Yes, another spyware thread - I hate asking questions when I should know the answer.

Bullett-point format to eliminate questions:

1) Friend has been porn-site viewing

2) Avast detected trojan

3) Homepage on all browsers gets changed

4) Hi-Jack This doesn't get rid of it

5) Internet connection is totally OK

6) I can send/recieve e-mails via OL

7) MSN's affected.

8) search32 kindly repeats my IP, ISP and laughs in my face if I try and get rid of it - it's an internal page that's displayed Drive Letter:\search32.html

9) Getting rid of ''Drive:\search32.html" to the Recycle Bin and from there is futile.

10) It's been BSODing all night

11) Any Explorer window (Search, My Computer, etc, etc) displays for a few moments and then BSODs forcing restart.

12) Nothing in Ad-Aware, Spybot - Search & Destroy

Any ideas?

Cheers,

:)

P.S: On this clapped out wreck (that gets brought out when my machine's iffy, if I hunt for www.google.co.uk it'll add loads of extentions to it, on it's own accord i.e. www.google.co.uk.edu

Etc.

Cheers - :)

What do you mean HJT doesn't get rid of it?
Does HJT detect it in the first place?

Originally posted by vidster
What do you mean HJT doesn't get rid of it?
Does HJT detect it in the first place?

Yes - one of the first things in the long list - click the box, 'Fix Selected Item(s)' - 'yes' - restart - and IE, Opera, FF - drum roll C:\search32.html!

Boo!

:S

Cheer.s

BTW - This Spyware Sheriff (the links that appear on the page) looks equally as dodgy...

kill all but the essential proccess' till you can delete it. that usually works for me!

unplug your interent though before doing it!

take the unit outside, douse it with petrol and set it alight.

give your friend a good slap.

job's a good 'un.

Originally posted by Phanerothyme
take the unit outside, douse it with petrol and set it alight.

give your friend a good slap.

job's a good 'un.
You could do that the other way round and it would be equally productive ;)

Or did you mean slap?

boot into dos, type format c: . Job done

Originally posted by slh73
boot into dos, type format c: . Job done


Kentboy isnt that thick. So I suggest you do one.

Alex, have you tried Microsoft Antispyware Beta? That sometimes finds things that Spybot doesn't, and vice versa.

Sounds like you have a badaz virus, get it scanned. The lil bastrds sometimes disable viral protection, but keep it running. Dunno if its doable (maybe some one can clue us in) but you may be able to get a LiveCD of some distro to boot up and scan your windows drive. This is one that says it does it: http://www.ubcd4win.com/
Have fun :)

One other thing you can try, boot into Safe Mode and try scanning/removing from there...

Just to confirm ... you have updated Search & Destroy before running it?

Originally posted by cgksheff
Just to confirm ... you have updated Search & Destroy before running it?


Yeah - but, it won't update the 'latest definition' and whinges about it.

Note: That homepage is secure32.html, as opposed to search32!

Oops!

I'll try the MS Anti-Spy - see what happens....

Cheers.

I've had problems updating Spybot from the default server it chooses recently. Try selecting a different one.

Here (http://help.lockergnome.com/index.php?showtopic=42096&pid=316160&st=0&#entry316160) is a thread on another site dealimg with a similar problem that ends with a clean reault.

I got infected with a similar virus twice, the first time it was se.dll (not a nice one) boot in safe mode, kill all process and delte all non system files in Windows folder created since the incident, cleaned the registry of files called se.dll.

Second time, deep breath, plugged usb drive in, inserted disk, press power button. boot up, ghost.
5 minutes later nothing to be seen ;)

That or don't go on sites you know you'll get crap onto your computer. Prevention is better than the cure, said it many times.

I suppose your friend is smart and either has several hard drives or has his hard drive partitioned. Meaning format, reinstall, Bob's your uncle. Not as daft as Mrs Spam would indicate.

Eyup!

Additional info.: OL and Word have decided to 'die' - it just does the 'Error - Send versus Don't Send Report' - I can't use Word to reply to my OL 2003 e-mails, nor can I use OL's own replying (cut down version) - so e-mail's out of the question - Word on it's own (without OL's invovment closes, reopens all the time - as you can see I tried to create a Search, and that on the dump below Word is open - I managed to get it to stay open for a while, - I may just reformat and be done with it - I have the slave that has all the work on.

Out of pure interest, here's the BSOD: www.alex-hudson.co.uk/P1010019.JPG

and the error on all explorer windows: www.alex-hudson.co.uk/errorbeforeBSOD.JPG


cheers.



Another P.S: I can't use Google Desktop - this also causes a BSOD!

Maybe its that "bad" bitmap virus?

This happened to me a while back. I think there is a thread somewhere. It just got worse and worse, so I just reformatted as a last resort.

Im not suggesting to do that, best to try all the options first.

Originally posted by adaline
Maybe its that "bad" bitmap virus?

Bad Bitmap virus?

I've read through CGK's link to the other site, and thought that by the time I went through the points, I may as well just reformat - I'm a regular re-formatter - but I have to be in the mood for it...

Haven't done one since October odd.

Cheers.

Originally posted by spyro2000
Kentboy isnt that thick. So I suggest you do one.

I never said he was. But formatting and reinstalling the OS would fix his problem.Bit of an extreme way of doing it, yes, but it would work. So I suggest you do one yourself.

Originally posted by slh73
I never said he was. But formatting and reinstalling the OS would fix his problem.Bit of an extreme way of doing it, yes, but it would work. So I suggest you do one yourself.


Alriight calm down :hihi:

Dragon, SLH - don't argue - ;)

It's reformatting as we speak.

Cheers,

:)

:thumbsup:

Pleanary session: Don't allow friend on computer - he used to muck about on it, then he stopped - back to his old tricks again!

Tsk, tsk!

or you could try system restore to just before it happened?

Originally posted by melthebell
or you could try system restore to just before it happened?

Tried that - nothing happened.

Arrgghh!

:)

Originally posted by kentboy119
Tried that - nothing happened.

Arrgghh!

:)

Get a boot CD, windows or linux, and boot from CD?

Then delete the required files.

Just a thought.

Originally posted by Phanerothyme
Get a boot CD, windows or linux, and boot from CD?

Then delete the required files.

cd ..

rd windows

:D