Questions

Internet Spyware - Warning! Your Computer might be infected with malware

Tags:
+
0 Votes
Locked

Internet Spyware - Warning! Your Computer might be infected with malware

rcpj80
I'm working temporarily for Kaplin University as IT technician. One of the users gets a spyware message periodically when connected to the internet. The message reads: Warning! Your computer might be infected with malware. Below that it says: scanning your pc for threats. Then it lists some threats. It's hard to pinpoint where the file is on the computer.

It doesn't pop up in the system tray like most fake spyware messages do. It pops up in the top of a internet site when you click on internet explorer. I'm thinking that the user needs to have a spyware remover installed and run on the computer.

Since it happens when the user clicks on the internet is there any security or privacy settings that I need to change or will the spyware removal software work? Please answer as soon as you can.
  • +
    0 Votes
    JamesRL

    Some software that purports to be an anti-spyware tool are in fact spyware themselves. One such tool ended up forcing me to format and reinstall the OS on a computer.

    But before you get that point, disable system restore, boot into safe mode and run a good trusted tool like Spybot search and destroy or ad aware. That will eliminate most spyware.

    James

    +
    0 Votes
    1bn0

    If so you need AntiMalware from MalwareBytes.

    http://www.malwarebytes.org/mbam.php

    You can download and run the program manually for free. TO have it run all of the time you need to get the paid version.

    The free version will usually remove AntiVirus2009.

    +
    0 Votes
    lseguin

    Get rid of spyware without buying a remover. Here's an example.

    CASE 1
    Run REGEDIT, verify String Value; Userinit under HKEY_LOCAL_MACHINE\
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon for appended
    text like UESIUQCR.EXE or ???
    C:\WINDOWS\system32\userinit.exe, ???

    HOW TO REMOVE SPYWARE
    1. Under key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\, remove the entry "uesiuqcr.exe" or ???

    2. Use a Boot CD (or media) with NTFS File Manager support and deleted UESIUQCR.EXE-38fb783e.pf under C:\WINDOWS\Prefetch and C:\WINDOWS\system32\uesiuqcr.exe.

    3. Update Antivirus Defs and scan HD several times until spyware(s) are removed or canned.


    CASE 2
    Could launch in IE from an Active X.
    Verify under Manage Add-Ons.

    Hope this helps!

    +
    0 Votes
    ThumbsUp2

    ... all this user is seeing is an animated GIF built into a web page which 'appears' to be a window and it's really just an image which, when clicked on, would indeed infect the computer. We've all seen them on occation. It's built into the web page we're viewing.

    By the way, fake spyware messages don't appear in the system tray until AFTER the computer is infected.

    But, to be on the safe side:

    (1) download and install Spybot Search and Destroy from http://www.safer-networking.org/en/index.html update it, then do a full system scan while in Safe Mode.

    (2) download and install CCleaner from http://www.ccleaner.com/ then run it while in safe mode, removing anything that it finds and running it again and again until it finds nothing. There are two parts to run, disk cleaner and registry cleaner. Do them both, over and over again, till clean, then reboot.

    There are many more legitimate tools to use if you can't get rid of whatever they might have. But, don't be fooled by FAKES which 'say' they'll help clean up the system.

  • +
    0 Votes
    JamesRL

    Some software that purports to be an anti-spyware tool are in fact spyware themselves. One such tool ended up forcing me to format and reinstall the OS on a computer.

    But before you get that point, disable system restore, boot into safe mode and run a good trusted tool like Spybot search and destroy or ad aware. That will eliminate most spyware.

    James

    +
    0 Votes
    1bn0

    If so you need AntiMalware from MalwareBytes.

    http://www.malwarebytes.org/mbam.php

    You can download and run the program manually for free. TO have it run all of the time you need to get the paid version.

    The free version will usually remove AntiVirus2009.

    +
    0 Votes
    lseguin

    Get rid of spyware without buying a remover. Here's an example.

    CASE 1
    Run REGEDIT, verify String Value; Userinit under HKEY_LOCAL_MACHINE\
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon for appended
    text like UESIUQCR.EXE or ???
    C:\WINDOWS\system32\userinit.exe, ???

    HOW TO REMOVE SPYWARE
    1. Under key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\, remove the entry "uesiuqcr.exe" or ???

    2. Use a Boot CD (or media) with NTFS File Manager support and deleted UESIUQCR.EXE-38fb783e.pf under C:\WINDOWS\Prefetch and C:\WINDOWS\system32\uesiuqcr.exe.

    3. Update Antivirus Defs and scan HD several times until spyware(s) are removed or canned.


    CASE 2
    Could launch in IE from an Active X.
    Verify under Manage Add-Ons.

    Hope this helps!

    +
    0 Votes
    ThumbsUp2

    ... all this user is seeing is an animated GIF built into a web page which 'appears' to be a window and it's really just an image which, when clicked on, would indeed infect the computer. We've all seen them on occation. It's built into the web page we're viewing.

    By the way, fake spyware messages don't appear in the system tray until AFTER the computer is infected.

    But, to be on the safe side:

    (1) download and install Spybot Search and Destroy from http://www.safer-networking.org/en/index.html update it, then do a full system scan while in Safe Mode.

    (2) download and install CCleaner from http://www.ccleaner.com/ then run it while in safe mode, removing anything that it finds and running it again and again until it finds nothing. There are two parts to run, disk cleaner and registry cleaner. Do them both, over and over again, till clean, then reboot.

    There are many more legitimate tools to use if you can't get rid of whatever they might have. But, don't be fooled by FAKES which 'say' they'll help clean up the system.