Trig Posted July 22, 2008 Share Posted July 22, 2008 Think my laptop is infected with Spyware/Virus Its got a big blue screen (which has replaced my desktop picture) with a message in the middle saying: Warning Spyware detected, install an Antivirus/spyware remover, Its running so slow like you wouldnt believe and everytime i try and do something a message pops up and says windows is shutting down in 60 seconds, so i cant even do anything! ive tried system restore but the date has been set so i cant go back any further than yesterday (when the problems started) Ive even tried inserting the reboot disk but cant even get that to load Anyone got any ideas? or do i need to take it to someone in the know and get my pants pulled down Quote Link to comment Share on other sites More sharing options...
AndyT Posted July 22, 2008 Share Posted July 22, 2008 Tried safe mode Trig? I'm not holding out too much hope though. Quote Link to comment Share on other sites More sharing options...
Supradan Posted July 22, 2008 Share Posted July 22, 2008 Try running spybot in safemode http://www.safer-networking.org/en/index.html Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 Sounds horrendous. What happened when you tried booting fom the recovery CD? Could be the boot order has been changed in the BIOS as well. If you can boot from a CD then you may be able to salvage it using an Anti-virus boot CD. Otherwise you may have to take the hard drive out, connect it to a PC with an up to date virus checker and scan it from another PC/laptop. You get adapters to connect laptop drives to PC's Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 Try running spybot in safemode http://www.safer-networking.org/en/index.html If he can get there before it shuts down. There are a few things you can do to try get rid of it. Quote Link to comment Share on other sites More sharing options...
Trig Posted July 22, 2008 Author Share Posted July 22, 2008 thats also another problem, it wont even let me get on the internet (im on the home pc) i think its fubarred. Quote Link to comment Share on other sites More sharing options...
JustGav Posted July 22, 2008 Share Posted July 22, 2008 Try running hijackthis from trendmicro... bit brutal but it is a wonderful tool. Quote Link to comment Share on other sites More sharing options...
carl0s Posted July 22, 2008 Share Posted July 22, 2008 Try quickly running "shutdown /a" before the system shuts down, then try to fix the problem the usual ways. "shutdown /a" will abort a shutdown initiated by lsass being killed. How are you connected to t'interweb? Quote Link to comment Share on other sites More sharing options...
carl0s Posted July 22, 2008 Share Posted July 22, 2008 If you can't get the HDD out into another machine for deleting trojans etc, then your weapons for today will be Unlocker and Hijackthis If you're not IT literate enough to know what's good and what's bad, e.g. interpreting the output of Hijackthis, then there are loads of forums where people will have you run 300 different "fix everything bad" programs/scripts and tell you when you've got there. Quote Link to comment Share on other sites More sharing options...
Trig Posted July 22, 2008 Author Share Posted July 22, 2008 Try quickly running "shutdown /a" before the system shuts down, then try to fix the problem the usual ways. "shutdown /a" will abort a shutdown initiated by lsass being killed. How are you connected to t'interweb? im usually wireless but its not connecting now for some reason? ill try the shutdown and see what happens... Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 Hows it looking? You could use http://www.ultimatebootcd.com/ . It's a linux bootable CD and you can download it, burn to CD and boot off it (if you can boot from CD). It contains an antivirus program you can use to scan the harddisk. You might find the virus definition files out of date though, but it's worth a try. Quote Link to comment Share on other sites More sharing options...
Trig Posted July 22, 2008 Author Share Posted July 22, 2008 Hows it looking? You could use http://www.ultimatebootcd.com/ . It's a linux bootable CD and you can download it, burn to CD and boot off it (if you can boot from CD). It contains an antivirus program you can use to scan the harddisk. You might find the virus definition files out of date though, but it's worth a try. Its looking better, ive managed to get it to stay on for more than 2 mins, got my connection to the net back and downloaded spybot, its scanning now and found quite a few things wrong so far.... fingers crossed it works Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 Cool, just be careful of being connected with a virus as it could be transmitting info you don't want it to. Install this as well: http://www.microsoft.com/windows/products/winfamily/defender/default.mspx It's free MS spyware software Quote Link to comment Share on other sites More sharing options...
Trig Posted July 22, 2008 Author Share Posted July 22, 2008 using the spybot its removed most of the problems (running a lot faster now too) but the main one is still there, Its says it cant remove it? i still have the blue screen as a background pic It says : Win32.agent.pz Quote Link to comment Share on other sites More sharing options...
AndyT Posted July 22, 2008 Share Posted July 22, 2008 using the spybot its removed most of the problems (running a lot faster now too) but the main one is still there, Its says it cant remove it? i still have the blue screen as a background pic It says : Win32.agent.pz http://forums.techguy.org/malware-removal-hijackthis-logs/587548-malware-win32-agent-pz.html Hope it helps mate. Quote Link to comment Share on other sites More sharing options...
Trig Posted July 22, 2008 Author Share Posted July 22, 2008 http://forums.techguy.org/malware-removal-hijackthis-logs/587548-malware-win32-agent-pz.html Hope it helps mate. edit working now im guessing safemode is not connected to the web?? Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 http://forums.majorgeeks.com/showthread.php?t=130919 http://forums.techguy.org/malware-removal-hijackthis-logs/668906-solved-need-help-removing-win32.html These are the 2 links I think should help you the most. Good luck bud. Quote Link to comment Share on other sites More sharing options...
MarkR Posted July 22, 2008 Share Posted July 22, 2008 Oh, just noticed the update. Sorry. I'd now do a thorough scan of your entire laptop(including boot sectors). Then copy all your data to a removable drive. Plug drive into PC and scan thoroughly again. Reformat your laptop from scratch, rebuild it using recovery CD and copy your data back. That's the ONLY way I'd ever trust the laptop again. Definitely don't log into anything that requires a password or login to any sort of banking or enter any personal details until you're sure you can trust it. You're just asking for trouble. I live in Blackheath, so probably near to you. If you don't feel comfortable doing all that, I can be bought with cases of nice red wine for IT services Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.