A request for PC assistance.

GazaPP submitted the following as an entry and I debated whether to post it and then decided to go ahead and slap it up under my name with an answer. Here’s what they wrote:

Hi im a new member(“NOOb”), I dont know exactly what topics u guys cover but ive seen lots of different convo’s/posts in this forum so i figured id try u guys for some help with a computer problem. The problem is i use limewire for p2p sharing. Recently i downloaded a rar file under the pretence that it contained episodes of my fav. tv show Family Guy. On extracting files i was met with an exe program labled ‘start up’. Now for some reason ive failed to remember in hindsight i clicked and ran the program with no immediate effect. Thinking it may be a dud i deleted the rar from my library. I now have realised that it was probably the cause of the virus i have now. The symptoms are;
-Limewire opens automatically, everytime i close it opens up again,
-Unable to access task manager by pressing ctl alt delete(ive got around this by making task man run on start up but would like a perminant fix),
-Lots of different ad ware/popup/tool bars install automatically on my browser, including surfersidekick and UCmore and im unable to uninstall them even using ‘windows defender’ software,
-Random processes keep running like astr.exe and nls.exe which are deemed to be malicious according to internet sources (ive managed to stop most of these now but maybee they r still on my system somewhere?)
-Norton has told me its a ‘backdoor trojan’
Unfortunatly my norton subscrtiption expired pretty much the same time this all happened so i used windows defender but this seems unable to remove surfersidekick and UCmore or to stop limewire starting up every 5 seconds!! Any system info u guys need to help just ask me, id much apreciate a response. Thanks, GazaPP.
P.S-Ive downloaded the program Sam Spade from your website and find it interesting, using it i managed to find surfersidekicks ip addy and where they operate from but what can i do with this info? how can i stop them sending me spyware/viruses again(if it is them thats doing it) and what else can sam spade be used for? cheers again, gaz.

Based on what you’ve described it sounds like you infected your PC with a pretty nasty bit of malware. Given the symptoms you describe my honest suggestion for the best way to deal with this would be to backup any data files you want to keep, erase the hard drive completely, and re-install everything from scratch. This is both the simplest method and the only way to be absolutely sure you kill this thing for good. Astr.exe is a ClickSpring adware component and nls.exe is part of NaviSearch spyware.

Yes, you can try whacking at it with a variety of tools, but you’re going to end up spending more time than you would to do a “save and pave” and there’s no easy way to be sure you didn’t miss something. If you insist on not doing a save and pave then the following tools may be of help:

  1. First remove LimeWire from your PC before you do anything else. It’s known to include its own spyware and is contributing to your problem. If you’re going to use a P2P program then install something known to be malware free such as Shareaza, which has the added benefit of handling bittorrent if you don’t want to install a separate bittorrent client.
  2. Then grab a copy of Avast Antivirus and install it on your PC. The home edition is free for personal use and it’s a pretty good antivirus program has even removed some bugs that Norton couldn’t.
  3. Next grab a copy of Spybot Search & Destroy and turn it loose on your system. Allow it to remove anything it finds.
  4. Then move on to Ad-Aware SE Personal and do the same.
  5. If you’re running Windows XP then grab a copy of Windows Defender and run it as well.

Between those four programs you should be able to cleanup around 95% of the problems your PC is having, but the folks who produce this crap are very clever and often include scripts hidden in various areas of your PC that will re-install the applications/trojans after they are removed and these extra scripts may be missed by the malware scanners. If that’s the case then you’re talking some pretty intensive digging through your system and/or registry hacking to get rid of the problems. Not sure where you got Sam Spade from on this site as I don’t host the file.

Perhaps some of the other regulars will have some additional suggestions, but if it were me my first response would be to save some time and peace of mind by just restaging the PC after backing up the data files you want to keep.

 

19 thoughts on “A request for PC assistance.

  1. No additional suggestions. Even if you know what you’re doing hacking the registry (and I do), it’s much faster and more efficient to burn all the stuff you want to keep, format the hard drive and reinstall your OS (which is obviously a flavor of Windows). Besides, a mistake in the registry hacking and you could end up having to do that anyway.

    If you have to waste time either way, waste it in measureable amounts.

  2. Sounds like you pretty much covered everything Les.  Only thing I’d say is possibly look into Microsoft Antispyware, not sure how effective it is, but you mentioned it long ago and I’ve been using it since. Also, WinPatrol is a nice little program. It helped me to find strange things running on my computer so I knew what to search for and delete and it has saved my butt quite a few times when I was stupid when downloading and running things. It alerts you instantly if anything has been startup and asks you to confirm otherwise it removes it from start up. It lets you browse: startup tasks, IE helpers, scheduled tasks, active tasks and a few other things. I like the program and the basic version is free.

  3. Chief, Windows Defender is the new name for Microsoft Antispyware.

    I probably should have mentioned that in the entry. grin

  4. Oh… my bad =P. Guess I should go download the official thing eh?  I’m suprised with all the Windows updates Microsoft tries to shove down my throat they haven’t yelled at me to download defender.

  5. Thanks for posting this Les, that’s a handy list of utilities some of which I already use, and some which I shall be trying after reading this. It’s always helpful to know what utilities people who are in ‘the know’ are using, thank’s again most helpful!

  6. Thanks very much Les, i think im gonna save sometime and re-install everything once i get important files backed up. As i am a “noob” i dont know how to post stuff, i could only find the new entry link. But im sure ill work this stuff out in time!! Anyway im off to fight this damned virus, hopefully ill get this machine working properly sometime before xmas. Gaz.

  7. Im gonna get rid of Limewire than.. to bad though, i always thought it was a good handy program

  8. Limewire itself isn’t the issue. You have to be aware that any time you’re trying to download files (especially illegally) that you have absolutely no protection whatsoever – and lots of people get their kicks by sliding viruses and stuff in. What’s sad, is that, in this case, there was actually an .exe (it doesn’t get any less clever than that) inside the container for the video files. It should have occurred to the guy that clicking on an unknown, unrequested executable file might bring trouble.

    “Hey, I didn’t order pizza” *BLAM BLAM*

  9. GazaPP, you submitted it properly. Guest posts go into a queue for me to look at before they’re posted to the site. Because of the unique nature of your entry (you were asking a question more than providing info) I figured I’d usurp it and put it under my name along with the answer. Normally I don’t do that, but this was a special case.

    JTF2 & Arc, LimeWire is a bit of the issue only because it does install spyware itself. Plus GazaPP compunded the problem by running that file he downloaded.

    There was a branch of it known as Clean LimeWire that removed the spyware, but that’s been discontinued. It’s important to keep in mind that a lot of “free” software sometimes has a hidden cost of putting malware or adware on your PC.

  10. Just throwing my vote in with the “wipe and reload” advice.  As someone who has had clients who specifically requested to avoid reinstalls if possible, you REALLY don’t want to hunt that shit down yourself.  I had one whose system got some porno malware that popped up porno icons even in safe mode.  That one took some detective work to isolate and remove.  And I wasn’t entirely sure I got everything, although I didn’t see anything untoward.  Didn’t help that the client had installed kazaa at the time the problem started.  I almost uninstalled it, but thought they might still want to use it.  Kinda like getting the clap, getting cured, and then going back to sleeping with skanks.

    Anyone compare/contrast Avast vs AVG antiviruses?

  11. I’ve got Limewire, but I do believe after running system scans and rooting around in the registry, background programs, and HDD for the harmful processes, registry entries, and files that I must’ve gotten a clean version. 

    Now I can breathe easier, would’ve been a might bit embarrassing for an amateur computer tech to get bogged down with spyware and other nasties because of P2P.

  12. AVG usually catches any that I get, although they don’t detect these things outright. If, for some reason or other, I happen to acquire some spyware (Allakhazam had a “problem” with spyware streamed into their ads that was trying to steal people’s user&pass for WoW), Tiny Firewall bags it’s capabilities on spot. The moment it requests internet access I can shut it down, and track it’s registry and other information.

  13. I don’t recall where I saw it, but there was a comparison of Antivirus tools that included AVG and Avast and as I recall both programs were rated pretty good compared to their commercial counterparts.

  14. Avast’s page says it can catch IM viruses.  I don’t recall if AVG does or not.  If I get around to it, I may just install it on the wife’s laptop, since she IMs, and I basically don’t anymore. 

    I’ve noticed that AdAware is available at Beast Buy and Wally World. 

    When I defocus my eyes and look at my router activity leds blinking, they look like one of the mushroom shaped baddies from Space Invaders.

  15. I’d also suggest once you’ve cleaned out the system installing SpywareGuard and SpywareBlaster. These programs actively prevent spyware being installed.

  16. If I may enter my 2 cents as well. My computer had a big problem with viruses until a friend of mine who is a computer science major reccomended a virus scanner and a personal firewall that work very well.

    It has already been mentioned but spybot works wonders. You can get it here: http://www.safer-networking.org/en/download/index.html

    Also is a personal, very manual firewall named Zone Alarm. You can get it here: http://www.zonealarmdirect.com/co/zonelabs/01/default_lp2.asp?sid=M2AG0002dGC

  17. Yeah ZA is a bloody good idea. Here’s the standard suite I run – and it’s all FREE!

    ZoneAlarm
    AVG Antivirus
    SpywareGuard
    SpywareBlaster
    Spybot
    Ad-Aware

    Anything else people swear by?

  18. Thx again 4 all your suggestions guys i think ive got rid of the virus without wiping my computer!!! Im now running Windows defender and got rid of limewire. Everything seems to be running fine, and my computers still the same speed it was!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.