Please help, I've contracted some spyware?

Hi

I think I have got the SpySheriff spyware. I have done all the previous steps you have posted and don't seem to be getting anywhere. My uni disseration is in a few days and I so desperately need to get my laptop running again. Please help me.

When I restart in normal mode in seems to lock on the screen

Windows is starting...

I have got a Hijack This log file:

*****************************************************

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

***************************************************

I guess 'TimesSquare.exe' is a bit suspicious.

Will all my documents be ok?

If you can help me, it will be much appreciated. I'm so bloody annoyed this has happened to me and plus the timing couldn't be any worse with deadlines approaching.

Thanks

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread SpySheriff (aka SpywareNo) Removal

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

Hi thanks for your reply.

I have done as the posts say but still having no luck.

I deleted a lot of the files manually from windows\system32 and c:\ by arranging files by last modified and deleting files created at the time when I was infected.

So following the SpySheriff thread, I had already deleted quite a few of those files. I am still unable to boot into normal mode. It freezes on the screen "Windows is starting up...". All I can use is Safe-mode.

I do remember some other files I deleted which were called: Tool1.exe Tool2.exe Tool4.exe from windows\system32.

I havent done any online tests. Doesnt seem to give me access. Can you use the internet while in safe-mode?

I'll keep trying following the steps again and post my results.

I have attached the HJT log

Thanks

 

Hi

I'm still not finding a solution.

I have followed the threads step by step and its still locking on "Windows is starting up screen..." meaning all I can do is use my pc in safe mode.

I've even followed this thread:

http://www.techsupportforum.com/showthread.php?p=394101#post394101

SpySweeper detected SpySheriff and trojan-backdoor-us15info and a few other minor problems. I have now fixed these.

I am really stuck for ideas now. Luckly I can access my files but Im having to use computers at my department which is 3miles away and its only open at certain times.

I'm thinking of just doing a total format, but I really don't want to. Ive got so much stuff on my computer I want to keep.

Are there any other things I can do? I just seem to keep going round and round in circles.

Many thanks

 

Download AproposFix by Swandog46

Save it to your desktop or to another folder of its own, but do NOT run it yet!

Now reboot your computer in Safe Mode! (You must be in safe mode or this fix will not work.)

Once in Safe Mode, double-click aproposfix.exe which will give you a chice of where to unzip/install the program to). This is called the Destination folder in the window that popsup. So either install it to the Desktop or the folder where you downloaded the aproposfix.exe file to. It will create a new folder named aproposfix. Open the aproposfix folder and double click on RunThis.bat to run the fix. Follow the prompts.

When the tool is finished, reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file that has been created in the aproposfix folder.