Re: No Internet page shows up - still virues(es)
From: Malke (malke_at_nospoonnotreally.com)
Date: 12/17/04
- Next message: johnmclaren_99_at_yahoo.com: "Re: how to make a program run before windows starts to boot"
- Previous message: R. C. White: "Re: Device Manager Problem - Help"
- In reply to: Barbara Z: "Re: No Internet page shows up - still virues(es)"
- Next in thread: Lanwench [MVP - Exchange]: "Re: No Internet page shows up - still virues(es)"
- Reply: Lanwench [MVP - Exchange]: "Re: No Internet page shows up - still virues(es)"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 17 Dec 2004 06:49:55 -0800
Barbara Z wrote:
> Lanwench -
> The black screen has a smaller area in dashed lines and that is like a
> webpage where you get the "hand". If you click on it, it brings you
> to: "http://213.159.117.149/partner/jump.php/?2" address in bar.
> The black screen actually says:
> "WARNING!
> YOU'RE IN DANGER!
>
> All you do with computer is stored forever in your hard disk. When you
> visit
> sites, send e-mails... all your actions are logged. And it is
> impossible to remove them with standard tools. Your data is still
> available for forensics. And in some cases for your boss, your
> friends, your wife, your children.
>
> Every site you or somebody or even something, like spyware, opened in
> your browser, with all images, and all downloaded and maybe later
> removed movies or mp3 songs - ARE STILL THERE and could broke your
> life!
>
> SECURE YOURSELF RIGHT NOW!"
>
> Then underneath that is a line in gray box "REMOVAL INSTRUCTIONS" but
> doesn't seem to do anything.
>
> When I clicked on message area, went to a website (IP address above)
> that
> wants you to buy their protection services (various). Any idea how to
> get
> rid of this black screen?? I've returned the computer to the owners,
> but
> after XMAS I'll probably stop by. I might be able to talk them thru a
> fix if it's easy enough. I sat down with daughter and showed how to do
> all system
> maintenance. The Spybot and AdAware are up-to-date as is the AVG7.0.
> Please help, thanks.
>
I hope Lanwench won't mind that I jump in here. The black screen proves
that the computer is not clean of malware. Since most of this thread
was taken up by your problem getting to the Internet (solved with
LSPFix), you never described what you did to remove the malware.
Although you've used Spybot and Ad-aware, you should go through the
following removal steps again, using updated tools and doing all scans
in Safe Mode. When I clean a system, I also manually delete bad files,
but this takes a deep knowledge of the Windows operating system and
skill. This isn't something you can have an end user do.
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/
General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Depending on what you're charging and what the client wants to pay, it
might be a lot more sensible to just flatten the system and start over.
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: johnmclaren_99_at_yahoo.com: "Re: how to make a program run before windows starts to boot"
- Previous message: R. C. White: "Re: Device Manager Problem - Help"
- In reply to: Barbara Z: "Re: No Internet page shows up - still virues(es)"
- Next in thread: Lanwench [MVP - Exchange]: "Re: No Internet page shows up - still virues(es)"
- Reply: Lanwench [MVP - Exchange]: "Re: No Internet page shows up - still virues(es)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
