We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
HELP! PLEASE! Win 7 anti spyware con has infected & taken over my laptop!
Comments
-
Windows Defender still not working!
Its been got at!!!The Daleks Reign Supreme, All Hail The Daleks!0 -
Run a HijackHunter log (run as admin) so we can see if that flv.exe file was created recently:
http://www.novirusthanks.org/product/hijack-hunter/
Alternatively DDS will give similar info:
http://www.bleepingcomputer.com/download/anti-virus/dds0 -
I am running hijack hunter nowThe Daleks Reign Supreme, All Hail The Daleks!0
-
Its too big to post.The Daleks Reign Supreme, All Hail The Daleks!0
-
Shouldn't be, unless you have a really large hosts file (can be valid if you've installed hosts protections in the past). I'll PM you my email.0
-
Here are some extra bits from the Hijack Hunter log from Dalek:
[+] Executables in suspicious folders
C:\Windows\system32\SER9PL.sys (35892 bytes) (Prolific Technology Inc.) (6/8/2010 2:30:09 PM) (--A-) (a16fb34e56c781dc56be7492315655b9)
[+] Files created/modified 15 days ago
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll (1249280 bytes) (Microsoft Corporation) (3/29/2011 1:25:11 PM) (--A-) (3049f8dea68eafb3a8b91463c6675574) (Created)
C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll (1277952 bytes) (Microsoft Corporation) (3/29/2011 1:25:07 PM) (--A-) (054e87726b6626c4f96535a51bb1de44) (Created)
C:\Program Files (x86)\Spotify\Uninstall.exe (90875 bytes) (Unknown) (3/29/2011 1:08:46 PM) (--A-) (019b8e37fa4fa9925e617974edceb870) (Created)
C:\Program Files (x86)\Windows Mail\msoe.dll (1619968 bytes) (Microsoft Corporation) (3/29/2011 1:25:34 PM) (--A-) (7a016899b770513cac90cf361cb6ff3b) (Created)
C:\Program Files (x86)\Windows Mail\wab.exe (516096 bytes) (Microsoft Corporation) (3/29/2011 1:24:39 PM) (--A-) (5992835831a58d35ed60435ea15e51ca) (Created)
C:\Program Files (x86)\Windows Media Player\wmplayer.exe (164864 bytes) (Microsoft Corporation) (3/29/2011 1:21:02 PM) (--A-) (a0f1dfc9e47b2524213aff32e26be92d) (Created)
C:\Windows\grep.exe (80412 bytes) (Unknown) (4/5/2011 8:41:53 PM) (--A-) (9e05a9c264c8a908a8e79450fcbff047) (Created)
C:\Windows\MBR.exe (89088 bytes) (Unknown) (4/5/2011 8:41:53 PM) (--A-) (9daa7218961710008d7385b01bd3f386) (Created)
C:\Windows\NIRCMD.exe (31232 bytes) (NirSoft) (4/5/2011 8:41:53 PM) (--A-) (ae72e8619cb31d84da25e2435e55003c) (Created)
C:\Windows\PEV.exe (256512 bytes) (Unknown) (4/5/2011 8:41:53 PM) (--A-) (f1fba6185a6a2bc6456970914875078e) (Created)
C:\Windows\sed.exe (98816 bytes) (Unknown) (4/5/2011 8:41:53 PM) (--A-) (2b657a67aebb84aea5632c53e61e23bf) (Created)
C:\Windows\SWREG.exe (161792 bytes) (SteelWerX) (4/5/2011 8:41:53 PM) (--A-) (01d95a1f8cf13d07cc564aabb36bcc0b) (Created)
C:\Windows\SWSC.exe (136704 bytes) (SteelWerX) (4/5/2011 8:41:53 PM) (--A-) (b7517db073b28f5696a1e5528abeb5d0) (Created)
C:\Windows\SWXCACLS.exe (212480 bytes) (SteelWerX) (4/5/2011 8:41:23 PM) (--A-) (b1a9cf0b6f80611d31987c247ec630b4) (Created)
C:\Windows\zip.exe (68096 bytes) (Unknown) (4/5/2011 8:41:53 PM) (--A-) (5e832f4faf5f481f2eaf3b3a48f603b8) (Created)
C:\Windows\_MSRSTRT.EXE (2560 bytes) (Unknown) (3/29/2011 4:49:09 PM) (--A-) (815372073da85b2098a37ded84083c8a) (Created)
Would be an idea to send each of those exes to virustotal.com - I did follow up some based on the md5 hash and a few had some detections in the past but could be false positives.0 -
Thanks for your help everyone!!
I don't feel safe using the laptop now..........it's freaked me out all this.
Is a new lappy too!The Daleks Reign Supreme, All Hail The Daleks!0 -
Malwarebytes found nothing this morning.The Daleks Reign Supreme, All Hail The Daleks!0
-
-
If it's new, backup your data, restore to factory settings using recovery partition, install a resident virus scanner
I 2nd that
New computer - restore as to 'as new'
If you dont want to (though you really should) -
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards