ALi-B

iTrader: (1)

I've got a system at work that's been infected somehow with some adware/malware, hijacking the homepage to "homesearch", give "get rid of pop ups" pops ups. And everytime a serach engine is used (such as google) another popup appears withanother search engine searching for the same item.

Adaware and Spybot, lastest versions, fully updated can't find anything

Looks like I'll have to resort to sifting through the registry to find the culprits.

But to save me some time, does anyone have an idea of what particular infection is called and how to get rid of it?

Or anyone know of any good websites that can give me help to track down the malware installed and how to clean everything up?

DanTheMan

Ive got exactly the same problem and tried exactly the same things someone must have an answer

suba

i had this prolem before with SpotON. did a search on the web on how to remove it and managed to remove it.

zhastaph

Ali, I've been having almost the same problems, but a different search engine I think. And neither SpyBot nor AdAware gathering them up

The really annoying thing is, I've found apps running in the process list (burnsignpeak seems to be one I remember) and when you hack their settings out of the registry the w@nking pile of ******* ****e puts it back again, so it needs to be 'End tasked' first.

I'm sure you're aware of where to look, but just in case, good places to look are;

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Search
HKLM\Software\Microsoft\Internet Explorer\Toolbar
HKLM\Software\Microsoft\Internet Explorer\Extensions




I am VERY seriously considering writing a script or an applet that constantly spams their pile of sh1te search engines with the phrase "If we wanted our computers infected with your ******* **** we would buy a cd with it on, now go, **** off and die", then putting a link to said script/applet on many BBS and get as many people as I can to click on it and leave it running. I don't know how long you'd have to cripple their search engines to put them out of business, but it's gotta be worth a go

InvisibleMan

ive noticed the new version of AV software have builtin spyware removers in it which have deleted stuff that neither adaware or spybot even detects

kernel

Had a similar problem, found that cwshredder did the job

Do a google for it.

Mick

iTrader: (1)

Yup... cwshredder has got rid of some intensely annoying ones for me!


Mick

InvisibleMan

got a laptop with the same, av found but cant delete, also tried going thru reg, no luck so far

troj_agent.z2
troj_winshow.ab

mj

try:

http://www.webroot.com/wb/products/spysweeper/index.php

this picked stuff on mine that Adaware and S&D missed.

Mick

iTrader: (1)

mj - giving webroot spy sweeper a go - seems very thorough...

Says it found a 'remote key logger' - a bit worrying

Cheers

Mick

Peanuts

iTrader: (15)

try a search on hijackthis
its freeware and then you can post a copy of your log onto:
www.wilderssecurity.com
go to the spyware forum and then the hijackthis log posting section.
be prepared for a days wait as the spyware gang are in usa (time zone differences).

Andy

InvisibleMan

these ones are evil fvckers nothing seems to get rid of them. trawling thru the reg & its fiddly numbers is giving me a major headache

ALi-B

iTrader: (1)

Cheers guys, I've been out all day so I've yet to get round and look at it. But the pointers will defintely save alot of time.

I wonder if you ever caught the author of the adbots/malware you could sue them for lost hours in trying to remove them?

InvisibleMan

yeah wasted hours yesterday. Didnt get anywhere. I deleted the buggers went thru the reg, found the bastid website it came from & uninstalled the popups. go back into ie & theyre back. All settings are on high fvck-off bastid level... everything works ok i think it must have deleted something