Spyware has taken over! Please Help!

[OpusDei]

Alright, well I got infected with spyware a week or two ago. I went out and bought ZeroSpyware and it found 50 spyware files on my computer, I quarantined them all and later deleted them all. Problem still kept persisting, kept getting pop-ups from ZeroSpyware saying certain hijackers were trying to take over my browser, blah blah, had a pop up about a different browser every 5 seconds. The reason all this bothered me to begin with was because I couldn't use AOL instant messenger because everytime someone IM'ed me or I IM'ed someone else, AIM would crash. I read the FAQ on their website and it said to download Ad-Aware SE Personal edition if you had search assistant and all that good stuff on your computer and couldn't delete it so I did, and ad-aware found like 600 infected files. I quarantined, and then TRIED to delete them all but my computer froze up while it said "Deleting." Tried again, same thing happened.

I came home today, turned on my computer, went to my desktop after closing like 50 pop-ups and tried to get online. I clicked Internet Explorer and it said something about Explorer not being found. I tried to get on MSN, file could not be found. AIM, file could not be found. Every program on my computer, file could not be found.

I turned the computer off and re-started it and this time when I got to where could see my desktop, but not my start button or toolbars I got a pop up saying EXPLORER had performed an illegal operation. This restarted my computer, and the process keeps going. I can't even get on my desktop now, i'm using someone else's computer to write this.

I tried to use go-back from when you first start the computer, but that file couldn't be found either...

Woohoo... any help would REALLY be appreciated.

I'd love to give you my log, but unfortunately.. I can't get on my computer.

[lynchknot]

Hello OpusDei and welcome to Techzonez. Please follow instructions on Egghead's spyware removal thread

[FastGame]

Sounds like you have a real mess

Sometimes things get so bad that it's not worth the time tryng to fix but istead start all over, this sounds like one of those start all over times.

If you have a bunch of important files on your PC pull the hard drive and hook it up to another PC and get the files off. After doing that use the other PC to format your drive, put your HD back in your PC and reinstall your OS. Are you using XP ?

Read eggheads sticky as lynchknot suggest http://www.techzonez.com/forums/showthread.php?t=9739

Also try Firefox instead of IE.

[OpusDei]

Yes, egghead's thread is nice and all.. except like I said I can't get on my desktop.

And FastGame, what if I really don't have anything important on my computer. I use Windows 98, and I got the computer from my brother I haven't really got anything important on there. Is there a way I can just "start over" without using another computer, and if not.. where can I get some step by step instructions on how to start over.

And yeah, if I manage to get my computer working again I definently will get rid of IE, and update windows, download spyware protection, etc. before it's too late.

[FastGame]

Here's one of the best Windows install guide sites I know of windowsReinstall and here's a Windows98se guide at the site thats pretty easy.

After your done you'll need windows updates and maybe a few drivers.

[OpusDei]

Ok, that's still great and all.. what if you don't have the windows 98 CD and boot disk, all that stuff and they don't sell it anymore in stores... and my computer can't run XP or anything.

[egghead]

ebay is a great choice.

you can check the local papers classifieds for a computer tech. he can get you win98

you try to find
c:\windows\options\cabs

that directory should have the setup files

[Curio]

Other likely spots are c:\win98 c:\win9x c:\windows\cabs. If it's a Dell you can search for ZZTOP the installation batch file, on any PC if you search for precopy1 or precopy2 these are the cab files that are used in the windows installation. The directory that you find them in should also contain a setup file which you can run with setup to do an inplace install. You will need to make a note of your installation key so you can use it if needed. You can download various bootdisks from bootdisk.com to help you achieve your goal.

[egghead]

nice post curio!

uising this info you can search your drive for the cab files and burn the whole directory to sisc and start the setup

[Fenalaar]

Go download the following two items:
Spybot Search and Destroy
Spyware Blaster
You already have Ad-Aware.

Install Spybot S&D and Ad-aware. Start them up, and download the latest updates, but don't run a scan, yet. Note - you might as well install the "TeaTimer" option of Spybot too.

Before you continue:
Turn off system restore (Control panel -> System). This way, Windows won't reinstall all the baddies.

Reboot Windows in safe mode - when you get the POST (Power On Self Test) screen, press and hold F8, until you get a startup option menu. Select safe mode.

When the system is done booting, run scans first with Adaware and the Spybot. Fix everything they find.

Reboot.

Start spybot and select immunize. Exit.

Install Spywareblaster and update it. Use the quicklink "Enable all protection".
Under "Restricted sites", check "Restrict the actions..." and klick "Protect against checked items".

You should now be okay again.

Remember to download updates for Ad-aware, Spybot and Spywareblaster fairly often (once a week), and run regular checks with both adaware and Spybot.


You can now turn on System restore again. Remember to create a new restore point, because turning system restore off will erase all your old ones.

(PS! If you ask me, Spyware creation should be punishable by being b*ggered with a christmas tree...)

Johan-Kr

[Fenalaar]

Oh - by the way...

If you can't get onto you desktop - try booting in safe mode and run adaware again.

Johan-Kr

[OpusDei]

I'm an idiot, I know, but how do I get on my desktop in safe mode? Because I can't do any of this stuff because my computer won't load my desktop and gives me an explorer error message.

[Fenalaar]

Hmm - Can you try do do a system restore to a date before you tried adaware ?

System restore can be accessed from the same menu as Safe mode (Press F8 right after self test screen during boot)

Johan-Kr

[OpusDei]

When I try to go in safe mode, it says A:> or something, like it wants you to type something. Am I supposed to type something in so it will go into safe mode?

[Fenalaar]

You have selected the safe mode with command line.this is like old DOS.

There are a couple of other safe modes you should try.

BTW - when it says a:>, it sounds like you've booted off a floppy. Take out diskettes and cdroms before you try...

Johan-Kr