Spyware or Virus?

Question

I just recently restarted my computer from scratch because my ISP blocked me and they said I had Excessive Email coming from my computer, they said something was sending 1000 emails per minute out ....I tried scanning my computer using McAfee and Prevx1 and they didn't find anything...Also every time I clicked on internet explorer Icon to go on the internet it took me to http://aprotectedpage.com while my homepage was set to Yahoo.com...everytime try going to Yahoo it me to that page but if I went to something like www.Myspace.com it took me straight to that page...every website worked except Yahoo which it took me to that page....is there any spyware or virus remover free that I can use next time it happens? ..thanks to all who answer...

Answer 1

Listen up.... (Webmaster, www.BlueCollarPC.Net) you may be the victim of a newly released malicious installation that is called ransomware. There have been handfuls of these since the WMFmetafile exploit in IE (Internet Explorer) called SpyAxe, SpyFalcon, SpywareQuake and others. They are fake bogus antispyware programs that hijack your pc and tell you to pay $30 to buy the spyware removal program. For more check out this well known site:
Title: The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites
Description: Bad, False, Fake products
URL: http://www.spywarewarrior.com/rogue_anti-spyware.htm
The mass emails can be from a worm or backdoor spyware program that have their own SMTP mailer program. This is outgoing only emails (See POP Mail incoming/outgoing). The amount you show would be a worm. Some trojans also have smtp mailers in them. You may be infected with several malicious items. There is what is called a botnet that may have attempted to seize your computer to make it part of a zombie network that currently are running ovwer 100,000,000 computers worldwide and responsible for over 60 % of world spam - see Trend Micro reports/news. Listen to my own Modcast:
Malware Botnet Cartel
http://www.bluecollarpc.net/downloads/DestroyBotnetCartel.wma
When your homepage is hijacked to another site it is a BHO (Browser Help Object) which is an Active X in the Windows Registry. These are called Browser HiJackers. You do not have simple problems if you are clocked at 1,000 mails per minute. Indeed your ISP may contact you by phone telling you to clean up your computer or be suspended from service. (Spam costs bandwidth money and is dangerous as sending more infection). Again, you may be severally infected with a worm, trojan, and spyware backdoor. You are going to need a full system scan with antivirus and antispyware and in Safe Mode. For more on what and which threats are visit here: Threats Frequently Asked Questions
http://www.bluecollarpc.net/threatsfaq.html
Some of the information about your problem is sketchy on the internet which lends to you having a new unknown threat which is called "in the wild" or sometimes wrongly "zero day threat". Apparently it is a bogus antispyware malicious program install drive-by because of the webpage they have locked you into by hijack. This points to the Zlob trojan family that is known for these....
Trojan.Zlob
Aprotectedpage.com is a dangerous computer hijacker that is often installed without user knowledge or consent by Zlob trojan. Aprotectedpage.com hijacker may hijack your homepage to www.aprotectedpage.com. Aprotectedpage.com may also display fake warning alerts with flashing icon from your system tray such as pop up balloon warning messages claiming that your PC is infected. For example: "Critical System Error", "Your computer is infected", Trojan-Spy.win32@mx", "Virus Alert", "Security Alert" or "Spyware.Cyberlog-X"
Sketchy direct information:
(BAD WEBSITE / DON'T GO HERE!!!:):
SpyHeal is the Latest and Most Advanced Spyware Detection and Removal application on the Internet. We will prevent anyone from "spying" on your Internet ...
aprotectedpage . com/ - 11k - Cached - Similar pages
(REPORTS):
Aprotectedpage.com is a dangerous computer hijacker that is often installed without user knowledge or consent by Zlob trojan. Aprotectedpage.com hijacker may hijack your homepage to www.aprotectedpage.com. Aprotectedpage.com may also display fake warning alerts with flashing icon from your system tray such as pop up balloon warning messages claiming that your PC is infected. For example: "Critical System Error", "Your computer is infected", Trojan-Spy.win32@mx", "Virus Alert", "Security Alert" or "Spyware.Cyberlog-X".
MORE:
Description of "aprotectedpage hijacker" This hijacker is a variant of Wzor virus. It redirects your IE to
"http://www.aprotectedpage.com" . It gives you a fake warning message that your computer is infected by W32.Myzor.fk@yf trojan, which is not a real trojan, then it asks you to download some anti-virus programs : Spy Heal and Pest Capture .
You can do two things:
One))) You need to run three things. Malicious Software Removal Tool, AntiVirus and Antispyware full scans. You need to do this in Safe Mode.... Start > Run > type in "msconfig" > click Boot.ini > Safe Mode > Apply > Boot into Safe Mode. Run all scans. Quarantine/delete/clean. To get out of Safe Mode: Start > Run > type in "msconfig" > General > Normal > Apply > and reboot into Normal mode whre you are now. Safe Mode will stop all processes from running and allow you to remove the threats. I'm guessing you only have free antivirus. Here's where to go:
Microsoft® Windows® Malicious Software Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en ......Download and run that in Safe Mode. If you don't now how, just run it then when after you download it to Desktop or My Documents. Scan will take at least 20 to 30 minutes. It may direct you to scan in Safe Mode to be able to remove the threats. You will have to do the above instructions. You probably don't have antispyware. Forget Ad-Aware for now - it is only so so and way behind on "in the wild threats" (new unknown threats). You will need to install the following, update it and full scan:
SUPERAntiSpyware [working-freeware]
http://www.superantispyare.com
You can also try the following trojan remover full free program:
a-squared trojan remover [working-freeware]
http://www.emsisoft.com/en/software/free/
AntiVirus (free):
AVG Anti-Virus Free Edition (need anti-virus ?) [working-freeware]
Download, Information at this website :
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html
http://www.grisoft.com/
(Download, install, update, full scan)
TWO}}} You are welcome to join my groups - or send an email here now with your problems: spyforum@yahoogroups.com and view responses here: http://groups.yahoo.com/group/SpyForum/messages
(public group for removal help, I am Group Owner - gerald_309 or YahooID: kdj4718nighthawk - http://profiles.yahoo.com/kdj4718nighthawk
I own the BlueCollarPC.Net website and am the creator of our Forums and Groups:
BlueCollarPC.Net Web Group
BlueCollarPC.Net News Group
Spy Forum Yahoo Group
BlueCollarPC MSN Group
BlueCollarPC.Net Forums
OR you can download and run HiJackThis which will allow you to create a log of your start up programs which may show the culprit partially and get removal instructions at any of these websites: (donate): List:
http://www.bluecollarpc.net/pcsafety.html
If you learned your lesson about security and threats - you are going to buy a well known firewall and antivirus and antispyware program and keep them up to date at all times and scan at least once a week - and not crap or free ones niether but especially antispyware programs with real time active shields that protect against drive by instaqllationms like this in the first place. See Trend Micro Antispyware and Webroot Antispyware. The Microsft free Windows Defender has active real time shields but is only so so on defintions database.
More:
http://www.bluecollarpc.net/pcsafety.html

Answer 2

Sounds like Malware... essentially a virus and adware mopped up in a sweet unholy marriage.

What I would suggest is ctrl alt delete and looking at the processes running. Anything duplicate or something that just looks out of place probably is. Just type in the processes into a search engine like yahoo or google, the first result or two will tell you exactly the purpose of the process, and can let you know if it is a virus. It really sounds like Malware to me, which can be effectively removed using a couple of freeware programs in conjunction.

1.) Find the process that the computer is being hijacked with using ctrl alt delete and then searching the internet for it.

2.) Find within those results a tech blog or something like that. They provide detailed step-by-step instructions on how to remove the junk.

I will warn you this is not easy and find a few sites and make sure the instructions are similiar so you aren't getting lied to. It will require a few restarts and multiple programs and follwing directions to a T.

The only way to really avoid malware is to be very careful about what you are doing on the internet and what you are downloading. Only download trusted items from trusted sites. We've all been guilty of letting our gaurd down on the internet and picking a virus or adware or malware when we could have avoided it (myself included).

If all else fails, start from scratch with system restore cds or with system restore in windows.

Best of luck.

Answer 3

This is a big time hijack and it also looks like a big time Trojan in your computer. Your computer has been taken over to send spam out.
I would not mess around and try to get this menace out with free downloads. I would recommend that you completely reformat your hard drive.
I know that this does not go down well - but you could spend days trying to dig this out.
After reinstalling - download AVG or Avast free virus scans. Spybot Search and Destroy and AdAware spyware removers.
Also - make sure you download ALL the updates from Microsoft.

Answer 4

Yes, there is. You should download and run all of these. Run Windows Defender on a weekly basis. Further, make sure the Windows Firewall is turned on (Start, Control Panel, Windows Firewall, the radio button "ON" should be 'pressed')

Trying to fix your problem: I will focus on updating your computer, this MAY TAKE A WHILE, SO BE PATIENT. During the update process, do not use the computer as it may interfere with the update process.

Step 1: If you have XP, make sure you have Service Pack 2 (Click Start, Run, enter "msinfo32" and hit enter). single Click "Summary" in the left column and on the right side of you screen, the second row will tell you what service pack you have. If it is not Service Pack 2, update it with the following link: http://www.microsoft.com/windowsxp/sp2/default.mspx

Step 2: Update your computer using the Microsoft Update site http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Step 3: Make sure you have the most recent version of Internet Explorer. Open Internet Explorer, click "help" and "About Internet Explorer." A window will pop up. If the Version looks similar to this: Version: 7.0.1234.56, you do not need to update. If your Version is NOT "7.0.xxxx.xx" you need to update I.E. from the following link: http://www.microsoft.com/windows/downloads/ie/getitnow.mspx (link to download is at the bottom on the left)

Step 4: Scan for Malicious Software using Microsoft's Malicious Software Removal Tool http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en AND Windows Defender http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D&displaylang=en

In many instances, problems with Microsoft products are caused by third party software that you've downloaded without knowing what it would to to your computer. The previous programs search out those types of software and remove them. Be sure to run BOTH of them, you can delete the Malicious Software Removal Tool when you're done with it, but KEEP Windows Defender and run it regularly--I recommend weekly--to keep your computer in good working condition

Step 5: Even if you've already had to do it several times, restart your computer.

Step 6: You may contact me if you have further issues. popennell@gmail.com

Answer 5

htt*://aprotectedpage.com also called Trojan.Zlob, Zlob Trojan, Zlob, Virus Blast, Virus Bursters, Protection Bar, Trojan.DLoader/LX, Spyware.Cyberlog-X. NetWorm-i.Virus@fp,


To remove this particular trojan /spyware follow
1) How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid
http://www.bleepingcomputer.com/forums/topic17258.html

Then
(2) If you have not already scanned your comp with spybot do that now .Update it and then run it so it gets rid of all the spyware and trojans .The updated version of spybot finds and remove all versions and varients of Zlob

(3) Do an online virus scan to check if you still have any other viruses in your computer. And let us know if the online virus scan still finds any virus or spyware .

Answer 6

The best anti-spyware software is CounterSpy. It runs rings around any free ones. The best thing is that although it costs $20 to buy, you can get a 2 week free trial. It will clean out the spyware.

Answer 7

Your home page has been hijacked. Ad Aware may find it, but get Windows Defender and also try Trend scanner, it finds a lot of stuff the others ones do not.

Answer 8

You can get a free program called Ad-aware 6.0 from downloads.com and it will remove any spyware/adware that you might have. You might want to rescan again after the initial scan.

Answer 9

Try this website, www.majorgeeks.com. They have links to free antivirus scanners that may solve your problem.It's just a guess but it looks like a worm or a spyware hyjacker is infested in your machine.............

Answer 10

First off I'd like to start off by saying McAfee sucks.....
Go to download.com
download spybot, adware se, and avg
you'll have better protection and it'll be free

Answer 11

1000 e-mail perminute hmmm 1000x60x24 wow 1.4 million a day ..they should pay you for this... i definitely say a spyware
zone alarm antivirus also good...any good spyware remover also good.