Help! Spyware killed my computer

[imported_jediknight]

Clicked on a link that took me to a site (WARNING: DO NOT CLICK ON THIS LINK! SPYWARE CAN/WILL BE INSTALLED ON YOUR COMPUTER!) (Edit: No longer dangerous.. I placed spaces in the URL, so only those who REALLY want to check this out go there..)

Now, my computer is completely screwed up. Boot up my computer (with a net connection) and popups come up in Internet Explorer (even though I've since disabled access to it through Set Program Access and Defaults). It also REMOTELY INSTALLS ADDITIONAL SPYWARE ON MY COMPUTER with no warning whatsoever.

I ran both Spybot Search and Destroy, and Ad Aware SE (both with the latest definitions), which removed the additional spyware apps that were automatically installed.. but something still remains, and I still get the popups, and spyware is still automatically, remotely installed on my computer. I ran both several times again, (including in safe mode), to no avail.

A few of the things Ad Aware detected (perhaps it didn't remove completely? These things sound pretty bad and could very well be what's causing my problems..)

VX2
Virtumundo


If anyone can be of any assistance, it would be greatly appreciated.
I swear, I will f*ing kill the f*ckers who did this to me if I ever meet them..

 

[kamper]

Hmm, if there's a link that you think is dangerous to visit then for crap's sake DON'T post it here :|

Does this spyware stop you from using the search or from seeing posts stickied right at the top of this forum? Many people (Schadenfroh in particular) have put lots of work into helping spyware infested people and it's all gathered in one place.

 

[mverdu]

Originally posted by: kamper
Hmm, if there's a link that you think is dangerous to visit then for crap's sake DON'T post it here :|

Especially since there are a lot of idiots here that will click on the link EVEN IF YOU EXPLICITLY TELL THE NOT TO. They will then, of course, go on to curse the day you were born and flame you to no end.

 

[imported_jediknight]

Well, the purpose of posting the link was if anyone was confidant that their machine would not be infected by this (someone running Linux, perhaps?) might be able to identify what it was that infected my machine..

I didn't see the spyware removal sticky.. but I'll give it a try..

 

[Marsumane]

I've seen things like this. Actually the variant i had was initially a trojan that implanted itself on my girlfriend's computer. She promptly complained to me and i couldnt entirely get everything off. I used zonealarm's popup blocker, adaware, and spybot, combined with research on google on what i noticed was running that shouldnt be and got rid of 90% of all the crap that it was giving me. Zonealarm finally did away with the downloading of new spyware, but still i couldnt find everything that recreated everything else. There are some new combinations of trojan/spyware/crap that are really hard to get rid of through any one method alone. I suggest a good fdisk for your machine.

 

[imported_jediknight]

Hmm.. that is very disheartening, Marsumane.
If I EVER find the f*ckers who did this sh*t to my computer, I will seriously kill them.. no, I'll torture them first and then kill them..

Anyway, an update:
the spyware occasionally tries to open a webpage:
http:// www. ad-w-a-r-e.com/cgi-bin/ PopupV2?ID={76979DD0-8E57-45B8-AE21-92F360C7EA6D}&AD= QuickFlicks

(spaces intentionally placed in there.. so no one accidentally clicks on this!)

I still need to try some of the advanced removal stuff..

 

[imported_jediknight]

Posted my hijackthis log in this thread (posted here for continuity).

 

[kamper]

If I EVER find the f*ckers who did this sh*t to my computer

They live in Redmond, I think.

 

[PCTweaker5]

Dude I just clicked on the link and removed the spaces! THanks a lot pal, I oughta kick your ass!!! lol jk that sux but it seems you have paid the price for what seems to be illegal actions?

 

[imported_jediknight]

Originally posted by: PCTweaker5
Dude I just clicked on the link and removed the spaces! THanks a lot pal, I oughta kick your ass!!! lol jk that sux but it seems you have paid the price for what seems to be illegal actions?

(calms down before posting)....

I did not do anything illegal, nor was it ever my intent to do anything illegal. Please, this is a very serious issue, do not post with the intention of starting a flame war. If you have something useful to contribute, though, please do..

 

[Schadenfroh]

Hello jediknight,

Before you do anything
1. Make sure that you have extracted HiJackthis to a folder that is isolated before removing anything, for hijackthis makes backups within the folder it is in.
2. Disable system restore, malware can come back through it.
3. Reboot into safe mode.
4. Close all browsers/windows explorer.

fix the following in hijackthis(kill the process in process viewer, if its there)

• R3 - Default URLSearchHook is missing
• O4 - HKLM\..\Run: [DeskMateAutoUpdate] F:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
• O4 - HKLM\..\Run: [SESync] "F:\Program Files\SED\SED.exe"
• O4 - HKCU\..\Run: [MyDailyHoroscope] F:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
• O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://64.106.242.160/FileOpen.CAB
• O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll

Additional Steps

1. Clear your Temporary Files
2. Remove the following VIA instructions provided:
[*]Bargain Buddy Adware
[*]Ezula Adware
[*]MyDailyHoroscope
3. Delete the following folders:
[*]F:\PROGRA~1\DESKMA~1
[*]F:\PROGRA~1\MYDAIL~1
4.Restart into normal windows

 

[Adn4n]

I clicked on that link and nothing happened. Go Linux.