Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92032 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Losing Control of System

  • This topic is locked This topic is locked
1 reply to this topic

#1 gmb283


    New Member

  • New Member
  • Pip
  • 2 posts

Posted 05 June 2008 - 06:19 AM

My desktop wallpaper has been replaced with a red screen that contains the following message: "Warning your computer is under attack. Your computer is infected by anonymous spyware program.

Operating system has several fatal errors due to spyware activity. It is strongly recommended to install anti-spyware software to eliminate all security vulnerabilities. Click HERE to protect your PC".

The word HERE in the above statement is a link to When I go to the Desktop tab in the Display Properties Box I find a new background, "index". The mini icon preceding it is an Internet Explorer icon.

I get two types of system warning popups that appear every few minutes although the rate varies. The first is a fairly large box that is centered in the middle of the screen. It will have a title and a text component. There are three versions of the message that are displayed randomly.

Title: "Spyware activity is found on your computer." Text: "Your privacy settings are compromised. It is highly recommended to install antispyware solution."

Title: "Your system is working slowly." Text: "It is recommended to update your antispyware protection to prevent data loss. Please update most up to date antispyware for you.

Title "Your comuter is not protected against spyware.: Text: "Somebody trying to access to your PC and collect privacy information. Download antispware applications."

Whenever I click the close box arrow an Internet Explorer window will open that takes me to http://antispyspider.us/130

The other variety of popup is a smaller box just above he small process icons at the far right of the task bar. A new icon appears. A yellow triangle with an black exclamation point. A small box with a drop pointer to the icon presents three messages that are displayed randomly.

Title: "Windows Security Manager." Text: "Your computer is running slow due to malware activity."
Title: "Windows Security Error." Text: "Windows has detected spyware."
Title: "Windows Defender." Text: "Internet attack attempt detected."

When every I click the close box arrow an Internet Explorer window will open that takes me to http://antispyspider.us/130

One other symptom seems to be that the attacking software will not allow me to download a program called smitfraudfix.exe from any of the sights I found that provide it. I have had no problem in downloading other programs, but I get a message saying something along that Foxfire can not find the file. I have been able to download the program on an uncontaminated computer.

Recently, the Internet Explorer window has seemed to be appearing without a preceding popup of either variety.

I have scanned my entire system with my anti virus program Avira Antivir Personal. It found several viruses and I deleted the affected files. I downloaded a program recommended in wikipedia to detect spyware (SpyHunter). It will scan in the form it was downloaded but must be activated to purge spyware. I started a scan with it but stopped when it seemed to be doing the same thing my anti virus program had done.

I have just noticed that the mini icon for my anti virus program is not being displayed as an active process on the far right of the task bar.

In reviewing your various problem discussions in the forums I found several different programs being recommended for download for apparently similar situations: ComboFix, SDFix, and ATF Cleaner. Why is this the case?

Edited by Rorschach112, 05 June 2008 - 06:58 AM.
Removed live link


Register to Remove

#2 LDTate


    Forum God

  • Root Admin
  • 57,175 posts

Posted 10 June 2008 - 03:40 PM

Your post has been Moved, Closed or Edited for one of the following reasons:

1.) You posted multiple topics and only one is required

2.) You are spamming links to other places without approval

3.) You have posted your hijackthis log to the wrong forum:
( http://forums.whatth...emoval_f27.html ) <--- correct forum for HijackThis Logs

4.) Abusive language or other problems in your text

5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you

If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense

This is a family oriented forum to help those that need help.


The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days


If you would like to paypal.gif for the help you received.

Proud graduate of TC/WTT Classroom


Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users