directX10 from spycrush.com beware!

[yebo]

last night when i checked my email meron pop-up na lumabas (i had the blocker off for a while, Utube kasi). it was asking me to install this dirextX10. but since i was not sure where it was coming from i clicked "cancel". there are 2 buttons ha, "ok" and "cancel", and i am really sure i clicked on "cancel". ayun na po bigla lumabas etong window from spycrush.com, telling me that i had several spywares in my comp. labas din agad ang avg anti-spyware, meron daw pumasok na spyware. yung avg meron talaga ako (both anti-spyware and anti-virus) pero yung spycrush.com wala ako nun. duda na ko agad, so i immediately disconnected the lan cable (30 seconds passed siguro before na-disconnect ko). etong spycrush na ito it redirected my browser (ie7) to their website, and anak ng tupa it was asking me US$59 to be able to download their anti-spyware program. syempre ignore ko siya. yung browser din napalitan agad ng homepage, spycrush.com na ang homepage nya (dati google). also hindi ko na mapalitan ang homepage. it also added an address bar of spycrsuch.com, and 2 buttons to download their anti-spyware and anti-adware programs. wala na ko magawa dun sa browser, ayaw na magrespond kung di yung spycrush tool bar lang.

i tried to remove the spywares using avg. it found 137 cookies and 5 adwares. hayup ang bilis, 30 seconds lang yun a! so quarantine then delete ko lahat. kaso yung browser ko was still hijacked by this spycrush, and also meron icon sa baba na parang shield ng microsoft, but it was flashing green and red. it looked like the microsoft yelow shield icon warning of security updates na needed, but if you look at it closely it is not really the same shape.

so see ko ang task manager. ay sus kadami ng programs na umaandar na hindi ko kilala, tapos meron mga program na nagduplicate. if i close 1 then another will pop up dun sa task manager window. at this point tried ko connect ulit network cable, then tried searching for solutions. ang kaso lang, since na-hijack nga yung ie7 ko e lagi nya redirect sa spycrush.com! so panic mode na, i disconnected the lan cable again. but before i could disconnect the cable (siguro no more than 1 minute nakakabit) it again downloaded the spyware cookies and adwares that tooke me 1 hour to delete using avg. kainis!

drastic measures na to. open ko ulit task manager, listed down the program that keeps duplicating (iesmin.exe and imsmain.exe), checked their location on the drive, checked when they were created, rename, delete... kaso ayaw nya ma-rename or ma-delete. teka, meron nga pala safe mode hehehe...


so safe mode, dun ko lang na-rename saka na-delete. tapos trace ko yung mga sinulat nila na programs, nasa windows\prefect\ ... check ko kung ano yun na-create same time as the attack. delete ko lahat. kahit naman madelete ko yung hindi dapat e mag-create naman ng bago ang windows na needed nya di ba. anyway success here. i regained control of the browser.

kaso yung icon sa baba ayaw maalis, and every few minutes pop-up ang window telling me to download the spycrush programs for a fee! hinanap ko kung nasan folder. ayaw umandar ang uninstall program na andun sa same folder nya. folder name was ???? directX???. hindi siya talaga directX, ginaya lang ang name. anyway ayaw ma-delete. pinabayan ko na lang, tulog na ko 1am na e may work pa ako.

this morning tried namin humanap sa net ng remedy, wala. natanggal lang namin yung 4 more na adwares using spysweep, but the icon was still there. drastic measures na talaga, reformat! buti na lang na-back-up ko yung mga picture files ko saka files na important 2 days ago before this thing happened. so ayun, bye-bye music files, bye-bye video files huhuhu!

so mga tsongs, sabi nung ET namin sa rig, meron daw talaga adwares na kahit yung "cancel" button o yung "X" button sa upper right hand corner ang i-click mo e mag-download pa din siya. ni-design talaga yung window na misleading so clicking on the "cancel" and the "X" is just the same as clicking on "ok". safe daw is to let windowsxp close the window, by right-clicking on the task bar then click close.

ano ba pwede gawin sa spycrush.com na yun? di ba pwede i-report yun. langhiya, papasakan ng malware ang comp mo tapos sisingilin ka ng US$59 para matanggal ang ginawa nya. san ba pwede i-report?

[torque2006]

i- system restore mo sha, para tanggal yung malware.

i'm not familiar with where you can report the trojans/spyware/adware/malware coming in, unless you're in the states. you can sue them there.

[yebo]

tried that too, 1 day, 1 week, 1 month, 2 months restore ayaw pa din. we finally traced a windows component that was also "hijacked" by the adware so reformat na lang talaga. we also tried other anti-spyware and anti-virus programs like norton, symantec, nog, etc. pero di siya defined.

also nga pala, it also pirated my passwords sa yahoo, chikka and here at tsikot. good thing it did not do anything. nalaman ko kasi when i logged in here sa tsikot kanina 7pm, e last visited daw ako 6pm today hehehehe! dun din sa chikka it kicked me out kasi naka-log on daw ako sa ibang location. also same with yahoo. pinalitan ko na lang lahat ng passwords ko.

admins, better check kasi baka nakapasok dito when it hijacked my password. wala naman siguro nangyari kasi member lang ako dito and hindi admin.

[Lucius]

Pag ganyan, sa www.9down.com na lang kayo magdownload

[wildthing]

have you tried using spybot?

[n2knee]

my laptop was just infected with that same trojan last week. i went to this site http://www.2-spyware.com/remove-spycrush.html and followed the instructions. the spyware is gone. note that spybot nor mcafee anti virus will not be able to delete it.

[BlueBimmer]

install fresh copy of xp hehehe

[Syuryuken]

install fresh copy of xp hehehe

tanggal lahat ang virus, spyware etc.... pati laman

[Horsepower]

You can also try Knoppix or Fedora Core. At least yun, di kaya ng mga malwares like that.

I'm using Vista Ultimate right now, so far, ok lang sya. My PC is quite ancient. Tuwa ako na gumana pa ang Vista. P4 3.0HTT, 1GB, 840GB, 9800Pro 128MB. Medyo weird lang at di nya kaya ang 1920x1200 resolution ng monitor ko. Hanggang 1800x1440 lang

try mo rin palit ng Anti-virus to AntiVIR. used AVG before, this AntiVIR is better.

[oldblue]

never click ok or cancel. x na lang kung hindi disabled. hindi kasi magtrigger ng kahit anu yun

kung disabled just close the entire IE from task manager