Defeated by malware

[Doobie Dan]

My fiancee's computer is totally fuxxored.  She has some kind of spyware/adware which acts more like a virus, and I haven't been able to fix it.  I believe it started with a trojan called Winshow (http://www3.ca.com/securityadvisor/pest/pe...px?id=453076071) and I tried to combat that to little success with various programs and following instructions to manually remove it.  The article says that it may download and run unsigned code, and I fear that this program may have put worse stuff on her computer.  Now almost all the time there are processes: either drvurl.exe or comftp.exe (either or, never both at once) that are running and sucking up >50% of the CPU resources and lord knows how much virtual memory.  Also full-screen popups occur, triggered by certain strings in web pages; for example, ads for anti-spyware software when the word spyware is on a page (this is a confirmed effect of Winshow).

Anybody heard of this stuff before?  I can't find anything online that can fix it.  Adaware and Spybot try to fix stuff, but never work.  If I can't figure out something soon, I'm going to buy a new hard drive for a fresh install.

 :help:

[lolfighter]

Uh, a new harddrive? Isn't that bit drastic? Don't you think format c: will do the trick?

[DiscoZombie]

I assume you tried terminating the process(es)?  do they just start back up?  did you tell spybot to run on system start?  that could help...

perhaps search for the offending processes in your registry and delete any references to them?

[That Annoying Kid]

hmmm, if it acts more like a virus google search for trend micro and run there java applet that scans for viruses, no installing just connectiong. Ad-aware + spybot + antivirus scan + checking MSconfig to see what starts at startup

buying another HDD is a bit excessive, you can just reformat and reinstall if it gets to hectic

malware is a bitch man, I hate that ess

[edit]
oh, get firefox 1.0, that will help
and the link that you provided had indepth details on how to manually remove it, have you attempted that?
[/edit]

[Malevolent]

Check your registry for weird things. Disable things in msconfig and search for the files you think are causing it. That usually gets rid of everything. If that doesn't work, get an antivirus program (a trial will work since it's just for this). Just keep searching for apps that get rid of it too. You can always find something (unless it's a new one :p, but it probably isn't).

[Black Mage]

grab spybot and ad aware.

go to safe mode (with networking if you can)

terminate all processes that you do not need

run spybot

run ad aware

clean msconfig

run spybot again

run ad aware again

reboot (safe again)

terminate all processes that you do not need

run spybot + ad aware once more

run any antivirus software you have

run housecall (trend micro)

doublecheck msconfig

get spybot to run on next boot

standard boot

let spybot run

check active process list

get firefox

turn windows ICF on

if you have broadband, get a hardware firewall

show primary and secondary users this image:

[That Annoying Kid]

^^


do it, do it now


Doobie you came to the right place  ^_^

[Black Mage]

time for linkspam:
spybot: [freeware]
spy sweeper: [shareware]
ad aware se: [free/pay licences available]
housecall: [freeware]
symantec (home of NAV): [pay]
windows ICF page: [comes with XP]
linksys: [hardware aint free]
smoothwall linux (converts any old box, 486 or above, with two NICs into a firewall): [GPL!]
secure windows 2k/xp: [clicky]
more stuff: [rawr]

[Doobie Dan]

Uh, a new harddrive? Isn't that bit drastic? Don't you think format c: will do the trick?

[snapback]34933[/snapback]

A) Was planning on buying a new one anyway as backup.
B) This is the equivalent of the format C:, only preserving the data.  I'm not going to be throwing away the harddrive  :p   I'll use the new one as the master, install the OS on it, copy the data and media over to the new one, then format the old one and have two hard drives.

I assume you tried terminating the process(es)?  do they just start back up?  did you tell spybot to run on system start?  that could help...

[snapback]34938[/snapback]

Yes and yes.  The processes start right back up.  Spybot runs on system start, and I enabled the thing that prevents changes to startup files.  The Spybot change control thing pops up, "this thing is trying to change your startup files."  I click "Deny change" and it's back in 3 seconds with the same thing.  A bit futile unfortunately.

and the link that you provided had indepth details on how to manually remove it, have you attempted that?
[/edit]

[snapback]34939[/snapback]

Yes, I followed those instructions and they didn't help.  Which makes me wonder if this thing downloaded and installed something worse... or maybe it was something else entirely to begin with?

Thanks for the replies everyone.  BM, I'll give that routine a shot if I don't get out the hammer first.  It moves sooooo slowly at this point that I'm thinking it might be better just to get the other hard drive.

[Clashen]

Have you tried to simply look in the Add/Delete programs menu?
I some really anooying Spyware (or something like that), neither Spybot or AdAware coufind anything but i could find it there! :o NUBALERT!

[Doobie Dan]

Have you tried to simply look in the Add/Delete programs menu?
I some really anooying Spyware (or something like that), neither Spybot or AdAware coufind anything but i could find it there! NUBALERT!

[snapback]34971[/snapback]

Heh, I wish.  That was the first thing I tried.

It actually added itself back to the program list after I removed it.  Took about 1 second.

[That Annoying Kid]

how did black mages blitzikrieg against the malware go?

[duherman]

Malware is horrible. Anyways use RegCleaner to get rid of Registry Entries.

[Nooblet]

Also try getting Bazooka, its a program that tells you everything you need to know about the company where you could have gotten it from and what its clasified and more, it tells you step my step how to manualy remove reg keys and files from your system. works f-ing great if directions are followed.