Spyware from ...


  #1  
Old 03-16-09, 12:05 PM
D
Member
Thread Starter
Join Date: Feb 2005
Location: Frozen Tundra, WI
Posts: 292
Upvotes: 0
Received 0 Upvotes on 0 Posts
Spyware from ...

I have XP pro on a laptop. In a fit of pure, "never listen to your husband," my wife answered yes to one of those popup questions, "Do you want to protect your system?" We caught an ad to some spyware (haha) remover. Well, it would not let us get out of it and eventually locked the machine up. Now, during the boot process we get an lsass.exe error and reboots (we can't even boot into safe mode). Of course I can get to the c prompt using a boot disk.

I do not want to do a restore because we will likely lose a ton of info (all my wife's), but may have to. Unfortunately, all I have is an XP Home (not pro) upgrade disk (for our desktop) and the restore disk that came with the laptop. Use of either/or will write over everything. I would like that to be the last resort (and never get there).

Since I can get in under a C prompt, I can go in and manipulate files. Is there any way I can setup to go to a configuration that is many days old, not the one it thinks worked last time?

I am pretty computer literate, so go ahead, give me any recommendations and I will go for it (the worst that can happen is I end up restoring and losing all).

Thanks
 
  #2  
Old 03-16-09, 12:30 PM
D
Member
Join Date: Jan 2009
Location: Northwestern Ontario (Canada)
Posts: 486
Upvotes: 0
Received 1 Upvote on 1 Post
Hope its not that Anti-Spyware 2008 (or 2009). Its a nasty one. I had the 2008 variant a while back. One of its jobs seems to be to load more and more trojans and spyware onto your machine. It tucks in pretty tight too.

I tried the usual AVG and Spybot S&D, but it either blocked them or managed to hide core files to reload. MalwareBytes did do some removal but it also had some issues. Finally found a thread on a board about SUPERAntiSpyware. Such a cheesy name that I normally would have not even tried it.. but it was the only one to stop the thing. It missed a bunch of the 'other' loaded trojans/etc , but Spybot and AVG were then able to find them .

Best of luck with it. Sure had me going, ya know.. Ive had the odd virus/trojan, no big deal.. kids and hackers etc.. but at the time when I had this one, had the author shown up at my door and introduced himself as such, I probably would have stuck a knife through his face.
 
  #3  
Old 03-16-09, 01:31 PM
pmgca's Avatar
Member
Join Date: Mar 2003
Location: CANADA
Posts: 867
Upvotes: 0
Received 0 Upvotes on 0 Posts
Hi DavePearson,

These are the worst worms....

Try these three resources (in this sequence)

1 - Try to use a restore point--> Start--> All programs--> Accessories--> System Tools--> System restore--> set the date one or two days before.
2 - Use Spybot Search and Destroy
3 - If all of the above fails... download and install "HijackThis"
How to generate Trend Micro HiJackThis logs for malware analysis
generate the logs--> Google "HijackThis log file analysis",--> you will find lots of websites that will analize your file for free --> lavasoft is one of them
 
  #4  
Old 03-16-09, 01:53 PM
T
Member
Join Date: Nov 2008
Location: Michigan
Posts: 338
Upvotes: 0
Received 0 Upvotes on 0 Posts
that particular worm installs itself into the backup so it will reappear during a "backup". Found that out the bad way myself.

Malware bytes will also help remove this. its a free for personal use program.

The 2009 and its variants had a new update that was found in mid February this year. It has been added to most antivirus / spyware programs.
 
  #5  
Old 03-16-09, 02:40 PM
D
Member
Thread Starter
Join Date: Feb 2005
Location: Frozen Tundra, WI
Posts: 292
Upvotes: 0
Received 0 Upvotes on 0 Posts
The problem is, I cannot even get it into safe mode, the best I can do is get it into recovery mode, using a boot CD, and getting a C prompt. I do not have windows any longer.

I know this is a nasty one, somehow or another (and it was updated) the antivirus missed it (or my wife ignored it).
 
  #6  
Old 03-16-09, 02:59 PM
R
Member
Join Date: Apr 2007
Location: Near Buffalo, NY
Posts: 4,070
Upvotes: 0
Received 1 Upvote on 1 Post
Your wife probably caught it through a website redirect. A website she may regularly visit was redirected to the malicious site. Don't blame her, but you may want to let her know not to click "OK" to anything that seems out of the ordinary.

Try that Windows CD again. You should be able to install Windows (or repair it) without losing your personal information as long as you don't allow it to format the disk. Once you get it running, backup all your personal stuff to another drive. Do a complete virus scan on that drive.

Then re-install Windows on the original C drive, but this time allow it to do a complete disk format.
 
  #7  
Old 03-16-09, 04:41 PM
D
Member
Join Date: Jan 2009
Location: Northwestern Ontario (Canada)
Posts: 486
Upvotes: 0
Received 1 Upvote on 1 Post
You cant boot the o/s anymore at all ? Or, cant boot without that virus starting up and locking the system up ? At some point on mine, I found i could boot, but only had about 30 seconds before the antispyware thing (and some other process , forget the name) would get in the way. I used the task manager to kill the processes and that would buy me another 30 seconds to try and install something ..

Do you have access to another pc to make a boot disc etc ?
 
  #8  
Old 03-17-09, 05:54 AM
T
Member
Join Date: Nov 2008
Location: Michigan
Posts: 338
Upvotes: 0
Received 0 Upvotes on 0 Posts
eject your cd or dvd and reboot and see if you can press F6 or F8 just before the "windows" screen kicks in. I think its F6 but when I cannot remember I press them both. You have like 0.2 seconds to press it so i just hit it repeatedly.

Once you do this you should get things like

boot normally
boot safe mode
boot safe with networking
command prompt only
erase windows and get a mac.


Go with safe mode or safe with networking and then you should be able to try a different piece of A/V to get rid of this problem.

Sometimes a safe website can also be hacked and have some rigged code put in that will upload these programs to you when you visit the site. It happens to legitimate sites once in a while its just part of the internet.
 
  #9  
Old 03-17-09, 08:46 AM
D
Member
Thread Starter
Join Date: Feb 2005
Location: Frozen Tundra, WI
Posts: 292
Upvotes: 0
Received 0 Upvotes on 0 Posts
I know how I am supposed to get into safe more, I just locks up when I try (this has really messed the machine up).

Anyhow, I have a few ideas, not sure any will work. I just want to get it so I can boot up windows, get a few things (my wife's info) and then I should be able to re-install to get rid of all the damage this program has done. As suggested, I may try a second install of windows to get in and fix things, and then get rid of the second install.
 
  #10  
Old 03-17-09, 11:42 AM
T
Member
Join Date: Nov 2008
Location: Michigan
Posts: 338
Upvotes: 0
Received 0 Upvotes on 0 Posts
if you just want the data off you can get an external hard drive case and hook it up to another pc through a usb port.

There are also models you can get that have no actual case and go for around $20-$25. If you buy one it will always come in handy down the road.

Or you can slave it to the other machine so you can read the data off to copy it.
 
  #11  
Old 03-17-09, 12:49 PM
D
Member
Thread Starter
Join Date: Feb 2005
Location: Frozen Tundra, WI
Posts: 292
Upvotes: 0
Received 0 Upvotes on 0 Posts
Can I do that with a laptop hard drive? If it was my desktop, I would just yank the drive and do exactly what you said, but pulling the drive on the laptop is a little more painful.

I tried to get a thumb drive to be read in a USB port and the recovery panel would not recognize it.

I found a few sites that may help me recover, I am going to try a few things.
 
  #12  
Old 03-17-09, 01:24 PM
T
Member
Join Date: Nov 2008
Location: Michigan
Posts: 338
Upvotes: 0
Received 0 Upvotes on 0 Posts
yeah, you sure can. Here are some google images using keywords so you can see what they look like.

usb hard drive adaptor - Google Image Search



But keywords to try when shopping are:

USB to 2.5" hard drive adapter

You can also find them where they do all kinds of drives, desktop and laptop.

USB 2.0 TO IDE CABLE FOR 2.5"/3.5"/ 5.25" DRIVE


They run around $15-$30 online and probably 40$ in store (I am guessing at the store prices). Shipping varies.

You must know if you have an IDE (PATA) or a SATA hard drive, though, for most of these.

Some of them can cover every type of drive so if you dont know what you have we can help you figure it out, or you can just pay a few dollars more and get an adaptor that will work with any drive you come across.

I cannot count the number of times mine has come in handy already.

Edit: be aware that if there is spyware/malware/etc on the drive you may infect the other PC, but data is irreplacable usually.... so may be worth the risk.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: