Help me please - a website has taken over my PC!

Browntoa

I'll get Pchelpman to take a look later for you

Browntoa

pchelpman suggests its a Spywarequake infection

http://www.bleepingcomputer.com/forums/topic47826.html

try these steps first

Automated Removal Instructions:

1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download roguescanfix_setup.exe from here:
   
   roguescanfix_setup.exeConfirm that the file roguescanfix_setup.exe now resides on your desktop.
3. Double-click on the roguescanfix_setup.exe file found on your desktop.
4. Select your language from the drop down menu and then press the OK button.
5. Now press the Next button.
6. Select the option that says I accept the agreement and press the Next button
7. Press the Next button again.
8. Now click on the Install button.
9. The installation program will start installing RogueScanFix into C:\Program Files\Roguescanfix and then display a new screen. At the next screen, leave the checkmark in the Launch RogueScanFix and press the Finish button.
10. RogueScanFix will automatically be started and you will be presented with the Credits screen. At this screen press the spacebar and you will be presented with a menu. Press the number 1 on your keyboard and press enter. At the next screen simply press the spacebar on your computer to start the removal process.
    
    Note:Please note that when the program starts it will download a program from the Internet that it needs to use during the cleanup. If your firewall gives an alert about this, please allow the download.exe or run.bat program to access the Internet.
    When the program starts, your desktop will disappear, which is normal, so please do not be concerned. It will then start the SpywareQuake uninstallation program. When that program starts, click on the Uninstall button. When it has finished uninstalling, you can then press the OK button to finish the uninstalling of SpywareQuake.
    
    When this program is finished, and it was able to delete all the files, you will see a small prompt that says Completed script execution. Simply press the OK button. It will then open the Brute Force Uninstaller program. Close this by press ing the Exit button. If there a notepad open called task.txt, you can close that as well. Now continue to Step 11.
    
    If there were more files that needed to be deleted, the program will prompt you to reboot your computer. Press the Yes button and allow the computer to reboot. When you are back at the desktop, close the task.txt notepad if it is open, and proceed to Step 11.

we have done step 11 already so hopefully this will clear the remainder if no then follow the next post

Browntoa

1. Go to this page and click on the smitRem Download Link link to download smitRem.exe. When downloading smitRem.exe save it to your desktop. You will now see an icon on your desktop that looks like the one below.
   
   
   
   
2. Double-click on the smitRem.exe file. You will now see a screen similar to the one below.
   
   
   
   
   
   
   Click on the Start button and the program will start extracting the files into a folder on your desktop called smitRem. When it is finished, click on the OK button. If you look on your desktop you will now see a folder called smitRem.
3. Next, please reboot your computer into Safe Mode by doing the following:
4. Restart your computer
5. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
6. Instead of Windows loading as normal, a menu should appear
7. Select the first option, to run Windows in Safe Mode.
8. When you are at the logon prompt, log in as an Administrator
9. When your computer has started in safe mode and you see the desktop.
   
10. Close all open Windows.
11. Open the smitRem folder on your desktop and the contents of the folder will be similar to the image below.
    
    
    
    
    
    Double-click on the RunThis.bat file, as shown by the arrow in the image above, to start the tool.
12. When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.
    
    If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.
    
    Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and smitRem will prompt you to continue. Now you should press any key to continue.
    
    When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When smitRem has finished running it will automatically start the Disk Cleanup program as shown by the image below.
    
    
    
    
    
    This program will remove all Temp, Temporary Internet Files, and empty your Recycle Bin in order to remove any leftover files installed by this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will be back at your desktop.
13. When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.
14. Reboot your computer back to normal mode.

BrokeBrunette

Browntoa

many thanks for all your advice. Sorry I didn't get back on here yesterday, won't bore you with the reason. I intend to have a go at this later as I see I need lots of time to do it and it's pretty advanced stuff for me. I will definitely be back to let you know how I get on.

thanks once again

BrokeBrunette

Pchelpman

sorry, I forgot to add my thanks to you too.

Browntoa

no problems, one of us is normally around at the weekend

if you get stuck come back

Alfonso_Skinarelli

This is the last problem entry in the log which needs removing:

O21 - SSODL: altmannsberger - !!210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll

SmitfraudFix was updated on the 6th June to cover this so if run before then it wouldn't have fixed it.

Roguescan fix will get it though.


=====

The old Norton vs AVG arguement is always interesting. There will always be advocates for both programs but independent tests from the Virus Bulletin website give a far better pointer to the effectiveness of both programs (registration required to see the test results).

Norton has out performed AVG by a country mile on the detection of "malware" for years - fact. It's worth noting that BrokeBrunette is running Norton Internet Security as well which can detect adware and spyware. The free version of AVG does not. This will no doubt change very soon though with Grisoft's (AVG) recent aquisition of Ewido Networks. I personally can't stand Norton products but when it comes to detecting malware, I'm afraid AVG falls short at the moment.

As for Norton not preventing a SpySheriff infection, not many programs would (apart from maybe kaspersky or NOD32 which are streets ahead of the rest in detecting new variants of the Zlob trojan). You don't just "catch" the Zlob trojan. It takes user action to install it. The Zlob trojan comes disguised as a codec pack (emedia codecs is the usual infector) so be careful when trying to view video files you've just downloaded and you receive an onscreen message about not having the correct codecs to view it !!

That's enough of my waffle anyway!!

PS: Browntoe - Update your Ewido speech. The new version of Ewido Anti-Spyware is completely different rendering the old instructions a little puzzling.

Browntoa

ok.will do

BrokeBrunette

I've just finished running roguescanfix and the thingy is gone!!!

I can't express big enough thanks to you all for your help, advice and patience with a techie novice.

I was in total despair 2 days ago, thinking I would never get rid of it.

A BIG, BIG THANKYOU :T :T :T

I will keep those programs on my pc so I can use them in future if I need to, but I'm hoping they never get used again!

I thought having Norton would stop nasties on my pc, but obviously not.

Thanks again to you all

Browntoa

just run ewido once in a while in normal mode after using the "update" button on it before you scan to make sure things stay clean

if you find anything that it cannot remove in normal mode then run it in safe mode and it should do the honours for you

worse case you know where we are now