PDA

View Full Version : Spyware Infection



AnnP
23-06-2008, 6:54 PM
I switched on my computer this morning and on the Bar at bottom of screen there was a red circle with a white cross on it. A bubble appeared and it said

"Windows has detected spyware infection"

"It is recomended to use special antispyware tools to pervent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware"

I noticed the spelling mistakes right away and thought something dodgy was going on.

I ran a virus check on my computer straight away - it was clear of viruses, thank goodness.

Is this a new scam?

arthurk
23-06-2008, 7:36 PM
Some of the more expert members may know exactly what this is (I don't), but it certainly sounds dodgy to me. As well as an anti-virus scan, I think it would be very wise to run a scan for spyware and other nasties - it looks to me a bit as though something may have already installed itself and is waiting for you to go to its site and collect something worse. If you don't have a spyware scanner yet (such as AdAware or Spybot), as a first step you can check your Task Manager to see if there's anything unusual running. Sorry if this isn't the answer you were hoping for, but I think you do need some more expert input on this.

Arthur

AnnP
23-06-2008, 7:55 PM
Thanks Arthur, I'll look into it further.

MarkJ
23-06-2008, 8:57 PM
Sounds like the sort of thing which crops up on a lot of websites. As you say Ann, it is a scam to try to get you to download and install something - usually they are pushing an ineffective spyware removal tool which, in a novel twist, usually also installs spyware!

I would recommend the following tools for anyone using a Windows computer -

1) A decent anti virus program, which is kept updated. There is no point having an AV program unless you regularly get the latest updates.
There are lots to choose from - including commercial programs from companies such as Symantec, Kaspersky etc or free ones from people like AVG. The free ones work just as well IMHO - but some people like to use a specific AV program. If in doubt about the legitimacy of an AV program, feel free to PM me. I can't advise on how good or bad they may be, but I can certainly tell you if the product is genuine or not!

2) An anti spyware program, such as LavasoftUSA's AdAware or SpyBot S&D. Again, make sure you get them from the correct sites - there are lots of fake programs out there with similar names!
These remove a lot of malware which isn't viruses etc - such as advertising pop ups and tracking programs.

3) Windows Update. Keep the machine up to date with the Windows updates, These should be enabled on your machine by default anyway.

4) Firewall. A little more complicated, but if you use a router, you should be protected anyway. If not, then there are a number of firewalls - some included in your AV programs, others free from folks such as Zone Labs. Windows itself has a reasonable firewall included in XP from Service Pack 2 (before that, the firewall wasn't that brilliant).

Those tools, plus some common sense computer using (e.g not opening dodgy emails, avoiding iffy websites etc) should keep your PC running happily :)

Arthurs little tip regarding Task Manager is a good one. If you occasionally check to see what is running, you may spot something unfamiliar which can be Googled to check it is legitimate.

I don't think your machine is going to be compromised Ann - I suspect it was just a scam to attempt to con you into purchasing a less than useful program.

Mark

Guy Etchells
23-06-2008, 9:43 PM
Sounds like you are infected with the Spy Sheriff or Spy Axe malware.
Any good anti-virus company should give full details of how to get rid of it.
Symantec (Norton) gives detailed instructions.
Cheers
Guy

AnnP
24-06-2008, 8:25 AM
Many thanks Mark for your detailed reply. I was so worried about it I phoned a friend last night, who is very good with computers and said more or less the same as you.

Thanks also to Guy for your advice.

Ann

MarkJ
24-06-2008, 9:03 AM
Not wishing to worry you Ann, but my initial thoughts were similar to Guys - i.e that it was Spy Sheriff related (although I suggested it was an attempt to get you to install the malware and Guy approached it from the already installed viewpoint).

However, this morning, I decided to double check - especially in view of the spelling mistakes in your message.
Seems there are a couple of trojans out there which use this particular spelling error laden message.
The most likely issue is Virantix.B.
Have a look at -
http://www.symantec.com/security_response/writeup.jsp?docid=2007-122607-2738-99

I am not sure what anti virus program you are running on your system Ann, but their website should have instructions on removing this problem if indeed that is your issue.

As this is a trojan and will happily steal passwords etc as part of its effects, I would be reluctant to use your machine for anything until you have checked the system carefully.

Sorry to be the bearer of bad news :(

Mark

AnnP
02-07-2008, 6:46 PM
Just thought I would update Mark and Guy on my problem. My computer has been at the Doctor's for over a week, just got it back today. It had "smitfraud new variant" and was very difficult to remove apparently.

Many thanks to you both for all your help.

Ann
|hug|

MarkJ
02-07-2008, 7:11 PM
Glad it is sorted Ann :)
It is a shame that the people who write these things cannot turn their skills to more useful programming.

Mark

Guest
02-07-2008, 7:21 PM
Glad it is sorted Ann :)
It is a shame that the people who write these things cannot turn their skills to more useful programming.

Mark

Trouble is, Mark, that they are mainly just script kiddies who string together bits of code they find on the web and think they are being clever.

They probably haven't even the skills needed to work with the high level macro tools that are around these days.

Ask them to do any real programming that didn't depend on such languages and they wouldn't even realise it was possible.

Graham

MarkJ
02-07-2008, 7:37 PM
Yep - that certainly applies in many cases Graham. I have seen the websites where you can download the "build it yourself from parts" virus kits.
Trouble is, there are some very clever viruses etc out there now as well as the feeble script kiddie jobs. The guys (or gals) who write those are often quite skilled.

Whatever the reasons or whether script kiddie, coding genius or whatever else these people may be, it spoils the interwebby for all of us. Even if a persons anti virus picks it up and deals with it, or the person is using an alternative operating system, we all suffer from slowdown of the internet because of all the crud flying around :( My filters are dealing with more and more spam daily - and it really annoys me to be honest. Grrrrrr :D

Mark

browntoa
04-07-2008, 7:50 PM
out of interest to anyone else , this removes these infections for free

download ComboFix to the desktop from the following link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double-click combofix.exe

Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

or the smitfraud removal tool

http://www.bleepingcomputer.com/forums/topic17258.html