Spyware downloader program problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by wanderingsoul, May 13, 2008.

  1. wanderingsoul

    wanderingsoul Private E-2

    I recently got hit by this spyware downloading program where when I'm using IE or just going through my windows folders an error windows will pop up saying my computer is infected with dangerous virus

    Goes something like:

    "Your system is infected with dangerous virus!

    Note:Strongly recommend to download antispyware program to clean you system and avoid total crash of computer

    Click OK to download the antispyware. (Recommended)"

    If I click OK it directs me to a site where on Firefox is blocked due to malicious stuff and on IE it insists on installing something unknown(presumably spyware/malware considering the circumstances)


    I've tried using Spybot to scan and I've cleaned out a Win32 but this thing still bugs me.
     
    wanderingsoul, May 13, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, May 13, 2008
    #2
  3. wanderingsoul

    wanderingsoul Private E-2

    Hmmm...somehow avast detected another win32 today...cleaned it...hope nothing is wrong anymore
     
    wanderingsoul, May 14, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you don't follow the instructions we give then no one can help you. Please do what TimW requested otherwise no one can help you any further.
     
    chaslang, May 14, 2008
    #4
  5. wanderingsoul

    wanderingsoul Private E-2

    I did read it...
     
    wanderingsoul, May 14, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to run it and complete the instructions in it if still having problems.
     
    chaslang, May 14, 2008
    #6
  7. wanderingsoul

    wanderingsoul Private E-2

    I was doing the Sun java part and suddenly avast detected it.

    Seems clean now.

    No more sudden pop ups during internet explorer or windows explorer sessions

    Just for info the win32 avast detected was in WINDOWS under the name of iebhc as I recall
     
    wanderingsoul, May 14, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As I already stated, if you want any further help, like having us verify if your PC is really clean, you need to complete the instructions in the READ & RUN ME and attach the requested logs. I doubt you are clean.
     
    chaslang, May 14, 2008
    #8
  9. wanderingsoul

    wanderingsoul Private E-2

    doing so
     
    wanderingsoul, May 14, 2008
    #9
  10. wanderingsoul

    wanderingsoul Private E-2

    Couldn't run combofix.

    Is using all 3 (SUPERAntiSpyware,SpyBot - Search & Destroy,Malwarebytes Anti-Malware) necessary?
     

    Attached Files:

    wanderingsoul, May 14, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why couldn't you run ComboFix? What happens? Based on your logs, it was not even downloaded as requested.

    You must run ALL the steps in the READ & RUN ME from beginning to end. And they must be run in the order written. The steps are not optional. You did also need to uninstall Messenger Plus! 3 as requested in step 1 of the READ ME. It probably has installed a bunch of malware on your PC. Each of the below should be uninstalled which came with Messenger Plus

    Messenger Plus! 3
    Messenger Plus! Live & Sponsor (CiD)
    StuffPlug-NG (Messenger Plus! Plugins)
    StuffPlug 3"

    You also need to disable Spybot's Teatimer as requested in the READ ME.
     
    Last edited: May 14, 2008
    chaslang, May 14, 2008
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Using all the anti-virus/malware scans are necc.,....they eliminate a large percentage of the problems.

    The only suggestions I see would be to :
    1) Run C:\MGtools\analyse.exe by double clicking on it(Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking fix, exit HJT.

    2) Then uninstall:
    Messenger Plus! 3"
    Messenger Plus! Live & Sponsor (CiD)

    Otherwise, Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, May 14, 2008
    #12

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds