Help Please

Hi,

just registered and new to this.

One of my kids has discovered INTERNET Chat Rooms.

Yesterday, he was foolishly left unattended.

At the moment the family PC is behaving in an eratic manner. Occasionally (but not all of the time) when the mouse moves it opens up a whole range of windows, mainly those programs that have icons in the windows toolbat at the bottom of the page.

I have run the Norton Anti Virus software, full system scan, and nothing was found. I have run the W32.Welchia, W32.Sircam and W32.Blaster Worm removal programs and nothing was found. I have ZoneAlarm installed and I have run a wee program that looks for Trojans (SpyBot). Nothing found.

I have looked at the registry under the Run Folder and can see nothing suspicious:
Run -
Optional Components -
IMAIL
MAPI
MSFS

Anyone got any ideas what is going on and more important, how can I resolve this?

Thanks for any advice.


Bleep

PS I may be wrong, but it seems to be worse when I am running Inyernet Explorer.

 

First go into control panel Add/Remove and uninstall any program that is named ICQ, IRC or MIRC.

Cleanup temps!

Then

Use this program to remove Spy/Adware and Browser hijacks

Spyware and adware removal

SpyBot http://security.kolla.de/index.php?lang=en&page=download

Run this twice delete all it finds.
Leave all it wants to leave after the second run.

Then go here http://www.spywareinfo.com/~merijn/

and get and run the following program "CoolWeb Shredder ".

If you need more help post back.

Mike

 

Hi, thanks for taking the time to help.

I have done all of what you said, the only grey area was deleting stuff from temp folders because there are lots of them and some of the stuff seems to be required (although I can's be certain).

I had already run the SpyBot software as I had it on my machince. I downloaded and run the shredder software. For the moment all appears to be well, but a couple of days ago I thought the same and agter a few hours it all kicked off again.

Do you mind if I get back to you if it goes haywire again?

Thanks again for replying.

 

Hi Bleep

Glad all is well for now.

Here is how you clean temps.

Configure CleanMgr to max settings
Go to Start-Run and type

cleanmgr /sageset:1
The above need only be ran once (these settings will be remembered as the default until another sageset is ran).

It will present a menu select all except compress, then

Go to Start-Run and type

cleanmgr /sagerun:1
As long as /sageset above has been ran on this computer from now on the /sagerun is the only thing that needs to run.

And below a few downloads to help:

EasyClean1.7 <http://gswi.com/downloads.htm>
Run only unnecessary files and registry clean delete all it finds. If you have XP or ME in the "Unnecessary Files" type the word HELP in the skip box. Do not do Duplicate files!
NOTE: Easy clean breaks XP help but it is so easy to put back I still recommend and use EasyClean, so after Easy clean go here and click the top left hand corner to fix online or below download it to your computer for later. http://dougknox.com/xp/scripts_desc/fixwinxphelp.htm

DISK TEMP AND MRU(PRIVACY TRACKS) Cleanup

Dclean http://www.xs4all.nl/~mp2004/

I think Dclean is the smallest, fastest most thorough temp cleaner there is. When you run it the first time put a check in all boxes.

MRU BLASTER http://www.wilderssecurity.net/mrublaster.html

Cleans the registry of all tracks in MRUBlaster go to settings plugins and select both Cookie Blaster and IE Temp file cleaner, check the "Enable automatic" that is directly over the "Save settings and run now" then hit the Save settings and run now ".

Spider: http://www.fsm.nl/ward/

Spider gets the infamous index.dat files, plus a few other things. Click scan then click clean, but when it asks for what to clean, check all drives and everything else.

XpAntiSpy http://www.webattack.com/get/xpantispy.shtml

There are many settings in XpAntiSpy but the ones you would use for privacy are:

Heck I usually do them all EXCEPT "Enable fast Shutdown and Task-Scheduler service.

I also set it to Clear Pagefile on shutdown for cleaning but after reboot I always turn this back off and only clean it when I want. Some leave it on all the time.

Mike

 

Hi again (M Flynn).

The problem has not gone away.

I'm at a complete loss as to what to do. My Norton AV is fully up to date and I have the latest SpyBot program. I have downloaded and run AdAware as well as the program you advised me to run.

It does seem to be associated in some way with Internet Explorer or Outlook Express as it is worse when these programs are being used, particularly IE.

Thanks again for any advice.

Bleep

 

Oops, sorry Mike. I'm sure your reply (above) wasn't there when I posted my last message.

Any advice now that the **** virus hasn't gone away?

Thanks again.

 

Ideas.

If running Windows 98.

Go to the C:\Windows\sysbckup folder and delete ALL RB00X.CAB files. The virus may still be in one of them and Windows is picling it up.

If using XP.

Shut down System Restore. That will clean out all restore points. I would not turn it back on untill I was sure that the system was clean.

After either one of the steps above do another FULL System Virus scan.

And use the suggestions by mflynn again.

Either OS.

Do not use any prevous backups the may have been made while the Virus was present.

BillyBob

 

HI BB

Bleep

Yes, what OS are you running. When you mentioned Blaster I assumed 2k or Xp.

Blaster only effects directly anyway 2k and Xp.

And you never said you found a Virus, after multiple checks and scans. Including a Trojan scanner.

I guess we need more info so do this first:

Get HiJackThis here http://www.lurkhere.com/~nicefiles/index.html

Then load it and click Config then Misc tools then generate Startup list. This will bring up all your startup programs. While this is on screen copy it and paste it back to us in a message.

With this info we can help you better.

Your move!

Mike

 

Hi.

Thanks for all of the advice.

I am replying from place of work and when I get home tonight I will address each of the suggestions, then get back to you. I intend also to subscribe to the site so I will do that when I get home also.

Much appreciated.

Bleep

 

Don't forget to let us know what OS you have.

Win 98 or XP or what?

Do the HiJackThis proceedure first and get it on out to us.

Mike

 

Hi Christer

I do not get any errors loading the page. So you may have other problems here.

But you are correct they no longer offer this program. This must be a very recent change.

XpAntiSpy is a German program newest ver is 3.72. So get it from the programmer at:

http://www.xp-antispy.org/download.php

Mike

 

hiya bleep,

this might b a bit late but

it sounds like the after affects of a trojan. ask your son what he got sent (pictures etc) and check startup run for that filename.

when your online try going on msn dos and type netstat -a i think, see if anything is funny.

let me know how you go on...

Mike

 

after reading through more thoroughly i seen the bit about going worse when you load ie.

there was a trojan or virus not so long ago which used internet explorer to execute itself with. eg open trojan server etc.

when a trojan server usually opens, the computer slows down and sometimes freezes for a short while depending on speed.

does yours freeze etc?

any1 help? any1 remember this?

Mike

 

sometimes does wierd stuff like that on mine too on my home computer where as when i go on my dads it doesnt????? when im going on certain web pages i turn my firewall off. and it sometimes does the trick, try that..


Mike

 

That is what I would call " Leaving the door WIDE open for uninvited Guests. "

That may cure that one probelm but at the same time leave the door open for more. Because don't forget that when you turn the Firewall off things can get in and/or out of your machine WITHOUT your knowledge.

It may be annoying. But is it annoying enough to shut the FW off ?

BillyBob

 

i think it is! especially when your browsing through loot at nothing comes up!

you havent heard bout the trojan in ie have you billy?

Mike