Does this sound like "invasionware" or a Trojan?

Forum Moderators: phranque

Message Too Old, No Replies

Does this sound like "invasionware" or a Trojan?

Marcia

1:08 am on Apr 22, 2004 (gmt 0)

I remember about what site I was at when it happened, but did NOT see a popup or click on anything. But that's EXACTLY when it started to happen - when the first casino window popped up in a new browser window.

Apparently there's an installer that's installing multiple programs, the desktop collection is growing. Some porn, mostly casinos. If I do control-alt-delete something shows up called A and also Online Bouncer and a few others. Plus, rundll32 keeps showing up which I know is OK but shouldn't be running.

I've run Spybot a number of times - it's not getting all of them and they keep on coming back. At one point resources got so low I lost the entire Windows Start menu. It's also tried to install a toolbar - succeeded once, replacing my Google toolbar. I keep running Spybot every time I reboot, but it can't get them all.

Is this scumware picked up at some site or is there a virus that does this?

edit_g

1:25 am on Apr 22, 2004 (gmt 0)

I think this sounds like some sort of spyware. Use AdAware and set it up as described in this post: [lavasoftsupport.com...] This description is for a different problem - but this is how to set up AdAware for a really good clean and scan of your system.

The reason I suggest this is that last time I ran spybot s&d it didn't pick up half the things which adaware did using the above set-up.

Hope that helps.

EVOrange

1:31 am on Apr 22, 2004 (gmt 0)

I had exactly this happening to me just recetnly. I ran Spybot, Adware, but also Hijackthis, which knocked out some items too. I also saw mentioned to purge my XP restore points, which I did, and I think that is when it stopped coming back.

BTW, I had Spybot set to lock my home page and this thing changed it anyway. So much for that.

EVO

superpower

1:38 am on Apr 22, 2004 (gmt 0)

I recently had a similar issue although most annoying was Google getting hijacked.

- Check ports with ActivePorts
- Make sure Messenger port is closed.
- Make sure firewall is blocking suspicious Generic Host Processes.
- Run CWShredder (this nabbed some problems)
- Turn off any unnecessary Services. Run > type in "dcomcnfg".

Worked for me...

dauction

1:44 am on Apr 22, 2004 (gmt 0)

"webroot spy sweeper".. just used it yesterday for a nagging litle virus and this program not only found that but also 11 adware/spyware scripts (some just bits and pieces of old adware I thought I had long ago cleaned up ) plus it found I dont know maybe 100 cookies..

I was shocked at how well it worked because I use a couple other virus killers on a regular basis and they have missed most of this stuff.

Give it try Maricia , it's free and fast

superpower

1:52 am on Apr 22, 2004 (gmt 0)

Also in reference to my earlier thought of shutting off services... There is a handy piece of software called XP-AntiSpy that has a simplied interface for tweaking about 20-30 little-used Windows services which connect to the net. A lot of adware maliciously uses these unneeded open ports.