| Home / Misc / Computer troubles / onlinespywaresscan.net Malware | System | Windows XP Professional.
| Problem | Internet Explorer will pop up automatically and you will find yourself at the webpage onlinespywaresscan.net - For people using security options, at least Internet Explorer will try to open
onlinespywaresscan.net but will report it as "This website has been reported as unsafe". So, this is a malware. Trying to remove it, is not easy, because it seems that no antivirus program is able to find it.
This things won't help:
AdAware: Crashes within the scan in less than a minute. This malware effects AdAware.
AntiVirus: Can not find the virus. You should keep it active, he guards your system quite well, but can not help you with this problem.
Spyware
Doctor 6.0: Not able to find the malware. But it finds other things, but wants your money, to let them removed. Once you remove them, the problem still exists. Waste of your money and time.
Spybot - Search & Destroy: Not able to find your malware.
ATF Cleaner: Good program, but not able to help you with this problem.
Hijackthis: Iunfortunatelyt not able to show you this malware in any way.
Registry: If you look up your "run" folders (search for "runonce"), you won't
find anything suspicious either.
Task Manager: The malware does not expose itself there.
Services: Neither does the malware hide himself under some services.
Reinstalling Internet Explorer: Won't help either, because IE is not infected.
| Solution | Only Filemon and Combofix could expose the infected files (Download combofix from combofix.org.)
Anyway, in my case, I have exposed following files, deleted them. Problem was solved. Kill those worms:
c:\docume~1\<User>\LOCALS~1\Temp\8.tmp
c:\documents and settings\<User>\Application Data\020000000dc00c7d649C.manifest
c:\documents and settings\<User>\Application Data\020000000dc00c7d649O.manifest
c:\documents and settings\<User>\Application Data\020000000dc00c7d649P.manifest
c:\documents and settings\<User>\Application Data\020000000dc00c7d649S.manifest
c:\documents and settings\<User>\Local Settings\temp\8.tmp
c:\windows\system32\DS16GT32.DLL
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\229.crack.zip
c:\windows\system32\SystemX86\229.crack.zip.kwd
c:\windows\system32\SystemX86\230.keygen.zip
c:\windows\system32\SystemX86\230.keygen.zip.kwd
c:\windows\system32\SystemX86\231.serial.zip
c:\windows\system32\SystemX86\231.serial.zip.kwd
c:\windows\system32\SystemX86\232.setup.zip
c:\windows\system32\SystemX86\232.setup.zip.kwd
c:\windows\system32\SystemX86\233.music.au.kwd
c:\windows\system32\SystemX86\234.music2.au.kwd
c:\windows\system32\SystemX86\235.music3.au.kwd
c:\windows\system32\SystemX86\236.music.snd.kwd | |
POST COMMENT |
| Tags | Virus, Malware, HTML/Infected.WebPage.Gen, HTML-Script, IE, popping up, opens opening new scren, new IE screen, AdAware crash, AdAware stops |
|