Virus/Spyware???

[Sheaf]

Morning all,

Went to my parents' last night and they mentioned they had a problem with their PC, it wouldn't play DVD Videos. Wierd I thought, I'll take a look.

Sure enough WMP crashes when trying to play any video. Ok, I think, I'll download another player and see if that'll play it. So I go to IE, google, type in DivX and search.

Ah.

Not one single result takes me to the divx website.
A lot refer to divx in the title but the url is not correct... they're all pointing to what look like dodgy spyware filled websites.
So I type in Microsoft. Sure enough, no urls point to microsoft. In fact, whatever you search for in google, it points you to dodgy sites. Problem.

I can go to yahoo and search, or go to any site by typing the url in directly but it's obviously not right.

So..... I took the PC back to mine, installed zonealarm, updated it fully and did a virus/spyware can. It found 4 'low risk' pieces of spyware. All of which it deleted. However it still does it.

Any suggestions? It's obviously not right but zonealarm isn't picking it up. I dont know if the WMP thing is linked either.
It's a pretty clever bit of software I have to admit as most people will click on the big link at the top of their search and not even look at the url. My parents did do this last week and the website it takes them to came up with a 'you have spyware on you PC, click here to remove it' fake window. Why the hell do people write stuff like this though, the gits.

There's not a massive amount of stuff on the PC (11GB of docs) so I could just wipe it and start again but that does seem overkill as everything else on it's running smoothly.

[will2c]

Its probably an internet explorer Hi-Jack, Download Internet explorer 8 Beta or Firefox.

Should solve the problem, Dont know why ZoneAlarm didnt pick it up its a good bit of software is that

[empsburna]

Get hold of a copy of Malware Bytes and see what it picks up. Update it and run it offline.

[Null_Byte]

Get hold of a copy of Malware Bytes and see what it picks up. Update it and run it offline.

+1

also try spybot search and destroy.

[Sheaf]

K, will try them if I can find them on yahoo, lol
With any luck I'll be able to download the lastest editions on my PC then transfer them across.... by CD as I dont want to risk getting anything on my pc via memory stick or anything.

I tried using firefox and that did the same, so it's not IE only. Otherwise I'd have uninstalled and reinstalled.

[Phoenix3dfx225]

I generally run the following apps on any pc's that are mis behaving:

Spybot (search and destroy)
Adaware
CCleaner
Advast Anti Virus

Good luck

[Sheaf]

Well I tried pretty much all of those to no avail last night. Nothing picks it up.

Just had a search this morning and found this: http://www.markcarey.com/googleguy-says ... sults.html
Looks like it's an old one... 2005 that's dated. I'm surprised the programs dont pick it up by now.

I shall try some of their suggestions tonight. Some people suggest clicking the 'remove adware' button on the fake page but that seems a little daft to me.

[Phoenix3dfx225]

Also a long winded way of going about it is goto start menu - run and type in msconfig. Also study the task manager processes list.

Basically google each indiviual processor. I.e. go to google and enter " ashDisp.exe" (that being the first thing on my processes list) and I get the following:

http://www.processlibrary.com/directory/files/ashdisp/

Descriptionashdisp.exe is a process belonging to Avast Internet security suite.\r This utility forms an important part of your computers protection against Internet-bound viruses and worms, and should not be terminated.

By the time you've done 50 of them, you become very familiar at what is running on the computer!

[Rover220CoupeTurbo]

Download Malwarebytes Anti Malware (MBAM) and that should clear everything off....

Aaron

[Sheaf]

Also a long winded way of going about it is goto start menu - run and type in msconfig. Also study the task manager processes list.

Basically google each indiviual processor. I.e. go to google and enter " ashDisp.exe" (that being the first thing on my processes list) and I get the following:

http://www.processlibrary.com/directory/files/ashdisp/

Descriptionashdisp.exe is a process belonging to Avast Internet security suite.\r This utility forms an important part of your computers protection against Internet-bound viruses and worms, and should not be terminated.

By the time you've done 50 of them, you become very familiar at what is running on the computer!

... but I cant search for anything in google......

TBH I went through the processes list and got rid of most of it, just left the ones that seem to run on any PC and it still did it. Either it's calling itself the same as something normal or it's not there.

Download Malwarebytes Anti Malware (MBAM) and that should clear everything off....

Aaron

Did that. It found nothing.

By the looks of it hardly anything finds this thing, from reports of other people with the same problem they've tried all the top programs and they just don't detect it.

[will2c]

Re-Install Windows :!:

It will be hiding its self in a service in on of the svchost files that you see in task manager,

I had the well known bug on my pc RavMon.exe, dont really understand what it does and some pc are easier to clean out than others, like mine, I ended up just installing Microsoft Windows 7

[syzsounds]

superantispyware is what i have had to use.
I got a virtumondo variant that really screwed mine up and that's the only thing that's actually got rid.
Somehow managed to hijack my rapidshare account too.

[Rover220CoupeTurbo]

Download Malwarebytes Anti Malware (MBAM) and that should clear everything off....

Aaron

Did that. It found nothing.

By the looks of it hardly anything finds this thing, from reports of other people with the same problem they've tried all the top programs and they just don't detect it.[/quote]

Did it update ok? Also try running it in safe mode..

[syzsounds]

Get hold of a copy of Malware Bytes and see what it picks up. Update it and run it offline.

http://www.download.com/Malwarebytes-An ... 04572.html

Just getting mine now , I'll update when its finished.

[syzsounds]

Well that program found 5 more little bits that non of the others did.
I've scanned fully 3 times now and nothing seems to be there anymore !

[Sheaf]

Well, I've given up.

I've installed everything I can to try and detect it and nothing finds it.

So... format and reinstall time. I dont want to waste any more time trying to fix it when I reinstall only takes a few hours.

Only problem now is I dont seem to be able to boot from a CD as the bios isn't picking up my wireless keyboard

[Coupe100]

Only problem now is I dont seem to be able to boot from a CD as the bios isn't picking up my wireless keyboard

Nope, you'll need a wired keyboard for that I'm afraid.

[Bikernut]

Had exactly the same problem a few months back.
I think i caught it from being on a dodgy\fake torrent site.
Nothing would remove it...and i tried everything.
Fortunately i always have a full backup image just for this kind of scenario.
Otherwise it looks like a re-install.

[Chin.]

Have you tried HijackThis?