Tim Downie

My daughter picked up something via MSN the other day and it's proving an
absolute b*sta*rd to clear out.

It one of your usual fake virus alert programs that continually badgers you
about things on your system using very plausible looking messages in your
system tray. I'm also getting pop-ups for a gambling site (Skypoker) and a
search engine.

I've tried a heap of trusted anti-spyware programs, AVAST and Windows
Defender on it but it won't budge.

One program I used claimed to find (and remove) Winfixer but it keeps coming
back.

In the c:/documents and settings/XXX/local settings/temp folder (where XXX
is my our user name) I keep getting new files with names like qrjatydi.exe
and other such garbage. Whatever the name, they always say "LocusSoftware,
Installer, LocusSoftware, Inc." beside them.

So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware (free
edition), Windows defender and Trend Micro Housecall, all to no avail.

To add to the complications, the laptop won't boot into regular safe-mode,
it always hangs at the same point when loading a driver. It *will* boot
into a system admin safe mode (which still has network access) but the
malware continues to be active in this mode and makes doing anything tricky.
I just don't seem to be able to shut it down.

Where do I go from here?

TIA

Tim

jen

"Tim Downie" <timdownie2003@obvious.yahoo.co.uk> wrote in message
news:5penf9Fqusl0U1@mid.individual.net...
> My daughter picked up something via MSN the other day and it's proving
> an absolute b*sta*rd to clear out.
>
> It one of your usual fake virus alert programs that continually
> badgers you about things on your system using very plausible looking
> messages in your system tray. I'm also getting pop-ups for a gambling
> site (Skypoker) and a search engine.
>
> I've tried a heap of trusted anti-spyware programs, AVAST and Windows
> Defender on it but it won't budge.
>
> One program I used claimed to find (and remove) Winfixer but it keeps
> coming back.
>
> In the c:/documents and settings/XXX/local settings/temp folder (where
> XXX is my our user name) I keep getting new files with names like
> qrjatydi.exe and other such garbage. Whatever the name, they always
> say "LocusSoftware, Installer, LocusSoftware, Inc." beside them.
>
> So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware
> (free edition), Windows defender and Trend Micro Housecall, all to no
> avail.
>
> To add to the complications, the laptop won't boot into regular
> safe-mode, it always hangs at the same point when loading a driver.
> It *will* boot into a system admin safe mode (which still has network
> access) but the malware continues to be active in this mode and makes
> doing anything tricky. I just don't seem to be able to shut it down.
>
> Where do I go from here?

Get Hijackthis here:
http://www.trendsecure.com/portal/en...ols/hijackthis
Then go to the Avast Forum here:
http://forum.avast.com/index.php?top...39361#msg39361
let us know how you make out

-jen

pcbutts1

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Tim Downie" <timdownie2003@obvious.yahoo.co.uk> wrote in message
news:5penf9Fqusl0U1@mid.individual.net...
> My daughter picked up something via MSN the other day and it's proving an
> absolute b*sta*rd to clear out.
>
> It one of your usual fake virus alert programs that continually badgers
> you about things on your system using very plausible looking messages in
> your system tray. I'm also getting pop-ups for a gambling site (Skypoker)
> and a search engine.
>
> I've tried a heap of trusted anti-spyware programs, AVAST and Windows
> Defender on it but it won't budge.
>
> One program I used claimed to find (and remove) Winfixer but it keeps
> coming back.
>
> In the c:/documents and settings/XXX/local settings/temp folder (where XXX
> is my our user name) I keep getting new files with names like qrjatydi.exe
> and other such garbage. Whatever the name, they always say
> "LocusSoftware, Installer, LocusSoftware, Inc." beside them.
>
> So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware (free
> edition), Windows defender and Trend Micro Housecall, all to no avail.
>
> To add to the complications, the laptop won't boot into regular safe-mode,
> it always hangs at the same point when loading a driver. It *will* boot
> into a system admin safe mode (which still has network access) but the
> malware continues to be active in this mode and makes doing anything
> tricky. I just don't seem to be able to shut it down.
>
> Where do I go from here?
>
> TIA
>
> Tim
>

foghollow

In article <5penf9Fqusl0U1@mid.individual.net>, timdownie2003
@obvious.yahoo.co.uk says...
> My daughter picked up something via MSN the other day and it's proving an
> absolute b*sta*rd to clear out.
>
> It one of your usual fake virus alert programs that continually badgers you
> about things on your system using very plausible looking messages in your
> system tray.

Last one I saw that did that was easily cleared out with the SmitFraudFix tool.
Google will find that for you.

--
Snob? Were I a snob, I wouldn't be talking to you.

pcbutts1

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only.First read this page
http://www.pcbutts1.com/downloads then use the email link on the bottom of
the page to receive the software.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Tim Downie" <timdownie2003@obvious.yahoo.co.uk> wrote in message
news:5penf9Fqusl0U1@mid.individual.net...
> My daughter picked up something via MSN the other day and it's proving an
> absolute b*sta*rd to clear out.
>
> It one of your usual fake virus alert programs that continually badgers
> you about things on your system using very plausible looking messages in
> your system tray. I'm also getting pop-ups for a gambling site (Skypoker)
> and a search engine.
>
> I've tried a heap of trusted anti-spyware programs, AVAST and Windows
> Defender on it but it won't budge.
>
> One program I used claimed to find (and remove) Winfixer but it keeps
> coming back.
>
> In the c:/documents and settings/XXX/local settings/temp folder (where XXX
> is my our user name) I keep getting new files with names like qrjatydi.exe
> and other such garbage. Whatever the name, they always say
> "LocusSoftware, Installer, LocusSoftware, Inc." beside them.
>
> So far I've used Spyware Blaster, Ad-aware, Avast, SuperAntiSpyware (free
> edition), Windows defender and Trend Micro Housecall, all to no avail.
>
> To add to the complications, the laptop won't boot into regular safe-mode,
> it always hangs at the same point when loading a driver. It *will* boot
> into a system admin safe mode (which still has network access) but the
> malware continues to be active in this mode and makes doing anything
> tricky. I just don't seem to be able to shut it down.
>
> Where do I go from here?
>
> TIA
>
> Tim
>

Leythos

In article <fgto8q$9m4$1@blackhelicopter.databasix.com>, pcbutts1
@leythosthestalker.com says...
> Remove-it will now update your hosts file.

It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Leythos

In article <fgtv90$o6c$1@blackhelicopter.databasix.com>, pcbutts1
@leythosthestalker.com says...
> Remove-it will now update your hosts file.
>
It updates your host file to block downloading of quality malware
fighting tools. Do you really want to use something that blocks the
downloading of quality malware fighting tools?
--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

jen

"foghollow" <dave@davebudd.org.ku> wrote in message
news:MPG.219ce046a325674f9897cc@news.individual.ne t...
> In article <5penf9Fqusl0U1@mid.individual.net>, timdownie2003
> @obvious.yahoo.co.uk says...
>> My daughter picked up something via MSN the other day and it's
>> proving an
>> absolute b*sta*rd to clear out.
>> It one of your usual fake virus alert programs that continually
>> badgers you
>> about things on your system using very plausible looking messages in
>> your
>> system tray.
> Last one I saw that did that was easily cleared out with the
> SmitFraudFix tool.
> Google will find that for you.

The latest "Smitfraud" variants require much more than a smitfraudfix
tool. He needs expert help from a site that specializes in Hijackthis
log analysis...

-jen

jen

"foghollow" <dave@davebudd.org.ku> wrote in message
news:MPG.219ce046a325674f9897cc@news.individual.ne t...
> In article <5penf9Fqusl0U1@mid.individual.net>, timdownie2003
> @obvious.yahoo.co.uk says...
>> My daughter picked up something via MSN the other day and it's
>> proving an
>> absolute b*sta*rd to clear out.
>> It one of your usual fake virus alert programs that continually
>> badgers you
>> about things on your system using very plausible looking messages in
>> your
>> system tray.
> Last one I saw that did that was easily cleared out with the
> SmitFraudFix tool.
> Google will find that for you.

The latest "Smitfraud" variants require much more than a smitfraudfix
tool. He needs expert help from a site that specializes in Hijackthis
log analysis...

-jen

foghollow

In article <czFYi.254$2I3.201@bignews2.bellsouth.net>, jen@example.com
says...
> "foghollow" <dave@davebudd.org.ku> wrote in message
> news:MPG.219ce046a325674f9897cc@news.individual.ne t...
> > In article <5penf9Fqusl0U1@mid.individual.net>, timdownie2003
> > @obvious.yahoo.co.uk says...
> >> My daughter picked up something via MSN the other day and it's
> >> proving an
> >> absolute b*sta*rd to clear out.
> >> It one of your usual fake virus alert programs that continually
> >> badgers you
> >> about things on your system using very plausible looking messages in
> >> your
> >> system tray.
> > Last one I saw that did that was easily cleared out with the
> > SmitFraudFix tool.
> > Google will find that for you.
>
> The latest "Smitfraud" variants require much more than a smitfraudfix
> tool. He needs expert help from a site that specializes in Hijackthis
> log analysis...
>
> -jen
>
>
>
Maybe. The last one I saw, about a month ago, was easily taken care of by quite an old version of
the fix utility.
I was quite surprised. I didn't even need to use Safe Mode, AFAIR.

--
Snob? Were I a snob, I wouldn't be talking to you.