Am in real need of help here.

I have a normal Toshiba Laptop running XP Home. Recently I seemed to have picked something up somewhere on the laptop.

When I now re-boot, and logon to the internet, an explorer window opens up of its own accord and requests me to download some software to make the site work.. This is definately a bug as I have never asked for it and have never downloaded the software. It does it only when I re-boot the system.

I have tried to get rid of it by re-installing my recovery disks, which I assume wiped the hard disk completely. However, the problem is still there.

Is there a "harder" way of formating the hard disk to remove this issue?

Help is appreciated.

get antiverus software and some spyware removal programs like adaware

Sounds like spy-ware to me. Do a Google search for 'Spybot Search & Destroy' and 'Ad-aware'. These programs should rid your computer of the nasty stuff :) .

what concerns me is that even after going throught the recovery disk proceedure twice... I still get it, and its the same weblink. How is that possible after removing all from the hard disk.?

I've started to adopt a slightly more practical approach to spyware/adware.
Run msconfig to see what starts up with windows, write down on paper all slightly suspicious looking entries. Google for info on them to see what is the likely culprit.

If you identify a piece of spyware either delete the file that msconfig points to or go to software/microsoft/windows/currentversion/run under all HKEY trees and remove the offending items yourself. Obviously bear in mind that you can do a fair amount of harm in the registry if you're not careful, so satisfy yourself that you're doing the right thing before making any changes, particularly deleting entries.

I've started to adopt a slightly more practical approach to spyware/adware.
Run msconfig to see what starts up with windows, write down on paper all slightly suspicious looking entries. Google for info on them to see what is the likely culprit.

If you identify a piece of spyware either delete the file that msconfig points to or go to software/microsoft/windows/currentversion/run under all HKEY trees and remove the offending items yourself. Obviously bear in mind that you can do a fair amount of harm in the registry if you're not careful, so satisfy yourself that you're doing the right thing before making any changes, particularly deleting entries.

Thats what everyone should be doing first and thats what I have always done. However, this usually does not completely remove spyware. Spyware creators are clever old chaps and have ways of getting spyware to lurk about, and put itself back unless your system is completely purged. And some spyware can't be found this way anyway. I would say always use SpyBot, Adaware and hijack this first as they should be able to completely remove all traces. This minimises the chances of a registry foul ups too.

PCgamer, it depends on how the recovery disk works. I might just be 'repairing' your system rather than completely reformating and doing a completely fresh install. What is the URL in question? I bet a bit of googling with the URL would come up with some clues. What is the software it's trying to download? A bit more specific info would be helpfull mate. If it still persists, do a manual format and reinstall XP from scratch. If after that you still get it (you wont) there is a posibility there is a very smart trojan sitting on a partition if you have one.

I have now tried SpyBot and Ad-aware to no avail... am also going through MSCONFIG as a reply above suggested but this is quite hard unless you are very experienced.

You mentioned purging the system?.... whats the best way to do that.

Needless to say that the URL is a porno site... one of the many thousands out there... it just seems to like my PC.

so whtas the best way to purge the system?

have you scanned it with an antivirus software??

What is the address exactly (PM it to me). When i say purge, I mean completely remove the all spyware components. Try some other spyware software. often some are better than removing other stuff than others. I would sugest a 'proper' format and reinstall from the windows disk. When you do a 'recovery', do you still have all you IE favorites and documents?

Other than using Spybot and Ad-aware... no... I should take the step... do you know of a good one I can trial off the internet?

If you read my original thread, this issue is really killing me. Do you not think a complete purge would be better?

*double post*

the panda antivirus is good i forgot the full name try googling

Other than using Spybot and Ad-aware... no... I should take the step... do you know of a good one I can trial off the internet?

If you read my original thread, this issue is really killing me. Do you not think a complete purge would be better?

Forget i said purge :) A complete format would sort it, sure. But you should not have to do that. Have a look at these...

http://www.download.com/sort/3150-8022-0-1-4.html?

One other thing, make sure they are all upto date.

just about to use McAfee... I'll get back to you with results

Ok... I have running and have scanned with MvAfee... its deleted what it can.

Upon rebooting.. the "virus comes up AGAIN.. McAfee kicks in and deletes it telling me its a "Trojan" listing it as "Keylog-Briss" (I think).

However, everytime I reboot it comes up again and McAfee deletes again. It may be sitting on my temporary internet files.

The URL in question (you may all laugh but I know nothing about it...honest) is (link removed due to its adult content).

What the hell is coded in mysystem that this thing starts every time?

Any opinions?

Make sure Mcafee is well up to date and run it in safe mode ;)

If that fails...



Disabling System Restore

Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

Disabling the System Restore Utility (Windows XP Users)

1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.

Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.



http://vil.nai.com/vil/content/v_101058.htm

http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm

No offence, but i found this in about 10 seconds. Get some internet search skills! :p

It could still be stored in System Restore, tyr disabling it removing the irus and see if it turns up again.

JS

I believe I may have cracked it.

As one of the earlier threads stated, I've gone through MSCONFIG and booted in safe start up mod... this told me the minimal start up files I could get away with.

I then booted as normal and each time I disabled one of the startup files whilst using McAfee to monitor, and deleting all in my temporary internet files. I believe I've narrowed it down to a TROJAN virus masquerading as "Soundblaster.exe", apparently exactly what a TROJAN does.

things seem to be running for ok for now.

One question, once I am convinced it is the "Soundblaster.exe" that appears in the startup tab of MSCONFIG, how do I delete it??. (I can disable it on startup but want to get rid of it completely).

Click the 'Start' button... do a 'Search' for 'Soundblaster.exe'... then nuke that mutha! :D

all sorted.

Thanks to all who posted help

How was fixed. It would be interesting to know.

JS

bleh dual post :/

How was fixed. It would be interesting to know.

JS


erm...read above he booted to safe ode scaned with virus scanner and it found soundblaster.exe as a trojan.

I seem to have a great ability to read whats gone before. Was having a blond moment.

JS

All the advice I read was really helpfull and stopped a relatively inexperienced person like me going to PC World and spending a small fortune on leaving my laptop with them sitting on the shelf doing nothing for days.

Basically I did disable the system restore and rebooted using recovery disks... that did the trick. The TROJAN could not be removed until I did this.

I now have Mcafee antivirus running. Its worth noting though that McAfee could not remove the Trojan... it only detected it every time I rebooted the PC and deleted files that the TROJAN had created...

Today I should receive all my bits for my first PC build... McAfee will be the first thing (apart from DOOM 3) that I load.

It really is encouraging to know that there are people out there who do take the time and effort to actually help people.

Thanks again.

EVERYONE should have an antivirus package.... this much I have learned.

Aw its nice to be appreciated. :D

\o/ hurrah \o/