UGN Security Forums UGN Security: Underground General Got Bugged

Well, I've now seen one of the most pain in the [censored] virus/malware/spyware [censored] I have ever dealt with.

The first symptoms were that my start page for any of my webbrowsers was changed to some search site, after running spybot the problem seemed like it was cleared up, but later it came back. This thing also caused a lot of random pop ups telling me I have spyware on my system, and wanting me to pay for their spyware remover. Also it's interesting to note that after a half hour I'm getting low virtual memory warnings and my computer is slow and laggy, So much so that programs would close all on there own and refuse to open because of lack of memory. A Virus scan reveilled a ton of infected system files so I know something was buggy there too.

This goes on for a few days, partially due to lack of time to sit down and deal with it, and I download Hijackthis! and start clearing house on my Add/Remove Programs. I find a ton of nasty little buggers and clean those off, but I still had lag and the homepage take overs. I find this program called WebPatrol. Within moments it alerts me to some random .dll file, I run Hijackthis to see if it sees it too, it id's itself as an IE Addon btw, and it does, it also sees it spawned a BHO. Looking at my logs I see that on two other occasions a randomly named dll in C:\Windows\System32 have also been spawned and created BHO's, and these are the guys hijacking my homepage. I think I got this thing cornered but I can't seem to find the main bug spawning these dll's. Anyone experiance anything similar or have any idea where this thing could be hiding?

Here are the programs I've been using
Lavasoft Ad-aware 6
latest version of Spybot
Trendmirco online virus scanner and Antivir XP
WinPatrol
Hijackthis!

Thanks, I so wanna kill this [censored]!

I have a lot of service calls pertaining to such problems. There was a nasty one similar to what you were talking about, it was one of my few service calls that lasted over 1hr. Lasted about 3 I think, and it was a huge PITA to get rid of.

Could you give the names of what the programs found it as, and also the filenames of DLLs (unless random). Seems one of those programs usually has a manual removal link if they can't remove it, and that is what I have had to do a few times.

If anything google the virus/spyware name along w/ say "manual removal" and follow instructions.

Have you tried going through regedit to remove any keys that have the name of your probelm?

that happened to my Gateway computer, i think my problem was a nasty virus. It removed My Computer so i couldnt access it.

Had to reformat I hate people that write this [censored].

Well I cleaned up everything but I'm still infested with the deadly Win32.netsup.A Bug and I can't find any free virus stuff that will help put the son of a [censored] down.

PestPatrol

I'm sure you tried this but here it is anyway.

I had that problem awhile back, I think this is what I used to finally get rid of it. PcdocRX

the thing that i hate the most is when your computer is about to die and needs a reformat.

You search the internet for free tools that help remove the viruses and worms.

You find one that seems very promising and you download it. You open it and figure out its not really free and all it does is scan the computer, find the viruses, but the remove and quarantine are blocked and you need to purchase a full version to remove what the program found.

I use Avast Antivirus on my laptop, it's free and updated regularly. It is full featured.

I posted something simalar to this in the cool web search thread.
Go to the http://www.nod32.com and download the free trial version of it and run it. It will detect and remove 95% of the trojan/virus's out today.
If you do not want to install the program there are seperate removal tools there you can download for free.
Good luck.