AntiSpyCheck!!
Avoid imitations
Thread Starter
Join Date: Nov 2000
Location: Wandering the FIR and cyberspace often at highly unsociable times
Posts: 14,589
Received 446 Likes
on
236 Posts
AntiSpyCheck!!
I'm using my laptop to type this because yesterday my desktop PC was been infected by a Trojan / malicious programme called AntiSpyCheck, which I now believe is from a Latvian source. 
It appeared whilst using a search to find info about rotary accidents and it got past my firewall. Very sneaky programme, an install request box appeared and clicking to cancel caused it to install! It changes the desktop menu bar, tries to re-direct links to other internet pages and comes up with worrying messages with the thinly disguised intent of getting the recipient to send payment for dubious antivirus software.
I had tried various means of removing it; so far without luck. Some so-called free downloads identify it but need registration and payment to remove it. I'm not opposed to paying out but I've read various reports about how effective these removers actually are.
Does anyone here have any more info and a recommendation on the best way to deal with this? Thanks in advance.
It appeared whilst using a search to find info about rotary accidents and it got past my firewall. Very sneaky programme, an install request box appeared and clicking to cancel caused it to install! It changes the desktop menu bar, tries to re-direct links to other internet pages and comes up with worrying messages with the thinly disguised intent of getting the recipient to send payment for dubious antivirus software.
I had tried various means of removing it; so far without luck. Some so-called free downloads identify it but need registration and payment to remove it. I'm not opposed to paying out but I've read various reports about how effective these removers actually are.
Does anyone here have any more info and a recommendation on the best way to deal with this? Thanks in advance.
Join Date: Apr 2008
Location: Wherever my hat is.
Posts: 12
Likes: 0
Received 0 Likes
on
0 Posts
Something to try.
1. Disconnect from internet immediately.
2. Ctrl Alt Del to open the task manager and attempt to find the dll/exe that is running the process. Turn off everything you can, esp tray icons to minimise search.
3. Turn on "view system files"
4. Search for the offending file.
5. Open file location and attempt to delete it. Chances are it won't.
6. Turn off "System Restore (Vital step)
7. Reboot in safe mode, log using the administrator login.
8. Delete files
9. Reboot.
Fingers crossed, let me know how it goes.
NMRL
1. Disconnect from internet immediately.
2. Ctrl Alt Del to open the task manager and attempt to find the dll/exe that is running the process. Turn off everything you can, esp tray icons to minimise search.
3. Turn on "view system files"
4. Search for the offending file.
5. Open file location and attempt to delete it. Chances are it won't.
6. Turn off "System Restore (Vital step)
7. Reboot in safe mode, log using the administrator login.
8. Delete files
9. Reboot.
Fingers crossed, let me know how it goes.
NMRL
Upto The Buffers
Join Date: Apr 2006
Location: Leeds/Bradford
Age: 48
Posts: 1,112
Likes: 0
Received 0 Likes
on
0 Posts
And in future I would suggest you use
FIREFOX
Also, DO NOT RUN AS ADMINISTRATOR! Make your day-to-day user account a restricted user, then use the admin account when you need to install software. Spyware can't install if it doesn't have admin rights. This is been the premise of security on all good (ie. NOT windows) operating systems for about 40 years.
Restoring to factory settings is "cure by obliteration", and only a very very last resort plan of action. Your best bet is to keep a separate drive for big files (music, movies etc..), then image your system partition periodically (usually C: drive) using Ghost, DriveImage etc whilst it's in a good, clean state... Then it can be restored in minutes to its previous good state if you ever find yourself up shiat creek.
FIREFOX
Also, DO NOT RUN AS ADMINISTRATOR! Make your day-to-day user account a restricted user, then use the admin account when you need to install software. Spyware can't install if it doesn't have admin rights. This is been the premise of security on all good (ie. NOT windows) operating systems for about 40 years.
Restoring to factory settings is "cure by obliteration", and only a very very last resort plan of action. Your best bet is to keep a separate drive for big files (music, movies etc..), then image your system partition periodically (usually C: drive) using Ghost, DriveImage etc whilst it's in a good, clean state... Then it can be restored in minutes to its previous good state if you ever find yourself up shiat creek.
Join Date: Feb 2006
Location: Hanging off the end of a thread
Posts: 33,117
Received 2,957 Likes
on
1,261 Posts
I use adaware and its free. Spybot is another freebie that is very good.
Spoon PPRuNerist & Mad Inistrator
Shunter,
Much as I may prefer FF over IE, I fail to see how it could possibly have prevented the installation of a piece of malware such as this.
I agree wholeheartedly about non-admin accounts and also the use of re-installation as a solution of last resort.
SD
Much as I may prefer FF over IE, I fail to see how it could possibly have prevented the installation of a piece of malware such as this.
I agree wholeheartedly about non-admin accounts and also the use of re-installation as a solution of last resort.
SD
Join Date: Jun 2008
Location: Big Island
Posts: 91
Likes: 0
Received 0 Likes
on
0 Posts
FF has an anti spyware add on, a lot of viruses get through with those particular spyware programs.
The hacks are getting shifty these days.
Only other solution would be to buy a Mac......but seriously, why would you want to downgrade to such a thing??
The hacks are getting shifty these days.
Only other solution would be to buy a Mac......but seriously, why would you want to downgrade to such a thing??
Join Date: Feb 2006
Location: Hanging off the end of a thread
Posts: 33,117
Received 2,957 Likes
on
1,261 Posts
or start running windows 3.1 again...... no self respecting hacker or virus producer would be seen dead on anything less than XP these days...... so what was going to be produced for 95 and 98 etc will already be known and dealt with...... on top of that all the Micrdross add ons will not be present so your PC will fly along ........
The first link posted by SaabDastard indded looks comprehensive.
Here's another that also includes a link to MBAM, which is along similar lines to AdAware but several cuts above. Superantispyware is another similar scanner well worth installing. These 2 scanners are genuinely free and remove what they find. Usually very well.
Just out of interest, what AV and Firewall do you use?
A popup blocker and setting scripts to "prompt" may be useful. This can be done in IE, but is somewhat more straightforward in FF by the use of add-ons. IE7 is (or can be) as secure a browser as most of 'em. FF has the reputation of being more secure, but I think these days differences are detail and statistical. (More IE users = more infections.)
Here's another that also includes a link to MBAM, which is along similar lines to AdAware but several cuts above. Superantispyware is another similar scanner well worth installing. These 2 scanners are genuinely free and remove what they find. Usually very well.
Just out of interest, what AV and Firewall do you use?
A popup blocker and setting scripts to "prompt" may be useful. This can be done in IE, but is somewhat more straightforward in FF by the use of add-ons. IE7 is (or can be) as secure a browser as most of 'em. FF has the reputation of being more secure, but I think these days differences are detail and statistical. (More IE users = more infections.)
Avoid imitations
Thread Starter
Join Date: Nov 2000
Location: Wandering the FIR and cyberspace often at highly unsociable times
Posts: 14,589
Received 446 Likes
on
236 Posts
Update: I tried all the suggestions!
The files shown on the list for a manual delete attempt didn't seem to be there. However, while I was working on the problem, my own AV programme (McAfee) suddenly updated itself. It then did something else (too quick to catch what it said) and the annoying little icon on the bottom of the screen was removed automatically and the false links to internet pages stopped coming.
However, the menu bar still showed links to suspect AV sites I didn't want to risk wasting money on.
Tarq, your SUPERAntispyware lived up to your recommendation! Having installed it, it immediately found 58 rogue items, now deleted. Things appear to be back to normal.
Thanks again for all your help!
The files shown on the list for a manual delete attempt didn't seem to be there. However, while I was working on the problem, my own AV programme (McAfee) suddenly updated itself. It then did something else (too quick to catch what it said) and the annoying little icon on the bottom of the screen was removed automatically and the false links to internet pages stopped coming.
However, the menu bar still showed links to suspect AV sites I didn't want to risk wasting money on.
Tarq, your SUPERAntispyware lived up to your recommendation! Having installed it, it immediately found 58 rogue items, now deleted. Things appear to be back to normal.
Thanks again for all your help!
Excellent!
Yep, it's a good program alright. I visit security forums and it (and MBAM) always have reports from very happy users.
Never finds a thing on my machine.
Which is as it should be.
Yep, it's a good program alright. I visit security forums and it (and MBAM) always have reports from very happy users.
Never finds a thing on my machine.
Which is as it should be.
Join Date: Mar 2003
Location: deco stop
Posts: 341
Likes: 0
Received 0 Likes
on
0 Posts
AntivirusXP2008
My laptop has been hijacked by this programme, "I suspect".
I have no access to admin services, so no cont/alt/del mode.
Also No internet access.
No access to most progs.
all I can do is run this antivirus prog, but with no permitted net access, can not pay them...But is this even a suitable excape route.
any ideas, or is the lap top now junk.
Help please guys....
windy
I have no access to admin services, so no cont/alt/del mode.
Also No internet access.
No access to most progs.
all I can do is run this antivirus prog, but with no permitted net access, can not pay them...But is this even a suitable excape route.
any ideas, or is the lap top now junk.
Help please guys....
windy
You'll have to download a suitable application that can be put on a flash drive, using another computer.
Hopefully the lappie's usb ports still work.
Download Cureit to a flash drive (or you could burn it to a disk) and apply it to the laptop.
You may have to run it in safe mode.
Under no circumstances would I consider paying the ransom. All you'll end up with is a non-functioning antivirus and some happy pirates.
After running Cureit, download and run MBAM or SAS from the links above, and update/run it.
If you then still have problems with accessing control panel etc, download and run Dial-a-fix.
If this all works, and restores your laptop to its former glory, you might want to re-assess the security apps that were installed, and consider changing them for better ones.
Hopefully the lappie's usb ports still work.
Download Cureit to a flash drive (or you could burn it to a disk) and apply it to the laptop.
You may have to run it in safe mode.
Under no circumstances would I consider paying the ransom. All you'll end up with is a non-functioning antivirus and some happy pirates.
After running Cureit, download and run MBAM or SAS from the links above, and update/run it.
If you then still have problems with accessing control panel etc, download and run Dial-a-fix.
If this all works, and restores your laptop to its former glory, you might want to re-assess the security apps that were installed, and consider changing them for better ones.
Join Date: Nov 1999
Location: Wivenhoe, not too far from the Clacton VOR
Posts: 319
Likes: 0
Received 0 Likes
on
0 Posts
Nutloose, and anyone else who wants one. I have two unopened shrinkwrapped copies of Windows 3.11 together with MS-DOS 6.22. Why?!? Open to offers if anyone is that desperate.
