Thursday, December 6, 2007

Nasty Spyware

So I've been hit with a nasty spyware.

My IE browers wants to launch a new window usually an address of will come up in the browser window. But I get all sorts of pops and the sites that come up range from search sites, to adult sites. I imagine that these people that created this somehow are getting backend revenue from the clicks?

These are some of the steps I am taking now to fix and prevent this from happening again. I thought I was protected against spyware, I guess not.

Thanks to the folks at SWI Forums.

Please download VundoFix.exe, and save it to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.Then, please download Combofix by sUBs.1. Save it to your Desktop.2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log, as well as a fresh HijackThis log, in your next reply

First, navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /uNext, Please download OTMoveIt
Double click OTMoveIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.After that, please open HijackThis, and select Do a system scan only.Place a checkmark next to the following entries:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankO2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - (no file)O2 - BHO: (no name) - {F15BC6B6-0D55-4470-AC4F-2D14913FDD47} - (no file)Then, close all other open windows, leaving only HijackThis open, and select Fix checked.Now, restart your computer, post a fresh HijackThis, and let me know how things are running now.

Please open HijackThis, and select Do a system scan only.Place a checkmark next to the following entry:O20 - Winlogon Notify: iifdedb - iifdedb.dll (file missing)Then, close all other open windows, leaving only HijackThis open, and select Fix checked.Besides that, good work. Your log appears to be clean!Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.4) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

No comments: