I have a red X showing up on the bottom of my computer screen that says your computer is infected windows has detected spyware infection etc I have nod32 i have run scans nothing comes up whatever this is it hijacks my browser and makes google instead of msn my home page, computer is extremely slow and freezing, when i first started having problem nod32 said it found spyware and quaranteened it after that the next scan showed nothing, i did have spyware blaster installed on my computer as well but that doesn't seem to help anything any ideas??

Hello,

try to automated cleaning tool SmitFraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix_En.php). If it doesn't help, create log from ESET SysInspector (http://www.eset.com/download/sysinspector.php) and send it to support[at]eset.com.

Regards

Thanks Kosak but i treid 4 times to get that fix you linked it goes to 99 percent then i get an internet explorer message that says the connection was terminated abnormally

Try safe mode with networking.

out of my league!!!!!!!!!!!!!!

anyone have any other ideas for a not so computer savy girl?

Do you use v2 of NOD32 with Blackspear's settings ?

You can't get the Smitfraudfix utility because ESET detects it as potentually unsafe application and IMON/web access protection blocks the connection.

203379


In order to download/use the utility , you need to either temporary disable the AV protection/modules , stop detection of potentually unsafe applications or uninstall NOD32 . You haven't provided any background information about your system and trying to clean such an environment is not a professional -in any way .

Either contact ESET Technical Support (support@eset.com) or post in a forum which provides malware cleaning services (such as AumHa forums (http://forum.aumha.org))

Also I'd suggest that you download and install ESET NOD32 Antivirus (v3) which has better detection than v2 thanks to the improvements it contains.

Easily cleaned with the combo of
CCleaner
MalwareBytes
Spybot Search and Destroy 1.6
SuperAntispyware

I ran Spybot several times and it came up with something called WildTangent each time but says it cant remove or "fix" it because it may be running or in memory or something like that. Then it says to try restarting the computer to fix it but just runs another scan with another can't fix it message. Each restart has a momentary flash of a small black window that shouldn't be there, and it says roughly - win32/command or commandeer (or something)/exe. This has been appearing since the moment the virus struck while downloading a supposed Adobe video add on from some website. That's when I got the immediate NOD32 warning screen that said the threat had been found and quaranteened.

The computer works fine now (after deleting some spyware with various free scanners) except my browser keeps getting "redirected". And yes I do have NOD32 2.7 with the Blackspear mods done when I first got it.

Does any of this help or should I just keep running spyware scanners?


This is what spybot says:

WildTangent: [SBI $3A3BDC07] Program directory (Directory, nothing done)
C:\WINDOWS\wt\

WildTangent: [SBI $76830867] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\

WildTangent: [SBI $AEA200D6] Program directory (Directory, nothing done)
C:\WINDOWS\wt\wtupdates\WireControl\

This is what you do. The moment you turn on your computer, press the F8 button couple of times (like every second or so). The trick here is to get into the safe mode options before the Windows XP loading screen (assuming you're using XP). There will be a black screen asking you how you want to load windows. Select Safe Mode (with Networking). It will look very plain and when you log into your account, Windows will ask you if you want to continue using safe mode. Select Yes. From there, run SpyBot and you should be able to delete those pesky things. Also, run with the other scanners you have and delete whatever it detects.

--- Side question to those who are experienced: how do you run a NOD32 scan in safe mode? When I go into safe mode and open NOD32, it says something about kernels not working? Is there a way to go around this so I can scan my computer during safe mode?

OK here's what I found, I still couldn't remove Wild Tangent in safe mode (got the same message from spybot - in memory) BUT I also found out that wild tangent ISNT my problem. As explained here -http://forums.spybot.info/showthread.php?t=2313 It's just a game.

So now I'm back to not knowing what has hijacked my computer! Whatever it is it's gotten by both NOD32 and Spybot.

Just to recap, it hijacks my browser, sometimes every time I click on something - but only the first try (Yellow Book is a common destination I've noticed) - and other times it's quiet for a while.

I'll go try some of the other programs StoneCat kindly listed.