[JustWeave]

Help!!! I noticed yesterday that some stuff popped up on my DDs computer screen during the shut down process that wasn't there before. I didn't give it a whole lot of thought. It looked like extra windows suddenly opened. I decided to run spybot as I hadn't done that for a while and it found some spyware. I cleaned it and immunized the PC. Now no one can sign into her computer.

I'll turn it on and it will start out as usual. About halfway through her wallpaer picture comes up then changes back to what I am used to seeing during start up. It ends with a screen it never showed before that makes you pick a user then sign in. When I click to sign in it just kicks me out and closes. I am using Windows XP. Be gentle with your instructions as I am a PC idiot. Can someone tell me a different way to get in? Do I need to take it to the PC doc? Thanks! DD will be livid when she finds out she can't use her 'puter.

[Bobbi]

If it was spyware, not some type of trojan, you can possibly get in via SafeMode.

Check out this thread:

http://neurotalk.psychcentral.com/thread47687.html

Here's another link that will take you to sites that explain how to enter using SafeMode:

http://www.google.com/search?hl=en&q...22safe+mode%22

[JustWeave]

I'll have to check this out later when I have more time.

[who moi]

sounds like a hijacked attempt.

Try as Boobie, I mean, Bobbie suggested to see if you can log in safe mode with networking.

Spybot doesn't catch everything and should be used as an ancillary to other better free antispyware products.

adaware free and superantispyware free edition would be good ones to down load. I suspect you've got a mal-ware hijacking attempt so malwarebytes' anti-malware will be a good one to download as well. They are all free.

Any external drives that you have that stores data, like external storage, USB sticks should also be checked for spyware/viruses are able to attack them these days and if you don't scan them, they can reload the crap back to your puter

then,you should run a few of them in safe mode without networking (but you must update them first) by unplugging your internet (ethernet cord)

and after all that, run a "hijackthis" from Trendmicro. That is if you want to, save it as a log file list and post it here, I can help you determine to see if you have any bad stuff up there. But that's an option for your own comfort.

good luck

[JustWeave]

Just wanted to add some information. Spybot found four problems some with multiple entries. The one thing it found, that I never had before, was hellzlittlespy. It is a trojan key logger. Just great. Not!!! I have not tried to resolve this problem yet as I don't have the time. I'll work on it tonight. My subscription for Norton's antivirus is always current and I get automatic updates. Why me/DD???!!!

Also, I have two sick computers, each with its own illness. This thread is one 'puter's illness while the other thread is a different computer. Sorry about the confusion there.

[Bobbi]

Since you have Symantec/Norton, I'd do the following:

Note what it states on your start-up screen for changing the boot pathway, and re-boot following those instructions.

Change the pathway to boot from your Norton CD, if you have a copy on CD or someone can lend you one.

See if you can wipe out the trojan.


This is about the trojan:

http://www.google.com/search?hl=en&q...=Google+Search

And, this is a Google cache/archive copy of info. re: the same trojan:

http://209.85.173.104/search?q=cache...lnk&cd=1&gl=us


You might have to take the 'puter to someone for removal if it can't be done on your end. I wouldn't continue using a computer with a known trojan. Not only is it a known security risk, it can also compromise files, etc.


Another thing, I'd try, because I am of the belief one can't really hurt a 'puter that's already messed up: I'd go into SafeMode, and do a System Restore - setting the computer to an earlier time/date or Checkpoint when everything was known to be working well - to put that trojan in a sleep-type mode.

Until I knew that thing was off the drive, I still would not use the computer for everyday use. I'd not want to mess up my files or take the risk of passing it to anyone else.

[Jomar]

and if is networked with other computers disconnect it from them.

I goggled " free Trojan cleaner"
here is the results
http://www.google.com/search?hl=en&q...=Google+Search

[Jomar]

I like to get downloads from CNET download.com

here's a listing of the cnet editors top free removers -
http://www.download.com/sort/3150-80...&fileSize=&qt=

if you can scan it with those and get it removed
then get a registry cleaner - like ccleaner to clean out any remaining traces of it.
then after it's cleaned do a back up of your important files
and install the threatfire program to assist the nortons AV.

Is your Nortons only AV? does it cover spyware,etc too?

Now I always use an internet suite product - covers Anti Virus, AntiSpy, wifi, email, IM even parental controls & ID protection if you want it.
I bought a year of Zone Alarm for 3 computers - only 49.95 I believe.

I use the threatfire along with it too.

Zone alarm info & comparison- {most of these products & the main brands have a free trail of 30days or so to see how you like it or not.}

http://www.zonealarm.com/store/conte...try=US&lang=en

[who moi]

Quote:

Originally Posted by Bobbi

You might have to take the 'puter to someone for removal if it can't be done on your end. I wouldn't continue using a computer with a known trojan. Not only is it a known security risk, it can also compromise files, etc.

Quote:

Originally Posted by Jo55

and if is networked with other computers disconnect it from them.

those two statements I agree with whole heartedly...

trojans are so powerful these days that they do more danger than viruses, IMHO. And they are known to embed so well that if you get rid of them, you would want to run the anti-spy/malware again just to make sure it didn't embed itself again.

Usually what I do for a client is the basics, although I must say that every puter has its own mind and each has to altered a little bit for some odd reason.

Basically, these are the steps when it comes to trojans.

1) If your DD is using any P2P program, uninstall it immediately. More than likely, she got the trojan that way. Most well known P2P programs are "Limewire" "Kazaa and it's offsprings", "ares"

maybe ask her.

2) There should ONLY be ONE anti-virus software. But there should always be MORE than one anti-spy software. Not ONE anti-spyware catches everything. A combination of them helps to catch most of spycrap. But new ones are created almost every hour/day so the spywares are created faster than they can catch them.

On top of that, Malware/greywares are on the rise.

3) If you can log in to safe mode via networking, download the anti-spywares and then do an immediate update. After that, unplug from the internet. Now run the software in safe mode and let it catch everything that it can, delete them all, restart back in safe mode, run the next one, same thing, until you've run them all.

4) run a hijack this file. You can take that file to Castlecop or other volunteer forums that offer FREE service that will help you. I can look at it for you here if you'd like.

5) If you are able to catch them all, update all the anti-spywares again and run them in safe mode again. Making sure that you've caught them all.

6) boot back into regular mode, run them in regular mode and see if they catch anything.

And make sure you run it to all your external drives such as USB sticks and external hardrives that you have informations stored.

whew...yes, it's a long an arduous job but not that hard when you think about your passwords, personal info, even bank account can be compromised somewhere in Russia(for some reason, a lot of the spywares come from Russia because their gov't don't have strict regulations against hackers/spyware people) and they are using your hard earn money as rupies. LOL

If you feel like you can't fix it. Take it to someone that can. It is worth the money vs losing thousands of dollars and compromising everything in your computer.

[JustWeave]

I told DD her computer was off limits until it was fixed, then ran and waited for her to blow up. She politely informed me while she was on the computer yesterday there was a "virus found on website, can not clean" pop up. She said she didn't down load anything and thought all was okay. I wish she would have told me when it happened as I would have run the anti-virus right away but...

I have decided to let a pro fix it as best they can once I find the money to pay for the help. I appreciate all your suggestions and will look up every link and website you have mentioned. A downed computer means at least one very unhappy human. Not pretty.

Thanks again for all your help.