Spybot says I am clean - but......

  AFoxyLady 19:50 03 Sep 2008

How do I get rid of nasty Trojan and Mal ware in particular Ad Watch and Smitfraud?

I am running XP - the other day my laptop would not turn off, so I had to unplug it. When it was turned on again, my desktop background had been changed to a red picture with a gold spider in the middle - with the words "Your privacy is in danger".

I have run Spybot, and it came up with about 30 different trojans and malware files. It deleted all of them except Smitfraud C.

I have run Spybot several more times, and have now supposedly managed to have a clean computer, however.

1/My desktop is now white - no matter what I do, I cannot restore any background picture. I cannot right click at all on the desktop either. If I go to control panel and then display - I can "choose" an existing picture, and click apply, but I then get a message saying "Windows Internet Explorer cannot find file :///C:/windows/privacy_danger/index.htm"

2/ There was an unknown red icon, in the shape of a shield with gold spider on it showing a shortcut to a program supposedly called Ad Watch. I have deleted the short cut and emptied the recycle bin. But as I deleted it, it came up with the normal message saying that I was only deleting the shortcut and to un-install the program. There is no program to delete!

3/ I tried to run Ad Aware but it kept coming up with an error, so I have uninstalled it and downloaded the lastest free version. It is has run a scan and says nothing to be found

/ I have Bullguard,(under a paid for subscription) but when it scanned it said my computer was clean!

What else can I do to
1/ Get my desktop back to normal?
2/ Ensure that I have nothing else nasty hiding and lurking!

Help!! All replies gratefully received.

  Stuartli 20:10 03 Sep 2008

Try a System Restore to a date just before the problems.

Then run the AdAware and Search and Destroy; I would also suggest that you try SUPERAntispyware and update it daily.

  Bris 20:25 03 Sep 2008

I am bit puzzled why you have all these infections in the first place as it suggests that your PC defences are way out of date. It wont be much use cleaning it down as it will just get infected again. You need to make sure Bullguard has all the latest updates and Windows has all the latest updates. As well as running Spybot and Ad Aware you could also try running an online scan such as from the Symantec site.

  VoG II 20:28 03 Sep 2008
  AFoxyLady 20:37 03 Sep 2008

Bris - I am also very puzzled as to why I have this infection! Bullguard is automatically updated and is running all the time. Spy bot is also up to date and is running all the time.

Unfortunately I am not the only one to use this laptop, and my partner has probably unknowingly clicked on ........

I know of two occasions during the last two weeks where friends have had security running, but have had a pop up box telling them they are infected. When they click on the x to close the box, it installs the virus with no more intervention from you at all.

I am going to download and run Super Anti Spyware as suggestedby VoG and try that.

I am not so sure about trying the systme restore, as I am sure the authors of this infection would be clever enough to ensure it was not removed that easily.

In the mean time I will keep scanning !

  MAT ALAN 21:05 03 Sep 2008

click here


as for ad watch as far as i am aware it is part of Lavasoft's Adaware

  Stuartli 21:37 03 Sep 2008

New version released today re Smitfraud:

click here

  MAT ALAN 21:39 03 Sep 2008

Good spot stuartli, gonna keep that one..

  AFoxyLady 21:46 03 Sep 2008

Thanks Mat Alan for the link. I have now downloaded all (hopefully) software to scan and delete. I will endavour to run these prgrams tomorrow as I need to print all the instructions out.

Having read all about Smitfraud on this link, I can now see why it was so easy to be infected even though I have security running. Let it be a lesson to all!!

I will let you know as soon as I am "clean"

  AFoxyLady 21:51 03 Sep 2008

Thanks also Stuartli - just spotted your latest link and have downloaded it.

Mat Alan - you said you thought Ad Watch was part of Lavasoft - and I have to admit that when I deleted the icon, and "hovered" over it, it did say Lavasoft adaware, BUT, it was the same icon as the nasty one on my desktop yesterday. The proper lavasoft icon is a bit like a globe, so looks like something def hijacked me.

I just hope I can get it all clean and get my laptop, and desktop, back to being mine!

  MAT ALAN 21:52 03 Sep 2008

A lot of trojans sit in your "system volume info files" which is where your restore points are kept and are hidden from detection, you may need to turn off system restore to clear these then turn it on again so you can create a restore point when you are happy your PC is clean...

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei MateBook X Pro review

8 digital brands that designed custom typefaces to save millions

How to speed up a slow Mac

Comment résoudre des problèmes d’impressions ?