure the majority of in-the-wild web malware is vectored through the Java and Flash plugins.

not bursting my bubble, because you are dead wrong, IMHO. Although to clarify; I do not turn on javascript often and only use noscript when I must use javascript to surf certain sites that require javascript. Of course if you feel the need to be right about this, then please do, it will save me a needless and boring discussion. I know what works, I do not always need to know why it works or argue over every vague point.

Good point about the flash plugins and Java Applets. I have had flash and most other plugins disabled for so long I tend to forget about them. I miss out on youtube, other streaming videos and some flash games but I really do not see me missing out on that much there. There are plenty of games and videos that I can download and play that do not pose a security or anonymity threat.

There are a number of articles on Surf Safe Basics. They might be a bit dated but then so am I. Here is a link or two:

http://darkfaqs.boom.ru/SurfSafe.htm
http://www.my-proxy.com/content/security-tech/surf-safe-basics.html

Now I don't subscribe to everything reccomended in these tutorials but perhaps at one time I did. Nonetheless there is a lot of information here that will keep you safe, secure and anonymous. The more of it you use, the better off you will be.

SS all,
Ceewan

 

[Rollyco]

I amend my statement about noscript, since it can block Java and Flash, it is an effective countermeasure against malware. I use Opera so I'm not intimately familiar.