| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 57742 | 2005-05-11 07:44:00 | Nyeagghhhhh! Stupid "click me" spyware!!! | scratta (7982) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 354124 | 2005-05-11 07:44:00 | My fiance's parent's computer seems to have a spyware/viral infection of some sort. Specs: Dell dimension purchased from warehouse (can't remember exact name but it's the one with the pentium 4 2.4ghz and fx5200 128mb video card 256 mb ram windows xp home /w sp2 installed. 40gb hdd etc etc...) Ok, onto the problem. It installs green "click me" and "uninstall click me" icons on the desktop. I have been informed that the owners of the computer clicked on the uninstall icon thinking it would make it go away :groan: :groan: This obviously didn't unistall it lol. These icons execute Something in the system32 folder called new_zealand.exe -n or new_zealand -s or similar extensions. Also, the computer tries to dial an international number and pop-ups occur regulaly, probably every minute or so. I have tried adaware, spyware, avg, xosoft, of which none remove it, running the programs in both normal and safe modes. Have also gone through msconfig and made sure that new_zealand.exe is unchecked so it doesn't start up next time, as well as killing any running processes that seem suspect. But every time the computer is rebooted everything reverts to normal. And yes, i disabled system restore while running the anti-virus/spyware. Also, using zone alarm as the firewall. All software is updated to latest definitions etc.... Please help me!!!!! Are there any hidden processes or items in the msconfig that might be hidden from view? Also, is it usual to be running many different versions of svchost in the processes window? I'm assuming it's nothing just wondering. Does anyone know how to get rid of this???? If you do thanks in advance for the help. |
scratta (7982) | ||
| 354125 | 2005-05-11 07:56:00 | Put new_zealand.exe on Google | FrankS (257) | ||
| 354126 | 2005-05-11 07:57:00 | Get Hijackthis and run it / do a scan. And post the log here. BUT that NZ.exe looks like a premium adult dialer. |
Speedy Gonzales (78) | ||
| 354127 | 2005-05-11 08:01:00 | It is an adult site dialer. Symantec have manual removal instructions so you might need to go hacking the registry to remove any references hidden there. Removal Instructions (www.sarc.com). Get them to keep the computer offline (remove modem lead from phone socket) until you can remove it for them to prevent high toll bills if it does manage to dial out. |
Jen (38) | ||
| 354128 | 2005-05-11 12:42:00 | Thank you for the help. In the end i just went through the registry properly and removed every little trace of it, as well as removing all references out of the prefetch folder. After 3 reboots, with no popups, stupid click me icons or international dial attemtps it's safe to say that it's gone. Ta. :) :) :) :) :) | scratta (7982) | ||
| 1 | |||||