Help! New spyware has taken over my computer!

[UNCjigga]

How does one get rid of Navisearch, Bullseye, Barganbuddy Cashback, and Windows SR 2.0??? How did I get them in the first place??? Their uninstallers are scams in their own right, it keeps poppin' back after reboot??!?

UPDATE: I took Schad's advice and after checking the log in HijackThis here's a suspicious entry I found:

Running Processes:
C:\WINDOWS\System32\cysxjfvv.exe

WTF is that? File date is 7/28/04, or right when I started noticing popups and weird port activity on my system. Norton and HouseCall (both with latest updates) don't recognize it as a standard trojan, and AdAware, SpyBot and CWShredder don't recognize it either. I googled the filename and nothing came up...almost seems as if the executable name is arbitrary.

 

[Athlongamer]

I had the same problem, pisses me off. It got the point where i just had to reload windows, and yes i had spybot and all that other crap. When it came back.......oh yes it came back, I went into the registry and deleted it lol took forever.......i was like but i got it.

lol good luck

Bargan buddy is alil b@#ch

 

[Schadenfroh]

greetings,
1. run CWShredder, and hit "fix"
2. scan your pc with housecall and remove any virus's it finds.
3. Run Hijackthis and press scan, save log, and post its log from the notepad windows that pops up in this thread. Once i see the log i can tell you what further steps to take to clean it.

see my SpywareFaq for info on how you got it.

 

[UNCjigga]

check the update

 

[UNCjigga]

OH YEAH, FORGOT SYMPTOMS!!!

OK, basically whenever I start IE, no matter what my start page is, I always get 2-3 popup ads IMMEDIATELY when Internet Explorer is first launched.

 

[Schadenfroh]

YGPM

 

[biostud]

can't you just delete the file?

 

[tiap]

Go to this forum and post your hijackthis logs. They will cure you.
Wilderssecurity Forums

 

[Jeff7]

Download Registrar Lite and use it to search the registry for that weird file in Windows.
I needed to use RL for a CoolWebSearch (may its creators rot in hell) infection - it employs registry entries that are invisible to the Windows registry editor, and if you try to delete the registry folders (don't remember their technical names) that contain the hidden entries, they are simply regenerated. Registrar Lite lets you not only see these keys, but also delete them.

And I don't remember if RL will find that randomly generated name, or if it's another one. The Wildersecurity forums linked to should help narrow it down. All I can say is, CWS is the closest thing to a virus I've ever seen, which can still only be called "spyware".

 

[Robor]

Thanks for the RL link.

 

[asm0deus]

last night i was cleaning out my secondary rig and noticed a file called "o" and "o.bat" in system32, they copied some .exe's to random names, so i deleted them and the files they were renaming, now i dont get popups. I hate the guys that make this shite.

my virus protection and spysweeper didnt pick them up, so i went through every windows directory searching for recently modified files. it was so annoying to be watching a movie and a pop up would take over the screen :0~

 

[Creig]

You could try installing Adaware and running it while in Safe Mode.

 

[Schadenfroh]

he said in the thread in my sig that it is fixed