My Desktop says I have been infected with spyware...

By pikleking23 ·
Every time I turn on my computer the Background says "Warning: Your PC has been in fected with Spyware" There are Several fatal errors. and it is blue... I Can't go into Control alt delete... and it keeps saying i have spyware and it says i should download a spyware remover and it takes me to a website. Even when i turn my modem off!!! And i'm not downloading anything cuz i think it's even more spyware. I have scanned it in safe mode with Ad-aware se and Norton! Still nothing!!!! Can anyone help????

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

See how you go with this

by Jacky Howe In reply to My Desktop says I have be ...

From another PC download and install these programs and copy the the installed folder along with VundoFix.exe to a USB Stick.

Restart the PC in Safe Mode and turn off System Restore insert the USB Stick and run Sophos.bat when it is completed run VundoFix.exe. When the PC reboots start in Safe Mode again and run Spybot.

Download Spybot - Search & Destroy 1.5.2 and install it. Update it.

Download Sophos and the latest IDE Files. Install it and extract the IDE files to the C:\SAV32CLI folder.

Copy and paste the below two lines into Notepad and save the file to the USB Stick as sophos.bat, it will scan and remove.


VundoFix is a freeware removal tool for many of the known variants of Trojan.Vundo, Trojan.Conhook and other similar infections.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's finished scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Just to be on the safe side when you finish do an online scan with Bitdefender.

Also download and install CCleaner to tidy up your Registry. Let it run through until there are no errors left.

When you think that you are clean re-enable Systen Restore.
The Sophos SAV32CLI folder can be safely deleted after it is copied to USB.

Collapse -

I tried...

by pikleking23 In reply to See how you go with this

I've already tried to install these things and it just says that The instalation is disable by the admin... What is this???

Collapse -

This means that you do not have permissions

by w2ktechman In reply to I tried...

to install programs with the current user account.

Try booting into safe mode and log in as the administrator.

Collapse -

I am logged on as admin and in safe mode

by pikleking23 In reply to This means that you do no ...

It still says the same. I'm going to try to install it on my laptop and copy the files over to my desktop

Collapse -

If you

by Jacky Howe In reply to I am logged on as admin a ...

read and followed my instructions you would have noticed that I suggested using a Clean PC and not the one that is infected. You are obviously infected with Winfixer. Run this and clean the PC then go online and do the Bitdefender Scan.

Collapse -

It may be a hijacker

by w2ktechman In reply to My Desktop says I have be ...
Collapse -

You know more about this stuff than I do

by nepenthe0 In reply to My Desktop says I have be ...

But if this happened to me, I would wipe the drive with Darik's Nuke and Boot:

Hopefully you have your data backed up. If not, it may be possible to transfer the data files from the infected HD to a functional PC using the Coolmax adapter:

I would then reformat the drive (NTFS) and reinstall the OS and my applications. But I'm not an IT expert.

Rick/Portland, OR

Collapse -

No need to Nuke it just yet....

by ThumbsUp2 In reply to You know more about this ...

It's only infected with hostageware and, if they find the right kind of help, it's easy to remove. These things get installed when someone clicks something they shouldn't have clicked. It's probably a derivative of Spyware Sheriff or 180Solutions.

Of course, once they get it removed, there may be more infections. So, the Nuke option may be the way to go. I just wouldn't do it quite yet. Time will tell.

<edit: can't speel! >

Collapse -

There are times when :)

by Jacky Howe In reply to You know more about this ...

I would like to Nuke it and start fresh, but when you are working on a Clients PC that has five or six User Accounts with Gb's of information you just have to grin and bear it. I personally don't like to Backup a users Data before I know that it is clean. :)

Collapse -

Had one of these last week...

by normhaga In reply to My Desktop says I have be ...

and the week before.

In one instance, I pressed <CNTL> R, entered regedit and added the reg keys back in to start in safe mode and to enable the task manager. Then I shut down Norton 360 and all non-MS services and startups with msconfig. Then I loaded AVG Free and ran a Virus check. Not to many virus - 190. Then I loaded Spybot Search and destroy and killed the rest of the infection from safe mode. Finally, I set the background back to the XP and killed the infection background and then set the theme back to XP. This was complicated by the owner having to stand over my shoulder to make sure I did not browse any files and asking questions - which got a terse and unhelpful and generally smart answer.

The other I had to do an inplace repair restore. I would have rather wiped the computer in both as it would have been quicker, but the files were not backed up by the owner and both he and she would not pay the fee to back up and clean their files.

Related Discussions

Related Forums