Re: Newbie/spyware problems
From: Ade05 (Ade05_at_discussions.microsoft.com)
Date: 06/28/05
- Next message: siljaline: "Re: explorer.exe..???"
- Previous message: Ade05: "Re: Registry error warnings"
- In reply to: Malke: "Re: Newbie/spyware problems"
- Next in thread: Ade05: "RE: Newbie/spyware problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jun 2005 17:24:02 -0700
Hi Malke, thanks very much for your detailed explanation. It does seem a bit
much for me to do on my own. I am not sure where I can take my computer in
Cardiff, or which company is reliable. I could copy out your instructions and
tell them to follow them. Also I am a graduate from Cardiff university, so
the university computer centre might help. Any ideas would be appreciated.
Thanks again, Adrian
"Malke" wrote:
> Ade05 wrote:
>
> > Hi. I need some technical help, and have not yet tried the Microsoft
> > phone helpline.
> >
> > I have had my computer since 2002 but never used the internet until
> > this recently, so am not up to date with security packs/patches. Do I
> > need packs 1 and 2, or is just 2 enough? Recently I had a big problem
> > with some "spyware" which appeared to be from Microsoft, but which was
> > not. This displays a variety of pop up messages, e.g.
> >
> > "Message from SYSTEM to ALERT on 28/05/2005 09:15:57
> >
> > Microsoft Windows has encountered an Internal Error. Your Windows
> > Registry is corrupted. Microsoft recommends an immediate system scan.
> > Visit www.PCRegFix.com for repair kit."
> >
> > I have turned on the inbuilt firewall which stopped the pop ups, but I
> > think the spyware is still on my computer. I worry that someone could
> > be accessing personal information. Is this a well known piece of
> > spyware? Can I look it up somewhere? And what package could I use to
> > get rid of it?
>
> Since you had the Messenger service running, you apparently have Windows
> XP and you have not upgraded to Service Pack 2. You were running
> without a firewall, and you don't mention what antivirus program you
> have. The probability that you have malware on your computer is
> *extremely* high. Here are general removal steps - go through them
> systematically. It is crucial that you do all work in Safe Mode with
> updated tools. If the necessary procedures look too daunting, take the
> machine to a professional computer repair shop (not your local
> equivalent of BigStoreUSA) and have them clean up and secure your
> machine.
>
> First delete all Temporary and Temporary Internet Files. For IE's
> Temporary Files, go to Control Panel>Internet Options>General tab.
> You'll see where you can delete cookies and files. For Firefox, clear
> its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
> Temporary files, Start>Run cleanmgr [enter]. Then follow these detailed
> malware removal steps, doing everything with updated tools in Safe
> Mode. You can find all the links to referenced programs and sites on
> my website here:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix or WinSockFix for XP - see links
> below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See the links on my
> website for a HijackThis tutorial and places where you can post your
> HJT log. Again, this is an expert tool and novices should get help
> with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
- Next message: siljaline: "Re: explorer.exe..???"
- Previous message: Ade05: "Re: Registry error warnings"
- In reply to: Malke: "Re: Newbie/spyware problems"
- Next in thread: Ade05: "RE: Newbie/spyware problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
