I have a virus! Any help appreciated.

[WizeOne]

I seem to have a virus/adware/spyware that I am having difficulty getting rid of. It loaded a program called "Antispycheck" on my system. It loaded a security tool bar and has an MS like security shield in my startup tray.

When I try to run Adaware or TrendMicro, the system just reboots before they can complete their work. I also found a website that has a fix for this but when I try to open the page it says that spyware has blocked that webpage.

I also booted in "safe mode with networking" hoping that I could run one of these programs, but like Freddy Krueger, their is the fake MS security shield in my start up tray. Non of the legit ones load up in safe mode.

What to Do? The thing has even change my main browser page. Grrrrrr!

 

[springhead]

Re: I have a virus! Any help appreciated.

is this what you tried
http://www.removeonline.com/remove-antispycheck-antispycheck-removal-instructions/

 

[WizeOne]

Re: I have a virus! Any help appreciated.

is this what you tried
http://www.removeonline.com/remove-antispycheck-antispycheck-removal-instructions/

No, I did not try to load that page. I am writing this post on another machine so I will transcribe the link and see if it will load.

Thanks

 

[WizeOne]

Re: I have a virus! Any help appreciated.

The good news is that this one is running. I don't know whether switching back to my regular MSN home page vs the spyware home page that was loaded, had anything to do with it but it is wracking up a ton of bad things.

Arrrrrrrrrgh. Just like my previously loaded Adaware and TrendMicro, the computer just rebooted in the middle of the scan, not allowing it to finish and get to the solution.


I'm going to try running the program again but it seems I may be back to square one??

 

[WizeOne]

Re: I have a virus! Any help appreciated.

Second try at running the above program and the computer rebooted in the middle of it again.

This thing is insidious. It know when you are looking for it.

I am going to try safe mode without networking and see if I can make it run there. But even in safe mode w/o networking that little fake MS shield is still flashing in the start up tray.

Keeping my fingers crossed

 

[WizeOne]

Re: I have a virus! Any help appreciated.

Same, same. Computer reboots far into the scan. Maybe if I use my "What's Running" program to see if I can shut the stupid thing of on start up.

Otherwize, Happy Fathers day everyone. If you think of something during the day, please post.

 

[waterinthefuel]

Re: I have a virus! Any help appreciated.

Try this. It's a shot in the dark but right now we're at that point.

Click start, run, then type msconfig. Uncheck "load startup group items". This will prevent all the stuff from starting when you start your computer. That might give you a chance to get rid of it before it reboots the computer again.

 

[ThumbPkr]

Re: I have a virus! Any help appreciated.

A system restore may or may not help,depending on how many layers deep the virus has gone but it is free and pretty simple to do.Ron G

 

[SpinnerBait_Nut]

Re: I have a virus! Any help appreciated.

Do what WITF said and see what's in there.
Uncheck anything that don't look right.
If it's in the start up, that will stop it.
Also might want to go to control panel and add/remove and see if it is in there.

 

[WizeOne]

Re: I have a virus! Any help appreciated.

I followed WIF's suggestion to no avail. The fake security shield was still there on reboot.

I also looked at the possibility to "restore" but I had that feature turned off so there were no restore points available.

Other than an "antispycheck" program that was listed in ADD/REMOVE after this first happened,(long removed) there was nothing that I could see that could be related to this issue.

 

[Bart Sr.]

Re: I have a virus! Any help appreciated.

I had a nasty one a few weeks back.I took my tower to a cleaner/debugger outfit near here and they cleaned/debugged everything and installed some anti spyware/adware programs.

So far everything is great.

Cost me $100 but worth it to me.

 

[WizeOne]

Re: I have a virus! Any help appreciated.

A very frustrating part of this is that Google abounds with recognition and remedies of this spyware but none of them give recognition to the fact that 'antispyware' shuts all the scans down before they can finish and cough up remedies and solutions.

One thing I did read is that this malady has a root in a file called NetProject.
I can find it in C:/programfiles/netproject/scit.exe but I am hesitant to just delete it for fear that it will leave some tentacles that could never be gotten to.

There is also another apparently related file called sbmntr.exe which I am also hesitant to just blow out.

There has to be a way to sneak around this thing so I can run a scan that will find all it's elements and delete them.

Sure do, however, appreciate all your inputs.

 

[ThumbPkr]

Re: I have a virus! Any help appreciated.

I Googled "Antispycheck" and the first hit was the Symantec website.
I don't run their virus products anymore but I have used their website to remove malware in the past and they are generally right on the money with their procedures.
Everything you need is right there to get rid of the virus,it explains what it is and just what you need to do to remove it.
You will need to use regedit or whatever editor you are comfortable with to modify the registry or have someone do it that is competent but it will be a simple fix and should take less than 10 minutes of your time.Good luck.I would enable "system restore" when you are finished unless you have a good reason to leave it disabled.Ron G

 

[i386]

Re: I have a virus! Any help appreciated.

Numerous ways to get rid of it here...

http://www.google.com/search?hl=en&q=remove+antispycheck&btnG=Google+Search

 

[WizeOne]

Re: I have a virus! Any help appreciated.

It turns out that "antispycheck" may not be my real problem. I deleted that program when I first became infected and I just went thru 30 items, related to it, in regedit and only found 2 out of the 30.

It seems that the problem is called 'NetProject". I found the folder under program files and have not tried to delete it. It may not let me anyway.
Inside NetProject there are two .exe files that show up on taskmanager. Attempting to disable them is like trying to grab a greased pig. When you do 'disable' the file just pops up further down the list.

I'm kinda at a loss here. Short of reloading the OS, I'm not sure what to do. This thing even causes a reboot when you try to delete tempory internet files.

 

[IWELD]

Re: I have a virus! Any help appreciated.

I did a little surfin and in one forum I visited it sounds like this may be the root problem...

http://www.trojan-zlob-removal.com.removal-instructions.com/removetrojan.zlob.html

of course it may also be a scam for you to try another program but it also has instructions on how to remove it manually.


Hope this helps!

 

[Plainsman]

Re: I have a virus! Any help appreciated.

Download and install spybot search and destroy. Get the updates, immunize. Download and install AVG antivirus, get the updates.
Reboot into safe mode and run both programs

HTH

 

[WizeOne]

Re: I have a virus! Any help appreciated.

I did a little surfin and in one forum I visited it sounds like this may be the root problem...

http://www.trojan-zlob-removal.com.removal-instructions.com/removetrojan.zlob.html

of course it may also be a scam for you to try another program but it also has instructions on how to remove it manually.


Hope this helps!

I checked it out IWeld. My problem definitely involves the zlob thing. I'll keep it in mind but it sounds like it may be no different than many a program I have downloaded. So far, the several I tried get far into the scan, showing all kinds of bad things, then wham!, the bad guy shuts down the computer and causes it to reboot, before the scan can finish and cough up the remedies.

Plainsman, I think the above applies to Spybot as well. As for the AVG, that's kind of like closing the barn door after the horses have escaped. I will certainly do that in the future. I let a protect for $$$'s program lapse a while ago. Me bad. I'm now paying the price.

 

[i386]

Re: I have a virus! Any help appreciated.

Antivirus and Antispyware are definately good to have. Sometimes these are not enough to remove certain infections. For those cases you will either have to download a utility that was made to remove a specific type of infection or follow a manual removal procedure for that infection.

The first step is to try to identify what you're infected. The next step is to find out how to get rid of it.

It it's zlob, then just google "zlob removal". Understand that the people who make spyware know you'll search for that. Often you get tricked into getting infected with something else while searching for a solution. If the page has popups or seems to be desperately trying to sell you something, move on. That's not where you want your info from. Instead look for the solution from av software vendors or computer/internet help forums.

While I don't care for Symantec's software, their manual removal instructions are generally pretty good as are their removal tools made to target specific infections.

I don't know if zlob is causing you the problem, but for example, this is what Symantec says about it...

http://www.symantec.com/security_response/writeup.jsp?docid=2005-042316-2917-99&tabid=1

 

[Tail_Gunner]

Re: I have a virus! Any help appreciated.

I seem to have a virus/adware/spyware that I am having difficulty getting rid of. It loaded a program called "Antispycheck" on my system. It loaded a security tool bar and has an MS like security shield in my startup tray.

When I try to run Adaware or TrendMicro, the system just reboots before they can complete their work. I also found a website that has a fix for this but when I try to open the page it says that spyware has blocked that webpage.

I also booted in "safe mode with networking" hoping that I could run one of these programs, but like Freddy Krueger, their is the fake MS security shield in my start up tray. Non of the legit ones load up in safe mode.

What to Do? The thing has even change my main browser page. Grrrrrr!

Ok pop's a little "fore" warning stay away from questionalbe site's...

I persoanlly dont know if your mechanically inclined.... but if you have two comp's you can alway's take the drive off the infected comp install it as a secondary on the working comp. Then do a virus scan on the second drive Ummm first update you virus ware..Are you using ariva that prog will get the bug ...Geesh some people's grandads's.......


http://majorgeeks.com/AntiVir_Personal_Edition_8_d955.html