0

Pardon any naivete about Windows 2000 and Windows in particular. I'm a mac user and windows maintainer. He put Spycrusher on here and that seems to be a horrible thing to do. Ahh, yeah. From what I've read anyway. Hard to get rid of all of it.
This friend's machine was scanned by WinAntiVirusPro 2006(guessing it was real) by it's own doing and me allowing it. I just turned it(the machine) on, dug around and shut down auto spy-ware apps I've never heard of in the Windows world. Done lots of research on Windows viri, spys, malware and such but never come across this degree of infection.
Well, his uncle's is worse. It just shuts down from all the errors and junk.
Oh yeah. WinAntivirusPro2006 popped up hours after I shut the machine down. As did the Spycrusher.
I think they think it's a TV. Just change the channels (site).

Is there anything I can do, short of pulling and replacing the hard drive? Or putting a Radio Shack demagnetizer to it and installing XP? Doubt that it could handle Vista. Vista seems to be slow on a fast machine. I don't know the RAM in it yet. But not enough I'm sure.

I don't mind the challenges.
If you need more specs on the machine, fine. I can give you that too. The rest I can't get to. No program access or delete. Control panel is useless!! No internet connection. That's denied. ?
I wrote the list of the most critical junk that the Win program found. If you need it I have it.

Thanks in advance,

Danarchy

Specs, if needed, are available.

3
Contributors
7
Replies
8
Views
10 Years
Discussion Span
Last Post by Danarchy
1

If you can't get onto the internet, you have a problem unless you have a second PC and a portable drive to download remedial stuff.

The Anti-Spyware forum here will take you through what to do and it's long winded.

You might also consider my manual method which is described in a post in the spyware forum dated 24-Aug-2007. This also needs a secoind PC for you to operated on the screwed up system disk.

Good luck.

Votes + Comments
Timely reply with good info.
1

==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode.
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

And then a hijackthis log... see the virus and nasty forum.

Votes + Comments
Timely reply with good info.
0

If you can't get onto the internet, you have a problem unless you have a second PC and a portable drive to download remedial stuff.

The Anti-Spyware forum here will take you through what to do and it's long winded.

You might also consider my manual method which is described in a post in the spyware forum dated 24-Aug-2007. This also needs a secoind PC for you to operated on the screwed up system disk.

Good luck.

Thanks Suspishio.
I have two PC's to try to fix. I do have an old PC that can get on line. Very slow machine.
But I see why I need another from your reply.
I can't use my macs to solve these problems, obviously.

Thanks for the reply,
Dan

0

==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode.
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

And then a hijackthis log... see the virus and nasty forum.

Thanks Gerbil.
Between your and Suspishio's replies, I think I have the solution.
Just need to fire up the only PC that works and go from there. It'll be a challenge but I'll learn alot from it.

Thanks again for your reply,
Dan

0

Do let us know what happens as it enlightens those who try and solve problems reported here.

I will.
Got to get the working/slow PC set up and all.

Dan

0

Do let us know what happens as it enlightens those who try and solve problems reported here.

Okay,
I really appreciated your input and just your reply.

This machine is so full of viri, trojans, spy & malware that I think it's beyond repair. Well, in relation to money for repairing and time not paid for. I learned a lot from y'all and from reading after this. And from spending 14 straight hours dealing with this machine. Shut down about 20 times.
But I think I learned from a tech repairman that some things are best left to destroy and install. Some just to destroy.
I found out that this machine was worked on before to the point of the tech giving up and offering to replace the hard drive. Why it stayed with MS 2000 SP4, I'll never know.

If one replaces a hard drive don't they have to replace/install an OS?

There were too many hijackers on there to allow me to get past one page. So downloading was near impossible. I lucked out twice. Adaware(not Free though I tried to get that page)
scan found over 12,375 infections, worms, trojans and what not.

I rid the machine of some of these and it sped up. SpywareDoctor(free version) catches two per startup. Then they started reinstalling. Microsoft is a challenge. Not for the unknowing.

I haven't tried your download yet because i was trying to stay on line and seeing what was keeping me from doing so.

I'll try to get online and download that fix before I give up.

Thanks again,
Dan

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.