1 Reply Latest reply on Jul 22, 2011 4:05 AM by Peacekeeper

    Something is in my computer and it looks like its in deep.

      After downloading a file I immediatley knew something was wrong. Programs that I did not want were on my computer. Namely "Facetheme" and "Rigntonejunkiez."  Immediatley I went to the control panel to see everything that was on my computer that I didn't expect to install from this file.  There were the two previously mentioned programs and "Start Now Toolbar" as well.  I tried uninstalling these immediatley and restarting my computer.  Upon restart I noticed that my Virus Protection software didn't seem to be running properly.  I opened my browser to start doing some research.  This is where the first big red flag appeared.  Upon opening Mozilla I had a new start page (that I had never set as my start page nor heard of) called "Start Now." Supposedly this page was apart of Bing.  I knew this was crap because I didn't set it and I couldn't click the "Bing" link.   So I went to google and searched "Start Now."  I read a few mixed articles one of which stated it was spyware.  I figured that already so I believed it.  A message also popped up on my screen that I had never seen it said something like "thank you for registering with Win Money every $5 spent today could make you win $1000."  Ok so now this sounds like key logging and identity scams.  I know this is something big so I keep searching and I keep finding weird things going on with the websites that are resulting from my search queries.  I'm starting to think that the virus is affecting the search queries.  Finally, I find a youtube video where this issue is discussed in depth. However, I don't understand a lot of it because I don't understand much about how computers work.  I do know that threatexpert.com says this virus has acces to ALOT on my computer.  Such as messing with my firewall and virus protection. Sending information, recievig information, messing with websites and allowing remote access to my computer.  I ran a virus scan and found nothing.  I also ran a virus scan from a virus scanner on threatexpert.com and found nothing.  I didn't understand everything that was said on the youtube video but I did understand the part about trying to restore my computer to a previous day.  I did that.  It doesnt seem to have worked though even though it looks like my virus protection is working more normally. 

       

      There are two reasons why I don't believe the restore has worked.

      1. When I search something in google a "$" appears next to a lot of websites and when I mouse over it it says "Every $5 spent today will give you a chance to win $1000."

      2.  Mcaffees website was one of the websites where this money sign appeared.  I started to worry if the website was even real.  When I went to the website it looked IDENTICAL to the mcafee website but my url bar said it was unverified.

       

      Is there anything else I can do short of a complete wipe and reinstall of windows.  I really really don't want to do that.

        • 1. Re: Something is in my computer and it looks like its in deep.
          Peacekeeper

          1. Install and run getsusp make sure you have a live internet connection and added your email address to the preferences. The program will update Mcafee on anything it does not recognise and thus help improvethe dats. Macfee will then contact you with updated dats for virusscan.

          The actual download is available HERE.

           

          2. Of course you are better not waiting for a reply so continue by running fake alert stinger and normal stinger

          Fake Av Fake Alert Stinger

          Normal Stinger

           

          3. Some infections are difficult for antivirus software to remove because of the way they work or because they are constantly mutating and that is where certain anti-malware tools come in handy. By the same token, these tools aren't that good at protecting you from the millions of infections that your antivirus application already keeps out. It is by no means a bad reflection on any antivirus application that one finds oneself resorting to using these tools. They are meant to supplement your protection.  But keep them updated!

           

          WARNING: We are not responsible for any problems caused by these programs. Most have their own support. Also note that anti-spyware softwarewill often remove all your good cookies (along with any bad ones of course) - so you have to be careful what you delete when the scan finishes.

           

          Users will have to check each website for operating system compatibility. Remember to keep them updated!!

           

          Malwarebytes Anti-Malware (Free)

          Download the free version here:

          http://www.malwarebytes.org/products/malwarebytes_free

          This tool can downloaded, installed, updated and run all in 'Safe Mode with Networking' if necessary.

           

          Superantispyware

          www.superantispyware.com


          HIJACKTHIS

           

          This is an old tool but still useful where all else fails and you need something to gather information to obtain help elsewhere. Run "Hijackthis" and post its log on one of the specialist forums below to see what action is recommended. They will check it and help you get rid of whatever ails yourmachine. Don't try to fix it yourself.

          Note: Hijackthis is not intended as a removal tool per se, and should only be used under the guidance of the specialist forums.

           

          DOWNLOAD HIJACKTHIS

           

          Do not post Hijackthis logs here, we can't help you with those !

          Post the logs at a specialist Forum:

          BLEEPINGCOMPUTER

           

          The above site has a removal of the Startnow toolbar here

          http://www.bleepingcomputer.com/forums/topic403292.html

           

          Seems a lot of work especially as your restore failed.

           

          Good luck