Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help! Computer Hijacked by spyware?!?!

Started by geminifilms , Mar 06 2005 04:57 PM

  • This topic is locked This topic is locked

#1
geminifilms
Posted 06 March 2005 - 04:57 PM

geminifilms

    New Member

  • Member
  • Pip
  • 3 posts
Somehow I have a spyware,malware, or trojan horse etc on my computer
and it is the worse one ever. I have run norton antivirus, adaware,
spybot, and cwshredder, and nothing has fixed this.


Here's the problem, twofold: (1) my desktop has been hijacked and my
usual picture is replaced by a black webpage with yellow writing that
says "Warning You are in danger!" and then goes on to talk about the
perils of spyware. It asks you to click on it, and when you do it
takes you to a page that has a list of spyware products to
buy...obviously all a part of the scam. I have gone into my display
settings in the control panel under customize desktop, and web, and
there is a file listed there called "security." I uncheck it, and it
goes away, bringing back my old desktop. However, upon reboot it
brings it all back!


(#2) In my system tray, there is a little yellow triangle with an
exclamation mark in it, and every few minutes it pops up with a warning


that reads "warning, your computer is at risk...spyware detected on
your pc....windows did not find spyware protection on this
computer...click to chooose a recommended spyware sweeper" (obviously
all again part of the hijack. If you click on it, and sometimes even
when you don't it pops up a blue website that appears to be a windows
warning (but is really not) that links you to buy more of their d***
spyware!


I have tried EVERYTHING, usually am able to fix these problems. Can
someone, anyone please help!!!!
  • 0

Advertisements

#2
coachwife6
Posted 06 March 2005 - 06:25 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please Click here!, and follow the recommendations in the guide.

If you're still having trouble, We'll need you to use a free diagnostic tool, Hijack This. Follow the instructions in step five of this guide, and post your log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Most of what Hijack This lists lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
bodybenz
Posted 17 March 2005 - 10:20 AM

bodybenz

    New Member

  • Member
  • Pip
  • 1 posts
I happened to get infected with this little nuisance as well, and I FINALLY found a way to get rid of it. Follow these instructions. NOTE: For those of you who also have this problem, make sure you also have Spybot. Also, make sure that the Spybot Resident protection is turned on(turn on both SDHelper and TeaTimer). This is the key to stopping it.
1. Do a full system scan of spybot. Remove any spyware that it finds.
2. Restart your computer.
3. Boot to safe mode. As soon as your computer comes back on from the restart, start hitting F8 until a list of options comes up. Choose SAFE MODE. Then push enter.(Note: That is for NT/2000/XP, others just start pushing F5 for safe mode).
4.Once in safe mode, click Start, then Run. Type "Regedit" (without quotes) in the box and push enter.
5. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce. Delete the value that pertains to the Spoolsrv32 service.
6. Navigate to HKEY_LOCAL_MACHINE\Microsoft\Windows\CurrentVersion\RunOnce. It too will have a value pertaining to Spoolsrv32 service. Delete that also.
7. Reboot your computer and let it load windows normally.
8. After logging in, let all the startup processes run. Spybot Resident protection should come up and warn you that Spoolsrv is trying to right to the registry. Check the "remember decision" box. Choose DENY!
9. Another warning about Spoolsrv might come up. Check the "remember decision" box. Choose DENY!
10. Open Regedit again. Start, Run, Regedit.
11. Repeat step 5.
12. Repeat step 6.
13. For those of you who don't know how to change the desktop back do this if you haven't been able to at all. Open My Computer, then Control Panel, then Display. Click on the Desktop tab. Click on Customize Desktop button. Click the web tab. Click on the "Security item". Click Delete. Uncheck "Lock desktop items" if you wish(not necessary, but is checked by the spyware if it wasn't before).
14. Reboot your computer.
15. Now relax and enjoy.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP