I have these weird popup things in my toolbar since yesterday. This is what it says every 10 seconds(2 of the many ones):

Critical system alert:

Spyware detected
Windows detected 8 active spyware modules that may cause crashes, sudden reboots and valuable data loss. It is strongly recommended that you get rid of malicious spyware by clicking this icon.

Spyware infection detected!
Windows has detected spyware in your system.
It is strongly recommended that you stop working with valuable data and proceed to using anti-spyware programs to prevent data loss.
Click here to eliminate spyware now.

It also says that I've got a virus on my computer all the time.
One is a orange triangular shaped thingie with a yellow "!" in it(I think this one's called System Alert), the other one is a yellow circle with a black "!" in it.

So as stupid as I was, I clicked one of them and this link opened:http://www.topadwarereviews.com/?adv=206&ads=b , I downloaded Adwaresherrif. I scanned my computer with it but it said I had to register so it could delete the spyware. So I cancelled and removed it. I tought I removed it succesfully but I can still see it's logo on my toolbar sometimes.

I also scanned my computer with spybot search&destroy 3 times and I also scanned with norton antivirus 2 times but they don't find anything...

Oh yeah, and it keeps replacing my computers wallpaper with this big-ass warning that my computer is infected text.

Can someone pleeeaaasse help me?? It's so annoying!! thanks!!

That's neat.

When was the last time you updated that antivirus? Update it, then run it.

Or... you're pretty much screwed. :D

You might also want to go to antivirus.com and get Trend's cleaner. Its badass.

Try AVG and ad-aware

http://members.home.nl/mloman/hitmanpro233.exe

Get this. It combined all major anti-spyware programs in one handy program. Automatically runs too. All you have to do is click start and return in an hour or so.

(Do not use your computer while it's running. Just leave it running.)

A link to Hitman Pro was here, but it's already been mentioned so I'll just say "I agree!" and remove it.

Grab this:
http://www.grisoft.cz/softw/70/filedir/inst/avg71f_375a716.exe
This is AVG Antivirus. Probably the best home virus scanner made. One of them anyway.

Also, you might want to grab THIS: http://www.grisoft.cz/softw/70/filedir/util/avg_rem_sup.dir/vcleaner.exe
It's called VCleaner, and it's by the same crew that make AVG. Install it, restart your computer in Safe Mode and run it. It'll work.

Well, according to assorted Spyware boards, AdwareSherrif is related to SpySherrif, and both can be removed with this http://www.2-spyware.com/review-spy-sweeper.html
I've not tried that program, so can't comment, but it seems to be the solution at any rate.

Correct me if I'm wrong (Michael, help?) but I'm sure that Spy Sweeper is incorporated in Hitman Pro.

That's neat.

When was the last time you updated that antivirus? Update it, then run it.

Or... you're pretty much screwed. :D

You might also want to go to antivirus.com and get Trend's cleaner. Its badass.

yeah it ended or something, so it didn't work anymore unless I typed in a code which I didn't know...I didn't know what to do so I downloaded a new norton antivirus(2004 :boggled: ) and updated it or something like that TT_TT

Use a combination of different programs is your best bet.
If one can't catch it, another might.

Scrap Norton. :D It's a piece of shit.

Scrap Norton. :D It's a piece of shit.

Agreed 100%

Your best bet is free programs.

I can't go past AVG, personally. That shit's got my system locked down tight. :D

Correct me if I'm wrong (Michael, help?) but I'm sure that Spy Sweeper is incorporated in Hitman Pro.

It was, last time I checked.

Thanks you guys!! You guys are so freaken fast! I'm installing hitman pro now. I'll let you guys know when I get rid of those things

Also get AVG, it's a pretty good idea to have a top-notch home virus scanner on hand so you can schedule weekly scans.

Alright I'm still installing Hitman Pro 2. I got to the point where it keeps openening up spybot where ever I click on... What should I do?

Once you install Hitman, it will take over downloading and installing the software. Just run with it, and when it stops automatically selecting options and is idle, scan your system.

It just goes till this part:

Hitman Pro 2.3.3 (build 12)
Downloading information file concerning external components
Downloading information file concerning updates
Hitman Pro does not need to download updates
Updating Spybot Search & Destroy


...

And it then it opens up Spybot and I have no idea why and what I should do with it and Hitman Pro won't finish :boggled: And it keeps getting jammed(Hitman Pro) when I eventually press on the stop button.

Once you click the scan button it automatically starts scanning your computer using all the programs it just downloaded. Hitman will open Spybot by itself, start the scan by itself, openthe next program by itself, etc.

Or at least it should.

It could be that if by some odd chance he already has spybot, that it believes that the program that is trying to install is spyware.

Possibly, but I've had both installed at the same time... o.O

Well if spybot hadn't been updated in awhile..

Seems to me that most of those little pop-ups are advertizements. A simple pop-up blocker should take care of most of those. Are you using Explorer or Firefox? It's always a good idea to keep your anti-virus/firewall/anti-spyware software up to date and running, but be aware that most little pop-ups like that are just trying to sell you something.

And never leave if you don't keep up the anti virus

Like BOB and Jay mentioned: use AVG as your home antivirus solution (www.grisoft.cz). It even has firewall onboard now.

Good combo of protection programs:

-> AVG (antivir+firewall --> a must)
-> Lavasoft Ad-Aware SE Personal (you don't need full version with memory resident b/c... Spybot has one and it's also free)
-> Spybot Search and Destroy (has Teatimer.exe module as memory resident)
-> CWShredder --> scans for and removes any CoolWebSearch-ish "plugins" from your InternetExplorer (if you use this M$Crap then you're often in deep sh*t)


If you'd like, you can use M$ Antispyware (a.k.a Malicious Software Removal Tool)
but since it's still in it's beta form it has some bugs and sometimes causes system to hang up)

Another tool called HijackThis is helpfull to track any changes made to system that are in any way different from default configuration, ie: new activeX'es, BrowserHelperObjects (BHO's), new DLL and OCX libraries, new autostart/Run services and so on. It can fix some thing but best thing it does is a LOG file containing all changes made to essential system configuration. This log you can post on specialized forums (fora?) and usually you will be given detailed information from other users what is wrong in this log, what is suspicious and what just should be there.

Hope this helps a little.

EDIT:

CWShredder and HijackThis can be downloaded from http://www.spywareinfo.com/~merijn/downloads.html
There's also forum for posting hijack's LOGs.

<thumbs up> Can't go wrong there.

Once you click the scan button it automatically starts scanning your computer using all the programs it just downloaded. Hitman will open Spybot by itself, start the scan by itself, openthe next program by itself, etc.

Or at least it should.

Scan button?? The only buttons I have are: start, stop, configuration, quarantaine, SurfRight. And that's it...

It just loads(or something like that), and then it opens up Spybot and then nothings happens. Spybot opened and it won't do anything... TT_TT

And I've got Firefox an IE but I always use IE.

I believe the idea is that the scan button he is talking about refers to SpyBots'

Stick with firefox. Not too many problems with adware and spyware most are programmed to exploit holes in IE security

I believe the idea is that the scan button he is talking about refers to SpyBots'

Or Start, perhaps...?

I believe the idea is that the scan button he is talking about refers to SpyBots'

OMG.... I feel like an idiot...

Yeah, I scanned it a few times already but it can't find anything.

Spybot is okay, but the problem is that some of the more deep rooted stuff spybot cannot detect.

...which is where Hitman Pro is handy.

This is where I came in... :bang:

There is another way to do this, but it involves a little more work.
using Task manager to find the process and any files associated with it.

Yeah, but that's not really for newbies, ne?

I'm trying to install AVG now but I need a license/salesnumber in order to download it. So I guess I can't download it...

And yeah... I'm a realy newbie, I don't know a thing about these things... my brothers usually do it for me but they're not here now.

I'm trying to install AVG now but I need a license/salesnumber in order to download it. So I guess I can't download it...

I provided this link on the first page, but here it is again: http://www.grisoft.cz/softw/70/filedir/inst/avg71f_375a716.exe

Yeah I used that one and I downloaded it but there isn't a license/salesnumber included anywhere.

I have to get to work... I really appreciate your guy's help!! Thank you so much! I'll try again this evening or tomorrow then...

Okay, I did a simple site-search and came up with what it tells me is the free edition. Try this: http://free.grisoft.com/softw/70free/setup/avg71free_375a716.exe

That was my fault. Sorry. :duh:

If your fairly savvy, you could us MSCONFIG to check for any programs being run at startup that you know for sure you didn't install. I had some adware that I removed that way until I could get a decent a spyware removal tool. Right now I'm using XoftSpy and haven't had a problem since.

MsConfig may be a little advanced for him.

The bitch about MSCONFIG is that you have to reboot for any change to take effect. :(

Holy shit! Thank you for the free AVG!! I scanned it and found 3 infected files, one of them was a virus. I got a Trojan Horse on my pc O_O(Trojan horse Startpage 12 BM). AVG was only able to heal 1 file.
Alright... How can I get rid of the other 2 if AVG couldn't/didn't heal them?

Are these 2 files inside a packed zip/rar-file?
That's AVG free version's drawback: it can not heal files inside archive.
You have to unpack archive with infected file and then proceed with antivirus measure.

Hope it'll work.

yeah it's a rar-file. The other one I can't find. And the other one has a .exe at the end... But is it safe to unpack the rar-file??
Nevermind... I just deleted the folder. It was named "Norton Antivirus 2005 KeyGen". And so was the rar-file inside it. And the folder was inside the Azureus folder so I didn't trust it... So I just deleted it... I'm still not able to remove Adwaresherrif and I already scanned a few times with Webroot Spy Sweeper.

edit: It is possible to delete a trojan horse manually right? Because I just did, but I don't really know if it's REALLY gone now.

smite it the old fashion way. Delete every fucking file that is with that program

some things about AdwareSheriff: http://vil.nai.com/vil/content/v_138377.htm
and another one: http://www.pestpatrol.com/spywarecenter/pest.aspx?id=453097533


try to clean up the mess - delete files, unregister dll's (regsrv32.exe -u "file"), remove registy entries (make a backup though) and so on.

EDIT: if the trojan only occurs in the form of that file - yes: deletion means bye bye. But usually trojan's leave hooks in the system registry/services that constantly check whether the file is deleted/uninstalled and then initialize it's revival (by downloading/updating from internet usually).

yeah it's a rar-file. The other one I can't find. And the other one has a .exe at the end... But is it safe to unpack the rar-file??
Nevermind... I just deleted the folder. It was named "Norton Antivirus 2005 KeyGen". And so was the rar-file inside it. And the folder was inside the Azureus folder so I didn't trust it... So I just deleted it... I'm still not able to remove Adwaresherrif and I already scanned a few times with Webroot Spy Sweeper.

edit: It is possible to delete a trojan horse manually right? Because I just did, but I don't really know if it's REALLY gone now.

This bit made me giggle. XD

:yes: And beware: keygens, cracks, warez - the path to the trojaned side are they :P

This bit made me giggle. XD
DUDE!!! I know!! I'm a noob!! :cop: I scanned my computer with AVG and Spy sweeper twice now and I they couldn't find anything anymore(phew). I still got this Adwaresherrif biatch on my computer though... Hope I can remove it with the links KosiMazaki gave me... It's really hard for me to do all these things because my english isn't that good and my computer is in Dutch :bang:
So if you people tell me to click this and that, I don't know what it's named in Dutch so most of the time I just have to guess >_<

Remove it through Add/Remove Programs.

I already did at the beginning but it's still there Y_Y I can still see it's logo in my task bar and it gives me some messages when my computer just started up.

Hmm.

Is Ad-Aware recognising it?

Well... I scanned my computer with AVG and Spy Sweeper 2 times but they didn't find anything.

What about Hitman pro, did you ever get around to running that?

yeah, can't find anything either...

Could it be attached to a windows op file?

I have no idea... I just watched this link: http://vil.nai.com/vil/content/v_138377.htm
I don't really understand what all the numbers etc. are but maybe you guys do... They didn't ask me to register with like the way the show on the link though...(http://vil.nai.com/images/138377a.gif). The yellow triagle was the logo I meant which was in my task bar giving me annoying messages.

Add/Remove it (being aware what's been said about uninstalling trojans).

You may want to check "Internet Options" in IE's Menu or in Control Panel.
There is position "Temporary Internet Files" (In "General" Tab) --> go to "Settings..." button and ---> go to "Browse Objects...". There you have a list of ActiveX's installed (both in IE and Explorator/Shell). In the address bar you should see path to the directory containing those ActiveX's. Let's not go there right now.
Check "Properties" (RightMouseButton - ContextMenu) of every single object listed there. When AdwareAdSheriff's object is found, try "Remove". After succesfully removing any unwanted objects ---> inspect folder of beforementioned path (try using some file browser like TotalCommander of FreeCommander, b/c Explorer tends to treat this directory as *system* and doesn't show certain files (like *.vxd, *.inf, *.dll, *.ini).
Examine files there whether there are some removal leftovers (you can view file contents by notepad or other text/hex editor/viewer - look for names similiar to those of removed files/objects).

Too hard?

I just dropped Google a quick line - couldn't find anything of interest. There were only two results and both were in a differnet language. Checked them out, they were just shit.

What about HijackThis and CWShredder? Useful?

Look at a virus trojan definition list they usually come with instructions on removal

That's what I was looking for on Google. I tried AdwareSherrif and I only got shit results. :/

If you refer "MD5: A64E41DAC2AD031D4E5D28C836060B89" - that's file's checksum.
If certain file has different checksum than it is stated, it means the file either is updated (new version) or is a fake (trojan/virus).

a list of no-goodnicks of supposed antispyware software:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

shit, Jay, you're right. even on previously mentioned http://vil.nai.com/vil/content/v_138377.htm
they just link "REMOVAL" to the McAfee's-Software-way-of-deletion.
they just don't give a jack about how to remove it manually step by step :(

I found 3 suspicious ones:

made: none
last opened: none
total size: 4,096 bytes (4 kB)
Id: {5334504D-9980-0010-8000-00AA00389B71}
status: unknown
CodeBase: http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab

made: none
last opened: none
total size: 4,096 bytes (4 kB)
Id: {33564D57-0000-0010-8000-00AA00389B71}
status: unknown
CodeBase:http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

made: none
last opened: none
total size: 4,096 bytes (4 kB)
Id:{3334504D-9980-0010-8000-00AA00389B71}
status: unknown
CodeBase: http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB

hmmm... download.microsoft.com... I don't think they're evillll though but they just seem a bit suspicious hmmm.....

Try a registry cleaner, Monkey.

I just downloaded and ran this one: http://www.registry-cleaner.net/

It seems okay. It's a straightforward program with no tricks, it doesn't ask you to install anything, it doesn't advertise anything. No pop-ups, either, so all alarms are silent at this point.

It's a trial, though, so you can only use it for a while.

THIS IS IMPORTANT. THE 'BACK-UP REGISTRY' BUTTON IS THERE FOR A REASON. USE IT.

Worse comes to worse, you might have to format the drive. but that is a final solution only. FINAL.

I'd probably shift my shit across to the other partition and format anyway. I have little patience for computers. :P

;) micro$oft is ALWAYS suspicious, get that to your head :)

but i digress.

if those ^^ 3 you gave here are the only ones than you have to search somewhere else :/ (those 3 are from WindowsMediaPlayer9-plugin)

is anything AdSheriff-ish in Start/Menu Start/Programs/Autostart ??
or in Mcsonfig's Autostart section?? (Start-->Run: msconfig.exe --> Austostart tab)

*yawn*. my work here is complete. time to go home now. have a good weekend y'all. :D