Virus Help....possibly spyware?

PhillyPhreak54 · May 21, 2006, 02:22:27 AM

Ok, I use Mozilla and IE6 to browse. I also have Norton 2006 installed as well. But here's the thing, Norton is not picking anything up when I run full scans. I know it works because it killed a trojan horse a week or so ago. But the weird thing is I keep getting these pop up ads out of nowhere and they are the same ones.

The main two are for anti-virus stuff. One is a page that pops up and looks like a Windows add/remove program page. I almost thought it was the windows thing until I looked at te url and could see that it was not really from microsoft. I just x out of the thing and then it still gives me more pop ups.

Here is the url (it just popped up as I was typing this);

http://scanner.sysprotect.com/pages/scanner/?p=20&ex=1&ax=2&aid=nm_ap_spt_r5&lid=keyin

When I close that out by clicking on the X I get this message:

Notice: You have not completed the scan. If your computer has errors in the registry or database file system, it could cause unpredictable or erractic behavior, freezes or crashes.

Sysprotect can perform a quick and completely FREE scan of your system for errors.

Would you like to download Sysprotect to scan for and, if found, correct any registry problems now (recommended)?

The other ones I get are all things that says something like (insert virus name here) could be affecting your system. That url always starts with www.ameana.com and has other stuff after that. Some virus names are Mytob and Backteria.

I know I don't have these things and it is some type of spyware stuff. Am I right? and if so, how to I remove it since Norton doesn't seem to get it?

Help!

The BIGSTUD · May 21, 2006, 03:04:06 AM

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10399602.html?tag=lst-0-1

Go there and download ad-aware. Update and scan. Remove anything harmful it picks up.

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1

Download that and update and scan. Remove anything harmful it picks up.

http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1

Then download that and install it, but don't run it yet. Just have it ready just in case.

How up to date is your Norton by the way?

PhillyPhreak54 · May 21, 2006, 03:44:15 AM

Thank you.

Big time help.

Both of them picked up stuff and the stuff I was describing in my first post were all spybot shtein.

mussa · May 21, 2006, 05:51:13 AM

buy a mac. problem solved.

Geowhizzer · May 21, 2006, 08:45:49 AM

Quote from: mussa on May 21, 2006, 05:51:13 AM
buy a mac. problem solved.

Not necessarily.

mussa · May 21, 2006, 09:53:06 AM

Quote from: Geowhizzer on May 21, 2006, 08:45:49 AM
Quote from: mussa on May 21, 2006, 05:51:13 AM
buy a mac. problem solved.

Not necessarily.

thats 1/100 the problems PC users could and do encounter.

Geowhizzer · May 21, 2006, 10:09:30 AM

Quote from: mussa on May 21, 2006, 09:53:06 AM
Quote from: Geowhizzer on May 21, 2006, 08:45:49 AM
Quote from: mussa on May 21, 2006, 05:51:13 AM
buy a mac. problem solved.

Not necessarily.

thats 1/100 the problems PC users could and do encounter.

I'm sure that there's no doubt about that. But, if the Mac market share grows as anticipated, the virus threat will grow with it. The more people use Macs, the more appealing target it will make for the vengeful nerds that are trying to strike back for being stuffed in the locker in high school.

Windows is the bigger target because of its immense target size- attacking Windows gets attention around the world. It's folly to think that Mac is inherently immune from such attacks.

(BTW, I've run Windows for 12+ years without a virus attack.)

Second Virus Attacks Mac OS X: Security firms say Mac is likely to become a bigger hacker and malware target.

mussa · May 21, 2006, 10:44:22 AM

i though most hackers ran off macs. either way Ive never had a problem and I am confident that it won't become a problem like it has for pc's. mac osx is just way more solid than windows. nothing is safe though from those who know how to exploit it. if you are smart, like you mentioned 12 yrs without problems, then you really have nothing to worry about. just keep up with updates and don't download or open anything your not sure about.

Wingspan · May 21, 2006, 02:32:41 PM

i've used a mac for 10 years now....the number of virus or security threats to me personally = 0

which is also how much money i have spent on antivirus or security software.

it's simply not needed. and a security threat is different from a virus. your typical virus wouldnt effective on a mac at all. the OS's security require you to authenticate any changes made to the core system library. so the trojan horse is useless, which is what most mainstream virus' are.

PhillyPhreak54 · June 08, 2006, 03:46:04 AM

Ok, I need some help again, y'all.

I have scanned my computer with Norton three times in the last two days. I have used the programs that Bunkley78 recommended (only the first two, Spybot and AdAware) numerous times as well and they are not catching whatever I have. They bring up a few problems (Ad and Spy) and none on Norton.

I have no problems when I am using just Mozilla. But when I load up Internet Explorer...that's when the shtein starts.

This is the link that I see

That pops up like 40-50 times. IE goes into a fit and it starts opening 40-50 new windows. It takes forever to get the computer to stop and then close them all out. I am also getting popups for stuff and that popup like I had the last time for some anti-virus stuff.

I use IE6.

So obviously there is a virus in the IE, right? How do I get rid of it? Sometimes it makes my computer run reallllly slow too.

Can I just uninstall IE and the reinstall it? How do I do that?

Please help.

Edit-- I just clicked on that link and it goes to that system protect crap that I had talked about earlier. I couldn't see what it was when it was popping up 50 times on IE because all of the windows just showd the page could not load thing. But it is for that program that is made to look like the Microsoft unistall/remove programs thing but is really not.

General_Failure · June 08, 2006, 03:48:20 AM

Just stop using IE, man. Stooooooop.

PhillyPhreak54 · June 08, 2006, 03:49:34 AM

I don't really use it that much anymore. But I need two different browsers so I don't have to switch my PE.com accounts all the time. I use one for my real s/n and one for my other s/n.

And even if I don't use IE anymore, what other browsers are out there?

And I still need to get the crap off of my system, right?

PhillyPhreak54 · June 08, 2006, 03:54:24 AM

Also, if you notice the beginning of that link is an IP address. This is a different one than what I saw the first time this happened. The last time it started with a 202. This time it is 62.4.84.53

And I just did a WHOIS search...its registered to some dickbag from Belgium.

QuoteRequest: 62.4.84.53
connected to whois.arin.net [192.149.252.44:43] ...
connected to whois.ripe.net [193.0.0.135:43] ...
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '62.4.84.0 - 62.4.84.255'

inetnum: 62.4.84.0 - 62.4.84.255
netname: CYBERTECHNOLOGY
descr: Cyber Technology BV BA/SPRL
descr: Belgium
country: NL
admin-c: OVL3-RIPE
tech-c: OVL3-RIPE
status: ASSIGNED PA
remarks: *******************************************
remarks: * Abuse contact: abuse@mycyberhosting.net *
remarks: *******************************************
mnt-by: ABOVENET-P
mnt-lower: ABOVENET-P
mnt-routes: ABOVENET-P
source: RIPE # Filtered

person: Oliver van Loven
address: Cyber Technology BVBA/SPRL
address: 56 Avenue du printemps
address: 1410 Waterloo Brussels
address: Belgium
e-mail: Leole@infonie.be
phone: +32 2 479 87 16
fax-no: +32 2 479 87 16
mnt-by: ABOVENET-P
nic-hdl: OVL3-RIPE
source: RIPE # Filtered

% Information related to '62.4.64.0/19AS6461'

route: 62.4.64.0/19
descr: AboveNet Europe
origin: AS6461
remarks: AboveNet
mnt-by: ABOVENET-P
source: RIPE # Filtered

The BIGSTUD · June 08, 2006, 04:03:45 AM

What is your homepage for IE?

http://www.download.com/HijackThis/3000-8022_4-10227353.html

I know my share about computers, but I'm not a tech head. Download that, scan and post the log on here in a quote so it doesn't take up the whole page.

I'll copy it and let some techies look at it and get back to you.

dis12 · June 08, 2006, 08:46:40 AM

couple of suggestions:
-make sure latest Windows updates have been installed (it has updated security features)
-make sure your NAV has been updated -run Live Update (I assume you are on NAV2006)
-make sure IE has security turned on (or you may need to adjust to a higher setting)
-run your NAV scan and spyware scans in SAFE mode
-try installing Spyware Blaster (it has Moxilla protections too)
-have your ISP check your PC (you may be a virus/trojan source)
-drink heavily