Possible virus please help me to confirm/deny

[SQLWilts]

Hi,
I was called to a customers machine because it would not boot under W2K. I used the W2K CD to boot and recover the windows session and the machine now boots HOWEVER.....
something is still running in the background. Ctrl-Alt-Del wont work, windows key and Alt doesn't work (in fact, the neither of the alt keys work at all, in Office, Windows alt-tab, nothing. Also, the Search function does not work. The only way I can search in Windows is to click the search button in Windows Explorer. There was a couple of weird registry keys in the HKLM/Software/Micro$oft/Wondows/Current etc etc startup key which I deleted. I also found an .HTA file in the fonts folder (fonts.hta) which I deleted as it was adding registry keys to change the default search engine and home page to searchspace.com. This machine is NOT happy, it is running awful slowly and the hard drive is constantly rattling. I suspect a virus, but Norton does not find anything - any clues anyone? I am an advanced user so am happy to clear things in registry etc out myself.
Any help, gratefully received.

 

[BionicJohn]

Hi, Tony,

A search on Google produced this:

http://www.glowingpets.com/hugesearch_help.html

"The problem stems from an HTML application file that is installed in your Fonts folder. This file has a .hta file extension and is responsible for resetting all your registry settings after you've re-booted your computer. The file is written in VB-Script.

"The usual anti-adware antivirus software doesn't seem to work.

"HugeSearch.net is spyware/scumware/adware that infects your computer when you click on a link that comes through email spam."

HTH



Iechyd da! John
Glannau Mersi, Lloegr.

 

[SQLWilts]

Yeah, that fits - but how do I re-enable his task manager, alt key etc etc? I found the .hta app that did this (opened it in word pad and was disgusted with what I saw) but still probs with 'puter. How do I put it right - besides a re-install which is out of the question?

 

[Ironduke]

You can download the free personal version of Ad-Ware 6.0 from Lavasoft. My wife had a lot of difficulty with things including a half-toned, color menu bar on her screen. Nothing worked until we installed Ad-Ware 6.0, ran it and cleaned up the system with it. Spy-Ware cleaners and others merely put more problems into the system. Ad-Ware cleans it up.

You can find it using google and I believe that there are reviews from authoritative sources on CNET, ZDNet, etc.

Denny J. Walthers
Old BUFF

 

[SQLWilts]

Thanks Denny, will give it a go and post back

 

[noobtechie]

Do a search and download to the latest update for CWshredder, Hijackthis, spybot, run the following scans at

http://www.trojanscan.com

and

http://www.trendmicro.com/en/home/us/personal.htm

Hope this helps

 

[BionicJohn]

Hi, Tony,

CWshredder, Hijackthis, etc are at:

http://www.spywareinfo.com/~merijn/downloads.html

Iechyd da! John
Glannau Mersi, Lloegr.

 

[PatrickDickey]

thread615-742707 The reason I posted this, is because TekTippy4U has the links to HijackThis, the removal instructions, and some other information on spyware in it.. Rather than copy his post, and quote it, it's easier to link to it.

Ad-Aware is found at

http://www.lavasoft.nu

and SpyBot S&D (which is as good, if not better than Ad-Aware) is at

http://www.safer-networking.org

Patrick.

 

[SQLWilts]

I have worked on this 'puter now and have run Ad-Aware 6. It removed 1,400 different "bits" both registry and files. Latest Norton Enterprise Edition found a Trojan, can't remember its name, but was still being tormented with home page being re-directed to

http://www.search-space.com

(pain in the backside) and alt/tab key not working and also windows/F not opening search window. I have downloaded CW Shredder and will give that a go - but I am unsure of why the Windows/F and Alt/tab do not work. Alt/tab behaves as though I am just using the tab key, and Windows/F does nothhing. Will run CW Shredder and post back.

 

[Giordano]

I used XTM to kill the background running applications, including viruses.

http://www.warecase.com/Downloads.asp

Hope this helps

 

[SQLWilts]

FINALLY sussed it. Got hold of CW Shredder and that cured the search-space problem. Manually deleted a couple of other registry keys from old apps that didn't de-install correctly and now fine!
Serves him right for surfing porn, I say!!!!

Thanks for all your help and posts people!