pc help.....had spyware i think???

Donnie

crystal9 wrote: »

ok will do and i will get rid of the norton anti virus i got with google pack

Get rid of the GooglePack and it's add-ons. It's only more clutter.

Run SmitfraudFix

Suspicious entries: C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Click Start > Run > and type in:

services.msc

Click OK.

In the services window find PRISMXL.SYS
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Fix:
O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe

crystal9

Donnie wrote: »

Get rid of the GooglePack and it's add-ons. It's only more clutter.

Run SmitfraudFix

Suspicious entries: C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Click Start > Run > and type in:

services.msc

Click OK.

In the services window find PRISMXL.SYS
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Fix:
O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe

thanks donnie i will try to do this and get rid of google pack shouldn't i keep the spydoctor tho as that did find a lot of spyware

crystal9

Donnie wrote: »

Get rid of the GooglePack and it's add-ons. It's only more clutter.

Run SmitfraudFix

Suspicious entries: C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Click Start > Run > and type in:

services.msc

Click OK.

In the services window find PRISMXL.SYS
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.


Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Fix:
O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\tina deacon\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [loader.exe] C:\WINDOWS\system32\loader.exe

couldnt run this as my mcafee blocked it didnt trust it at all

Donnie

Did you follow the other instructions?

You may have to disable McAfee in order to be able to run SmitfraudFix. You can re-enable afterwards.

Is PanelApp something you use?

crystal9

Donnie wrote: »

Did you follow the other instructions?

You may have to disable McAfee in order to be able to run SmitfraudFix. You can re-enable afterwards.

Is PanelApp something you use?

think i might have diabled mcafee as i keep getting the yellow sign saying your pc isnt protected

oh gawd im so useless with this stuff.

value opinion is from a survey site and they told me months ago i have to leave it on

crystal9

well done it not sure what it did tho, it asked me to delete register (i think) i said yes

kev1n3

If you ever think you may have any of the Vundo family of Trojans on your system download this great little tool. http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde its saved my bum a few times.

Reluctant_spender

Not sure where you are at presently - Value panel looks legit - if you want to remove it do.

I am more concerned about loader.exe - this is a Zlob infection.

Mcaffe will go nuts at this program but it is safe.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"

• Double click SDFix.exe and it will extract the files to %systemdrive%
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
• DO NOT use it just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

crystal9

kev1n3 wrote: »

If you ever think you may have any of the Vundo family of Trojans on your system download this great little tool. http://www.bleepingcomputer.com/malware-removal/remove-vundo-virtumonde its saved my bum a few times.

thank you, i never know what to use, ive never had any problems before just this once and still dont know how it got on pc im wondering if it was a site my son went onto who knows

crystal9

Reluctant_spender wrote: »

Not sure where you are at presently - Value panel looks legit - if you want to remove it do.

I am more concerned about loader.exe - this is a Zlob infection.

Mcaffe will go nuts at this program but it is safe.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"

• Double click SDFix.exe and it will extract the files to %systemdrive%
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
• DO NOT use it just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

wow this sounds scary for me to do not sure ill do it right ive got no printer at the mo as mine is broke .

what i did earlier (what donnie said) would that of helped?