Spyware warning--Sloooow PC HELP

  jay aitch 19:25 05 Jul 2006
Locked

Hiyawl, about a week ago i started getting a bubble popping up in the bottom right of the screen. It says "Your computer is infected! Windows has detected spyware infection!
It is recommended that you use special anti spyware tools to provent data loss. Windows will download and install the latest antispyware for you.
Click here to protect your computer from spyware!"
But when i click there (a little red button with a cross on it) or in the bubble, it disappears only to reappear every 30secs or so. The pc is less thatn a year old, has Norton protection. It also seems to take alot longer to open webpages. Im not a techy so easy peazy pls!

  VoG II 19:37 05 Jul 2006

Download Ewido Anti-Malware trial version click here

When installing, under 'Additional Options' untick 'Install background guard' and 'Install scan via context menu'.

Launch Ewido by double clicking the icon on your desktop. The program will now go to the main screen. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update then click on Start Update.

Then select 'scanner' then 'Settings'. Under the bottom section 'What to Scan?' make sure 'Scan every file' is ticked. Select 'OK' and you will return to scanning options. Click on Complete System Scan and the scan will begin. This scan can take quite a while to run.

While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose 'Clean' (or 'Delete' if 'Clean' is not an option). Then put a tick next to 'Perform action on all infections'. Doing this enables the scan to proceed automatically until its completion. Click OK.

  HarryTheDudd 20:37 05 Jul 2006

Reply to 'jay aitch'

Hi, I'm quite experienced on the net, but not a techy either so I think I may be able to help a bit.
It sounds like the balloon you describe is displayed from the system tray (where the clock is). These messages are usually generated by Windows or software that's installed and serves to give real time advice for the functioning of the program.

1st I'd unplug from the net and do a full virus scan with your Norton software (assuming virus protection is up to date)to see if any problems are found.

This may find the software that's giving the balloon message. The balloon message may be from some sort of malware. I've come across different messages like this and they're usually trying to sell you their spyware program by saying you're infected!

You said that it says 'Windows has detected spyware infection' Because Windows doesn't have anti-spyware by default, I'd be very suspicious of the note if you're not using anti-spyware from Microsoft.

I use their Windows Live One Care bundle, which has virus scanning, anti-spyware, data backup(to CD, DVD or external hard drive) and scheduled tune-up(checks 4 Microsoft updates and cleans and defragments hard drive).

Before I had this I was using Mcafee Security centre. I've been on the net most of the day for the last year, so was putting myself at a lot of risk. In the last year I've never seen a message telling me I needed anti-spyware from Microsoft. I could be wrong so you should try visiting Microsoft UK (click here)and send an email to one of their support staff to see if they have been sending these.

What you have to do is think how could Windows tell me I've got a spyware problem if I don't have anti-spyware to detect it?

Because your web browsing seems slower you could have a problem with some sort of malware. I found this advice from the Microsoft website. Malware sometimes uses up quite a bit of bandwidth transmitting data while you browse the net.

It might be worth considering, if the problem gets worse or is unresolved, backing up your personal files to CD, DVD or external hard drive, then reinstalling Windows (either from a Windows CD-ROM or if you had a system recovery CD-ROM when you bought your PC). I do regular backups to DVD and every few months I format(wipe clean) the hard drive and re-install all my programs and My Documents. It seems to keep the system running nice and fresh.

Finally! Try either Mozilla FireFox, Netscape or Internet Explorer 7 Beta browsers. They've got some cool features for free. Netscape has a spyware scanner that's very good. It picked up a key-logger and a password decryption spyware that Windows Defender (part of Live One Care) had missed. Don't get too paranoid an install loads of protection software - they take up loads of memory.

I've made a lot of assumptions from your post as you say you're no techy. I've tried to give an overview of what risks are there and how to stop them in future. There may be no spyware problem at all, but I hope this reply gives you a few tips on how to start to understand this bewildering topic.

  VoG II 20:43 05 Jul 2006

It isn't from Microsoft so no point contacting them.

It is probably SpyAxe or similar and Ewido should shift it.

  HarryTheDudd 21:14 05 Jul 2006

Hi, Thanks VoG. I got a review from a google search on Ewido(click here)
Very impressive, well worth looking at. I didn't think it was from Microsoft either but don't have the tech skills to be sure. Nice to know my suspicious mind was on the right-ish track!

  jay aitch 12:41 06 Jul 2006

Thanks good people for the replies, Ive just run a full NAV/NIS check (that i thought was done automatically!) which it said had not been done since the end of March. It took 50 mins and found 1 trojan horse that was removed automatically, and 1 spyware that i had to click to remove. I reconnected rebooted and ... and the sodding thing is still there. Why? i checked and Norton is upto date untill next year. When i do click on the message it doesnt try to sell me any thing so whats the point?
Looks like ill have to go for the Ewido
Thanks again.

  rezeeg 13:43 06 Jul 2006

jay aitch try disabling System Restore (they hide there sometimes) and restart in Safe Mode (keep pressing F8 when restarting) and run your Norton again.

Restart and re-enable System Restore.

  HarryTheDudd 23:16 06 Jul 2006

reply jay aitch "First Step". You say Norton is up to date 'till next year. I've no experience of Norton, but the anti-virus programs I've come across usually update at least once a week. Try seeing if you can find a help file explaining how it's security updates, scanning etc work.

I've just downloaded the trial of Ewido advised by VoG. It's a very intuitive program to use and just exploring all the various settings gives a bit of a tutorial on spyware - I quite like it.

Keep letting us know how things are getting on. You might find something helpful for others to use ;+)

  VoG II 08:39 07 Jul 2006

my instructions for Ewido were a bit out of date as there is a new version. Revised destructions:

Download Ewido Anti-Malware trial version click here

After it's downloaded and installed, it should aumatically update itself; however, if it doesn't, you should do it manually. It should be set up like this...
Close ALL open Windows / Programs / Folders. Start Ewido and run a full scan.

Click on Scanner

Click on the Settings tab.

Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.

Under How to scan?
All checkboxes should be ticked.

Under Possibly unwanted software:
All checkboxes should be ticked.

Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.

Under What to scan?
Select Scan every file.

Click on the Scan tab.

Click on Complete System Scan to start the scan process.

Let the program scan the machine.

When the scan has finished:

Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.

At the bottom of the window click on the Apply all Actions button.

Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

  jay aitch 10:42 07 Jul 2006

Hi again,
Yeah Ive done the ewido thing, I did it before VoGs last post and i think it went ok. I found 57 defect in 393 traces? mostly medium risk cookies and 1 high risk thingy.
VoG why do you say on the last line to switch Ewido off? and why didnt the Norton full scan pull out the same as the Ewido?
Thanks yet again to yawl and if any of you ever see me in a pub tap me on the shoulder and i'll buy you a beer.

  HarryTheDudd 19:52 07 Jul 2006

Always a pleasure, never a chore! Norton probably didn't see the problem that Ewido did 'coz they're made by different companies. The little bit of research I did about Ewido made me quite confident to try it because it is made in Germany and apparently the Germans have a good reputation for developing this kind of software.

The different programs will do their scanning in different ways. I'm not slagging off Norton 'coz it's reckoned to be one of the best and's been around for years - hence experienced software developers.

The only analogy I can think of using to explain why Norton didn't spot the problem is related to my work as a Pharmacist. Antibiotics given by your GP kill a wide range of bacteria, but sometimes a bacteria will get through the net. Adding another anti-biotic, with slightly different range, closes the net - filling in the gaps that the bacteria exploited.

Anti-virus software is much more complex than anti biotics because the hackers are getting better at their job, and the software needs to keep up with rapidly changing viruses.

Loads more people are on the Net nowadays, so there's more opportunity for the hackers to make money from ordinary people - rather than having to bother trying to crack the mega tight security of a big bank. Also we don't have the huge legal resources to find and prosecute them as aggressively as big business does.

Hackers are like bacteria - they find a weakness in the system's defences and exploit it. Anti-virus softwares are like vaccines - the more people that use them, the stronger we are as a community.

All the best and happy surfing!

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

Lightwell software lets you create mobile apps without using code

Best value Mac: Which is the best £1249 Mac to buy

Comment désactiver les programmes qui s'exécutent au démarrage de Windows 10 ?