Adware Infestation

Charlton

Experienced member
Messages
1,501
Likes
326
Hi

I need some advice about cleaning my system of adware. First some salient facts:
  • it is windows xp
  • use Norton Internet Security 2006 with all options set
  • In startup also use winpatrol.exe, windows defender, registrysmart.exe, spyeraser.exe
  • I have used all of the above products plus spybot and ccleaner to scan and fix any spyware errors, whilst in safe mode and with system restore switched off. Generally they will find around 4 cookies and 1 registry entry contaminated, but normally no files
  • pop up blockers are switched on
  • I also tried spyhunter, but spybot identified this as a threat so I uninstalled it
The problem is that after reboot and switching sysem restore back on, it doesn't take long before advertising windows appear beneath the current window. The adware window does not have the normal address bar and title starts with a tilda~.

Sometimes the additional window is "http://em.pc-on-internet.com" with some login details and parameters. Sometimes I get the difficult to close avsystemcare warning message.

I have tried to get rid of this for about a week now. I do not want to download any additonal spyware removal progs unless they are 100%, because I might just waste my money, add extra processes to my machine and some come infested with spyware themselves.

I am also finding the pc running slower,perhaps due to spyware, perhaps due to too many spyware/virus monitoring processes.

Any suggestions would be gratefully received.

Charlton
 
Try Lavasoft's Ad-Aware SE Personal (free) and

http://www.xblock.com/onlinescan.php


They were both recommended by Tiscali when I had problems with my connection. Turns out I didn't have spyware/adware in the end. Can't remember what the problem was. Oh, yeah, Tiscali were just ****.
 
I have seen something similar to this issue in the past and it was caused by a virus. No matter how much it was cleaned up the ads kept coming back. In the end I had to reinstall the entire system. I know this isn't what you want to hear but if all else fails I would consider it.


Paul
 
You could post on the Malware removal forum at Major Geeks :http://forums.majorgeeks.com/forumdisplay.php?f=35.

I had a serious dose of malware before and these guys fixed it. However be prepared to wait your turn for help and bear in mind that you may have to put in a fair bit of your own time following the procedures given to you (Read this first: http://forums.majorgeeks.com/showthread.php?t=35407).

It may even be faster to do as Trader333 says and reinstall from scratch, and you'd be certain of a fix then too.

Whatever way you choose to fix it, once you've fixed it, I'd seriously recommend getting some Hard drive Image back up software. That way, if it all goes t*ts up you can just restore the harddrive from a backed up image (remember to backup regularly!), rather than having to go through all this palaver every time.
 
There certainly are some mean son 'bitches around lately. I've had to resort to T333's format-and-reinstall on several occassions lately because you can typically backup and reinstall in 2 hours ... or spend 3+ trying to fix a problem.

Nonetheless, try the two attached exectuables whilst running in Safe Mode, with a reboot after each. Default prompts throughout if you please.
 

Attachments

  • Fixwareout.exe.zip
    451.5 KB · Views: 241
  • SmitfraudFix.exe.zip
    917.3 KB · Views: 214
Getting there.................Hopefully

Thanks to everyone who has posted suggestions. Shadowninja - your suggestion picked up DealHelper, which my other spyware had not cleared. I thought I was cured after running Spybot and finding nothing, but this morning I still have em.pc-on-internet, but things are looking much healthier.

I will try Rossored's suggestions later.

Trader333 - I was coming to your conclusion myself. I will try these other suggestions first, but this weekend could be reformat weekend !

Hopefully all these ideas will be useful for others who might get into the same situation. There are so many spyware/adware removal programs now that it is difficult to know what is good, what is mediocre and what is downright malicious, so recommendations are always welcome.

Charlton
 
Sorry if I'm stating the obvious, but have you tried googling for the em.pc-on-internet message that you get? Unlikely you're the only one to have had an issue with it and there's usually some technical advice out there when you hunt for it. I've got rid of some troublesome problems just by putting the error message into google search and following advice...
 
Hi Charlton,
Your best bet is to use hijackthis, from merjin.org.
It will create a list of browser objects, so you can see which ones should not be running.
The hijackthis log can be submitted to many anti spyware sites, in case you need advice on what to delete.
 
Sorry if I'm stating the obvious, but have you tried googling for the em.pc-on-internet message that you get? Unlikely you're the only one to have had an issue with it and there's usually some technical advice out there when you hunt for it. I've got rid of some troublesome problems just by putting the error message into google search and following advice...

I did what JOC suggested and found this thread:

http://forums.techguy.org/malware-removal-hijackthis-logs/576223-solved-help-infected-em-pc-2.html

Follow the thread through, the seeker of help didn't get to the solution immediately. I used the ComboFix idea,which is the last suggestion made, and have just run it. My PC is now running better than it has done for months. I'll let you know if I have further probs or if it is still troublefree in a couple of days.

Hope this helps.
 
Update

I did what JOC suggested and found this thread:

http://forums.techguy.org/malware-removal-hijackthis-logs/576223-solved-help-infected-em-pc-2.html

Follow the thread through, the seeker of help didn't get to the solution immediately. I used the ComboFix idea,which is the last suggestion made, and have just run it. My PC is now running better than it has done for months. I'll let you know if I have further probs or if it is still troublefree in a couple of days.

Hope this helps.
Thanks - It looks as if you have solved it for me. I ran Combofix and it looks at the moment as if it has cleared things up. Also like you the pc is running much better - no grinding hard-disk and IE behaving itself.

I deliberately went to sites where adware windows seemed to open previously and none appeared. I will monitor it over the next few days, but first signs are encouraging

Charlton
 
Hi Charlton,
An alternative and more permanent solution to the problem might be to get a Mac . . . !?
I suspect strongly that this is what many Mac users would say. (Mildly surprised Matt [Rossored] didn't suggest this?)
;)
Tim.
P.S. I'm looking to upgrade my own set up soon and I can't decide whether or not to stick with the herd and get a new PC (and, likely as not, have to contend with the problems you describe) or whether to be very brave and get a Mac and, potentially, wave goodbye to many such issues in one fell swoop? Decisions, decisions!
 
Hi Charlton,
An alternative and more permanent solution to the problem might be to get a Mac . . . !?
I suspect strongly that this is what many Mac users would say. (Mildly surprised Matt [Rossored] didn't suggest this?)
;)
Tim.
P.S. I'm looking to upgrade my own set up soon and I can't decide whether or not to stick with the herd and get a new PC (and, likely as not, have to contend with the problems you describe) or whether to be very brave and get a Mac and, potentially, wave goodbye to many such issues in one fell swoop? Decisions, decisions!
Tim

Why are Macs less prone or not prone to virus and adware issues ? Surely the browsers could be just as susceptible to attack ?

Charlton
 
Tim
Why are Macs less prone or not prone to virus and adware issues ? Surely the browsers could be just as susceptible to attack ?
Charlton
The ratio of PC's to Mac's is what - 10:1, 20:1 or even 100:1??? You're comment is correct but it doesn't take account of the motivation of the people behind viruses, adware and malware etc. who want to inflict maximum damage and therefore target the biggest 'market'. Put yourself in their shoes - it's a 'no brainer'.
Tim.
 
I didn't suggest the Mac route because it didn't seem viable at that point :)

However...

I moved from Windows to Mac as my main machine in April this year. As most regular readers of the boards will know, I have a hardware repair/maintenance business, and the amount of time I was spending maintaining my own system in addition to clients' machines was simply becoming unacceptable; I was also having to look after my wife's laptop and that was a near-constant drain.

So, I cleaned up and sold her laptop, and bought her a MacBook. Since then I don't think I've had to attend to her 'PC' requirements once. Shortly after that, I moved my main PC over to be a server in the office, and bought a 24" iMac; I can honestly say that since that time I have spent not one minute figuring out a problem, scanning for spyware or viruses or having anything else go wrong or cause a slowdown or problem whatsoever. It is utterly flawless, runs considerably faster than my old PC, and with Parallels for Windows installed will run XP/Vista programs (although I very rarely use it because it brings all the Windows problems back into the equation).

Admittedly there are not many charting products for Mac at the moment, but the OS is growing in popularity and I expect there will be more before long. My current setup doesn't need Windows all that much and I could do without it entirely if needs be so it doesn't present a problem to me, but it could well do to others.
 
I didn't suggest the Mac route because it didn't seem viable at that point :)

However...

I moved from Windows to Mac as my main machine in April this year. As most regular readers of the boards will know, I have a hardware repair/maintenance business, and the amount of time I was spending maintaining my own system in addition to clients' machines was simply becoming unacceptable; I was also having to look after my wife's laptop and that was a near-constant drain.

So, I cleaned up and sold her laptop, and bought her a MacBook. Since then I don't think I've had to attend to her 'PC' requirements once. Shortly after that, I moved my main PC over to be a server in the office, and bought a 24" iMac; I can honestly say that since that time I have spent not one minute figuring out a problem, scanning for spyware or viruses or having anything else go wrong or cause a slowdown or problem whatsoever. It is utterly flawless, runs considerably faster than my old PC, and with Parallels for Windows installed will run XP/Vista programs (although I very rarely use it because it brings all the Windows problems back into the equation).

Admittedly there are not many charting products for Mac at the moment, but the OS is growing in popularity and I expect there will be more before long. My current setup doesn't need Windows all that much and I could do without it entirely if needs be so it doesn't present a problem to me, but it could well do to others.
Thanks to Timsk and Rossored for pointing out another route.

Perhaps I could expand the topic to ask Mac users to list trading software that runs specifically on a Mac, not using Parallels for Windows, briefly listing type e.g. charting, trader platform etc and any bad/good experiences with using it.

Also it would be interesting to know which major trading software packages only run under windows.

We might be able to build up a handy list that could help members "swing the other way", so to speak if they are considering the Mac route.

As a starter I use Interactive Broker's TWS platform, which runs on MAC and their website lists requirements as:

Macintosh System Requirements
sysReqMac24x24.gif
Minimum
Recommended​
MAC OS Version10.210.4BrowserSafari 1.2.5Safari 1.2.5Java1.4.21.4.2Screen Area1024x7681280x1024G4 or G5 Processor800mhz1.25ghzMemory256 MB384 MBInternet ConnectionDial-up connected at 42k or higherBroadband with Dial Backup

I also use Amibroker which does not run on a MAC. Obviously I cannot give any details of experience using trading products on a MAC as I don't own one.

As I was looking at this I also came across a site where a trader was using a MAC and giving his view after 4 month's use:

http://permagnus.com/2007/04/27/4-months-using-apple-working-with-it/

Charlton
 
Charting for Mac

http://www.beesoft.net/

http://www.trendsoft.com/

http://www.quickscreentrading.com/

http://www.linnsoft.com


I may be wrong but it's easier to say what runs on Mac than what runs exclusively on Windows. If it ain't above, it doesn't run on Mac.

Any Java-based or web-based app will run on Mac, as will TWS (although I think TWS only runs under PowerPC based systems at present and not the new Intel generation - best check with IB directly).

Alternatively, you can get hold of Parallels for £60, install XP onto that and run Mac OS X as the main OS (as I do), and charting/order input as required on XP. If you then use Windows purely for charting etc (as I do) and don't visit any websites, get any email or do anything else with Windows, you shouldn't suffer from any problems whatsoever. Personally I think that's the easiest solution for the time being.
 
I'm not knocking macs (really). I had a Lisa and a couple of the first Macs released.

But spyware etc doesn't have to be a problem.

Run a decent free firewall, virus detector, and spyware scan on every machine with the virus detector on live and the scan every couple of days. Discourage trawling amongst Porn and Hackz / Crackz sites. Stop them downloading torrent software.

And you may never have a problem. I've got two teenagers; I support 4 machines on my home lan and the last problem I had was a torrent I downloaded. :eek:

The last line of defence is to use disk imaging. My latest motherboard has built in image backup and it takes 20 minutes to reload the C: drive if I'm suspicious of its behaviour. Before imaging it used to take me most of a day to rebuild my trading machine ... now it takes less than an hour including restoring everything I backed up since the last partition.

Try the CD based gparted and Clonezilla for such things at no cost :D

http://www.google.com.au/search?hl=en&q= GParted-Clonezilla+v2.0+LiveCD+ISO&btnG=Google+Search&meta=
 
Thanks - It looks as if you have solved it for me. I ran Combofix and it looks at the moment as if it has cleared things up. Also like you the pc is running much better - no grinding hard-disk and IE behaving itself.

I deliberately went to sites where adware windows seemed to open previously and none appeared. I will monitor it over the next few days, but first signs are encouraging

Charlton

No worries. Hope all still running smoothly.

Follow the thread through, the seeker of help didn't get to the solution immediately. I used the ComboFix idea,which is the last suggestion made, and have just run it. My PC is now running better than it has done for months. I'll let you know if I have further probs or if it is still troublefree in a couple of days.

Hope this helps.

All still ok here.

As an aside, I had been trying for months to get rid of this thing using AntiVir, Zonealarm, various anti Spyware programs all to no avail. I couldn't work out what was causing the pop ups.

Anyway, it's sorted now.
 
No worries. Hope all still running smoothly.



All still ok here.

As an aside, I had been trying for months to get rid of this thing using AntiVir, Zonealarm, various anti Spyware programs all to no avail. I couldn't work out what was causing the pop ups.

Anyway, it's sorted now.
Yes

I can confirm that everything is running smoothly, Combofix is one I will certainly keep in my armoury and recommend to others

Thanks once again

Charlton
 
Top