my computer is about to break down and crash. it probably has like 15 viruses and it was a hassle just opening up mozilla firefox to get on the internet, there is a constant popup from mcafee that says "your computer is in danger. windows security center has detected spyware/adwar infection. it is strongly recommended to use special antispyware tools to prevent data loss..."
not only that, but my desktop has turned into a black screen with the words "your computer is in danger". i have mcafee, but am not really sure how to work it or even if i have all the supplies. some thing called "brave sentry 2.0" downloaded and it is removes viruses i suppose, but i honestly have no idea. please help!
i have a fujitsu c series lifebook, windows xp
2006-06-21 16:37:50 · 12 answers · asked by you're_a_mango 2 in Computers & Internet ➔ Other - Computers
i want to fix it without rebooting my entire computer, PLEASE. and i forgot to mention, task manager doesn't open up either. it says it has been disabled by the administrator
2006-06-21 16:47:20 · update #1
Windows users might see such a prompt if they visited one of several porn sites that try to exploit a series of Internet Explorer flaws to drop "Trojan horse" programs on the victim's PC that directs IE to www.microsofft.org (the URL in the address bar in the picture at right is spoofed with another IE exploit). I'm a little mystified as to why Microsoft hadn't already registered this rather obvious permutation of its trademark (this one was created in February) among several others I found within just a few seconds of searching the Web.
The porn site also installs a fake anti-spyware program that pops up a red "x" and displays a message that reads: "Your computer is in danger. Windows security center has detected spyware/adware infection. It is strongly recommended to use special antispyware tools to prevent data loss. Click here to install the latest protection tools!"
Of course the "protection tools" have already been installed by this point, and they include a fake anti-spyware tool called "Brave Sentry 2.0." This program is so brave that it identified no fewer than 23 threats on my system, including more than a few known Trojan horses. After some digging through the Windows registry and some startup folders, it became clear that Brave Sentry had planted these files on its own.
The your-IE-license-has-expired-go-buy-some-fake-Viagra ruse was a new one for me, but if you think people won't be taken in by it, think again. In a blog post a few weeks ago about SiteAdvisor, a company that makes browser security add-on for IE (which was just bought by McAfee), I found a number of people who'd be duped into paying for copies of IE or Firefox by following sponsored links that showed up in a Google search for those titles.
On a side note, while SiteAdvisor generally does a good job identifying Web sites that have sketchy advertising or other business relationships with dodgy third-party sites, it didn't flag either of the online pharmacy stores implicated in this whole expired-IE scam (wowpills.com and howinstant.info) as suspicious.
Update, 5:46 p.m. ET:: The folks over at Sunbelt Software tell me that Brave Sentry is in the same family of bogus anti-spyware tools as SpyAxe, SpySheriff, among others. If your machine has been infected with one of these programs, check out the information posted here.
Before attempting this removal procedure, download the following removal tools to your desktop and install them.
* SmitRem by NoahdFear - Tool to remove Spyaxe, SpySheriff, PSGuard, WinHound, and other issues
* Ewido Anti-Malware - Highly recommended anti-malware, anti-spyware program
* HijackThis 1.99.1 - Essential tool for finding spyware, virus, trojan, and other problems
* CCleaner - Free tool for removing temporary files, cookies, history, and cleaning up registry problems
* Killbox - useful program to delete files that are "in use" by Windows preventing normal deletion
Removal Procedure
1) Download the programs above to your desktop, extracting and install them. Then update the signatures for Ewido Anti-Malware. Once this is complete, reboot your computer in Safe Mode
2) Open the SmitRem folder and double-click on RunThis.bat to start the SmitRem removal procedure. Besides removing particular files that it looks for, the tool also runs the Disk Cleanup tool to remove temporary files on the hard drive that may contain problem files. For a Tutorial on using SmitRem click here
3) After SmitRem has finished, open Ewido Anti-Malware and run a full system scan deleting anything it finds.
4) While still in Safe Mode, run CCleaner. Analyze and Clean files it finds, then click on the Issues button on the left side of the screen and Scan and Fix any Registry issues CCleaner discovers. Run both the Registry Scanner and the File Analyzer until nothing else is found.
5) Search for and manually delete the following directories and files if they remain.
* svchosts.dll
* wbeconm.dll
* webconm.dll
* mssearchnet.exe
* mscornet.exe
* nvctrl.exe
* spyaxe.exe
* netwrap.dll
* ntzl.exe
* ioctrl.dll
* intelli321.exe
* hpA75B.tmp or all the files similar to hpXXXX.tmp where X may be any character.
* c:\windows\inet20004 or c:\windows\inetXXXXX directory (where X represents a random number) and all files
* C:\Program Files\SpyAxe
* C:\Program Files\Spy Sheriff
* C:\Program Files\SpywareQuake.com
* C:\Program Files\BraveSentry
* C:\Program Files\AlfaCleaner
* C:\Windows\System\1024
* C:\Windows\System32\1024
*
C:\Winnt\System32\1024
6) Run Hijackthis and Remove any leftover issues. If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. Just copy and paste your Hijackthis log file into the scanner and let it analyze it for you. Although its not perfect, it will give you an idea if your system is clean or still needs some work. Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does.
For items in the Hijackthis log like the following, that will not delete manually, use KillBox to browse to the location of the file and delete it or delete it on reboot. Items that are impossible to remove unless using Killbox usually show up in the 20 section of Hijackthis.
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: winrir32 - C:\WINDOWS\SYSTEM32\winrir32.dll
O20 - Winlogon Notify: dvd4free - C:\WINDOWS\SYSTEM32\dvd4free.dll
7) Reboot computer in Normal mode
8) Fix your desktop wallpaper by going to Control Panel, double-click on Display, on the Desktop tab, make sure the background wallpaper is correct, then click on Customize Desktop and click on the Web tab. On this tab is usually where active components such as web pages have taken over your desktop. Delete any problems here and click OK twice to leave the Display settings. Return to your desktop and check to make sure its correct.
9) Scan your computer with online virus scanner like Housecall, BitDefender, or ETrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues.
Online Virus Checkers
Trend Micro Housecall - will scan and remove threats
BitDefender Scan Online - will scan and remove threats
Ewido Online Scanner - will scan and remove threats
Panda Activescan - appears to only scan for but not remove threats
McAfee FreeScan - appears to only scan for but not remove threats
eTrust Antivirus Web Scanner - will scan and remove threats
Symantec Security Check - will scan and remove threats
Dr.Web Online Check - user can upload and test for threats on particular files
Trojan Scanner
TrojanScan by WindowsSecurity.com
Free Antivirus Programs to Download
ANTI-VIR
AVAST
AVG
You may also want to run a thorough scan for adware/spyware using Ad-aware SE, Spybot Search and Destroy, or Microsoft Antispyware now known as Windows Defender as well to make sure your system is absolutely clean of other malware.
Congratulations! Your computer should be free of the dreaded SpyAxe, Spy Sheriff, WinHound, Brave Sentry, Spy Trooper, Alfa Cleaner, or other similar bogus spyware removal tool and problems. However, now that your computer is running better, patch this problem exploit before you visit another webpage. Follow the instructions below to download the patch for this exploit. If for some reason, you are still experiencing problems or have files that you are not sure of, you can email me a Hijackthis log and I'll try to help >>>>>.http://www.pchell.com/support/spyaxe.shtml for his email address.
Good luck!
2006-06-21 16:46:03 · answer #1 · answered by Carla S 5 · 3⤊ 0⤋
I'm sorry for your computer, just a simple suggestion format your hard disk and you'll get clean computer. But before you do that make sure that you already back up all important data. If you can not back up the data because of black screen. It's simple do you have another drive or hard disk? If you do make the clean one as master and the infected one as slave and now you can transfer all of those file but remember to put Operating System and new updated Anti Virus programs in that clean drive or hard disk. Have a nice work!!
2006-06-21 16:49:45 · answer #2 · answered by Anonymous · 0⤊ 0⤋
Easiest is to simply wipe the computer and start all over. However, I recommend checking that McAfee is working correctly and up to date with its virus definition files.
Then use McAfee to clean your computer of viruses. After of which, use multiple anti-spyware programs (Adaware and Spybot to name two) to clear your computer of any spyware/malware that's left on the PC.
Once that is complete, it's a good idea to back up any important data you don't want to lose. Spyware and viruses are nasty things that can really wreck a PC I'm sure you know. It's good to have back-up copies of data incase you lose anything or have to start over.
2006-06-21 16:43:20 · answer #3 · answered by The 3rd Nipple 6 · 0⤊ 0⤋
Dude ... you could try a virus scan/removal and a spy-ware scan/removal, but I don't think that's going to solve all of your problems.
Burn all of the files you wish to keep onto a CD.
Buy a new hard drive.
Install and format the HDD
Install Windows
Install all device drivers for you computer
Connect to Internet and then run Windows Update / Download and install ALL critical Windows updates.
If you don't feel comfortable replacing the hard drive yourself, take it to a pro.
2006-06-21 16:45:10 · answer #4 · answered by dylanwalker1 4 · 0⤊ 0⤋
If you can, download spyware/adware removal software. There are a few that are really good and free. Spybot, Adaware, or Microsoft Windows Defender.
2006-06-21 16:43:41 · answer #5 · answered by cda94 2 · 0⤊ 0⤋
You are apt to be getting scammed by Mc. That is a common thing when you buy a new computer that comes with Mc and then the "Free" period runs out and they want you to buy their package and pay for all it's up-dates. Go to GRIsoft and down load AVG. It is free and will clean all that crap up. Make sure you turn off XP home's firewall and shut down Mc first. Then (after getting AVG) go to ZoneAlarm and down load their (FREE) firewall. Set up AVG and Zone (simple). Run Scandisk, AVG and Zone, in that order then down load Ad-aware, Spybot search and destroy, and Spywareblaster, again, in that order (all are free). Then use every one to clean up your machine. I think now they all work with firefox. Not sure what that brave thing is so if it is bad one of the above should get rid of it. ALL of the listed can be down loaded from a number of locations, so just key word them in to your Yahoo search box.
2006-06-21 16:57:49 · answer #6 · answered by Dusty 7 · 0⤊ 0⤋
SInce you have that software, use it. YOU should find, a option like "SCAN" or something similar, and the program should walk you through the whole process. or DOWNLOAD AVG anti-virus FREE EDITION. go to www.download.com and search it. GOOD luck, ur computer is not that deep in danger, you just have to get it healthy! do it fast, before to late. bye bye
2006-06-21 16:46:32 · answer #7 · answered by edge_gate 1 · 0⤊ 0⤋
you need to do a reformat and reload the OS, but if your system has viruses in the boot sector sometimes you cant get rid of them. new hard drives are really cheap, first try formating and reloading if you still have problems replace the hard drive and reload, then you can use it as a slave and do a norton disk doctor check on it
2006-06-21 16:46:43 · answer #8 · answered by johnman142 6 · 0⤊ 0⤋
There are people who do data recovery,you can first have a backup of your entire data & then get your hard disk entirely scanned for virus or
you can format the whole machine
2006-06-21 16:53:44 · answer #9 · answered by rskhere 1 · 0⤊ 0⤋
go to download.com, download spybot and avg antivirus free edition. clean out as much as you can with those. uninstall the macafee crap.
after you do this it chould get better, the download ewido secutiry and install it , it is free for 30 days, clean with that, then it should be to where you can manage it
2006-06-21 16:41:24 · answer #10 · answered by butchell 6 · 0⤊ 0⤋