Self replicating files

Discussion in 'privacy problems' started by 1c3M4n, Aug 19, 2004.

Thread Status:
Not open for further replies.
  1. 1c3M4n

    1c3M4n Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    4
    Okay, here's my dilemma. My computer became infected with mass spyware a few days ago, and adaware started cleaning up hundreds of files. It seems no matter what I did though it always came back. It turns out that I had aquired the evil twaintec.dll and that I could only eliminate it for a little while at a time before it came back with a host of toolbars and all kinds of crap. Whenever I ran adaware it usually only found 4 to 12 files, but when I tried the trial version of Scan Spyware 3.7 it found hundreds more, so I figured it was doing what adaware could not (yes, it had the latest update). In order to clean everything up I had to purchase the full version, a desperate move from someone like me if there ever was one. It eliminated a good portion of it at first but now every time I run it it finds the exact same files, and each time I delete them I immediately scan again to find that they haven't gone away. This happens regardless of if I restart in order to elimate the shared registry files or if I am connected to the internet. Every time I restart if finds hundreds of files, including twaintec. I am very frustrated with this and would love it if someone could shed some light on what I have to do to fix this.
     
  2. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    Hi 1c3M4n,
    No solution to your problem, but ...
    This Scan Spyware is a rogue anti-spyware.
    This is what the Rogue Anti-spyware page says about it.
    scanspyware.net aggressive advertising (1); false positives work as goad to purchase; Ad-aware knockoff

    If you want to take a look, you'll find the link in my sig.

    One advice, remove it from your system and use only the trusted ones. ;)
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    oops, Eldar beat me too it. :D



    snowbound
     
  5. 1c3M4n

    1c3M4n Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    4
    I guess I threw away $30 for no reason. :mad:

    Those instructions to remove twaintec did not work. Also, Adaware is not currently finding any files but pop-ups are still getting thrown at me. I don't see any viable solution.
     
  6. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    I would also give Webroot's Spy Sweeper a try. It's very good on automatic removal and seems to get it all. But, you'll hear a lot of people here say, and I agree, use AdAware and SpyBot (both free) and if you can afford the $25 - get a copy of Spy Sweeper, and stay away - at all cost- from the rogue "anti-spyware" tools.

    You can find Spy Sweeper here:
    http://www.webroot.com/wb/products/spysweeper/index.php
    Or, it's in most Best Buy, Office Depot and Staples locations. It's cheaper retail, btw. The stores have it usually at $24.95 - it's $29.95 on the site. You can go to the above link and give it a spin for free.

    Good luck!

    John
    Luv2BSecure

    .
     
    Last edited: Aug 19, 2004
  7. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    :rolleyes: Your not only one who did. I previously bought ZeroSpyware, which is also on that list, but at that time I didn't know.
    Like luv2bsecure ;) said, use Ad-Aware and Spybot S&D. They complete eachother just fine.

    Spy Sweeper can always be downloaded from their website. You can get new definitions once, before you've to buy it to get regularly updates.
    BTW I hope you're using Ad-Aware SE from Lavasoft and not some other rogue.

    Just my 0.2 euro. ;)
     
  8. 1c3M4n

    1c3M4n Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    4
    I don't know what to do anymore. No matter what I do it keeps coming back.... adwatch logs another event every few seconds. Is reloading windows my only alternative? And does that guarentee that it will be gone or could some website be retaining my IP address to screw me after I wipe my hard drive?
     
  9. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    What a mess. For these purposes - and I hope I am right - I will assume you are using Windows XP. Here's my ideas for immediate FIRST AID..........

    But first, what about Restore Points? Is that enabled on your OS? Most of us would recommend disabling it in a normal situation. But, in this case, if it is enabled, you might just get lucky and roll back to a point before all hell broke loose. And even then, the following wouldn't hurt.

    1. Immediately get Spybot Search & Destroy to augment AdAware. It's free at their website. Install them both and immediately update the detection files for both programs. In your situation, I would also download two other programs:

    A) There is a free program called ewido. You'll get the full version - with updates - for 14 days. Get it here:
    http://www.ewido.net/en/

    B) Grab Webroot's Spy Sweeper with a 30-day trial and one free detection update. You can get it here: http://www.webroot.com/wb/products/spysweeper/index.php (Be sure it is Webroot's Spy Sweeper. There is a rogue program with the same name.) The link I just provided is the correct program.

    Again, I can't stress enough, get the detection/signature file updates for all of these programs.

    2. Go to Windows Update and download all of the Critical Updates.

    3. After you have downloaded the programs above - Get Offline! Not just close your browser - but completely unplug your computer from your Internet source (DSL, Cable, etc.).

    4. Uninstall - remove completely - "Scan Spyware," your rogue "anti-spyware" program. It may be, (in fact probably is) doing more harm than good. If there is a company name - search the registry for any entries and delete them. Make sure they are entries for the rogue "Scan Spyware" program only.

    5. Run the full deep scan of AdAware and the Spybot scan with the latest updates you got before unplugging. Be sure all items found are removed.

    6. Run ewido and Spy Sweeper - full strength sweeps of your system. Let ewido do its memory scan. Again, at this point, quarantine everything.

    7. Reboot Windows.

    8. Immediately repeat steps 5 & 6 above.

    9. Make sure a quality software firewall is on your system. Really, this should be downloaded with the programs above if you don't have one - but I guess I am assuming you probably do. Make sure it is enabled. You want this up and running before you ever sign-on again. A pre-version 5 release of ZoneAlarm would be fine. In the near future, even if you don't have multiple computers at home to need a router - consider getting one anyway. They are cheap and will provide you with a solid hardware firewall. A simple LinkSys model would be fine.

    10. Get back online and take it around the block for a spin - and good luck!

    John
    Luv2BSecure

    .
     
  10. 1c3M4n

    1c3M4n Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    4
    Hey thanks a lot everyone! I got the new protection and configured it, and it works great. I finally managed to clean everything up. If anyone else experiences severe spyware like this, it really helps to run REGEDIT in safe mode and removing any folders or values corresponding to the names of the spyware your software picks up, AFTER you let it destroy the malicious files those values were modifying.
     
  11. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    You're welcome.
    :D Good to hear everything has been removed from your system.
    Make sure to read a lot of topics here, you can find a lot of useful info for improving your security even more.

    Have a nice weekend you all. ;)
     
Loading...
Thread Status:
Not open for further replies.