Author Topic: infected computor  (Read 1913 times)

Offline down-under

  • RootsChat Marquessate
  • *******
  • Posts: 6,860
    • View Profile
infected computor
« on: Tuesday 02 May 06 17:11 BST (UK) »
Help
I seemed to have been sent an infected email and have spyware , and something else.
Getting lots of popups now. How can I get rid of it please'


Pam
oakley, Leadbeater, Hemming, Jones, Pearsall, Page,------ Aston, Leominster, Balsall Heath, Tewkesbury, Kings Norton, Birmingham.

census information are crown copyright of www.nationalarchives.gov.uk

Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #1 on: Tuesday 02 May 06 18:45 BST (UK) »
If you have an anti virus program you should run a scan of your system as soon as possible.

To get rid of spyware and adware there are two good programs

lavasofts adaware from http://www.lavasoft.de/software/adaware/

spybot search and destroy from http://www.spybot.info/en/download/index.html

download install and run both programs they should help depending on the particular nasty that is infecting the machine ... some need extensive hacking at the registry.

Offline Nadine Moore

  • RootsChat Veteran
  • *****
  • Posts: 820
  • 2009
    • View Profile
Re: infected computor
« Reply #2 on: Tuesday 02 May 06 20:16 BST (UK) »
I have just run Spybot (which I do regularly) and it has found the following problems

Connect MFC Application: Settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-57989841-920026266-682003330-1004\Software\livesvc

FunWebProducts: Class ID (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

MyWebSearch: Interface (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

I don't know anything about the Registry so tend to leave these things alone.

Should I get rid of these, and if so - how do I do it?

Nadine
Census information is Crown Copyright - www.nationalarchives.gov.uk
ADAMS - Kent/Sussex, BROOKS - Buckinghamshire/Northamptonshire. GASCOYNE/GASKINS - Buckinghamshire/Northamptonshire. GOULD - Derbyshire/Lancashire. HILL - Hampshire/Kent/Lancashire/Limerick. MARK - Buckinghamshire/Cumberland/Lancashire. WILCOX - Buckinghamshire/Northamptonshire. WITTONBROOKES/WITTENBROKE - Northamptonshire/Buckinghamshire. YATES - Canada.

Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #3 on: Tuesday 02 May 06 20:46 BST (UK) »
Your machine appears to have been hit by a nasty blighter called "Instant Access" which is a form of adware which directs your browser towards preselected sites and installs itslef and its root files all over the machine.

Editing the registry can be detrimental to your machine proceed only if confident in your abilities.

under the start menu or control panel you will find a utility "Run"  double click on this and it brings up a panel type in regedit and click on OK


Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #4 on: Tuesday 02 May 06 20:49 BST (UK) »
this should bring up a panel which looks like

Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #5 on: Tuesday 02 May 06 20:50 BST (UK) »
before you do anything else make a back up of the registry by clicking on file and export which brings up a command window like this one ..... make sure all is selected and name your file.

Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #6 on: Tuesday 02 May 06 20:56 BST (UK) »
after that its  a matter of using Ctrl - F to edit and find the branches listed by spybot - click on each branch and select delete.

One problem is that this particular nasty can reinvent itself in a number of ways ( http://www.symantec.de/avcenter/venc/data/adware.instantaccess.html  will give you an idea of some of them)

But the good news is that spybot has detected only 4 instances which will make the removal job easier.

However I would repeat the earlier warning - editing the registry can cause various levels of problems to your machine from minor to extreme - if at all unsure get someone else to do it
That way you've always got someone to blame  ;D

Offline Nadine Moore

  • RootsChat Veteran
  • *****
  • Posts: 820
  • 2009
    • View Profile
Re: infected computor
« Reply #7 on: Tuesday 02 May 06 21:21 BST (UK) »
Hi Falkyrn

I have created a backup of the registry as suggested.

From Spybot, I can click on the little registry icon beside each one, and this takes me straight to it, as below.

Do I then just delete the specified file (in this case 'livesvc') and repeat the process for the rest of the files?

Thanks for your help

Nadine
Census information is Crown Copyright - www.nationalarchives.gov.uk
ADAMS - Kent/Sussex, BROOKS - Buckinghamshire/Northamptonshire. GASCOYNE/GASKINS - Buckinghamshire/Northamptonshire. GOULD - Derbyshire/Lancashire. HILL - Hampshire/Kent/Lancashire/Limerick. MARK - Buckinghamshire/Cumberland/Lancashire. WILCOX - Buckinghamshire/Northamptonshire. WITTONBROOKES/WITTENBROKE - Northamptonshire/Buckinghamshire. YATES - Canada.

Offline Falkyrn

  • RootsChat Honorary
  • RootsChat Marquessate
  • *******
  • Posts: 8,367
  • Cuimhnichibh air na daoine bho'n d'thainig sibh
    • View Profile
Re: infected computor
« Reply #8 on: Tuesday 02 May 06 23:06 BST (UK) »
Yes, that should get rid of these files and references