Computer virus/spyware

[dedlyjedly]

My Internet connection has been pretty flaky lately and I'm wondering if my system is the problem and not the isp/modem. I consistently get a can't find server message and then as soon as I try again it will typically go right through.

I noticed that my anti-virus software repeatedly popping up little messages stating "Scanning outgoing mail..." when the problem is ocurring, but I have no idea what that would be referring to. I have run virus protection scans and spyware scans several times but it doesn't seem to find anything major or improve the internet connection. I've been using Trend Micro antivirus and several different spyware programs.

Anyone have any suggestions for me?

[mr tibbs]

Spybot? It ended up doing the trick for me.

[Wakeup]

Spybot is ok....try superantispyware....
http://www.superantispyware.com/superan ... vspro.html

AVG Free....Antispyware/Antivirus. prefer the Anti spyware software.
http://free.grisoft.com/

[Francious70]

Windows Defender

http://www.microsoft.com

Best part, it's free and it works better than any other one.

[1moreamp]

I found it at this linky:

http://www.microsoft.com/athome/securit ... fault.mspx

[BigDaddy]

Try Ccleaner and Prevx1. I used both recently and they worked very well. Ccleaner will get rid of all those temp files and other stuff cluttering up your computer. Prevx1 got rid of some spyware I had that AVG and Spybot wouldn't find.

Jason

[soth]

Have you tried wireshark to sniff out any packets to see if you might have a trojan perhaps?

http://www.wireshark.org/download.html

Example: If you want to see if you have a spam bot on your system you would start a capture with the filter like this:

tcp port 25 and not ip host 192.168.1.1

Replacing the 192.168.1.1 with either your IP or your ISP's mail IP.

http://www.wireshark.org/faq.html

Other things are to use are those already mentioned. HiJackthis is also another one.

You can try CounterSpy also.
http://www.sunbelt-software.com/Home-Ho ... ounterSpy/

Good Antivirus is Kaspersky.
http://usa.kaspersky.com/products_servi ... -virus.php

[dedlyjedly]

Thanks for the replies guys. I tried all of those spyware programs and Prevx was the only one to find a trojan embedded in c:\windows\system32... I used PrevxCSI which was the free scanning tool they provided and it found the malware but said that I had to purchase the full program in order to remove it. Did you purchase it BigDaddy or is there something free out there that can remove this for me?

I'm interested in checking out the wireshark thing Soth, but honestly I have no idea how to go about doing it. Any help for a noob?

Thanks again for everyone's help.

[Wakeup]

Whats the infection called?

[dedlyjedly]

ddpsmeov.dll has a "bad" status, then there's several other's located in the same spot that are deemed "suspicious"; deaadea.dll, rduicbrg.dll, etekqjdw.dll, pccgjvoi.dll.

[Wakeup]

doesnt tell you the name of the infections?

[Wakeup]

http://forums.spywareinfo.com/index.php ... 6741&st=30

thats for the deaadea.dll file.

Just realize that sometimes the names of the DLL files can be jumble of stuff and may not reflect the type of infections you have.

So if previx detected it...what did it detect as? (like the name of the virus, not the name of the file.)

[dedlyjedly]

that's the only way the prevxcsi free scanner refers to the infection.

[soth]

I would first just install it and select your adapter you wish to capture data packets that come in and out of your system to get an idea. I'll see if I can find the link that shows some examples on the filter usage.

Have you tried to boot into safe mode and manually delete those files(if it will let you) and even if you do there could be a process somewhere else that spawns randomly generated files to make it even that much harder.

Go to bitdefender and use the online scan or download the trial. It will remove the viruses without you having to purchase the thing.

I would look into (msconfig) or regedit and navigate through the hives for the local machine and users to software/microsoft/windows/currentversion/run and see what is listed in there. The same thing is listed in (msconfig) under startup also.

HijackThis will show you what has been modified in your registry in the last bit.

BitDefender
http://www.bitdefender.com/site/view/an ... ckdownlink

Hijackthis I think I gave the link earlier. It's just a handy tool to have if you're an admin or work on computers a lot.

Kevin

[soth]

http://home.insight.rr.com/procana/

That shows some good examples of how to capture data. It might not be what you "really" need at this point, but it sure does come in handy at times though

Kevin

[BigDaddy]

When I downloaded Prevx1 it was shareware and was fully functional but expired after 30 days. I have never heard of Prevxcsi but found Prevx2. Must be a newer version.

http://www.download.com/Prevx2/3000-223 ... ag=lst-0-2

Jason

[dedlyjedly]

thanks. you gotta love the c/net trial downloads. i figured i'd give the prevx a shot before the bitdefender because it was the software that atleast recognized the issue.

i am having issues though. i started the cleanup yesterday at 7pm and 7 hours later when i went to bet it was only at 48% completion. When I checked this morning the computer had crashed and after booting it up prevx gave an alert that the spyware was still on the system!

not only that, but now my computer is super laggy on everything I try to do. Does a cleanup for a bad infection take many hours or was the program having difficulty from the get go? just when i thought i surely had this thing beaten my system is performing worse than ever.

[Wakeup]

try disabling things you dont need from start up.

MSCONFIG
Disable norton and Mcaffee if you have those....or uninstall better yet for those two.

Also download hijackthis v2.
http://www.spywareinfo.com/~merijn/programs.php

Get ATF Cleaner or CCleaner or both:
http://www.atribune.org/content/section/4/30/
http://www.ccleaner.com/download

Boot into safe mode is best always when removing/cleaning a system.

Are you getting any popups or messaged saying you are infected? but are programs you dont even know what they are...? IE: Spyaxe, spyware quake, Win Antivirus 2xxx, Win antispyware 2xxx, Smitrem, or anything of the like? Some examples of bad programs like this, is your background has changed saying you are infected etc or little flashing "?, ! or X's?" in the bottom toolbar on the right (where the clock is)?
If so you may try using smitfraudfix.
http://siri.geekstogo.com/SmitfraudFix.php

Also this program works well for some virus/spyware/rootkit problems.
Called combofix.exe
http://forums.techguy.org/malware-remov ... where.html

great program even tho i cant really find a whole lot of info on them. I use it all the time on infected systems that come into mystore.

[BigDaddy]

That sounds like it's taking way too long. Unless you have a huge drive or something. I have 400G and didn't take anywhere as long as that.

Jason

[dedlyjedly]

Boot into safe mode is best always when removing/cleaning a system.

how exactly would a computer illiterate jerk such as myself go about doing that. the deaadea.dll infection keeps popping up and is now considered critical by the prevx spyware. thanks for your help.

[fuzzysnuggleduck]

Boot into safe mode is best always when removing/cleaning a system.

how exactly would a computer illiterate jerk such as myself go about doing that. the deaadea.dll infection keeps popping up and is now considered critical by the prevx spyware. thanks for your help.

When your computer is booting there will be a small amount of time before the graphical "Windows XP" boot screen comes up but AFTER the POST (Power On Self Test). During that short period, hit F8. This will bring up a menu where you can select Safe Mode.

You can just hit F8 a ton of times during the whole boot process to make sure you hit it at the right time.

Once in safe mode, run the spyware/anti-virus stuff.

[dedlyjedly]

Thanks Dan. I knew how to get to safe mode, but couldn't run prevx. I guess it's just a program that can't be run in safe mode. So I ran Webroot SpySweeper while it was in safe mode and it cleaned a bunch of cookies and a few trojans. Then this morning when I boot up the system my network configuration is all screwed up. When I checked the status and details of the connection it reported that it was connected but the ip address, subnet mask, and default gateway all have no information stored. when I try to use the repair button it gives a "failed to query tcp/ip settings of the connection" message.

Can anyone help me out here? I had to use another computer to post this.
I feel like this virus is screwing with me as I just seem to go 'round and 'round with problems.

My main problem with computers is i know just enough to be dangerous!

[Wakeup]

http://kadusa.com/winsockxpfix/
Fix yer winsock files! great program.

Fixed many machines this way..when the network stack is all jacked up. Otherwise if that doesnt work, an inplace install of windows might work.
Try scanning the system with like....Superanti spyware in safe mode, or AVG Antispyware.

Avast....

etc...

Just cuz ONE program doesnt work...doesnt mean the rest wont either....

[dedlyjedly]

Winsock couldn't repair the TCP/IP stack unfortunately. At this point would it just be best to reload windows? I've got the disc but I've never done that. Any other pointers on cleaning this mess up?

[Wakeup]

Reinstalling OS is not too hard. Drop in the XP CD's...Boot off the XP CD's....you may have to press a certain key to get it to boot off the cd's first, or you may need to go to the BIOS, and change the boot order so that it will look for the optical(cd, dvd, whatever) drive to boot off of first before it tries going to the hard drive. Then be aware that you may need to press a key on the keyboard for it to boot off the cd. It will give you maybe 3 seconds to do this.

Anyway after that it will give you options to repair and install. Do the install...it will then proceed to the License agreement hit F8, then it will scan for any OS that it can find off your drive. After it does that, it should give you an option to REPAIR (really repair/reinstall windows on top) or install windows again. So do a repair, and it will MAINTAIN PROGRAMS and DATA etc. Just that windows will be cleaned up a bit...then just follow everything else on the screen.

If you want to do a clean install. then you can just skip the repair process. And tell it to go ahead and install...you can choose to FORMAT or Delete the windows folder(deleting the windows folder is a bit harder to understand if you've never done it before...)

Format will make everything disappear...programs, data, pictures, documents, music, emails EVERYTHING. so make sure that if you want to do this....that you have everything you need off that machine.

If you need more help from there....feel free to hit me on AIM...

mrwakeup