• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Chronic malware problem - any advice

Pythra

Thinker
P
Joined
Apr 2, 2006
Messages
218
I've just wasted the last three or four hours trying to fix a horrible adware problem, and I'm at my wits end. I'm using IE 6 and I'm so used to it I don't really want to switch, but this latest problem could finally convince me to change browsers.

I keep getting pop-ups/browser hijacks advertising fake virus software (WinAntiVirus Pro). The pop-ups usually come with fake error messages telling me I need to download and install some software. Clicking 'cancel' or x results in the file trying to download itself.

I've scanned my computer with Ad-Aware and Spybot, using the latest definitions. I've got McAfee VirusScan running and it found nothing in scans (although it occasionally notifies me of seemingly innocuous registry changes, I don't know if that's related). I also have HiJack this, and I'm pretty good at analysing the logs - whatever I've caught, it is NOT showing up, unless it's masquerading as something else. I can't see anything suspicious in the tasklist or startup.

I've tried countless Google searches to try and find a solution, and a lot of people seem to have had similar problems, except with variants that are easily detected and removed from entries in HiJack This or SpyBot.

Does anyone have any suggestions? This is driving me crazy.
 
Have you run the Adaware and Spybot S&D from Safe mode? If not, do so.
I know you don't want to, but go ahead and install Firefox and also the extension for it called Adblock Plus. Firefox will import your IE bookmarks during install, if that makes you feel any better about it.

Let us know how that turns out.

Edit: I just queried WinAntiVirus Pro, and Firefox blocked the page telling me that it was Malware. Pretty good browser to do that, if you ask me.
 
Last edited:
One of the worst I came across, and that Spy bot and Ad-aware were not capable of removing was coolwebsearch. Look for [SIZE=-1]CWShredder as well.

The only problem if you actually remove all the malware is that windows is so corrupted that you end just having to do a reinstall anyway.
[/SIZE]
 
Thanks for the tips, everyone, especially the links to malware sites. spywarewarriors.com looks particularly good :)

I think I've finally nailed it. It was some variety of the Vundo trojan, and there's a removal tool called VundoFix that seems to have sorted it out.
 
Pythra said:
I think I've finally nailed it. It was some variety of the Vundo trojan, and there's a removal tool called VundoFix that seems to have sorted it out.
Click to expand...

Ah yes, the Vundo trojan! I've had to deal with that one a few times during the past year (as I support over two hundred computers, it's bound to happen).
 
Vundo is a really nasty piece of work, produced by a company with a really upsetting business model.

I had to help a friend get rid of this thing and it's a big task.

Also let me jump in here and recommend the Opera browser. Firefox may be a jewel of open source, but it's default colour scheme doesn't match the JREF forum colours as well as Opera's does. And the ad blocking add ons are aleady added in.
 
The No-Script add-on for Firefox is also very effective at blocking unwanted activity. With No-Script, scripting is off by default and you basically white-list on the fly when you visit trusted sites.
 
You must log in or register to reply here.

Back
Top Bottom