|
Posted by =?Utf-8?B?bXVzaWNsb3Zlcg==?= on May 22, 2007, 12:41 pm
If you were Registered and logged in, you could reply and use other advanced thread options
thanks for your help nick BUT i did get SAS and it did find spylocked and
other stuff and removed them. but there is still the warning flashing in the
try and an icon for SL on the desktop. what more can i do?
"Nick Skrepetos" wrote:
> wrote:
> > Nick - thanks for the diagnostic. I've run it and its with you now.
> >
> > Re "bak" folder. Yes - i have found two from the last seven days:-
> > spyware.dat.zlbak in C:\WINDOWS\system32\ZoneLabs 3.18 MB created 21Mar07
> > and
> > Personal_32_1033.dat.bak in C:\WINDOWS\pchealth\helpctr\Config\Cashe size
> > 158 KB created 30Mar07
> >
> > Re "HOSTS" file. Found it (and 2 "hosts" files) all 1 KB or less. How do i
> > reset it to the default state?
> >
> > Thanks again, John Gray
> >
> >
> >
> > "Nick Skrepetos" wrote:
> > > wrote:
> > > > My apologies, Nick.
> > > > I now wonder if SpyLock has copied your red corcle icon. Their webpage
> > > > looked very straight and easily fooled an amateur like me.
> > > > Thank you for your helpful comments and advice. I guess that i may still
> > > > have some of the original infection which may be why my attempts to try
> > > > uninstalling your program did not succeed, along with all the other
strange
> > > > symptoms that i still have. I will look for the "bak" folder and "HOSTS"
> > > > folder that you mentioned.
> > > > Again, my apologies.
> >
> > > > John Gray
> >
> > > > "Nick Skrepetos" wrote:
> > > > > > I and many others have had no problems with SAS.
> > > > > > I think it is a superb program and have used it since it came out.
> > > > > > The author is very consciencous.
> > > > > > I would contact their site for support.
> > > > > > I notice it appears to be down right now.
> >
> > > > > > Tom
> >
> >
> > > > > > |I would like to know if "superantispyware.com" free download is ok.
I saw
> > > > > > it
> > > > > > | recommended in the 3/13/2007 discussion "Can Viruses Do The
Following ..
> > > > > > | (Hide on a system and unzip late", but ...
> > > > > > |
> > > > > > | On 3/27/2007 something called Spylocked got thru my protections
and into
> > > > > > my
> > > > > > | laptop, put a red circle with diagonal bar in my tray and kept
beeping at
> > > > > > me.
> > > > > > | Clicking on it redirected me to spylocked.com where it said that
it is a
> > > > > > | rogue program that is installed by a Trojan called Zlob. I went to
the web
> > > > > > | and found several references to this and recommendations to
download free
> > > > > > | from SuperAntispyware, (SAS), to remove it. I did this, and SAS
appeared
> > > > > > to
> > > > > > | have removed it - the red circle disappeared but i noticed at the
end of
> > > > > > the
> > > > > > | scan that SAS was adding a lot of stuff as well as deleting.
> > > > > > | Today i find that both my Internet Explorer and Outlook Express
are not
> > > > > > | working properly. IE wont let me access some sites, particularly
some
> > > > > > | sercurity sites. OE wont send or receive at all from my laptop (i
can
> > > > > > still
> > > > > > | access email direct thru IE to MSN and Gmail). I notice that the
SAS icon
> > > > > > on
> > > > > > | my desktop looks very like the SpyLocked logo. My Lavasoft
Ad-Aware
> > > > > > appeared
> > > > > > | to have been taken over by the SAS - the icon is now the red
circle and it
> > > > > > | wont connect for updates. Windows Defender wont download updates
either.
> > > > > > SAS
> > > > > > | will not let me uninstall it. Nothing happens when i click on
SAS's Help
> > > > > > | page contact entries in their Preferences window. Hence i am
suspicious of
> > > > > > | the SAS program.
> > > > > > |
> > > > > > | Can anyone advise me of a relatively easy fix for this, and how to
stop it
> > > > > > | getting in again? Not too technical, please.
> > > > > > |
> > > > > > |
> >
> > > > > Tom,
> >
> > > > > SUPERAntiSpyware does not add anything when it is scanning, it also
> > > > > does not disable anything in your system. It is likley part of the
> > > > > infection you had overwrote entries in your HKCU and HKLM (registry)
> > > > > startup locations. Usually you will find a "bak" folder with the
> > > > > original file in it - the infection overwites all the files then when
> > > > > your system starts it executes those files then starts the original
> > > > > programs so it "appears" you are not infected, but yet you are. We
> > > > > call this the KUReplace trojan. Was that detected on your system?
> >
> > > > > You can uninstall SUPERAntiSpyware from within the Control Panel Add/
> > > > > Remove programs as you can any Windows Application. As for not being
> > > > > able to access certain "security" sites, it is likley your HOSTS file
> > > > > was hi-jacked by the infection - this again is common for the
> > > > > infections. You can reset the hosts file to the default state and you
> > > > > will likely be able to access those pages again. This has nothing to
> > > > > do with SUPERAntiSpyware.
> >
> > > > > SUPERAntiSpyware is on the Spyware Warrior trusted/recommended list as
> > > > > well as on the 2007 Pricelessware list. We are a reputable company
> > > > > with a reputable product, check around the web.
> >
> > > > > Nick Skrepetos
> > > > > SUPERAntiSpyware.com
> > > > >http://www.superantispyware.com-Hide quoted text -
> >
> > > > - Show quoted text -
> >
> > > Run this diagnostic and I can look and see what the status of your
> > > system is and let you know if you are still infected:
> > >http://www.superantispyware.com/diagnostic.html?id=nicks
> >
> > > Nick Skrepetos
> > > SUPERAntiSpyware.com
> > >http://www.superantispyware.com- Hide quoted text -
> >
> > - Show quoted text -
>
> Those BAK files are ok, the infection creates "bak" FOLDERS, so no
> worries there. E-mail me your hosts file(s) to nicks AT
> superantispyware.com and I'll check them out.
>
> -Nick
>
>
>
| 
XML site map