I have to type this quick cos the damn spyware keeps interrrupting.

Am on a govt computer (yikes) which, due to something on the Carbrook Hall (paranormal) link has infected ot with spysherriff downloads etc.

I am also getting porn ads, and shrtcuts on the desk top.

can anyone give advice?

Have you tried to contact vidster through his website?

didnt know whoo to call - jblaze mobile off and really stuck for who best to help

Neeeeeeek is online. Could try PMing :(

Hello there Msbehavin
Sorry to hear of your problems

This really helps, it works as well, I use it on my machines

www.javacoolsoftware.com/spywareblaster.htm

If you need any immediate help, running it, send me a p.m

regards
Tony

i am wary bout d/loading more due to fact is work comp.

Isn't your best option to download it and delete it when you've used it?

Originally posted by msbehavin
I have to type this quick cos the damn spyware keeps interrrupting.

Am on a govt computer (yikes) which, due to something on the Carbrook Hall (paranormal) link has infected ot with spysherriff downloads etc.

I am also getting porn ads, and shrtcuts on the desk top.

I have cleared cookies, histoyr and as much program files as I dare.

Can anyone PM me their mobile number so I can call them?

Situation despertae. This room will be used by AN Other from 1pm!!!

Help!

Bit of a qunadry you have MsB. I dread to think what type of web sites you have been visiting. :D

I do not know what the policy is for your work computers regarding downloading software, but I run a microsoft trial version anti spyware software (below). Your choice is either to run some anti spyware software or come clean with the IS support people at your workplace and let them clean it up. Hope it doesn't cause you any problems.


http://www.microsoft.com/athome/security/spyware/software/default.mspx

microsoft antispyware beta is very effective.

try this (http://www.microsoft.com/downloads/info.aspx?na=90&p=&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&genscs=&u=http%3a%2f%2fdownload.microsoft.com%2fdownload%2 f8%2f1%2f5%2f815d2d60-49b5-44dc-ae35-fca2f2c6f0cc%2fMicrosoftAntiSpywareInstall.exe) link, i'm not sure if that will work. If it does then it will start the download directly. If not then follow this (http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en) one, click on continue, select no and continue and then download the file.

Install the file, and then run a full system scan. (It might run a full scan immediately when it's installed, I can't remember).

Hi.

Bet the PC keeps shutting down.

BSOD?

Slowdown??


Try:

To get rid of this you need the new AdAware 1.06SE Personal with the new definition files updated. Now scan your computer and after the scan it will prompt you to quaranteen the recognized registry values found that can harm your computer.


This may (or may not) work;).


Or try the instructions given here (http://www.bleepingcomputer.com/forums/Bad_infection_please_help_with_removal-tx20165-0.html).

Hope this is of some help?

http://www.safer-networking.org/en/download/

Spybot search and destroy - well reccomended

Joel

She has a bad case of coolwebsearch infestation & pop ups, which appears to have hacked the hosts file and is misdirecting online spyware removal urls.

the MS spyware removal tool requires IE6 unfortunately.

Originally posted by Phanerothyme
She has a bad case of coolwebsearch infestation & pop ups, which appears to have hacked the hosts file and is misdirecting online spyware removal urls.

the MS spyware removal tool requires IE6 unfortunately.



Simple.


Boot as normal.

Open the hosts file in notepad.

Remove the offending items.

Save the file (but do not close it).

Press <SPACE>.

Minimise notepad.

This should allow use of IE and any other progs that use the IE core (trident, wasn't it??).



This seems to be a common occurance (hacking of the hosts file). So much so, that I'm going to code a small app that will lock the hosts file to stop this kind of thing happening. ZoneAlarm Pro has the facility to lock the hosts file, which probably accounts for us not having had this kind of thing happen here?

Originally posted by sccsux
Simple.


Boot as normal.

Open the hosts file in notepad.

Remove the offending items.

Save the file (but do not close it).

Press <SPACE>.

Minimise notepad.

This should allow use of IE and any other progs that use the IE core (trident, wasn't it??).



This seems to be a common occurance (hacking of the hosts file). So much so, that I'm going to code a small app that will lock the hosts file to stop this kind of thing happening. ZoneAlarm Pro has the facility to lock the hosts file, which probably accounts for us not having had this kind of thing happen here?

It would seem that the Contractors (who shall remain nameless) have totally failed to secure this computer against malware/spyware attack. That is shoddy.

It is a pity that it is often users who cop it when they click a link that infects their workstation when in fact it is the IT contractors who are responsible (within the govt that is).

Poor. Very Poor.

Originally posted by Phanerothyme
It would seem that the Contractors (who shall remain nameless) have totally failed to secure this computer against malware/spyware attack.


Certainly seems that way , why am I not surprised:rolleyes:.


Originally posted by Phanerothyme
That is shoddy.


Very!



Originally posted by Phanerothyme
It is a pity that it is often users who cop it when they click a link that infects their workstation when in fact it is the IT contractors who are responsible (within the govt that is).


The word "scapegoat" springs to mind.


For a government institution, this is really poor (and quite scary too - if you think about it for too long;)).



Just hope she (MSB) gets it sorted pretty quickly.

It makes you wonder, a goverment department.. were only a smallish company and I have locked down all the computers so no-one can even change the desktop background, nevermind install stuff, and net access is granted to only certain users, and only for certain sites. Yet the government wonder why information leaks are so commom :|

Joel

Originally posted by msbehavin
didnt know whoo to call - jblaze mobile off and really stuck for who best to help
If you're still in a world of hurt drop me a line and I can walk you through anything you might have missed...

I think Phan is already on the case though so I'm guessing the point is meek..

It sounds like Hijack this and cwshredder would be good options to include in your toolbox right now though...

Unless they've been sacked? Isn't porn a sackable offence now in local government?

I can't speak for Sheffield, but our systems are completely locked down. Our users can't access the system drive, use chat clients, change the desktop, download or run executables or even move around MP3s.

Further up the network our broadband is filtered, web mail is also blocked. Wigan Metropolitan Council offer broadband access on all desktops for work related use only. Employees can use the system for personal use in their lunch breaks, but are supposed to pay a fee. Anyone caught surfing for personal use in work time is reprimanded. Which is why my posts end at 13:30!

Originally posted by alchresearch
Unless they've been sacked? Isn't porn a sackable offence now in local government?

I can't speak for Sheffield, but our systems are completely locked down. Our users can't access the system drive, use chat clients, change the desktop, download or run executables or even move around MP3s.

Further up the network our broadband is filtered, web mail is also blocked. Wigan Metropolitan Council offer broadband access on all desktops for work related use only. Employees can use the system for personal use in their lunch breaks, but are supposed to pay a fee. Anyone caught surfing for personal use in work time is reprimanded. Which is why my posts end at 13:30!

Very much like ours, but, i am the IT department, so it doesnt really count for me :P

Originally posted by alchresearch
I can't speak for Sheffield, but our systems are completely locked down. Our users can't access the system drive, use chat clients, change the desktop, download or run executables or even move around MP3s.

Further up the network our broadband is filtered, web mail is also blocked. Wigan Metropolitan Council offer broadband access on all desktops for work related use only. Employees can use the system for personal use in their lunch breaks, but are supposed to pay a fee. Anyone caught surfing for personal use in work time is reprimanded. Which is why my posts end at 13:30!

Why bother giving you a PC... From all that lot a notepad and pen might be more efficient :|

Originally posted by alchresearch
Unless they've been sacked? Isn't porn a sackable offence now in local government?

I can't speak for Sheffield, but our systems are completely locked down. Our users can't access the system drive, use chat clients, change the desktop, download or run executables or even move around MP3s.

Further up the network our broadband is filtered, web mail is also blocked. Wigan Metropolitan Council offer broadband access on all desktops for work related use only. Employees can use the system for personal use in their lunch breaks, but are supposed to pay a fee. Anyone caught surfing for personal use in work time is reprimanded. Which is why my posts end at 13:30!

how up tight is that!

I have admin access to my pc (but not to the workgroup), I can install what I like, change what I like and do what I like.
Antivirus is installed and automatically updated centrally, the network connection goes through a proxy which filters out most rubbish, and email security is fairly good, more often blocking things it shouldn't than things it should.

We did get a blaster infection, although I don't think the root cause was ever identified, but it only too a morning to clean up.

The web apart from certain sites being blocked (by category, ie sex, hacking, criminal activities) is open (including webmail), i can use msm, and i'm free to use the web for personal use whenever i like as long as it has no impact on my work duties.

This is also my own laptop that i'm typing on, sat next to my desktop and connected to the same network, although technically I think it is unauthorised.

My only complaint would be that most ports are locked down, including 3389 so I use remote control on my home pc.

**update***

had long phone call with Scuba Tony. The virus is deep in the rgistry keys and no matter how many times we delete it, it comes back. I have decided to bite the bullet and now advise my manager (there is only me and him left in the building) and hope he is ok. I do access the internet at work for work-related matters so can say it was a dodgy US site and hope for best. Have tried to clear allmy history trail and temp internet files so that if he decides to look then he cannot see what I have been browsing.

Just for the record -lol (although I dont feel much like 'lolling' at the moment!) i was not on porn sites - the only thing i can link this to is the site for Carbrook Hall (the paranormal thread started my interest)

Ok - any more suggestions for clearing my trail before I get the man down to my office?:help:

Probably don't want to hear this but if they have any sort of surf guard software running they'll know what you've been looking at anyway.

Hope it all goes OK. Just 'fess up and tell the truth.

Joe

gonna go call him in five minutes...:( :gag:

Originally posted by JoePritchard
Probably don't want to hear this but if they have any sort of surf guard software running they'll know what you've been looking at anyway.
With any luck they won't even know what that is, given the state of the other protection available ;)

Just a note on the whole "Oooh you must have been baaaad" assumption...

Note: "assume"... makes an ass out of you and me...

It's a whole lot rarer now to get things through "bad sites" alone now and the problem is invariably badly maintained and protected PC's... so if anyone has some explaining to do it's your IT guys... unless you were a numpty and ran something..

Case in point, a server I host on, got rooted through a rather prosaic and security hole... by a very clever little cracker who was subtle enough to cover his tracks and leave something that installed trojans through a java exploit in IE6... but in such a way that it took us a full week to catch on.. The IE6 exploit had a patch but it was only 3 months old and plenty of people don't bother *sigh*...

Anyways, I digress, that saw around a third of the viewing populace get infected with a good 3 quarts of that number not even knowing... .. and this is on a server with NO dodgy sites at all... and I know of a whole lot of other servers getting caught the same way...


So, be sure and point out to your boss that you have NOT been surfing any of "those" sites and until you find out the root cause he needs to hold off on assumptions... (politely of course)..



Worth noting as well, this infection could well have come from another internal machine and be nothing to do with your browsing at all.

Has it recovered yet MsB?

Am now home - two hours later than planned.

I told my manager that I had some annoying spyware from a link on a US stop smoking site as I frequently use those for work research. I left poor old manager on the phone to IT desk with photos of Jenna Jameson and various different sized p***ses bandied about my desk top and asked if I could take my leave. I looked suitably apologetic and left. He seemed quite happy...lol

According to the help desk it happens all the time. Good news is that we have a link to their spyware, anti virus updates and are now a lot more protected than we were before.

I wont bother asking them to thank me though.....:help

Originally posted by msbehavin
He spotted the porn shortcuts on the desk top and laughed, did the nudge, nudge bit and then tried to get it all off.
So there's a chance that it travelled to your computer from his on the network then? ;)

I really doubt it - he did seem to be looking at it all like a rather excited cub scout...:hihi:

Glad it all worked out for you, thought you were going to lose your job! could see you washing windows with Kirky !!!

Wouldn't that be something ?