spyware alert

Hello,

I need help. Avast keeps sending alert messages, saying it has detected something. It proposes me to put it in quarentaine. I say yes, but new alert messages come in, with new virus names. Also, my wallpaper has been replaced with a big yellow and blue alert message, telling me “Spyware detected on your computer - Install a Virus or Spyware remover to clean your computer”. Moreover, messages from I don’t know where keep popping, asking me if I want protection, and when I say Yes, it starts scanning my computer, telling me I have millions of problems it could fix, and then asks me to register and pay. When I asked Avast to scan my computer, it asked me if I wanted a rebooth scan. I said Yes, and reboothed. But then again, after a few problems found and discarted, it encountered a problem it couldn’t solve, and since I wasn’t in Windows mode, the name of the problem went by and I couldn’t come back to note it. Now my computer is considerably slowed down since that happened the first time (two days ago), my connexion to Internet keeps crashing, alert messages keep coming, and I don’t know what to do nor where to start.

If anybody can help, thanks ! :cry:

Sounds like the best option in this case is a total re-install of Windows. Hope you have your restore CDs handy and your data backed up. :cry:

If you have Windows Defender or another spyware detector, try running that before you restore your hard drive. It may find whatever it is has honked up your system.

But it sounds as though your hard drive is pretty well borked. A reinstall may be the only way to get rid of whatever it was you stumbled into.

This is where one wishes Alwil Software would create a bootable LiveCD of avast! for this type of situation - it wouldn’t have to be Windows-based (it could actually be Linux-based, using the Linux version of avast!) and could hopefully root out the offending code without harming Windows.

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

Also, you seem to be bombed with fake antivirus/antispyware messages.
RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.

Check http://www.malwarebytes.org/rogueremover.php

Wow, talk about drastic actions. OK. I’ll do has you say. Migh take a few moments…
Thanks for the step by step.
I shall take the opportunity to learn a little more about all those things.

Oh, do I need do clean only Internet temporary files ? Or all of my computer temporary files ? ???

Well, I’ve been taking actions step by step, as proposed, and the results are awesome. I don’t know if everything’s fixed, but my computer apparently runs perfectly now, and even better than before the spyware attack. Nietzsche once said - What does not kill me make me stronger. I guess it’s true in this case. Removing the threat brough me to remove a lot of other things that were hiding, and learn a lot of things. Since I’ve also started a new topic when I learned the identity of the bad guy, I’ve been learning a few things from different very cool people. Thanks to you all. Hope I’ll be able to help others one day. :slight_smile:

Wich version Windows do you use. it happened the same to my mother on Winxp. Did you watch if firewall was overided?this was the cause on my case. Next time remember: dont click on any popup though appapparently give you secure ADvices.

Yes, it’s XP.
What means “overided firewall” ? Well, I can get the idea, but how can I say it was overided ?