spyware

pokane83 · Nov 4, 2005

hi ppl, have run the thread "READ AND RUN ME FIRST" and still have the problem, when i open my internet explorer page it comes up action cancelled then imediately goes to security centre saying ive got spyware and W32.Sinnaka.A@mm is collecting my information, could anyone help me out plz.

Major Attitude · Nov 4, 2005

Did you run the antivirus scans in safe mode per the tutorial, because it should have removed it. If not, do so, but also you may need to do some manual registry key removals:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sinnaka.a@mm.html

pokane83 · Nov 4, 2005

yes i ran the programes in safe mode and they removed a number of viruses, but i am still aving the same problem, in the bottom right hand of my screen a yellow flashing triangle keeps popping up saying " my computer is infected with new internet viruse jworm_attck_122.o2a

Major Attitude · Nov 4, 2005

Follow the instructions on Symantecs page before if you can? Here is the breakdown to save you from digging out whats important to you:

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as W32.Sinnaka.A@mm.
Delete the value that was added to the registry.

Heres how to delete the registry values:

Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

Click Start > Run.
Type regedit

Then click OK.

Navigate to the keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CLASSES_ROOT\txtfile\shell\open\command

In the right pane, delete the value:

"lsess" = "%System%\lsess.exe"

Navigate to and delete the following registry keys:

HKEY_CLASSES_ROOT\ANSMTP.OBJ.1
HKEY_CLASSES_ROOT\ANSMTP.OBJ
HKEY_CLASSES_ROOT\ANSMTP.MassSender.1
HKEY_CLASSES_ROOT\ANSMTP.MassSender
HKEY_CLASSES_ROOT\CLSID\{253664FB-EDFC-4AC6-BD69-B322F466AEED}
HKEY_CLASSES_ROOT\CLSID\{887A577B-406B-48FF-80CB-70752BFCD7B4}
HKEY_CLASSES_ROOT\Typelib\{DE6317F7-6EF0-45C2-88D1-8E09415817F1}
HKEY_CLASSES_ROOT\Interface\{68B8DCDB-EFA4-420A-BB8A-71B9892A2063}
HKEY_CLASSES_ROOT\Interface\{1E98666F-6260-42C9-B846-32B20fDEFE7B}
HKEY_CLASSES_ROOT\Interface\{A5F6C90C-ABE4-4C57-A421-8C5A202AA9F8}
HKEY_CLASSES_ROOT\Interface\{B13281CF-8778-4C98-AE23-ABBA4637A33D}

Exit the Registry Editor.

pokane83 · Nov 4, 2005

still have the problem after running them programes, when am browsing the web every so often advertising windows pop upi have run a number of programes in safe mode aswell,it my computer is also saying i have the new trojan ( jworm_attck _v122o2a

Major Attitude · Nov 4, 2005

Did you remove the registry entries. Did you do it in safe mode.

pokane83 · Nov 4, 2005

i searched for them registry files u told me and there wasent ones there with them names

bjgarrick · Nov 5, 2005

pokane83

You have 4 threads for this same problem, I have posted in the thread below so I would appreciate us keeping things in one thread to avoid confusion.

http://forums.majorgeeks.com/showthread.php?t=76556

Major Attitude · Nov 5, 2005

Thanks, I didnt see that. Future reference, multiple threads only hurts your getting help

Log in or Sign up

spyware

pokane83 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

pokane83 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

pokane83 Private E-2

Major Attitude Co-Owner MajorGeeks.Com Staff Member

pokane83 Private E-2

bjgarrick MajorGeeks Admin - Malware Expert

Major Attitude Co-Owner MajorGeeks.Com Staff Member