On behalf of Cinders

[fluffyfluff]

Ok yesterday, cinders was playing a game on Shockwave, she tells me 'the next thing i know I am downloading". She says she did not touch anything and pops up Mc affee telling her virus detected. Did a scan ,108 files were infected and found ads also.She says 20 were from Hit box. ok so heres the deal. I had to go yesterday after she did the scan so i did not know what was up. She tells me this morning (when i came online)that she could not remove the virus because it was in system restore(save) and before i came online she had already went through and deleted tons of files. She had done this before contacting McAffee and their response on how to turn off system restore(save). Now her ie won't load anything but her home page. She once more was blasted with virii. And says everytime she goes to google here comes another virus. WTF is up. Also she says her pc won't allow her to do a system restore or click on ie/tools/windows updates or much of anything for that matter.Poor thing can not find her key for winxp and restore cd wants a key also. Any idea what 's going on?

[vernarial]

What OS is she using specifically? I mean is it 98, or ME, or XP? I had problems when I was using ME. You had to turn off restore, restart, turn restore on, restart, turn restore back on, restart. Or atleast thats what I had to do to actually get it turned off. Then I could delete my system restore folder containing all the files saved for restore. I had a virus in there once and had to delete the whole folder. I didn't have to re-install anything. The spot to turn off retore was in the control panel under system on ME. On XP it's in the control panel also, but you have to go into Performance and Maintanance to get to the System settings. I hope this helps.

[fluffyfluff]

She's winxp

Cinders says:
here is what happens

Your Imaginary Friend says:
k
Cinders says:
the virus is removed and when i got to surf the web

Cinders says:
it shows up again

Your Imaginary Friend says:
k

Cinders says:
i get a little window that says downloads on demand

Cinders says:
when i close it boooooom

Cinders says:
when i close it boooooom

Your Imaginary Friend says:
your xp right? SP1?

Cinders says:
dunno

Cinderssays:
xp

Cinders says:
1st?

cinderssays:
last
who knows!

Your Imaginary Friend says:
ok

Cinders says:
the problem with ie was i had a tool bar on there

Cinders says:
that highjacked it

Cinders says:
smiley central

Your Imaginary Friend says:
i told you that would do that!

Cinderssays:
yes I know

Cinders says:
but i just had to keep it

Cinders says:
hehe

Cinders says:
this thing i have is vbs/something@m

Cinders says:
a very low risk worm i think

Cinderssays:
but enough to be a pain in the ass

Your Imaginary Friend says:
k

Your Imaginary Friend says:
vbs means virus that's ,,,,that's a file extension

Cinders says:
i cant remember whats after the /

Cinders says:
yeah

Cinderssays:
thats what the site said

Cinders says:
the macafee site

Your Imaginary Friend says:
ok

Your Imaginary Friend says:
hold on hunny

Cinders says:
and i followed the instruction and it still keeps showing up

Your Imaginary Friend says:
ok

Cinders says:
i even changed names on duplicate .dll's

Your Imaginary Friend says:
i am pasting this on the forum

Cinders says:
ok

Your Imaginary Friend says:
i am trying to remember where to disable auto download

Your Imaginary Friend says:
looking right now

Cinders says:
oh

Your Imaginary Friend says:
me and xp are different!

Cinders says:
i might know

Cinders says:
i will look also

Your Imaginary Friend says:
ok

Cinders says:
internet options security settings

Your Imaginary Friend says:
ok but i dont see auto download on mine there.

Cinders says:
i am looking
Cinders says:
i saw that somewhere
Cinders says:
yesterday
Cinders says:

Your Imaginary Friend says:
ok
Your Imaginary Friend says:
in mine it only has enable/prompt/disable file downloads or
Your Imaginary Friend says:
and same for font downloads
Your Imaginary Friend says:

Cinders says:
hmm
Your Imaginary Friend says:
gotta be a place to disable download on demand
Cinders says:
yes
Your Imaginary Friend says:
i could have sworn i saw it just this week
Cinderssays:
i saw it yesterday
Cinders says:
grrrrrr
Cinderssays:
but damned if i know where
Your Imaginary Friend says:
control panel?
Cinders says:
let me look in help
Your Imaginary Friend says:
k
Cinders says:
boom there it is again VBS/Redlof@m
Your Imaginary Friend says:
hm ok
Cinders says:
damn stupid thing

Your Imaginary Friend says:
sorry i am not much help but someone at pctt will be LOL
Cinders says:
hehe thats ok
Your Imaginary Friend says:
lol
Cinders says:
so far its just an annoyance
Your Imaginary Friend says:
ya
Cinderssays:
nothing major
Your Imaginary Friend says:
ok
Cinders says:
like corruption or anything
Your Imaginary Friend says:
now what are you using to remove spyware
Cinders says:
spybot
Your Imaginary Friend says:
you always avoid that question
Your Imaginary Friend says:
when was last run?
Cinders says:
today
Cinders says:
2 hours ago
Cinders says:
hehe
Cinders says:
i thought you knew what iw as usuing
Cinders says:
you suggested it hahaha
Your Imaginary Friend says:
and it found??????
Cinders says:
a few adds
Cinderssays:
it removed
Your Imaginary Friend says:
ok
Cinders says:
not many
Cinders says:
i think like 7
Cinders says:
or something\
Your Imaginary Friend says:
well yes i told you to get spy bot or spysweeper.....but do you ever listen to me?
Your Imaginary Friend says:
lol
Cinders says:
of course!
Cinders says:
hahaha
Your Imaginary Friend says:
hehe
Your Imaginary Friend says:
ok let me post this up

Cinders says:
ok
Cinders says:
i have a feeling it is the damed java demand pop up
Cinders says:
everytime i click it i get the virus
Cinders says:
click to close it
Your Imaginary Friend says:
ok disable it and see what happens
Cinderssays:
i dont know how to
Cinders says:
i disable java
Cinders says:
disabled java
Cinderssays:
to se if that would work
Your Imaginary Friend says:
a few months ago i had to mess with java settings because they were f-ing with me
Cinderssays:
and it didn't
Your Imaginary Friend says:
ok
Your Imaginary Friend says:
well this will go into the post too LOL
Your Imaginary Friend says:
brb
Cinders says:
ok

[DreamCaster]

Ok Fluffster,
She really needs to run the usual spyware adware detection utilities here to flush this thing out. The three I'd recommend to get started with are spybot, adaware, and hijack this. If she's unable to acquire these, then try to get the name of the toolbar that she's installed and we can look for some removal instructions to post up for her as well as how to disable the system restore on XP if needed

[fluffyfluff]

She ran 3 spy ware cleaners and they did not find much.Spy bot removed tool bar named websearch but not all of it.
she unchecked "third party browsing" and it went away. Also she still has smiley central on her messenger.

she just found hot bar, lycos,max speed, memory watcher, purity scan, RVP( no idea what that is) broadcast pc( don't know what that is either) in program files. having her use task manager to kill one of their running processes so she can delete.
Ok killed it. now can not kill smiley central.......cannot delte F3CJPEG.DLL: access denied,,,,in use of course
but she can not figure out what it's running process is.Seeing if closing messenger will help

[fluffyfluff]

ok she's getting jv16powertools as i type this
will help clean up this mess...........hopefully

[DreamCaster]

PurityScan is a pain in the ass to get rid of

Check this link here for more info on it and also removal instructions. There's also info on how to disable XP system restore there

[vernarial]

Some programs allow you to remove files\programs before the OS boots up. It kinda sounds like a dialer. Everytime she gets on the internet something pops up and downloads something. I would go through ad/remove programs and get rid of everything she doesn't need, then do the same thing in Program Files. Then Run your Spyware/adware removal tools, and Anti-virus tools. I'm no expert, but thats where I would start. I hope everything works out.

[greffov]

Completely off topic, but I was wondering if the title shouldn't have read 'On behalf of Cinderella', instead of 'In behalf of Cinderella'...

Teach this Dutchie some english, anyone?!?

[~*LdY*LaFFs*~]

"On behalf..." is the more common (and more my choice), but both are correct according to webster.

"In behalf..." sounds bereaved to me.

Your pick Fluff

[greffov]

wow, thanks

[fluffyfluff]

I always say "On behalf".....oh well.


She is, as I type, cleaning up the last of her program files. Then she's supposed to do routine maintenance...

And sending her here to see what else is not needed... http://www.pacs-portal.co.uk/startup_content.php

[fluffyfluff]

here ya go Dreamcaster

[fluffyfluff]

tweaked

[lordpake]

Don't think anyone mentioned this so here we go: It might be useful to disconnect from web by pulling the plug 'coz some of these pests do try autoupdate if they can..and after booting scanning all over again.

I once had to deal with keyboard hijacker and it was really painful to get rid off...