Spyware problem... I think

[codex57]

Ok, I read that other thread where obviously a bunch of you guys know computers intimately. Help a computer newb out. I think I have spyware and I can't freaking find it. I've run Adaware and Spybot but nothing comes up. Basically, my problem is this:

On certain sites (mainly another bmw forum and I think cnn), weird popups occur that didn't used to pop up before. I have popup blocker so that's not a big problem. What annoys me is that if I shut my computer off and turn it back on, something changes my default home page to some www.searchv.something or other. How do I find out and stop what keeps changing my homepage?

 

[epj3]

Post the actual link that it changes it too. I can help ya (i've unfortunately had this shi* before)

 

[wileycoyote]

There are a couple viruses that do that, also. As epj3 suggested, the page should help track down the bug.

 

[wileycoyote]

What popup blocker? Some of them are cleverly disguised spyware.

 

[PuShAkOv]

I had something like that... I thought I was downlaoding a Trillian Smilie pack from a German website, turns out it was a virus. Any decent virus checker should get rid of it most likley.

 

[wileycoyote]

Here you go... Spyware that sets homepage as SearchV. Removal instructions at link below.

http://www.pestpatrol.com/PestInfo/s/searchv.asp

 

[codex57]

Thanks. I'll do it later when I have a bit more time. I looked at the instructions and it's not obvious to me how to follow some of the removal directions.

 

[codex57]

here's the stupid website it keeps getting reset to: http://www.searchv.com/w/

I'm gonna just let my antivirus run while I go to lab.

 

[wileycoyote]

If your AV doesn't get it, here's my interpretation of the removal instructions:

1. Apply the sacred oils, burn the magic incense.

2. At a command prompt (Start - Run, type CMD, hit enter) type:

regsvr32 /u winshow.dll

3. Reboot your computer.
4. Search (Start - Search - For files or folders - be sure to include system and hidden files) for the following files:

winshow.*

5. Delete winshow.dll and winshow.cfg

6. From now on, read the EULA of all plug-ins before installing.

 

[PuShAkOv]

This isnt in any way directed taowrds WilleyCyote, but just a tip not to always trust what people tell you to do... there was a IRC convo going around one time where this guy wanted help with something, can't remember what, after the guys having a little fun with him making things flash up on his screen and his computer magically restart (ctrl+alt+delete), they ended up earasing his C drive by telling him to type "c:/**" or something like that in run. It was funny, but very mean...

 

[///M SPEED]

This isnt in any way directed taowrds WilleyCyote, but just a tip not to always trust what people tell you to do... there was a IRC convo going around one time where this guy wanted help with something, can't remember what, after the guys having a little fun with him making things flash up on his screen and his computer magically restart (ctrl+alt+delete), they ended up earasing his C drive by telling him to type "c:/**" or something like that in run. It was funny, but very mean...

What you say is true; however there are many qualified individuals (including myself) that would never let that happen. One of us would have stepped in well before anyone would have chance to get one of our board members into that kind of predicament. Guessgirl96 is correct in stating you have to watch out, ESPECIALLY when you are dealing with; a) the registry (very very dangerous. Once you make changes you cannot undo unless you save the registry, reg key, or remember every last keystroke you made), b) un-registering system files, and c) deleting system files unless you know what you are doing or you trust the source of which is instructing you very much. Guessgirl96 is just looking out after you.

 

[PuShAkOv]

Yep... wouldn't want anything like that to happen to any of you guys, pain in the ass to reformat.

 

[wileycoyote]

Good point Guessgirl96... Even if I'm not being mean, I could be stupid. Always consider carefully the source of advise, and the Internet is really good place to get really bad advise. As is my habbit, I posted links to my information source that anyone who wanted could evaluate it themselves. I also verified that the recommended solution wasn't damaging (like the email hoax that instructs the user to delete files with the teddy bear icon) and in this made sure that the dlls mentioned weren't required system files - tried it on my system first.

 

[codex57]

I can't seem to remove this winshow.dll It always says access denied no matter what I tried.

 

[PuShAkOv]

I remember seeing a program that lets you delete files even if they're in use or access denied... I'll look for that when I get home.

EDIT: here ya go

http://aumha.org/freeware.htm

13th in the list, "In Use"

 

[mikev]

i've just had a 2 hour argument with a guy at work over upgrading OS's. if you still have a DOS boot disk you can delete the file with no probs

 

[PuShAkOv]

True, finding a working boot disk is close to impossible though... I tried at least six of them, none worked for me or Pavel.. You can still get to DOS by pressing F8 on start up, from there you have to choose out of 4 options, I don't remember what the choices were but I'm sure you'll be able to figure it out, or someone else here knows.

 

[wileycoyote]

If "regsvr32 /u winshow.dll" unregisters the dll, but it is in use after you reboot, something is reinstalling it. Could be Ouch.A virus. Try this:

1. Unregister winshow.dll - "regsvr32 /u winshow.dll"
2. Remove all temporary internet files / offline content / cookies
3. Download and install this patch for the MS Java VM
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp
4. Reboot.

You should be able to delete the file.

Depending on your OS (actually depends on the file system), you may not be able to boot from an MS-DOS diskette. Below is an incomplete list file system / OS compatiblity.

Hard Disk File System
FAT16 FAT32 HPFS NTFS
MS-DOS x
Win95 x
Win95osr2/98 x x
Win ME x x x (I think)
Windows NT 4 x x
Windows 2000 x x
Windows XP x x x x

Fat and Fat32 are sort of compatible. You may be able read a FAT32 disk using a FAT16 driver, but you will get unpredictable results.

If you are using XP, and have formated your disk as NTFS (the default) then you will not be able to read it from, dos, 95, or 98, without an special NTFS driver (available from sysinternals). Also, unlike 95/98/ME, NT 4, 2000, and XP do not have "startup" diskettes that allow you to access the system from a command line. If you boot from the 2000/XP install CD, you can access the Recovery Console, which gives you limited access to the hard drive (only %systemroot% directory tree). NT 4, you are SOL, unless you have some magic disks or are very skilled.

 

[wileycoyote]

Ooops, table didn't format well. I'll try as an image.

 

[mikev]

Ooops, table didn't format well. I'll try as an image.

and i thought you wrote that yourself FORSHAME