My PC has been got at
I tried to down load one of those free "winks" you get for MSN instant messanger, and it looks like it installed something extra I did not want.
I have tried to remove them with Ad Aware and my anti Virus.
This evening I have had several crashes and instances where I had to shut down or reboot from task manager.
Two times now I have been plagued by some sofware called winfix2005, I try and cancel and it trys to down load or run. It even resizes the browser window
As I am on XP I have tried restore, but for 3 of the checkpoints it would not restore.
Somebody I know sent be a trial version of ewido security suite, but that won't do the updates.
Any clues on how to proceed?
Ehh, Sorry about that Sticks...
The best thing I can think of is to get a friend you trust that is gifted in computers and has XP. Try using the "remote assistance" where a friend can link to your computer and try to debug it, that's the only thing I can think of unless you completely do a sys. restore where your reformat your hard drive.
Something tells me that MSN did not give this to you, but a dormant Trojan may be messing with your comp?
Oh, and what kind of Anti-Virus are you running?
It's a bit of a long shot, but if you go to start > run > msconfig > startup and see if you can find that program listed there, if so uncheck it. Also, where did you get this wink? Only download them from sites that you trust, or just avoid them altogether. I'd also check what sites you've downloaded from in the last few days. Finally, if none of that helps, you may have to re-format your hard drive, that is a last resort, and should only be done after you've backed-up all of your important files, as it will completely erase your hard drive, that solves your problem, but is a rather less-then-optimal solution.
Now that I think about it, what browser do you use? If it's Firefox I'd be very interested to know more about this program that alters your Firefox settings, if it's IE you may want to switch, just because other browsers are far more secure.
Dude go straight to this link and choose the antivirus then the antispyware option. Its free and safe.
its all web based so you dont have to install anything. let me know how you go. I use these all the time with clients computers, as well we are a trendmicro distributor.
I Have, a Virus Problem, too ....
Originally Posted by planethollywood
Will this Site, Fix my Problem, Or, Just Tell me, How To Do It, myself?
do what PlanetHollywood suggested.
that should help. but if it doesn't fix your problem, backup everything and start anew.
Am trying the Trend micro now, it got to 99% complete and is rolling up the minutes stuck on 99%. I tried to switch my outlook express off by Right click close, but it would not shut down and I got the box saying it was unrespnsive, so I told it to send the data of the failure to microsoft. Outlook disappears but the block saying it is running is still there, and my curso becomes an eg timer when I go to the bottom bar, or the start button.
I have also been getting lots of adds popping up, even though I should have them blocked. I am having to use alt tab to switch screens.
Re the nuke option, some how I managed to loose the installation discs to my copy of Front Page, so I would loose that.
I use Norton Internet Security Guard 2004
2005-Nov-07, 05:44 AM
2005-Nov-07, 08:09 AM
This is done on my works machine.
I did untill it developed contention issues with my Norton Anti Virus, so I had to uninstall it and go for Norton Internet Security Guard 2004.
Originally Posted by crosscountry
I went to that link and got it to do both, I assume both at once. Everything else froze, sort of. I let it take well over an hour to scan, by this time it seemed to be the only thing working, but as soon as it finished the scan, id did not proceed to the summary or the recover section. I noticed it had spotted three infections.
Originally Posted by planethollywood
When it froze, and I could not get at the start bar, I tried a hard shut down. When I booted back up, it seemed to take longer to boot up, and during the longish process where it starts putting the program icons in the sys tray, it just shut down with a major systems crash.
It then rebooted to the wall paper and not even a start bar. I used Task manager to restart, prayed heavily apollogised to God about every thing I may have done wrong, pleaded for my computer etc. (I find myself emotionaly effected just typing this).
It all seemed to boot up, Norton was disabled, but I waited until everything was up before doing enable of Norton. The splash screen came up about the serious crash, I chose not to send the info to microsoft.
As I had to go to work, and was over due leaving the house, I got it to shut down conventionally, (Start Shutdown - confirm shut down)
On shutting down a program either an error message appeared that HHBDAZ.exe or HBBDAZE.exe was trying to innitiate during shut down. (does anyone recognise those) It shut down and I ran/ walked fast into work.
I have been so careful in the past, I slipped up because an MSN contact kept playing these winks, and I tried to get one from a site they reccomended. I saw not sysmptons prior to this.
Coming to this site I was getting pop up messages
Winfix2005, made an appearence dose anyone know if this is a kosher program, it won't take know for an answer and resise the browser
I have been using IE, If I go to firefox and run TrendMicro again, will that just be wasting my time, since what ever it was seems to defeat all attempts to weed it out.
I would rather avoid the nuke option if possible, as I would need a full day for trying to save what ever I can, nuke it and rebuild, not to mention all the software tools I loose and the reinstallation of drivers for digital cameras, printers (two) web cam and of course my broadband modem.
2005-Nov-07, 02:41 PM
Originally Posted by Sticks
I never wanted to use ZoneAlarm, but last month I "nuked" my computer and had lost my install disk of Norton. It was a military issue (from when I was engaged to a military officer). Anyway, I think she took the disk.
Now I use ZA
2005-Nov-07, 12:16 PM
Again, if you can identify which file is causing the virus to run I recommend start > run> msconfig > startup and uncheck it's box. Is Norton capable of running in safe mode? If so restart your PC in that and try to scan for viruses that way.
Also, what was the name of this website? If nothing else we will probably want to avoid it.
Finally, weather or not you nuke your PC I would still advise switching to Firefox, it will reduce the rate at which you get new viruses and should solve your pop-up problem, also, odds are the virus won't be able to alter Firefox's settings, very few programs ever do.
2005-Nov-07, 12:44 PM
Zonealarm drives me nuts...
oneday I thought
Screw it and I just use window's firewall now...
2005-Nov-07, 01:37 PM
Yes, Norton can operate on safe mode (in fact it can do a faster scanning when on SM). Sticks, you might like to download HijackThis. That program lists the processes running on your machine. It generates a log that you can show to more experienced users when looking for help.
In fact I would recommend all AV scans to be performed on safe mode. Also, use SM to install programs whenever it´s possible, especially downloaded programs.
2005-Nov-07, 02:04 PM
I am terrified of safe mode, (how do you get there anyhue)
Originally Posted by Argos
I am frightened I will do something which means I have no option but the nuke option. (I have unpleasant memories around my former PC and an online help line I paid for that gave duff advice which meant I had to save what I could and reformat my hard drive. All I had to do this was winzip and a bunch of 3.5 inch disks
Someone has sent me a copy of Hijack This, and from what I have read elsewhere Winfix2005 is pretty persistant.
2005-Nov-07, 02:38 PM
You shouldnīt be affraid of something thatīs supposed to be safe right?
Originally Posted by Sticks
Safe mode is a diagnotics tool. It turns off certain drivers (cd, video, sound, etc) so you can have a clearer picture of whatīs going on. Check out this info on how to activate safe mode.
2005-Nov-07, 05:19 PM
I use Zone alarm and Norton Antivirus together with no problems (Win XP Pro SP2)
2005-Nov-07, 05:28 PM
This afternoonI went here because at work on a google search, it described a long tortuous manual method to remove it, and it offered a removal tool.
I down loaded it to my works memory stick, and copied it to my hard drive and ran it.
It found over 600 threat files, when I went to press remove, I discovered that for the removal process I had to pay. Being over a barrel at that moment I have had to pay $39.95 plus $6.99. I did not notice this until I started the process.
After stumping up and putting in the registration fee, after getting it to do remove, it hung.
I did a reboot, and the following programs objected
Any clues on what they are, and why XoftSpy has not solved them?
My cursor still keeps flashing the egg timer, but when I look at the internet traffic icon, it does not indicate internet traffic.
2005-Nov-07, 05:32 PM
BTW the site I went to was
www . winks .cc
written so it does not inadvertantly link to that site
2005-Nov-07, 08:42 PM
Programs can object to a shutdown without being bad, it just means that they were running and Windows tried to force them to close.
To be safe I'd restart your computer in Safe mode, it is very hard to destroy anything while in safe mode, as your capabilities get limited. After you're in safe mode run Norton, odds are the virus won't be able to start up in safe mode (essential processes only). After that reboot into windows and run Spybot: search and Destroy and Ad-Aware SE. Those two combined should remove any programs that Norton missed. If things are still acting odd I don't have much more to suggest, maybe doing a search for the file that objects, that's iffy though, as if it is malicious it's probably hidden itself, and the Windows search feature is rather... Error prone, shall we say.
If you do locate the file that objects don't delete it, post where you found it here so that we can tell if it should be running or not.
Edit: Mickal, the Window's firewall should not be your first and last line of defence, Zone alarm can be annoying, but it does a fine job protecting your PC, Windows Firewall, on the other hand, isn't annoying at all, but gives you no customization options at all and is rather poor on the defencive front.
2005-Nov-08, 12:03 AM
xsoft are the makers of spyware and malware, then like amgic it points you to their web site and for fee it will remove it (i don't think it even does that).
With the Trendmicro stuff, run them one at a time. the problem your facing at the moment i came across about a month ago and running the antivirus and then the antispyware fixed it ( adware and spybot dectected them but couldn't remove them), there is also another tool on that page called CWS.shredder, this removes the worst of all browser hijackers "Cool Website".
It may come down to a manual removal if these tools don't help. I will search those files you gave and get back to you.
2005-Nov-08, 03:37 AM
I can also recommend webroot spy sweeper, it just did better than all others we have discussed. ( i was fighting my own web browser hijacking). Its a trial version , but will hopefully get you over the current crisis.
2005-Nov-08, 09:39 AM
I got the name of the first file wrong
it is QOSMEDIA.EXE
I thought Paretologic were a reputable company when I downloaded their xoftspy program, ran it and paid to register when I discovered it would not remove the 614 odd threats from my system otherwise
Originally Posted by planethollywood
So far no further problems with WinFix2005,
however I am still experiencing the start up and shut down issues.
Sometimes I wake about 20 minutes before the alarm, so I would get my computer to boot up so it is ready when I get up and start running the bath. As I switch it on, it goes through the various welcome screens, (Compaq, Windows XP) and then puts up the wall paper and starts various programs and the broadband etc. At this point I put a floppy in the drive, so it does not make that rasping noise it does when it checks the A: drive when it is empty.
This morning I did that, and about 10 minutes to the alarm, something did not sound right, so I got to the PC, which was complaining that the A: disk was not a boot disk. Like yesterday, it must have had a severe system crash on boot up.
Re shutting down, I still get the programs "QOSMEDIA.EXE could not be initialised as that window station is being shut down" error and the comparitive one for HHSBDAZE.exe.
In addition to this, on normal shut down the goodbye screens fill the screen, on at least two occasions, including last night, instead I got a small credit card window saying the good byes. At the end of the last one, there is a black screen with the mouse pointer, and then it shuts off.
Incidentally, another problem manifested this morning, when I put in my memory stick, which is a USB 2.0. My PC normally puts up a message referencing this, I close that, and then I get in the top left hand corner a small window with the seeking torch as it goes through the various subfolders. That closes and another window opens offering various options on how I want to open. If I do not have Windows explorer already open I select explorer and it opens Windows Explorer. If I have windows explorer alredy open I just cancel, and Windows explorer picks up on the fact a new drive is present.
Well this morning, Windows explorer was open, but the sweeping torch did not appear IIRC, which happens at work, (At work I do not get the sweeping torch and choice on what to open), and I had to use task manager to kill Windows Explorer. I then had to go around checking Norton was still on and msn as their icons in the systray had vanished. After that I re-inserted my memory stick and it performed correctly for when Windows Explorer is not already on.
I just wish I could turn the clock back, but restore back to a check point would not work as I already mentioned.
BTW If I have time I may retry the Microtrend home visit again, but this time using Firefox
2005-Nov-08, 03:26 PM
Microtrend, Doesn't Work, in Firefox, Only IE ...
Seems, They Don't Support, ANYTHING Else!
2005-Nov-08, 04:30 PM
Winfix2005 seemed to make a reappearence just a few moments ago
I may have paid all that money for nothing
My Norton warned me that QOSMEDIA.EXE was trying to access the internet, so I have ordered it to block it, as I do not know what it does.
Booting up now takes about 9 to 10 agonising minutes while I wait to see if it will have another serious system crash on boot up.
So running MicroTrend is out?
Last time it hung when I was trying to get it to virus check and seek out spyware at the same time from IE.
2005-Nov-08, 07:28 PM
The file istsvc.exe is part of the istbar adware. You just can´t delete the file alone. You also have to delete other files in other folders, as well as registry keys. Removing adware can be a pain.
Symantec seems to have a solution for this particular one.
2005-Nov-09, 05:12 AM
I ran that last night, and then at the end reported it had not found it????
Originally Posted by Argos
This morning My PC crashed twice on boot up. It happened before the Norton icon is due to come in and when it checked an empty drive. It only made it because I put a disc in there after it got to the wall paper.
Right now I am looking at getting someone more competant in than I
2005-Nov-09, 10:01 AM
Additional symptoms that occured this morning
While I was looking at firefox, the automatic live update started and it seems the PC froze, and I needed to use Task manager to restart
After another agonising reboot, when it got to MSN IM, IM quibbled about some files (sorry but in my stressed out state here I can not remember what it was.) MSN fixed it and it seemed fine.
I closed down
Some minutes later I rebooted, and on this reboot, my Norton icon did not appear. I tried to go into the program and enable auto protect and it would not. I rebooted and on that reboot I got my Norton back.
I have left a telephone message with a PC engineer I got from our Thompson local directory and have e-mailed him giving this thread as a link, so he can see how this has progressed.
2005-Nov-08, 09:53 PM
Again, I'd reccomend a full scan in safe mode. I know that the idea of messing with how your PC starts up can be scary, but it's a fairly certain way to make sure that you get a full scan and can remove the stuff.
Always be wary of virus scanners that show that you have any number above 50 when you have another scanner, odds are they're showing 'false positives', where they make the situation seem much worse and offer to fix it, for a fee.