antispystorm

[goodknees]

I've been hit by antispystorm even though I have Norton Internet Package.
Extra scan with the Norton didn't eliminate it. On my own, I deleted some of
the virus. Still have problems...three worst problems are: 1) task manager
disabled, 2) desktop background always changes back to note, 'you've been
infected...', and 3) searching with 'antispystorm' redirects my search to
blank screen. Thanks for help.

 

[Malke]

goodknees wrote:
> I've been hit by antispystorm even though I have Norton Internet Package.
> Extra scan with the Norton didn't eliminate it. On my own, I deleted some of
> the virus. Still have problems...three worst problems are: 1) task manager
> disabled, 2) desktop background always changes back to note, 'you've been
> infected...', and 3) searching with 'antispystorm' redirects my search to
> blank screen. Thanks for help.

This is one of the many variants of the Zlob trojan.

Do the preparatory steps here:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Then do the specific removal steps here:
http://www.elephantboycomputers.com/page2.html#Winfixer

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Not all tools used will work in Vista and you will need to run them
elevated. Since Vista is so new, it will be a while before removal
techniques and tools are developed. If you are unable to remove the
infection by following the general steps, register at one of the
HijackThis forums as suggested.

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[goodknees]

Similar to my #3 item of redirect, when I go to the elephantboy web site and
click on 'removing malware', the virus redirects me to a blank screen. Is
there a folder, file, technique, etc. for manually deleting that 'thing'
causing the redirect? Thanks.

"Malke" wrote:

> goodknees wrote:
> > I've been hit by antispystorm even though I have Norton Internet Package.
> > Extra scan with the Norton didn't eliminate it. On my own, I deleted some of
> > the virus. Still have problems...three worst problems are: 1) task manager
> > disabled, 2) desktop background always changes back to note, 'you've been
> > infected...', and 3) searching with 'antispystorm' redirects my search to
> > blank screen. Thanks for help.
>
> This is one of the many variants of the Zlob trojan.
>
> Do the preparatory steps here:
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> Then do the specific removal steps here:
> http://www.elephantboycomputers.com/page2.html#Winfixer
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the first link above (not here, please).
>
> Not all tools used will work in Vista and you will need to run them
> elevated. Since Vista is so new, it will be a while before removal
> techniques and tools are developed. If you are unable to remove the
> infection by following the general steps, register at one of the
> HijackThis forums as suggested.
>
> Standard caveat: If the procedures look too complex - and there is no
> shame in admitting this isn't your cup of tea - take the machine to a
> professional computer repair shop (not your local version of
> BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may
> be so infested that Windows will need to be clean-installed. Have all
> your data backed up before you take the machine into a shop.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

 

[Malke]

goodknees wrote:
> Similar to my #3 item of redirect, when I go to the elephantboy web site and
> click on 'removing malware', the virus redirects me to a blank screen. Is
> there a folder, file, technique, etc. for manually deleting that 'thing'
> causing the redirect? Thanks.

Use a different known-clean computer to read the instructions and get
the removal tools you will need.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

 

[goodknees]

I used clean machine for information and went back to infected machine. The
virus must have 'bleepingcomputer.com' on it's 'watch' list because it
redirects away from the suggested web site, 'bleepingcomputer.com'. Looks
like I have to reinstall Windows XP. That is, of course, uless someone knows
and could relate to me some folders or files that typically do such
redirecting. I'd delete them and see if that stops the redirecting so I
could access the suggested web sites from the infected machine. Since I'm
going to reinstall the operating system, nothing lost if deleting fails or
makes operation worse. Thanks for suggestions.

"Malke" wrote:

> goodknees wrote:
> > Similar to my #3 item of redirect, when I go to the elephantboy web site and
> > click on 'removing malware', the virus redirects me to a blank screen. Is
> > there a folder, file, technique, etc. for manually deleting that 'thing'
> > causing the redirect? Thanks.
>
> Use a different known-clean computer to read the instructions and get
> the removal tools you will need.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

 

[jen]

"goodknees" <goodknees@discussions.microsoft.com> wrote in message
news:6AA1AE6B-1995-4755-8814-4AD822420346@microsoft.com...
> I've been hit by antispystorm even though I have Norton Internet
> Package.
> Extra scan with the Norton didn't eliminate it. On my own, I deleted
> some of
> the virus. Still have problems...three worst problems are: 1) task
> manager
> disabled, 2) desktop background always changes back to note, 'you've
> been
> infected...', and 3) searching with 'antispystorm' redirects my search
> to
> blank screen. Thanks for help.

Run the scan again in Safe mode, then see here:
AntiSpyStorm REMOVAL:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-073009-3058-99&tabid=3

-jen

 

[goodknees]

None of the antispystorm registry entries occurred after the disable, update,
and scan steps...must not be Storm or something. And it still operated in
virus affected manner. Oh well. Thanks for help. It's time to reinstall
the operating system.

"jen" wrote:

> "goodknees" <goodknees@discussions.microsoft.com> wrote in message
> news:6AA1AE6B-1995-4755-8814-4AD822420346@microsoft.com...
> > I've been hit by antispystorm even though I have Norton Internet
> > Package.
> > Extra scan with the Norton didn't eliminate it. On my own, I deleted
> > some of
> > the virus. Still have problems...three worst problems are: 1) task
> > manager
> > disabled, 2) desktop background always changes back to note, 'you've
> > been
> > infected...', and 3) searching with 'antispystorm' redirects my search
> > to
> > blank screen. Thanks for help.
>
> Run the scan again in Safe mode, then see here:
> AntiSpyStorm REMOVAL:
> http://www.symantec.com/security_response/writeup.jsp?docid=2007-073009-3058-99&tabid=3
>
> -jen
>
>
>