Hi, sorry if this is in the wrong forum, however my daughter has managed to get a virus on her computer! The desktop pic now comes up with a black screen with bold yellow writing, talking about spyware etc. I have downloaded spybot several times, & avg & now it says the pc is virus free (after removing several!). But the desktop is still the same. We clicked on the 'remove' icon at the bottom of the desktop screen & it takes u to another webpage. (We did this because we thought this was the way to remove the writing after the spybot) Everything seems to be working correctly, we think...........but it is a bit worrying that this screen still exists. Any ideas???
Most likely your daughter has been prompted by a website to download something, or its prompted her with an error saying "YOU MUST CLICK YES", then her only option is to click "YES" (unless she knows how to get around it) subsequently it's download some form of Trojan, or Rogue Dialling software (makes your net dial a Premium Rate internet line). Now, running AVG will get rid of the Trojan / Virus (or should do), running Spybot Search & Destroy should get rid of the Spyware, the most likely thing that has happened is that the spyware, whilst it had infected your computer has done something called "Hijacking", this is where by it literally "hijacks" your computer regarding the internet, and subsequently you are forced to view websites, and not allowed to visit the one's you really want to. Click this: [google]Hijack this[/google] you will find a chat board, download the program called "HiJackThis" and post your results on their forums - they will then tell you how to remove the offending items. OR, if your having the problem with Internet Explorer, just goto: Start > Control Panel > Add/Remove Programs || Now Choose on the left panel "Windows Components" and "Untick" Internet Explorer, or remove it from the "Add/Remove Programs Section where it lists all your programs. Then reboot your computer, go back to "Add/Remove Programs" and Reinstall it, you can do this by going into the "Windows Components" and making sure its "Ticked" then exit, and it will install it again (all the defaults), without your Hijacking problems). I hope this helps, unfortunately i'm off for 6 months as of 2 days, and so am unavailable - look for an answer from the master a.k.a Anti-Trend
thanx for the info. However, can i just clarify a couple of points: Firstly when she turns on the pc, the screen is black with this yellow writing & a click here to repair the problem, which if u do, it takes u to a website of some sort of spyware, which is prompting u to 'buy' their software. Secondly, she can still surf the net as per norm ( yesterday her homepage kept going to another one, but we have sorted that, or seemed to have), Thirdly we are on wireless broadband, with 2 pc's so can i actually be stung with this premium rtate dial sting? I have heard about it, but thought we were safe... Again thanx for your help.
Don't click the button, it won't help. If its the same thing as I had, which it sounds like it - black n yellow "wallpaper", then all I had to do was "drag" the desktop down a bit, and there was a standard XP Close button, hit that and it was gone. Also go Start>>Run>>type msconfig. Then go to the Startup tab, and disable everything, apply it and restart. This stops all "extra" processes starting up when you do. Things like MSN Messenger won't automatically start, for example, but it should prevent the spyware thing activating itself.
thanx, i did actually try that but it didnt work! So i got my neighbour down & told him & he got rid of the yellow/black by going into my comp & getting rid of some security thing. All seems fine at the mo, but shortly after he had gone this warning sign came up saying the pc was infected & to click onto a security ig (i think). My daughter just clicked out of this & kept on her work. So basically we seemed to have cured a prob, but i cant help feeling it may not have all been solved. I guess we will have to see, but if there is anymore advice i would welcome it! thanx!
Sorry for the late reply, but I just noticed that this thread is not completely resolved. You're probably right that the system is not totally clean. With more sophisticated malware (worms, virii, trojans, spyware) they are very good at embedding themselves deeply into Windows, actively preventing you from removing this software or changing the way it functions. It is not uncommon to terminate an actively running piece of spyware, only to see it restart itself by splitting into several more processes. To make matters worse, the nastier breeds of malware will target and damage or even remove certain anti-virus and spyware-removal tools! To get rid of any viruses, try running Trend Micro's Housecall, a web-based anti-virus scanner. After a thorough scan from Housecall, install the free and excellent AVG Antivirus (home edition). To remove the annoying spyware, try Lavasoft's AdawareSE, which is free for home use. Follow up with Spybot Search & Destroy, which can also immunize against several thousand types of spyware to help prevent reinfection. As ProcalX already suggested, HijackThis is a pretty good solution to help recover from browser hijacking. However, this tool is intended for more advanced users, since it requires that one understands system processes and which are important for normal system operation. In the future you can both help prevent future spyware infections and have a more pleasant Internet experience by replacing Microsoft's Internet Explorer and Outlook Express with Mozilla Firefox and Thunderbird, respectively. They have higher security, more features, and generally work better! Unfortunately, I must close by saying that even after you've taken all the steps I've suggested, you may still be unable to get the system in a totally malware-free state. This is because of severe design flaws in Microsoft Windows which allow unsavory software many easy roads to complete control over your system. In order to have a completely pristine environment, it may be necessary to completely reinstall your operating system and start from scratch. In that case I would recommend installing the software I mentioned above premptively, so as to reduce the likelyhood of future infections. All the best, -AT
