Windows ME Startup hijacked - Possibly Adware

Dear potential problem solver!

I have had many adware attacks over the last so many years, and have always removed them successfully through spybot and adaware, with the latest definition files.

I clicked into a website to do some research on adobe software on sunday night. Unfortunately it turned out to be a warez site, which loaded some insidious garbage on my computer, that I just can't get rid of. I've have used Registry Mechanic and Norton Internet Security, just trying to get rid of it.

Upon startup (windows ME), my computer boots normally, flashing the title screen. My desktop appears, then just before my icons and start menu appears, there is a quick flash for a millisecond. I then get a "connect to" "dial up" box together with a orphened "setup" dialog box. This is were my computer freezes, and I cant do a thing. I can use my computer once out of every six to seven boot-ups.

Once I'm in windows, I can use all my programs and applications as normal. My web-browser works fine. So I ruled out that it is a virus. I then when to "msconfig ", then to "startup ", then switched off all the things I don't recognise, (only to see them all switched on again on the next reboot). This has now got me thinking that it is adware.

I try the add/remove programs thing in settings. I can see the program (i think) that is screwing up my computer. But I'm not sure on what files are associated with which programs, so I leave everything alone.

I've never seen "P2PNETWORK ", "ccCommom ", and "qttack" before, so i try to uninstall them. I just keep on getting error, and the add/remove programs dialog box shuts down. During a "ctrl-alt-del" the program shows up as "P2PNETWORK ", but on trying to do a search under "files and folders" on all my drives, the file can not be found. I can't even find the source of the file where it's all coming from.

The things I would like to do to the person who created this rubbish, would be to vulgar to describe, so I won't. All I know that my only option left is to do a full system re-install, and with a busy radio station committment, that's the last thing on earth I want to do at the moment. I got a horrible feeling that it may have even cutted right into my bios. Does anybody know if these so called "warez" sites a capable of doing this "criminal" damage.

The only thing I found was whatever site I went to, it installed a file called "setup.exe" on my C drive at 9:17 pm on Sunday 15th May 2005. The file size was about 400 kilobites. (about half a meg ". Even on deleting this, it re-appears again on a fresh reboot.

The last thing I wanted to say that, whatever this is, it's cutted into my startup configuration very deeply, I've noticed a click coming out of my speakers, both on startup and on shutdown.

I just wanted to know, when I get this mysterious "setup/install" dialog box, how can I find the location of where it is coming from. I did a right click but nothing happens.

I don't use any P2P programs like KaZaa, and Grokster, as they are full of rubbish and only damage my computer.

How can I get control of my computer back?

Thanks.

 

Hello radiogold,

Read thru the two stickys at the top of the General Security section
http://www.windowsbbs.com/forumdisplay.php?f=18 and take the recommended steps, inclding the downloading and installing Spybot - Ad-aware - and MS anti-spyware. You might also run the on-line virus scanners, RAV in particular.

After all that, follow the instructions on posting a HighjackThis log here.

Regards - Charles

 

With some of these malwares, trying to uninstall through Add/Remove actually installs something else. This may not help at this time, but have your tried doing a System Restore, picking a date before 15th May 2005?
In any case, those bad files will still be there.
RAV Online Scan is a good idea, also.

 

Start-up Hijackers kicked out!!! - Problem fixed!!!

Thanks every one for the help. I think I've pretty much fixed the problem. It all seemed to boiled down to me catchin a virus, before norton internet security could make a fix for it.

I caught the W32 Spybot worm on Sunday 15th May 2005. This piece of slime had then exploded into seven "setup.exe" files, which then infected my Windows/System directory. Norton Anitvirus released a fix for this on Saturday 21st May. After downloading the new def files, I did a complete scan of all my drives, and found that it all was caused by a "FILE.VBS ", which had invisibly downloaded from an Warez sight flogging illegal Adobe software. I wish I could remember the URL, cause I would have no hesitations on letting the appropriate law inforcers know. I love to see this vermin in prison.

All this hassle, because I was doing an assignment for Tafe on Adobe, and a history of the company.

I guess the lesson I could share with you guys, and to anybody else who is reading this post, is to pay attention to this following scenario. It could happen to you. This is how I got caught out.

"You have just entered a website. You know the entire page has downloaded, as the bottom of the browser says "finished" or "done ". But, what's that noise? you are still hearing alot of activity from your hard drive. That my friend is a virus downloading onto your computer, without you knowing."

Either hit "Ctrl F4" on your PC, or if you don't know what to do on a mac, jump and dive for the power-point, under your desk, and switch off your computer as fast as you can. Hopefully, this will corrupt the virus file, and kill it instantly in it's tracks "

Hope this helps. These slime-balls are now going for your system start up configuration, with their insidious adware and spyware, not just your browser, so we all gotta take better care, while surfing the net.

Once again, thanks for everyone who's read this and offered their help.

Mark Opher.
Australia

 

Thanks for the update, and I believe there are quite a few who feel the same way.
Interesting to read how an old method of infection is being used for something new. I thank you for that.