A Digital Age Deserves A Digital Leader

Suspected Trojan/Virus

Suspected Trojan/Virus

Postby RipFire12901 » Fri Apr 14, 2006 3:40 pm

Latley for some reason my computer has been going haywire.

Constanly I get pop-ups from internet explorer. CONSTANTLY! I haven't use IE since last year in November when I first finished my computer. If there is said trojan in my computer then it's causeing me to get the BSOD. I ahven't gotten the pic of it yet though. Lastnight I had to remove a program called SpyGuard. Somehow it is back on my computer. But I have some screenshots to show you:

1. <a href="http://img135.imageshack.us/my.php?image=compproblem16mi.jpg" target="_blank"><img src="http://img135.imageshack.us/img135/9932/compproblem16mi.th.jpg" border="0"></a> 2. <a href="http://img135.imageshack.us/my.php?image=compproblem26pu.jpg" target="_blank"><img src="http://img135.imageshack.us/img135/2646/compproblem26pu.th.jpg" border="0"></a>
3. <a href="http://img135.imageshack.us/my.php?image=compproblem35la.jpg" target="_blank"><img src="http://img135.imageshack.us/img135/1540/compproblem35la.th.jpg" border="0"></a> 4. <a href="http://img135.imageshack.us/my.php?image=compproblem46ma.jpg" target="_blank"><img src="http://img135.imageshack.us/img135/385/compproblem46ma.th.jpg" border="0"></a>

1. This one happend as soon as I go into windows. I got a microsoft message about the error I sent into them about this problem.

2. This happend in the middle of my time on the computer. I have no clue what it is but it brings me to the link in number 3.

3. When I click on the ballon I am brought to this site.

4. Clicking OK does the exact same thing... it brings me to the link.


I have NOD 32 running but I can't finish the scan it stops around 71% and brings me to a BSOD. I tryed it in sfe mode but no luck. Right now I am recieveing a ballon about a suspected worm. It brings me to a different spy-ware/ ad-ware/ virus remover each time and the IE pop-ups are happening.

What the heck is going on with my computer?? :-? :cry: tia
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby jrfree1 » Fri Apr 14, 2006 3:53 pm

SpyGuard is a nasty little program that gives you false warnings to get you to buy its product.

These are the best instructions I have seen so far for manual removal of it and should do the trick:

To remove SpyGuard, please follow the instruction:

Terminate the process in Task Manager:
svcmon.exe

Click Start > Run. Type REGSVR32 -u <Dll_name>. Then click OK. Replace <Dll_name> with followings:
esys.dll
Flxgdfr.dll
stdftfr.dll
Tabctfr.dll
Msstdfmt.dll
Vb6fr.dll
Vb6stkit.dll

Click Start > Run. Type REGEDIT. Then click OK. Navigate to the subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value: "svcmon" = "%CurrentFolder%\svcmon.exe"

*Note: As always, it is a good idea to have your important files backed up before making modifications to system files or the registry.
[html]<a href="http://vistamania.org" target="_blank"><img src="http://img116.imageshack.us/img116/1784/sig1pa4.jpg" alt="VistaMaNiA" border="0">[/html]
Image
PROfessional Member
User avatar
Posts: 3779
Joined: Mon Aug 30, 2004 4:24 pm
Location: Florida

Postby RipFire12901 » Fri Apr 14, 2006 4:00 pm

Should my pop-ups be gone? The program is!! TY
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby RipFire12901 » Fri Apr 14, 2006 4:42 pm

I got this in the middle of my scanning:

<a href="http://img524.imageshack.us/my.php?image=compproblem55ri.jpg" target="_blank"><img src="http://img524.imageshack.us/img524/2901/compproblem55ri.th.jpg" border="0"></a>

You don't think this has anything to do with this, do you? <a href="http://www.pro-networks.org/forum/viewtopic.php?t=74214&highlight=" target="_blank">http://www.pro-networks.org/forum/viewtopic.php?t=74214</a>

EDIT: I am off to lunch. Ponder over it while I'm gone :yesnod:
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby RipFire12901 » Fri Apr 14, 2006 6:22 pm

Yea
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby augie » Fri Apr 14, 2006 6:41 pm

RipFire12901 wrote:I got this in the middle of my scanning:

<a href="http://img524.imageshack.us/my.php?image=compproblem55ri.jpg" target="_blank"><img src="http://img524.imageshack.us/img524/2901/compproblem55ri.th.jpg" border="0"></a>

You don't think this has anything to do with this, do you? <a href="http://www.pro-networks.org/forum/viewtopic.php?t=74214&highlight=" target="_blank">http://www.pro-networks.org/forum/viewtopic.php?t=74214</a>

EDIT: I am off to lunch. Ponder over it while I'm gone :yesnod:


Seems you may have a bad driver, have you recently added some new hardware? I don't think your RAM is at fault.
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung

eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby RipFire12901 » Fri Apr 14, 2006 6:43 pm

Just the RAM
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby RipFire12901 » Sat Apr 15, 2006 12:38 am

Ok, that seemed to fix my BSOD but what about the constant IE pop-ups??
(temporarly empty)
PRO Level 13
Posts: 699
Joined: Sun Oct 10, 2004 6:29 pm
Location: Plattsburgh, NY
Real Name: Collin Banko

Postby NT50 » Sat Apr 15, 2006 12:44 am

Reinstall NOD32 also
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Postby Neuromancer » Sat Apr 15, 2006 12:27 pm

The safest bet (though not always allowable) is to just format and reinstall. IF you periodically backup your data, then you only lose a at most a weeks worth of work :)

Malware infestations can be absolved by practicing safe surfing. CHIEF among them is when up get a popup, NEVER EVER hit ok or cancel in the mssage itself. Either hit X to close... right click and close via the taskbar (what I do) OR use task manager and the application tab to close it.

This does not help you AFTER the fact but its just good surfing habits. popups are a big nono to me and I NEVER click any of them.

Apart from that...check add remove programs and check the run and runOnce folder in registry.


Run Once especially as lots of nasties hide up in there.

Everything everyone has recommended is great info so far.

Safe surfing is the best defense. I still like good software to back that up :)

NOD32/Bitdefender and a sandbag firewall is awesome.
Image

"The spirit of resistance to government is so valuable on certain occasions, that I wish it to be always kept alive. It will often be exercised when wrong, but better so than not to be exercised at all. I like a little rebellion now and then. It is like a storm in the atmosphere."--Thomas Jefferson
PRO GOLD
User avatar
Posts: 5756
Joined: Sun Mar 28, 2004 5:19 am
Location: West Virginia

Next

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 4 guests

cron
cron