Spyware problems...help?

E

EtWo_Cuddles

New Member
One of my older laptops was left on the internet for at least five hours after I unexpectedly had to leave, and it adapted plenty of viruses and spyware.
I turn the laptop on and WinPerformance automatically opens, which I read is a "rogue" spyware. So I open the Task Manager and immediately end that application, and then I click on the 'Processes' tab and a whole bunch of 'iexplorers' are using up all my memory and CPU power....and sure enough internet windows begin popping up. Of course I disconnect it from the internet before then, and have already began terminating those processes.
And then, I have an antivirus CD and also a cleaner CD; before those programs can finish downloading or scanning the blue screen of death appears and the laptop will shut down. Also, the control panel has been removed from my start menu.

What do I need to do to save my laptop? Is there any affordable, magic disk I can buy off of eBay? Is there a disk I need to completely wipe my hard drive clean?
I would really appreciate some help or any advice given by anybody!
 
There's no 'magic disk', although you can try a variety of antiviral and antispyware programs, such as AVG Antivirus and AVG Antispyware. If you wish to wipe your drive clean and reinstall Windows, you will need the Windows CD, or Restore CD if it's a PC from a major vendor such as Dell.

Most of these problems can be cleaned, however. The first step is to post a HijackThis log.

Please download the HijackThis installer from http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe.

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

When the Notepad window opens choose Edit -> Select All to select the entire log, and copy and paste the log into a reply post.
Most of what it lists will be harmless or even essential, don't fix anything yet.
 
I deal with this regularly. Here's how you fix that:

First, download and run combofix. Make sure you pay attention to the log at the end to address any suspicious files added in the last month.

Then, download and run smitfraudfix. It should be run in safe mode, save for the DNS hijack scan. Use it to reset the trusted zones, clean your DNS and registry.

Next, roguescan fix. Then ccleaner, both the temp file cleaner and the registry cleaner.

Run Kaspersky or Panda's online scan.

THEN run Hijack this and Autoruns to see what's left and get rid of the remaining invalid entries. You can also isolate any left over stragglers. At that point, tools like the process explorer, hook analyzer, Rootkit Revealer and possibly Panda's Antirootkit and aSquared Free, etc may come in handy.

All too often people do things the hard way by starting off with Hijack this. Although it works, the way I mentioned is mostly automated and will take care of the greatest majority of common malware threats. Then, rather than tackling all kinds of them you're only addressing the stragglers. It will cut your cleaning time to an hour or so, as opposed to 3 days and 10 page threads. I use this strategy because people are paying me $65 an hour to clean their computers. Efficiency is key, and starting off with HJT is anything but efficient, especially since many modern day threats use hidden programs to monitor entries and replace them upon deletion.
 
Last edited:
SirKenin said:
I deal with this regularly. Here's how you fix that:

First, download and run combofix. Make sure you pay attention to the log at the end to address any suspicious files added in the last month.

Then, download and run smitfraudfix. It should be run in safe mode, save for the DNS hijack scan. Use it to reset the trusted zones, clean your DNS and registry.

Next, roguescan fix. Then ccleaner, both the temp file cleaner and the registry cleaner.

Run Kaspersky or Panda's online scan.

THEN run Hijack this and Autoruns to see what's left and get rid of the remaining invalid entries. You can also isolate any left over stragglers. At that point, tools like the process explorer, hook analyzer, Rootkit Revealer and possibly Panda's Antirootkit and aSquared Free, etc may come in handy.

All too often people do things the hard way by starting off with Hijack this. Although it works, the way I mentioned is mostly automated and will take care of the greatest majority of common malware threats. Then, rather than tackling all kinds of them you're only addressing the stragglers. It will cut your cleaning time to an hour or so, as opposed to 3 days and 10 page threads. I use this strategy because people are paying me $65 an hour to clean their computers. Efficiency is key, and starting off with HJT is anything but efficient, especially since many modern day threats use hidden programs to monitor entries and replace them upon deletion.
Click to expand...

This sounds great and I'm sure I can go through with this. Are all of these programs found on the internet?
I certainly hope I can get them downloaded and let them do their thing before the blue screen of death appears and it shuts down.
Thank you so much and I really appreciate this information and your help!
 
BluePlum said:
Can you get on your laptop without getting the bluescreen? Or can you get on for an ammount of time?
Click to expand...

Usually, if I open the task manager and end all the suspicious processes before their fully loaded, it will stay on until it's overrun with pop-ups and the blue screen of death appears.
But if I just turn on the computer and open the internet or another program it will be overrun with popups and the blue screen appears very shortly.

If I'm unable to fix this problem myself and I take it to a pro, do you think it would be possible for them to fix it with the way it shuts down so quickly?
Thank you so much for taking interest in my situation.
 
Yes, they can all be downloaded. Just Google them.

If it's malware that's shutting the computer down, try logging on in Safe Mode. That would do it. If it's malware that's attached itself to the Winlogon notify that's causing the problem, that might be a tad trickier :P
 
You must log in or register to reply here.
Back
Top