Spybot administrators access

[toptec]

Evening Chaps.

I operate Firefox and run AVG and Windows Defender.

Been having probs over the past few days with Popups and a nasty little virus that was ID'd by AVG. I think the two are connected.

Initially AVG vault was full but managed to empty and store the virus.

Still had the pop-ups so downloaded and ran Ad-Aware, which found nothing and Spybot which found 16 browser probs, one Adware, one PUPSC?, and two Hijackers.

When I try to fix the problem Spy tells me only an Administrator can authorise the fixing and tells me "Unexpected error in fixing problem - Cannot create fill "C:\windows\wininit" Access is denied.

My profile setting in Vista is as the Administrator with my Wife as a normal user.

The Pop-ups are still coming in. Can any of you smart people help?

 

[dave.m]

What are the popups about, any wording with them?

1st thing to do is clear out all your temporary files, tool of choice is ATF Cleaner, it is free and you do not have to install it. Download and instructions here (Windows XP, 2K, 2003 & Vista ONLY)
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected - > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.


Then, please download MalwareBytes' AntiMalware


* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware

* Then click Finish

If an update is found, it will download and install the latest version.

* Once the program has loaded, select > Perform Quick Scan, then click > Scan.
* When the scan is complete, click > OK, then > Show Results to view the results.
* Be sure that everything is checked, and click > Remove Selected.
* When completed, a log will open in Notepad. Save this log to My Documents in case it is needed for reference.
Reboot as required.

Run a scan with the program that found the virus/trojan and report back.

 

[toptec]

Dave

That ATF cleaner link is not for Vista. There is mention of it but it doesnt make sense - can you interprete?

 

[dave.m]

ATF does work with Vista:
http://www.atribune.org/forums/index.php?s=&showtopic=1332&view=findpost&p=27574

If you have any problem running it, just clean out the temp files in IE8 using
Tools -> Delete Browsing History, then place a tick against:
Temp files
History
In private data
Then click Delete.

Once done continue with downloading Malwarebytes.

 

[toptec]

Thanks Dave for your advice so far....

I have followed your instructions, using the IE8 route, and have managed to get rid of all except two items one a cookie (Double Click) and the second is Adware (MeMedia Advantage). Both these are not picked up by Malwarebytes but are located by Spybot. Yet again Spybot says I do not have Administrator privileges so cannot get rid of them.

The Popups, which were Casino's, Dating sites, and On-Line Pharmacy's seem to have stopped for now. I could live with them there as long as they don't continue to infect.

One additional question I now have Spybot, Malwarebytes, Ad-aware, AVG and Defender on my system.... Overkill?

Whadyareckon?

 

[dave.m]

As there are still a couple of dubious cookies loitering, go back to my instructions about IE8 and -> Tools.
This time put a tick in the Cookies box as well as the others I mentioned and click Delete again.
You may have to log in to the forums again but it should have shifted the cookies.

As for your security programs, do you use the Tea-timer in Spybot, because that is the real-time part of Spybot? As it is not recognising your Admin status, I would remove it because. . .

. . .Windows Defender is also a real-time protector. It auto-updates and uses very little resources and does what it says on the can.

AdAware is not as effective as Malwarebytes so that can go too.

Malwarebytes (MBAM) is not real-time protection but is a ruddy good scanner and shifter, so keep it. The best thing to do is open MBAM evey couple of days and check for updates. Some trojans can get on your PC and stop you getting any updates so it is handy to have a good scanner already updated with the latest definitions if something gets onboard your computer. Also run a weekly quick scan with it just in case anything has got past your other software without being detected.

AVG, since the release of v8 has not always had a good press and there are better antivirus programs available for free. If you are happy with it, then keep it but have a look at my list at the top of the Software Forums.

For interest only, I use Comodo Internet Security which is the best free Firewall and a good antivirus. Spyware Blaster which is real-time and then MBAM and SuperAntiSpyware as backup scanners. May seem a bit ott but I do download programs to try them out BUT I don't do file sharing so I very seldom get anything nasty onboard.


Back to the cookies, I recommend downloading and using Ccleaner a free program that is very good and so easy to use when setup.
CCLEANER Setup Instructions

dave

 

[toptec]

Many, Many thanks for your time. I will get on with doing all you suggest. It's like a full time bleeding job this.

 

[empip]

CCleaner is a definite !

Cookies - in Firefox 3.5.2
<Tools> <Options> <Privacy> <Show Cookies>
Delete FF cookies at your leisure.

An excellent prog for checking startup progs etc.
Freebie from recent M$ acquisition...
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Extract and run Autoruns (Autorunsc is command line version - not normally required.)

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You'll probably be surprised at how many executables are launched automatically!

--