Help please! Can't get rid of spyware

[l Thomas l]

I've had spyware for a few days now.. I don't know what site I visited. It definitely wasn't anything I downloaded. Only thing I downloaded was music from a trusted site that I pay for. Other users would have said something.

Anyway usually I've been able to get rid of it. But this time I just can't seem to get rid of it. I tried AntiVir, Malwarebytes Anti Malware, Kaspersky's online scanner, tdsskiller, spybot search & destroy. The only program that even finds the virus is AntiVir. It pops up every once in a while about finding a virus. Right now it says I have a trojan called Wimpixo.

Also my hosts file keeps crashing all the time. A window will pop up saying the hosts file closed unexpectedly. For a while, new windows of ad sites would pop up in Opera. But now that stopped.

Other than all this, my computer has been working fine. But I think I will reinstall since my computer is probably compromised and my files and information could be too. Once I get rid of this, I'm gonna change all my passwords. What programs should I use next time? Because obviously Malwarebytes Anti Malware and AntiVir didn't do shit, although AntiVir did find it. I use the fully updated version of Opera. I don't think switching to any other browser would have saved me.

Also how do you do a clean reinstall of Windows? I already installed an "upgrade" but that keeps all your files and everything. How do I completely wipe my drive and install Windows? I know I should probably reformat, but I just need to know exactly how to do it. Do I reformat in DOS then insert the CD after?

 

[corkyg]

Read this first.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TROJAN:WIN32/WIMPIXO.E

If you must reformat and do a clean install, boot with the Windows 7 DVD and it will take care of the formatting, etc.

 

[thewhat]

Doing anything from within the compromised system isn't the best approach, IMO.
Try bootable AVs, like those from Kaspersky and Avira.

But eventually the best solution is to reimage or reinstall the system.

Do you have Java installed, by any chance?
Save from clicking on malicious .exe files, I'd say (not updated) Java, through its browser plugin, is one of the main sources of malware. So if you need it for some program, at least disable the plugin in the browser.

 

[l Thomas l]

It probably was due to not updating Java. That's the only thing I can think of. Maybe because I didn't do Windows updates often, but I have never done updates. I have had PCs for 10 years now and this is the only spyware that ever posed a problem, let alone infected me. Strangely enough I've gotten the most spyware ever on Vista.

I am trying the Windows programs now and will keep everyone updated. I will probably reformat after when I have enough time, just to make sure everything is gone. This whole time I have had the spyware I haven't signed into anything important, but I think I might have some information on the external drive I had plugged in.

 

[UberNeuman]

You could try Avast and then allow it to run a pre-boot scan - this may help... I used it for a computer that had a virus/program loading during boot - it killed the sumbitch off....

\and stop looking at porn - it's bad for you...

 

[thewhat]

Java now also confirmed by Microsoft as the biggest malware target:
http://www.h-online.com/security/news/item/Java-is-the-largest-malware-target-according-to-Microsoft-1387528.html

I can't recommend enough to not use that stuff.

 

[l Thomas l]

that Microsoft program actually fixed everything for me. Should I still reinstall or do you think my computer is safe? If I do reinstall, it will get rid of the other versions of Windows right? Right now when I boot up, it has the old version of Windows and a new version. Really they're both SP1, but for some reason after I "upgraded" with the Vista CD, it has two versions now.

 

[mechBgon]

It probably was due to not updating Java. That's the only thing I can think of. Maybe because I didn't do Windows updates often, but I have never done updates. I have had PCs for 10 years now and this is the only spyware that ever posed a problem, let alone infected me. Strangely enough I've gotten the most spyware ever on Vista.

I am trying the Windows programs now and will keep everyone updated. I will probably reformat after when I have enough time, just to make sure everything is gone. This whole time I have had the spyware I haven't signed into anything important, but I think I might have some information on the external drive I had plugged in.

You need to keep everything updated. EVERYTHING. To make that fairly simple, use Secunia PSI, it's free: http://secunia.com/vulnerability_scanning/personal/

The link in my signature has some additional suggestions to prevent this happening again. Oh, and like thewhat said, remove Java. Or if you absolutely must have it, disable it in all web browsers. If you need it for a specific website, only allow it on that specific website and ban it everywhere else.

 

[l Thomas l]

I have been updating, and I disabled Java in all my browsers. I just uninstalled it now since I realized I obviously don't need it.

Do you think my computer is safe? I have done a few full scans with a AntiVir and Malware AntiBytes with the latest updates. And of course I used that Microsoft scanner that removed the spyware, but only that one time. I'm still scared there might be remnants though, so I haven't entered any credit card info, though I have been logging into every important site other than my bank account, including Paypal which has some financial information stored. I figured by now I would have seen some sort of suspicious activity. I have been too lazy to clean my hard drive thoroughly by writing zeros, then reinstall Windows. Should I run any other scans?

Oh and thanks a lot for the Secunia PSI suggestion, that's such a genius time saver.