Unsolved
This post is more than 5 years old
1 Message
0
3055
Trojan SPM/LX has infected my PC . . .
Hello -- I am writing seeking help in removing a Trojan SPM/LX virus from my Dell PC. I have a Dell Dimension 4550 desktop to which I’ve added extra RAM. I keep getting Microsoft-like error messages telling me that my computer is infected with the Trojan SPM/LX virus, and to go to IDS Software to remove the virus. The virus also installed a red button with a white X in the lower right corner of the taskbar, and changed the color of my desktop and placed another error message on the desktop. When I attempted to run a scan from my Symantec Antivirus, the computer froze. I turned off my PC, and turned it back on, and I got the “blue screen of death” with a message about a physical dump of data files. I turned it off again, and then tried to start the PC in safe mode, but now I can’t even get my computer to start in safe mode. I’d be happy to send whatever error codes I’ve received before my computer stopped Windows, but I’m not sure I can get into my PC to run any other logs. Can someone please help me?
irahack
2 Posts
0
January 15th, 2010 08:00
Same here. Got a nasty dose on my emachines running XPHome. It disabled Task Manager. Interupted Safe Mode startup so it wouldn't take. Crashed Windows Malicious Software removal tool after it made it start running in a loop. AVG scan saw nothing. Finally fixed (so far) with Malwarebytes' Anti-Malware. Every indication the bug is gone. If you can, google Malwarebytes and download. Follow the instructions. I did the quick scan. When you start it, it will run it's update and then take you to program's screen. Simple, easy, fast, effective at least in my case. I was very impressed. Hope this helps!!!!
dianecmac
1 Message
0
January 15th, 2010 17:00
My Dell Precision workstation 340 was rendered useless today after I experienced almost the same things with trojanspm/lx - changed color of desktop - changed icons etc. ! I kept telling McAfee not to allow the registry changes. A Microsoft box popped up as well as the spoof spyware pop up box. Supposedly this is a harmless program that makes you think you have problems when you don't. I don't think so. My husband was unable to get into my computer even in safe mode. We gave up and decided to reformat. What a headache! My important data is backed up at Carbonite, but I now have lost countless hours of business time! Whatever this is, it is not the normal harmless spoof pop up box!
irahack
2 Posts
0
January 15th, 2010 20:00
This is part of the log of things Malwarebytes fixed. Registry was coded to run 2 kinds of fake alerts, browser hijacker, blocks wallpaper and desktop changes and disables Taks Manager. To completetly clean it out I had to run Malwarebytes 3 times before everything scanned clean.....each time restarting Windows. Kinda funny I ran the Malwarebytes a second time just to see what happened and was surprised when I hit the update button and it downloaded. The BUG killed parts of the program ???? Anyway it picked up another couple infections to fix and the third time update said I had everything and then scanned clean. No, this is far from a harmless spoof pop. This booger was dug in deep. I tried a bunch of manual extracts from some other forums with commands my system wouldn't recognise. I was about ready to wipe C with a reinstall but thought I'd try one last thing.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.