Spyware says I have 12 Infections

[noj30]

Hi Guys,
I"m new to this forum, so if i'm posting this in the wrong spot you have my greatest apologizes. I opened an email today from a friend and received a virus. Right away my norton pulled up a window that said I recieved a virus. something called horse virus. I closed everything right away and ran my norton. it found 4 infected files and fixed them and deleted them. However now when i open my explorer i get a "about:blank" error and can not change my home page. there is 2 pop ups that go along with this everytime i open up window. I ran a spyware scan and found that i have 12 infected files. the files are as follows:

Alexa
Bargain Buddy
C-Dilla
TinyBar
Tracking Cookies (6 of these)

I hope I have all the information you need to help me out. I would greatly appreciate someone's help.

THANKS!!!

[bigc73542]

You might want to get a trial of tds3 here and make sure that you update the radius files before you run a scan to ensure you have the latest detection. Post back and let us know the results of the tds3 scan please

thanks

bigc

[noj30]

Quote:

Originally Posted by bigc73542

You might want to get a trial of tds3 here and make sure that you update the radius files before you run a scan to ensure you have the latest detection. Post back and let us know the results of the tds3 scan please

thanks

bigc

Thanks Mac for getting back to me right away. one question. i'm downloading your link right now. do i run my norton scan again or the spyware doctor scan?

thank you

[bigc73542]

Run the tds3 you are downloading now.

[noj30]

Here is what it said:

21:57:46 [TDS] Good evening John.
21:57:50 [Mutex Memory Scan] Started...
21:57:51 [Mutex Memory Scan] Finished (no trojan mutexes found).
21:57:51 [Trace Scan] Started...
21:58:02 [Trace Scan] Finished.
21:58:02 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.


??

[bigc73542]

You need to set it to do a full system scan, it will take a lot longer than a couple of minutes.

[Peaches4U]

why not download Spybot S&D, http://www.safer-networking.org/en/download/index.html do a scan and clean out the spyware with it. If u do not already have the following installed, u might like too consider it ....

SpywareBaster - http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard - http://www.javacoolsoftware.com/sgdownload.html

[bigc73542]

Good idea Peaches4u

[noj30]

Quote:

Originally Posted by bigc73542

You need to set it to do a full system scan, it will take a lot longer than a couple of minutes.

Sorry, about the confusion Mac. Here is what i found:

Positive Identification: Pornware.Downloader.Tibsystems c:\program files\websiteviewer\121689.exe

Positive Identification: Pornware.Downloader.Tibsystems c:\winnt\system\121689.exe


This has to be the problem, because when I opened the attachment it brought me to some adult website. How do I get these files off my computer and are they the problem?

[noj30]

can i just right click on those files in the TDS-3 and select delete? will that work? or is there more intensive work needed?

Thanks all of you!!!

[bigc73542]

After you ran the scan with tds3 it should have had the option to fix or clean the infected files, I don't remember the exact wording. Tds3 will remove the files for you. Deleting as you suggested should work

[noj30]

Quote:

Originally Posted by bigc73542

After you ran the scan with tds3 it should have had the option to fix or clean the infected files, I don't remember the exact wording. Tds3 will remove the files for you. Deleting as you suggested should work

No it didn't give me an option to fix or clean when it completed. It does have the files located in the bottome window. If i right click on them it give me the following options:

File Informtion
Submit File
Delete File
Save As Text

Where do i go from here?

[bigc73542]

After you clean the files with tds3 you really ought to get the programs in peaches4u post number 7. spybot search and destroy will get rid of the rest of your ad and spyware and the other two will keep it off of your computer

[bigc73542]

Quote:

Originally Posted by noj30

No it didn't give me an option to fix or clean when it completed. It does have the files located in the bottome window. If i right click on them it give me the following options:

File Informtion
Submit File
Delete File
Save As Text

Where do i go from here?

Delete them

[noj30]

Quote:

Originally Posted by bigc73542

After you clean the files with tds3 you really ought to get the programs in peaches4u post number 7. spybot search and destroy will get rid of the rest of your ad and spyware and the other two will keep it off of your computer

Ok i downloaded Peaches program, but if i run that 'im probably going to have to restart my computer, therefore losing what i have done on the tds-3 program. do i just go with the peaches program or can it be fixed using or original program tds-3?

[noj30]

Quote:

Originally Posted by bigc73542

Delete them

K. i'll do that

[bigc73542]

I guess I should recomend that you make sure that SB s/d is updated before scanning or if you did scan, after it is through update then rescan.

[noj30]

Quote:

Originally Posted by bigc73542

I guess I should recomend that you make sure that SB s/d is updated before scanning or if you did scan, after it is through update then rescan.

Ok, i ran the program Spybot search destroy that peaches recommended and it found 17 infected files. I checked them all and choose the fix problem at the top. It said all 17 files fixed. how ever i'm still geting the about:blank error when opening internet explo. i have entered my site and manually changed home page, it works fine, but when i open a new window i still get the about:blank error. any other ideas

You guys are rocking...i really appreciate it

[noj30]

Quote:

Originally Posted by bigc73542

I guess I should recomend that you make sure that SB s/d is updated before scanning or if you did scan, after it is through update then rescan.

I did update the downloads, before scanning.

[bigc73542]

there is a about blank fix that has worked for some people. I will look it up and post the link back here.

[bigc73542]

you can try the about blank fix at your own risk you can get it here but read the article before downloading or useing. about fix this has worked for some others but no promises because I have not personally tried it.



url deactivated==bigc

[noj30]

Quote:

Originally Posted by bigc73542

you can try the about blank fix at your own risk you can get it here but read the article before downloading or useing. about fix this has worked for some others but no promises because I have not personally tried it.

i did that one already. that was the one that i tried right away. well let me try it again, once i scan again. i'll let you know if that fixed it.





url deactivated==bigc

[bigc73542]

In case that doesn't get rid of it you might want to post a hijackthis log at one of the forums listed at the link HJT log check can get HJT here

[noj30]

Quote:

Originally Posted by bigc73542

In case that doesn't get rid of it you might want to post a hijackthis log at one of the forums listed at the link HJT log check can get HJT here

the file that keeps on coming up in the spybot is DOS Exploit. Have you heard of it?

[bigc73542]

That is a known false positive you can choose to put that detection in SB's ignored list