| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 49485 | 2004-09-20 20:56:00 | Payback spyware? | bk T (215) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 274179 | 2004-09-20 20:56:00 | Got a machine infected by (I think) a spyware something like 'payback ...'. Everything when the machine is connected to the Internet it accesses the Internet lightning fast, I could only see something like 'xxxx has been paid' and it closes down. Installed Adaware but when running it, it could not read the definition files. Also installed Spybot but it could not detect anything. Any idea what is this? Cheers |
bk T (215) | ||
| 274180 | 2004-09-20 21:29:00 | Has this PC got XP on it and window messenger, which hasnt been patched? Windows messenger spams with certain messages, which appear and disappear in a flash. I saw one on someone else's PC the other night. BUT it had an OK button. and a url. I fixed it by going to http://www.grc.com and downloading, installing and running kill the messenger. l |
Spacemannz (808) | ||
| 274181 | 2004-09-20 22:08:00 | I scanned with NAV 2004 and found the following: 1. MediaTicketsInstaller.ocx 2. Mtrslib[1].js 3. pay[1].htm Unfortunate, NAV was unable to remove /quarantine/ delete any of them. I think this PC is badly infected. Now, whenever I tried to install something from the CD e.g. stinger, NoAdware, etc, it scans and broadcast the contents of the CD and when I run the installation file e.g. Noadware.exe, Windows reported that the file is corrupted - even in Safe Mode! Now, I don't think it is safe for me to connect to the Internet for 'On-line scan' because the moment I am connected to the net, it will execute the 'Pay xxxx , xxxx has been paid' from IE. I wander how much it has paid (from where, what, to who, etc.) , I don't know. Anyway to stop this 'evil' from accessing the Internet first? Has made a search but nothing matches this thing. |
bk T (215) | ||
| 274182 | 2004-09-20 22:34:00 | Hmm there's a lot to delete manually for Mediatickets! Try this program, it says it removes it www.scanspyware.net |
Spacemannz (808) | ||
| 274183 | 2004-09-20 22:42:00 | BK.T, Can you find the "exe" files, or the "program file/s" for the offender/s. Is there any mention of them in 'Task Manager" ( you may need to "Halt" their processes first.), You may first have to manually "Quarantine" the files in question ( by placing them in a "New folder" and moving the folder to somewhere else). You may need to clear "Sys Restore" if it is active, and you can not find the files, or all of them. Then use "Utilities" as nessecary. D. |
drb1 (4492) | ||
| 274184 | 2004-09-20 23:02:00 | > > Can you find the "exe" files, or the "program file/s" > for the offender/s. > > Is there any mention of them in 'Task Manager" ( you > may need to "Halt" their processes first.), > Unable to launch Task Manager! > You may first have to manually "Quarantine" the files > in question ( by placing them in a "New folder" and > moving the folder to somewhere else). > Can't find them! > You may need to clear "Sys Restore" if it is active, > and you can not find the files, or all of them. > Has been cleared > Then use "Utilities" as nessecary. > What utilities are you referring to? |
bk T (215) | ||
| 274185 | 2004-09-20 23:13:00 | What OS bk T? | Rob99 (151) | ||
| 274186 | 2004-09-20 23:13:00 | Dump NoAdware for a start, it is spyware - Very poor protection against spyware - High-pressure sales tactics, including use of “false positives” in their free scan - May cause legitimate software to stop working NoAdware Product Review NoAdware is a controversial product. It is heavily advertised on the internet as an effective adware removal tool. Our tests indicate differently however. We uncovered a product that was unable to detect real adware on our computer, and instead tried to fool us with "false positives". Unfortunately, some of the adware programs it claimed to detect were actually operating system files and legitimate software, including Apple's Quicktime player. We were extremely disappointed with NoAdware and recommend that you look elsewhere for an effective product. |
45South (4769) | ||
| 274187 | 2004-09-20 23:17:00 | BK.t, Is NAV not giving a full location path for the offending OCX file or the others. If you Ctrl+Alt+Delete can you not raise tsk manager through the shut down screen. If NAV can find them (and they are "actually" still there) you can find them. D. |
drb1 (4492) | ||
| 274188 | 2004-09-20 23:26:00 | another task manager www.sysinternals.com |
Rob99 (151) | ||
| 1 2 | |||||