Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AD-Aware doesn't find potential Spyware

Status
Not open for further replies.
comboy

comboy

Instructor
May 23, 2003
226
Hi I've got a client who keeps getting pop-up messages telling them their p.c. has spyware installed or that windows has 55 critical errors.
The message only appears when IE is active and the form has the title Message Services or Messenger Services.

I've run AD-Aware and their Anti-Virus software both with the full defin updates and apart from finding and removing two virus infections the message keeps appearing.

I know that this is a long shot but does this infection sound familiar to anyone and is their a stinger I could download to get rid of it.

I'm also about to download spybot and give that a try but just wanted to see if anyone could give me a heads up.

Thanks in advance,


Graham.
 
Sort by date Sort by votes
hi,

Download hijack this from the link below.Please do this. Click here:


to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Do as Pech suggests, but also try ad-aware in Safe mode. Things are changing so fast in the spy/ad/malware fields these days I've found I can't depend on any single stand alone spyware scan product.
 
Upvote 0 Downvote
Additionally, check with these great products (like sidmickmol suggested, you can't depend on any single stand alone very often).

Webroot Spysweeper

Download it here:


Webroot Spysweeper 14 day Trial

Update the defs and do a sweep.

Also check this out:

Ewido download:


Update it and run a complete scan.


I would also check it with some other virus scanners just to make sure.



Report back...

Best regards.

Erik
 
Upvote 0 Downvote
Guys thanks for the suggestions I wont be able to check these until the weekend as I'm offsite with another client until then (last minute thing)

I'll download the above recmendations and report back then
Thanks again to you all for the help so far.

Graham
 
Upvote 0 Downvote
Also post the logs from ewido and spysweeper so we can see what thye are cleaning up!?

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Guys sorry for the delay,

I've yet to run any of your suggestions as his Power Supply has now gone to the great junk yard in the sky and I'm currently trying to get a match and when its replaced I'll run Spysweeper and Ewido and post the logs then, hopefully on Saturday.

Thanks again for all your help so far.

Graham

 
Upvote 0 Downvote
I have seen those pop up warnings before but only when I was on 'iffy' websites'. Look where this person is visiting and U will probably see why he is having problems. I have found the only problem is killing the popup warning screen, and the way it is difficult to kill makes me think the popup itself is trying to download spyware. Course if people would stop using Explorer they would have much less problems.
 
Upvote 0 Downvote
Hi orypecos,

Re the popups they are actually showing up when the connection to his isp is open but IE is not, but know what you mean.

Also I have a feeling as these problems began with the person they got to setup the pc as I set up the internet connection seperatly and they appeared straight away.


Cheers,

Graham
 
Upvote 0 Downvote
Try disabling the Messenger Service, unless you use that at your organization.

Your post stated:
and the form has the title Message Services or Messenger Services.
Click to expand...

You can disable this at Start Menu -> Control Panel -> Administrative Tools -> Services. If it is enabled in any way, first stop the service, then set to disabled.
 
Upvote 0 Downvote
I'll give that a try as well kjv1611 thanks
 
Upvote 0 Downvote
Hi all sorry the delay in my reply,

The situation is that I am no longer dealing with this client as I've to design a site for another client and have passed this call onto one of my mates.

I did run the online searches you recommended erikhertzel and I found a number of infections that were removed and the pop-ups are no longer appearing. But as I said I've passed it on to make sure that everything is checked.


Thanks again to you all for your help,


Graham
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
148
2ffat
2ffat
LonnieJohnson
  • Locked
  • Question
Apps/Tools for seeing potential threats
Replies
1
Views
82
ChrisHirst
ChrisHirst
1DMF
  • Locked
  • Question
Potential Virus? DLLTools.dll 1
Replies
9
Views
138
goombawaho
goombawaho
kjv1611
  • Locked
  • Question
AdwCleaner - Any Good? 1
Replies
2
Views
85
kjv1611
kjv1611
jlockley
  • Locked
  • Helpful tip
The Crawler/Spyware terminator issue
Replies
5
Views
84
jlockley
jlockley

Part and Inventory Search

Sponsor

Back
Top