My WinXP computer is 3 months old and has developed an odd problem today.
I run anti-virus and anti-spyware programs every day, but today something has gotten into the computer that I can't get rid of:

Every 5 minutes, a box pops up in the lower right toolbar that looks exactly like the Windows Security window.....but its not. It says "your computer is infected with spyware, etc etc......" and the only way to close it is to click on it. When I do that, I am redirected to this website:

http://antispywarebox.com/

It also changes my browser's home page to the above link.

If offers to rid the computer of these problems, but of course it wants $39.00 to do so.

I've ran 2 different anti-virus programs (AVG and Avast!) and 3 different anti-spyware programs (Spyware Dr, AdAware and Spybot) but nothing seems to find anything to remove. All of these programs as up-to-date as per today.

Any ideas as to how to get rid of this annoying hijack?

Glenn

 

Is it in the add/remove programs box?

Ryan

 

No - nothing new is in the add/remove software section of the Control Panel.

 

It is a probably a trojan virus. Try searching for "EWIDO" or "HOUSECALL", these are a couple of free online virus/malware scanners.
When I have a stubborn bug, I usually go to safe mode and rerun all of my security progs., If that doesn't work, I disable system restore, go to safe mode and run my security. Disabling system restore is risky!!!!

Try clicking tools/internet options/ then click the "delete files" button, then click the "clear history" button (DO NOT Click the DELETE COOKIES) I never delete all cookies, delete them manually by clicking on "settings" and then clicking "view files". You will then see every cookie you have picked up over the last three months. I go into the view files folder every time I go offline and delete every cookie that is not one of my "favorites" For instance keep your Ford truck.com cookies. Or anyting that looks associated with any of your saved favorites. I try to keep my saved cookies under 40 to 50 items so that I can keep track of them. MY POINT...viruses sneak into your PC and may be associated with a cookie.

 

if it all comes down to it, you can do a system restore dated back to before you had problems

 

microsoft update also has a free download program for removing them bad cookies

 

Does that MS cookie remover mess with your FTE cookies??? Remember, some of us can't remember user names and passwords stored in the cookie jar for the various websites we regularly visit. That is why I have been busting cookies manually.

 

not that swift on that stuff but the link is below so you can see if it will help you

http://www.microsoft.com/downloads/d...displaylang=en

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
Brief Description
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

 

This is a new type of trojan that is hard to remove. More spyware than virus related.

I just removed another one from a clients pc called spyfalcon.

I did a search and came up with this removal toll you can try.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

It was on this forum as a topic.

http://www.lavasoftsupport.com/index.php?showtopic=933

You can run Hijack this and try and remove it also, but I would use the removal tool first.

You can PM me if you need help.

 

the only way to get rid of that nasty little adware/spyware trojan downloader virus is to do a system restore to a date before it was introduced to your computer, and hope it did not erase the system restore files. if it did erase the system restore files, you will have to do a full format of the hard drive.

 

Make sure your definitions are up to date, then try running Spybot or other spyware and virus scanners in safe mode. Since the "Run" key doesn't run in the registry in safe mode, usually the trojans that keep downloading this trash to your PC don't load. You may still have to manually remove some ***** files (once you find out what kind of spyware it is, do a search, typically most are fairly common and someone will have a list of files to look for and delete), usually they have fairly bizzare filenames. Running a program like CleanUp! often purges the temp folders that these programs like to hide in which can save you alot of time deleting files by hand.

After you do the scan, you want to run HiJackThis! in safe mode as well and look for any odd entries in its scan. There are support forums where you can paste your log file for others to look at and analyize what's going on in your PC. If the problem still persists, those folks may be able to point you towards a specific tool that is custom made to remove that particular piece of spyware.

Personally, I look at doing a system restore as a method of last resort. While in theory it is only supposed to revert the system files back to a previous state, I've seen it do odd things to the data stored on a PC as well. Yes, I know that's not SUPPOSED to happen, but in my practical experience I have seen it occur. I would only choose that option if the above methods fail to remove the spyware completely or the system is infected with so many different variants of spyware or trojans that trying to remove them will take far more time than it would just to reload Windows.

 

That is correct, I had a variant of it awhile back, What a PITA

This thread might help ya
http://forums.techguy.org/security/4...p-spyware.html

 

http://www.lavasoftsupport.com/index...=20&#entry5073
coolwwwsearch.smartsearch and antispywarebox.com - Lavasoft Support Forums

Post #24 has the complete instructions on how to remove this malware. Had this happen to me about 4 mo ago with another variant. The problem is, it changes/deletes startup procedures and items, and also plants itself in no less than 4 different areas in your registry. Even if your able to find the primary files that this malware works off of, it constantly dupicates the files with new(but simmilar) names. Good luck. Let me know if your successful or need more help.