Author Topic: Spyware alert!  (Read 853 times)

0 Members and 1 Guest are viewing this topic.

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Spyware alert!
« on: August 28, 2009, 01:27:26 am »
I got some serious spyware. Spybot has been disabled for some strange reason. Does anybody know a good online spyware checker?
Heckling is an art, and game hacking a science.

ZOldDude

  • The Unknown Rank!
  • Administrator
  • MasstKer
  • *
  • Posts: 20874
  • Old School TKC
    • View Profile
    • Admin
Re: Spyware alert!
« Reply #1 on: August 28, 2009, 02:56:29 am »
http://www.malwarebytes.org/mbam.php 

http://www.superantispyware.com/

Can you get Spybot S+D to run in Safe Mode?

I got infected from just viewing a page of a well known and often visited website a couple of months back.
The server they were on got hacked and the main page had a IFRAME installed with 100's of nasty things!
One of them bypassed all FOUR of my active security programs as well as the registry protection.

It took me over 4 hours to clean up the mess it made (I never reinstall OS).

Now I have added a MEMORY firewall as well so no more buffer overflows.


« Last Edit: August 28, 2009, 03:05:07 am by ZOldDude »

*While we crash and burn, small, low tech, agrarian societies such as the Hmong in the mountains of Laos will continue on without so much as blinking an eye.*

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Spyware alert!
« Reply #2 on: August 28, 2009, 05:02:08 am »
Run is disabled. Regedit closes when I open it. Spybot closes, some other antispyware program closed. My contacts are flooded with messages. I get a windows no disk message when logging in and it keeps poping up. I get an exception on winlogon.exe when logging in.

Some bad things are going on.


Fail Safe Spybot worked and removed a few things. But the problem still persists. Nod32 finds only cheats as viruses, but I'll remove all detections from now on.

Heckling is an art, and game hacking a science.

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Spyware alert!
« Reply #3 on: August 28, 2009, 05:06:09 am »
Malwarebytes installed but closed down on run.

Superantispyware crashed too. Alternate start worked though, but crashed later on.

Are there any rootkit detectors that work in fail safe for 64-bit systems?

Heckling is an art, and game hacking a science.

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Spyware alert!
« Reply #4 on: August 28, 2009, 06:31:16 am »
Ok I removed parts of it, but I can't access regedit or see the system folder. I'm the admin, but I don't have the rights  :icon_razz2

Fail Safe here I go again.
Heckling is an art, and game hacking a science.

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Spyware alert!
« Reply #5 on: August 28, 2009, 07:16:44 am »
Ok things seem to work again. During my google-journey I encountered the most stupid answers I've seen.

Some people would just reply "You have to talk to the admin", when the poster was the admin. At other places the "work arounds" always started with "1) Write XYZ in Run". But how's that going to work when the problem is that Run is disabled.

Some genius even replied "there is no virus just a grat tool ur dad used to disable regedit"  :icon_laugh
Heckling is an art, and game hacking a science.

Micro

  • Relentless Teamkiller
  • **
  • Posts: 55
    • View Profile
Re: Spyware alert!
« Reply #6 on: August 28, 2009, 06:07:07 pm »
Hi everyone.
Spyware interests me.. I work in IT and spent alot of time removing it.
Just for future use people...
If you have XP, try downloading ERD Commander, it is a tool that will allow you to boot from a disc and attach to your operating system, you can then remove obvious threats from there.
What was the fix for you in the end Mullah?
« Last Edit: August 28, 2009, 06:14:13 pm by Micro »

M. O.

  • Administrator
  • MasstKer
  • *
  • Posts: 9185
    • View Profile
    • http://www.tkc-community.net
Re: Spyware alert!
« Reply #7 on: August 28, 2009, 06:38:01 pm »
I booted in safe mode with networking, and ran superantispyware. This one found things the other scanners didn't find. It found the spyware that affected winlogon.exe. When I logged back in the initial winlogon error messages disappeared, but I still couldnt access system32 and run run/regedit and that stuff. So I went in to enable it all manually in safe mode. Both through the group policy and through deleting norun entries in the registry.
Heckling is an art, and game hacking a science.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Spyware alert!
« Reply #8 on: August 28, 2009, 09:04:53 pm »
mullah easy way to kill everything is to use a soft boot cd , you can find them anywhere ( i use a linux one ) if any of my systems gets infected its easy to kill them.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157