Please Help I'm in So Much Trouble!!!!

beetlesan · Cadet Joined: Apr 18, 2004 Posts: 2 Location: USA

I never thought I would be afraid of browsing the internet. SPyware didn't scare me because I had Spybot and Adaware. Besides, I didn't care if someone was watching what internet sites I visit.

Then I downloaded a nasty hijacker by visiting the wrong website. My spyware programs could not find the buggers, and my homepage kept opening to a search engine. I even edited the registry, and finally gave up, reformatted my PC.

That was at home. Now I am facing the same nightmare at work, and if I tell the network adminstrator, I'm gonna either get in trouble, or be embarrassed. I take extreme caution, and only browse safe sites like google.com and yahoo.com. Here's what happened:

I was on google.com and my finger slipped and I accidently clicked a banner ad. Suddenly a popup covers my whole screen, and I get tons of prompts to download files, and I say no or cancel. I should have just killed my pc right then. The next day, I am horrified to find that when I open IE, there is a search toolbar. Even worse, the toolbar stayed at the bottom of my windows desktop even when I had the browser shut down. I immediateliy took action, ran spybot, adaware, spykiller. They found over 1,000 traces and registry entries. I deleted this, and did add/remove programs for lycos search and other programs it deleted.

The problem is whatever got on my pc has affected it severely. The computer would freeze, lock up, I could not even write an email without the screen just freezing. I ran msconfig and removed any startup programs. I even did a search for *.exe files that were added on that day, adn deleted these. As far as I can tell, the spyware is gone, but my pc runs so slow that I can't do my work. I looked at the processes running in task manager, and there were a few that I did not recognize. I did internet searches for these files, and no results. One is called GMA1.exe and another is acdtiaY3.exe. I was so desperate that I took a risk and told Windows to terminate that process. The speed improved, but then a few minutes later, the process showed up again! I'm screwed unless I can figure out the source of these processes. They are using 90% of my cpu. Anyone have any suggestions on how to trouble shoot this problem? Any other FREE spyware programs I can try, or downloads that will tell me what the processes are? As you can see, I'm desperate, and almost scared to go back to work and face this misery. Lycos should be fined severely for this CRAP!

TonyKlein · Posted: Sun Apr 18, 2004 1:49 pm Post subject:

Hi, and welcome.

I suggest you start by doing the following:

Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/

After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.

Now do the following:

- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Scanning Engine:
check: "Unload recognized processes during scanning."

- Under Ad-aware 6 > Settings (Gear at the top) > Tweak > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.
That ought to get rid of most of your spyware.

When you've done all that, go to http://mjc1.com/mirror/hjt/, and download Hijack This.

Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

beetlesan · Cadet Joined: Apr 18, 2004 Posts: 2 Location: USA

I already tried adaware. I did that first thing.

TonyKlein · Posted: Mon Apr 19, 2004 5:22 am Post subject:

Let's have a closer look then:

Go to http://computercops.biz/downloads-cat-14.html , and download Hijack This.

Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 802 pages served in previous 5 minutes. Page Rendered: 0.421 seconds.