Cannot run my antispyware or antivirus program

Discussion in 'Computer Security' started by Cam, Oct 21, 2008.

  1. Cam

    Cam Guest

    Hi everyone,

    I have a spyware since a couple of days that I can't get rid of. It
    pops up every once in a while in a bubble in the right hand corner,
    the system tray, saying that my computer is infected and that I need a
    spyware program to clean it... If I click on it, it will install an
    antyspyware program. The usual problem that I had with other spyware
    before.

    But the big problem with this one is that my antispyware and my
    antivirus programs will not run and the one that will run (Ad Aware),
    will not update anymore using the usual Internet connection made for
    that purpose in the program . Furthermore it redirects my Internet
    sites whenever I want to go to a antispyware or antivirus site!

    Could someone please help me?

    Thank you in advance
    Cam
    Cam, Oct 21, 2008
    #1
    1. Advertising

  2. Cam

    Cam Guest

    On Oct 20, 9:07 pm, "David H. Lipman" <DLipman~>
    wrote:
    > From: "Cam" <>
    >
    > | Hi everyone,
    >
    > | I have a spyware since a couple of days that I can't get rid of. It
    > | pops up every once in a while in a bubble in the right hand corner,
    > | the system tray, saying that my computer is infected and that I need a
    > | spyware program to clean it... If I click on it, it will install an
    > | antyspyware program. The usual problem that I had with other spyware
    > | before.
    >
    > | But the big problem with this one is that my antispyware and my
    > | antivirus programs will not run and the one that will run (Ad Aware),
    > | will not update anymore using the usual Internet connection made for
    > | that purpose in the program . Furthermore it redirects my Internet
    > | sites whenever I want to go to a antispyware or antivirus site!
    >
    > | Could someone please help me?
    >
    > | Thank you in advance
    > | Cam
    >
    > Cam:
    >
    > Please don't MultiPost.
    > Please learn to Cross-Post to pertinent, On Topic, NewsGroups instead.
    >
    > Additionally, you were replied to by a fake MS MVP, software plagiarizer and malicious
    > actor by the 'nym of PCBUTTS1.
    > Please stear clear of his web site and any offereings "he" has provided you.
    >
    > I suggest you use the following...
    > Malwarebytes Anti-Malwarehttp://www.malwarebytes.org/mbam/program/mbam-setup.exe
    >
    > If that does not work (and I am sure it will)...
    >
    > Download and execute HiJack This! (HJT)http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
    >
    > Then post the contents of the HJT log in your post in one of the below expert forums...
    >
    > { Please - Do NOT post the HJT Log here ! }
    >
    > Forums where you can get expert advice for HiJack This! (HJT) Logs.
    >
    > NOTE: Registration is REQUIRED in any of the below before posting a log
    >
    > Suggested primary:http://www.thespykiller.co.uk/index.php?board=3.0
    >
    > Suggested secondary:http://www.bleepingcomputer.com/for...malwarebytes.org/forums/index.php?showforum=7
    >
    > Suggested tertiary:http://www.dslreports.com/forum/cle...ums.security-central.us/forumdisplay.php?f=13
    >
    > --
    > Davehttp://www.claymania.com/removal-trojan-adware.html
    > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp


    Thanks for your info concerning multi posting, sorry I did not know.
    Also thanks for the info concerning the fake MS MVP, when I saw that I
    thought that it was indeed a fake.

    Now, concerning the sites you gave me, I tried to go on these site
    but, I guess, the malicious spyware that I have on my PC will not let
    me go there, I get a "page load error" whenever I try to open any of
    the sites you gave me. It seems to be that a cannot open any sites
    about spyware or viruses. Any other sites will open properly... I
    guess my PC is badly infected!

    Any other idea of what I could do? My spyware and antivirus programs
    will not work and/or update and cannot go on security sites, I either
    get an error message or I am redirected to other sites.

    Thaks again,
    Cam
    Cam, Oct 21, 2008
    #2
    1. Advertising

  3. Cam

    Todd H. Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

    > From: "Cam" <>
    >
    >
    > | Thanks for your info concerning multi posting, sorry I did not know.
    > | Also thanks for the info concerning the fake MS MVP, when I saw that I
    > | thought that it was indeed a fake.
    >
    > | Now, concerning the sites you gave me, I tried to go on these site
    > | but, I guess, the malicious spyware that I have on my PC will not let
    > | me go there, I get a "page load error" whenever I try to open any of
    > | the sites you gave me. It seems to be that a cannot open any sites
    > | about spyware or viruses. Any other sites will open properly... I
    > | guess my PC is badly infected!
    >
    > | Any other idea of what I could do? My spyware and antivirus programs
    > | will not work and/or update and cannot go on security sites, I either
    > | get an error message or I am redirected to other sites.
    >
    > | Thaks again,
    > | Cam
    >
    > Sorry to hear that.
    > Then your *best* option would be to wipe the PC and resinstall the OS from scratch after
    > backing up your data.


    Cam,

    I strongly second this advice from David.


    --
    Todd H.
    http://www.toddh.net/
    Todd H., Oct 22, 2008
    #3
  4. Cam

    chame1eon Guest

    I realize this is an old post , but why does it seem I'm the only one who
    doesn't immediately resort to formatting. There are a lot of ways to
    detect unwanted processes and rootkits. Is it just too time consuming?
    Am I missing something?




    On Wed, 22 Oct 2008 11:58:33 -0400, Todd H. <> wrote:

    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
    >
    >> From: "Cam" <>
    >>
    >>
    >> | Thanks for your info concerning multi posting, sorry I did not know.
    >> | Also thanks for the info concerning the fake MS MVP, when I saw that I
    >> | thought that it was indeed a fake.
    >>
    >> | Now, concerning the sites you gave me, I tried to go on these site
    >> | but, I guess, the malicious spyware that I have on my PC will not let
    >> | me go there, I get a "page load error" whenever I try to open any of
    >> | the sites you gave me. It seems to be that a cannot open any sites
    >> | about spyware or viruses. Any other sites will open properly... I
    >> | guess my PC is badly infected!
    >>
    >> | Any other idea of what I could do? My spyware and antivirus programs
    >> | will not work and/or update and cannot go on security sites, I either
    >> | get an error message or I am redirected to other sites.
    >>
    >> | Thaks again,
    >> | Cam
    >>
    >> Sorry to hear that.
    >> Then your *best* option would be to wipe the PC and resinstall the OS
    >> from scratch after
    >> backing up your data.

    >
    > Cam,
    >
    > I strongly second this advice from David.
    >
    >




    --
    Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
    chame1eon, Nov 3, 2008
    #4
  5. Cam

    Ari Guest

    On Mon, 03 Nov 2008 08:30:02 -0500, chame1eon wrote:

    > I realize this is an old post , but why does it seem I'm the only one who
    > doesn't immediately resort to formatting. There are a lot of ways to
    > detect unwanted processes and rootkits. Is it just too time consuming?
    > Am I missing something?


    By definition, a rootkit may be near impossible to find and remove. The
    damage can be hidden, then appear, ad infinitum.
    Ari, Nov 3, 2008
    #5
  6. Cam

    Ari Guest

    On Tue, 4 Nov 2008 01:20:08 -0000, Trespasser wrote:

    > I do find though that those people who's first action is to reach for the
    > windows cd to perform a format either have the attitude that they do not
    > have the ability to cleanse a system manually, they just dont have the time,
    > or they are far too interested in making quick money. I myself have taken
    > time to find a handfull of tools (all of them free) and there a very few
    > machines I see that actually need formatting, after spending an hour running
    > a couple of programs.


    Heh, you're clueless.
    Ari, Nov 4, 2008
    #6
  7. Cam

    chame1eon Guest

    On Mon, 03 Nov 2008 20:58:57 -0500, Moe Trin
    <> wrote:

    > On Mon, 03 Nov 2008, in the Usenet newsgroup alt.computer.security, in
    > article
    > <>, chame1eon wrote:
    >
    >> I realize this is an old post , but why does it seem I'm the only one
    >> who doesn't immediately resort to formatting. There are a lot of
    >> ways to detect unwanted processes and rootkits. Is it just too time
    >> consuming? Am I missing something?

    >
    > Yes.
    >
    > You are depending on your tools to be able to detect the mal-ware.
    > How do you know that 1) your tools haven't been compromised? 2) the
    > access to the disk and/or operating system hasn't been altered such
    > that your tools can't detect all of the alterations? 3) your tool
    > are even _aware_ of the latest version of the mal-ware? 4) your
    > tool have removed that _cause_ of the problem - the hole that the
    > mal-ware used to gain control of your system in the first place.
    >
    > The answer is "you don't". Virtually all anti-mal-ware works by
    > recognizing that "this" filename, or "that" bit pattern within a file
    > identifies some specific piece of mal-ware. Anti-mal-ware companies
    > receive copies of suspected mal-ware, analyze it to see what it is
    > doing, and what distinguishing characteristics it has, and then release
    > a new version of their product that "should" detect this new mal-ware.
    > A problem with that mode is that the mal-ware author gets the latest
    > version (that's version 6739, isn't it?) of the anti-mal-ware, and
    > makes a minor change to his code, and it's a new virus that your latest
    > version of anti-mal-ware can't detect. Lather, rinse, repeat.
    >
    > Old guy



    I actually prefer things like hijack this, Ice sword, and the Systems
    Internals tools that aren't as likely to need contstant updates.
    Obviously it would be a little crazy to avoid the scanners that rely on
    definitions.

    I can see how any of them could fail especially when rootkits are
    involved, and when I'm not sure exactly how they hide themselves and where
    exactly things like Ice Sword and rootkit revealer are reading the
    information from.

    I guess when security is really important, or when someone isn't completly
    aware of the risks a clean install is the safest. I just hate resorting
    to formatting and I don't see how you can learn anything about how the
    virus got there what, it was doing, and how, if you erase all of the
    evidence.
    chame1eon, Nov 4, 2008
    #7
  8. Cam

    chame1eon Guest

    On Wed, 05 Nov 2008 14:46:55 -0500, Moe Trin
    <> wrote:

    > On Tue, 04 Nov 2008, in the Usenet newsgroup alt.computer.security, in
    > article
    > <>, chame1eon wrote:
    >
    >> <> wrote:

    >
    >>> You are depending on your tools to be able to detect the mal-ware.
    >>> How do you know that 1) your tools haven't been compromised? 2) the
    >>> access to the disk and/or operating system hasn't been altered such
    >>> that your tools can't detect all of the alterations? 3) your tool
    >>> are even _aware_ of the latest version of the mal-ware? 4) your
    >>> tool have removed that _cause_ of the problem - the hole that the
    >>> mal-ware used to gain control of your system in the first place.

    >
    >> I actually prefer things like hijack this, Ice sword, and the Systems
    >> Internals tools that aren't as likely to need contstant updates.
    >> Obviously it would be a little crazy to avoid the scanners that rely
    >> on definitions.

    >
    > Your tool should then know exactly what your system looks like in an
    > uncompromised state. The usual answer to that is something like 'aide'
    > (a modern replacement for 'tripwire'). Briefly, you have a snapshot
    > of the system - often, multiple hashes to provide confidence - that is
    > kept in a secure place. When you want to check the system, you bring
    > out this magic (bootable) media, and run the various check-sums and
    > hashes, comparing your snapshot with what-ever is on your system now.
    > You use a separate operating system to avoid being had by an alteration
    > in the normal O/S that either ignores data, or fakes the hash/checksum
    > algorithms - everything is fine, citizen, nothing to worry about...
    >
    > The problem that usually defeats this type of system comparison is that
    > your system is not static. Things are changing, perhaps frequently. It
    > might be O/S updates/errata/patches, someone clicking on the "save this
    > desktop arrangement - I like it" icon, or it might be someone
    > installing a "helper" tool they found on some website to give them an
    > innocent looking (to Mommy or the Significant Other) icon to click that
    > will take them directly to their favorite gaming or pr0n site. How do
    > you separate the wheat from the chaff - the real bad stuff from the
    > stupid annoyances? Oh, and how do you know what the changes are
    > actually doing?
    >
    >> I can see how any of them could fail especially when rootkits are
    >> involved, and when I'm not sure exactly how they hide themselves and
    >> where exactly things like Ice Sword and rootkit revealer are reading
    >> the information from.

    >
    > Another disturbing thought: Does your anti-malware know how to talk
    > _directly_ to the disk/what-ever? Or as is MUCH more likely, it is
    > using O/S calls to find out what files are out there (trivial to
    > subvert) never mind accessing those files.
    >
    >> I guess when security is really important, or when someone isn't
    >> completly aware of the risks a clean install is the safest.

    >
    > You might be highly skilled at debugging an operating system or an
    > application, but how many others are? That's why this enormous
    > aftermarket in anti-mal-ware tools exist. And the tools have to be
    > built such that your Aunt Bessie (who has a hard time figuring out
    > how to operate a light switch) can use them.
    >
    >> I just hate resorting to formatting and I don't see how you can learn
    >> anything about how the virus got there what, it was doing, and how,
    >> if you erase all of the evidence.

    >
    > Not a problem. You do have spare disks, right? Pop the contaminated
    > or questionable one out, drop in the replacement, and away you go. You
    > are aware of mal-ware that installs itself in RAM, then erases the
    > delivery files, right? It's gone when you reboot, never-mind doing a
    > wipe and reinstall, but while it was there it could have been mailing
    > death threats to your national politicians, spamming every customer of
    > the ten largest ISPs in the world, mailing home any credit card and
    > banking data it finds, as well as your SSH keys (so that other systems
    > you have access to become 0wn3d by the bad guy).
    >
    > Old guy



    I think your right that malware could be a lot more sophisticated, but
    because a large number of users don't take countermeasures, it doesn't
    need to be. So when it comes to things I think I'm likely to encounter on
    my home pc convienience can take precidence.

    I'm trying to get a degree for something computer related, so depending
    on what
    I end up doing, knowledge about tighter security could become an issue.

    I still want to see what aide does though, so thank you.

    I would switch out disks, but I don't even have a good way to back up the
    stuff I have untill I get more money :( Most people who's pcs I've
    cleaned don't have spares either.


    --
    Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
    chame1eon, Nov 6, 2008
    #8
  9. Cam

    Ari Guest

    On Tue, 4 Nov 2008 13:02:44 -0000, Trespasser wrote:

    > --
    > Regards
    > Trespasser
    > ----------------------------
    > I try to take one day at a time, but sometimes two or three gang up on me.
    >
    > I'm not paranoid, I know your watching me. (o-o)
    >
    > Show me a wireless network, I'll show you free broadband.
    >
    > So you think this sigantures bad ? You should see my handwriting
    > ----------------------------
    > "Ari" <> wrote in message
    > news:...
    >> On Tue, 4 Nov 2008 01:20:08 -0000, Trespasser wrote:
    >>
    >>> I do find though that those people who's first action is to reach for the
    >>> windows cd to perform a format either have the attitude that they do not
    >>> have the ability to cleanse a system manually, they just dont have the
    >>> time,
    >>> or they are far too interested in making quick money. I myself have
    >>> taken
    >>> time to find a handfull of tools (all of them free) and there a very few
    >>> machines I see that actually need formatting, after spending an hour
    >>> running
    >>> a couple of programs.

    >>
    >> Heh, you're clueless.

    >
    > #############
    >
    > Yeah your right. Tell that to my boss who pays me £15 p/h


    Two idiots don't make either of you less clueless.
    Ari, Nov 6, 2008
    #9
  10. Cam

    Ari Guest

    On Wed, 05 Nov 2008 13:48:06 -0600, Moe Trin wrote:

    >>Yes, I use other other ways to detect malware rather than rely on AV-
    >>type software. When rootkits are involved you need to compare things
    >>like the in-memory image of the system service despatch table against
    >>the original executable code.

    >
    > A problem there is that you are relying on the existing O/S to read
    > the O/S memory, and some kind of comparison mechanism. How do you know
    > that the memory you are examining is actually what is being used, and
    > isn't something that is patched around.


    The whore is either clean or dirty, never in between.
    Ari, Nov 6, 2008
    #10
  11. Cam

    Ari Guest

    On Fri, 7 Nov 2008 12:47:20 -0000, Ant wrote:

    > In most cases those patches or hooks can be found, even when the
    > malware is running as a kernel driver. I've not yet seen something
    > that could totally subvert raw device access or be undetectable in
    > some way.


    I'm sure you haven't. I'm also sure that if something is not detectable
    by an amateur you won't find it.

    See how that works?
    Ari, Nov 7, 2008
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim

    Sophos AntiVirus Vs Norton AntiVirus

    Tim, Aug 16, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    10,365
    Robert de Brus
    Aug 17, 2003
  2. Nicole Kidman
    Replies:
    1
    Views:
    3,087
    °Mike°
    Aug 16, 2003
  3. alexander rickert

    symantec: norton antivirus versus norton antivirus corporate

    alexander rickert, Nov 3, 2004, in forum: Computer Information
    Replies:
    3
    Views:
    1,111
    James Baber
    Nov 3, 2004
  4. Boppy
    Replies:
    15
    Views:
    2,549
    Lawrence D'Oliveiro
    Jan 24, 2011
  5. Mark Fuller

    Antivirus Antispyware 2011 removal

    Mark Fuller, Apr 11, 2011, in forum: Computer Security
    Replies:
    0
    Views:
    1,505
    Mark Fuller
    Apr 11, 2011
Loading...

Share This Page