surferdude
10-16-2007, 06:13 PM
From www.komando.com
Question,
We are being bombarded by pop-ups. The pop-ups indicate an alleged threat. We got thousands of these yesterday, and many more today. Initially, there was also a blood red (dripping) screen with Oriental style writing. I eliminated the red screen. The pop-ups refer to Safewebnavigate. They are getting past our antivirus protection. My wife and kids swear they haven't been on anything that would cause this. Please help.
http://www.komando.com/emails/images/letter-a.gifThis is a heavy-duty adware infection. References to it began cropping up on the Web in August. Your antivirus program probably would not find or remove it. You need to use anti-spyware programs. A specialized tool—SmitfraudFix (http://www.komando.com/downloads/category.aspx?id=3962)—is available. This program should be downloaded and saved to your desktop. This is a compressed file. Extract the files and save them to the desktop.
Disconnect from the Internet. Reboot the computer. Tap F8 until you get the Advanced Options menu. Select Safe Mode and press Enter. Double-click smitfraudfix.cmd. Select Option 2 and press Enter. Select Y and press Enter to clean the Registry.
Wininet.dll may also be infected. If so, SmitfraudFix will tell you. Answer Y and press enter to replace the file.
Clean Internet Explorer
Reboot the computer normally. That should take care of most of your problems. Open Internet Explorer. Click Tools>>Internet Options. Select the Security tab. Click Trusted Sites. Click Sites. Under Websites, highlight anything you don't recognize as safe. Click Remove.
Given your problems, I assume you are not running anti-spyware programs. There are a number of good programs that are free. You can download them through my site. I would use Firefox or another browser; Internet Explorer may still be compromised. If you don't have another browser, use IE to download Firefox (http://www.komando.com/downloads/category.aspx?id=1581).
Reconnect to the Internet. After Firefox is installed, download the following programs: Spybot – Search & Destroy (http://www.komando.com/downloads/category.aspx?id=1260), Ad-Aware (http://www.komando.com/downloads/category.aspx?id=1650) and Windows Defender (http://www.komando.com/downloads/category.aspx?id=1253). Install these programs and update them. All are free.
Run each of the programs in series. They should take care of any remaining traces of the spyware. Also, double-check Internet Explorer's Trusted Zone for malware links.
Click Start>>All Programs>>Windows Update. Download and install any security updates.
More security programs
I would also install a fourth anti-spyware program, SpywareBlaster. It blocks incoming malware. However, it cannot be used to scan the computer for existing infections.
In addition, install a custom HOSTS file. Windows uses the HOSTS file to translate Web addresses to IP numbers. For instance, the actual Web address for my site, www.komando.com (http://www.komando.com/), is 66.210.246.140.A custom HOSTS file will stop attempts to reach many dangerous sites.
I have a link to a custom HOSTS file (http://www.komando.com/downloads/category.aspx?id=2077) on my site. Follow its installation instructions. This file is updated every few weeks.
Finally, clear your System Restore points and set a new, clean one. Malware can continue to lurk in System Restore points. Using such a restore point in the future could re-infect your machine.
In Windows XP, click Start>>Control Panel. Double-click System. Select the System Restore tab. Click "Turn off System Restore on all drives." Click Apply>>OK. Close all windows and reboot.
Return to the System Restore window. Clear the box next to "Turn off System Restore on all drives." Click Apply>>OK. Close any open windows and reboot.
Vista instructions
In Windows Vista, click Start>>Control Panel. If necessary, select Classic View on the left. Double-click System. Click System Protection on the left. Clear the box under Automatic Restore Points. A warning window will open. Click Turn System Restore Off. Click Apply>>OK. Close any open windows and reboot.
Return to the System Protection window. Check the box under Automatic Restore Points. Click Apply>>OK. Close any open windows and reboot.
If, after all the foregoing, you still have problems, use HijackThis (http://www.komando.com/downloads/category.aspx?id=2336). After downloading and installation, use the forums for instruction. You will need help using this program.
I'm not sure how you contracted Savewebnavigate. It sounds like a false-positive program.
These pop up while you're surfing. They offer to scan your computer for problems. Once downloaded, they announce that you do, indeed, have problems. Their report is a lie—a false-positive. They attempt to sell you a program, which would probably compound the situation.
Close windows carefully
When you receive such pop-ups, never accept their offers. Nor should you click the No button. It could be programmed to download the software. Instead, close the window by clicking the X in the top right corner.
Savewebnavigate also could arrive through a spam attachment. Or, it might have been downloaded via an infected Web site. Hopefully, I don't need to discuss the former. People should not open spam. And certainly, attachments should be avoided.
Infected Web sites are a growing phenomenon. They use automatic—or drive-by—downloads of malware. Sometimes, legitimate sites are hacked and malware downloads placed on them.
There are two protections against drive-by downloads. First, keep Windows updated. These sites target machines that are not updated. Second, use Firefox, rather than Internet Explorer. Most online attacks target flaws in IE.
Firefox also can have flaws. But it is not tied deeply to Windows, while IE is. Firefox is a safer browser.
:thumbs::thumbs::thumbs::hi:
Question,
We are being bombarded by pop-ups. The pop-ups indicate an alleged threat. We got thousands of these yesterday, and many more today. Initially, there was also a blood red (dripping) screen with Oriental style writing. I eliminated the red screen. The pop-ups refer to Safewebnavigate. They are getting past our antivirus protection. My wife and kids swear they haven't been on anything that would cause this. Please help.
http://www.komando.com/emails/images/letter-a.gifThis is a heavy-duty adware infection. References to it began cropping up on the Web in August. Your antivirus program probably would not find or remove it. You need to use anti-spyware programs. A specialized tool—SmitfraudFix (http://www.komando.com/downloads/category.aspx?id=3962)—is available. This program should be downloaded and saved to your desktop. This is a compressed file. Extract the files and save them to the desktop.
Disconnect from the Internet. Reboot the computer. Tap F8 until you get the Advanced Options menu. Select Safe Mode and press Enter. Double-click smitfraudfix.cmd. Select Option 2 and press Enter. Select Y and press Enter to clean the Registry.
Wininet.dll may also be infected. If so, SmitfraudFix will tell you. Answer Y and press enter to replace the file.
Clean Internet Explorer
Reboot the computer normally. That should take care of most of your problems. Open Internet Explorer. Click Tools>>Internet Options. Select the Security tab. Click Trusted Sites. Click Sites. Under Websites, highlight anything you don't recognize as safe. Click Remove.
Given your problems, I assume you are not running anti-spyware programs. There are a number of good programs that are free. You can download them through my site. I would use Firefox or another browser; Internet Explorer may still be compromised. If you don't have another browser, use IE to download Firefox (http://www.komando.com/downloads/category.aspx?id=1581).
Reconnect to the Internet. After Firefox is installed, download the following programs: Spybot – Search & Destroy (http://www.komando.com/downloads/category.aspx?id=1260), Ad-Aware (http://www.komando.com/downloads/category.aspx?id=1650) and Windows Defender (http://www.komando.com/downloads/category.aspx?id=1253). Install these programs and update them. All are free.
Run each of the programs in series. They should take care of any remaining traces of the spyware. Also, double-check Internet Explorer's Trusted Zone for malware links.
Click Start>>All Programs>>Windows Update. Download and install any security updates.
More security programs
I would also install a fourth anti-spyware program, SpywareBlaster. It blocks incoming malware. However, it cannot be used to scan the computer for existing infections.
In addition, install a custom HOSTS file. Windows uses the HOSTS file to translate Web addresses to IP numbers. For instance, the actual Web address for my site, www.komando.com (http://www.komando.com/), is 66.210.246.140.A custom HOSTS file will stop attempts to reach many dangerous sites.
I have a link to a custom HOSTS file (http://www.komando.com/downloads/category.aspx?id=2077) on my site. Follow its installation instructions. This file is updated every few weeks.
Finally, clear your System Restore points and set a new, clean one. Malware can continue to lurk in System Restore points. Using such a restore point in the future could re-infect your machine.
In Windows XP, click Start>>Control Panel. Double-click System. Select the System Restore tab. Click "Turn off System Restore on all drives." Click Apply>>OK. Close all windows and reboot.
Return to the System Restore window. Clear the box next to "Turn off System Restore on all drives." Click Apply>>OK. Close any open windows and reboot.
Vista instructions
In Windows Vista, click Start>>Control Panel. If necessary, select Classic View on the left. Double-click System. Click System Protection on the left. Clear the box under Automatic Restore Points. A warning window will open. Click Turn System Restore Off. Click Apply>>OK. Close any open windows and reboot.
Return to the System Protection window. Check the box under Automatic Restore Points. Click Apply>>OK. Close any open windows and reboot.
If, after all the foregoing, you still have problems, use HijackThis (http://www.komando.com/downloads/category.aspx?id=2336). After downloading and installation, use the forums for instruction. You will need help using this program.
I'm not sure how you contracted Savewebnavigate. It sounds like a false-positive program.
These pop up while you're surfing. They offer to scan your computer for problems. Once downloaded, they announce that you do, indeed, have problems. Their report is a lie—a false-positive. They attempt to sell you a program, which would probably compound the situation.
Close windows carefully
When you receive such pop-ups, never accept their offers. Nor should you click the No button. It could be programmed to download the software. Instead, close the window by clicking the X in the top right corner.
Savewebnavigate also could arrive through a spam attachment. Or, it might have been downloaded via an infected Web site. Hopefully, I don't need to discuss the former. People should not open spam. And certainly, attachments should be avoided.
Infected Web sites are a growing phenomenon. They use automatic—or drive-by—downloads of malware. Sometimes, legitimate sites are hacked and malware downloads placed on them.
There are two protections against drive-by downloads. First, keep Windows updated. These sites target machines that are not updated. Second, use Firefox, rather than Internet Explorer. Most online attacks target flaws in IE.
Firefox also can have flaws. But it is not tied deeply to Windows, while IE is. Firefox is a safer browser.
:thumbs::thumbs::thumbs::hi: