If you end up at a site which you think is Microsoft’s Windows Security Center, and it tells you that your computer is infected with W32.Sinnaka.a, and that you’d better hurry up and download some anti-spyware such as Spy Trooper, World AntiSpy, PS Guard or Raze Spyware, well, run, don’t walk, away from that site. Because it’s not the Windows Security Center come a’calling, it’s a phishing site, trying to trick you into downloading and then having to register one of those four rogue spyware/anti-spyware packages (some merely renamed versions of SpyDemolisher, SpySheriff, and SpywareNo), and then paying to register the software.
In fact, the real Windows Security Center isn’t a website at all, it’s a program on your local hard drive! But because the phishing site is so realistic, and even reports accurately what browser you are using, and what IP address you are connected through, many users are likely to be taken in.
And users who aren’t forewarned shouldn’t feel badly about being duped, because it looks so real In fact, says Patrick Hinojosa, CTO of Panda Software, it’s so real looking that, he says, “I thought at first it was actually the Windows Security Center screen on my desktop. I had to look at it twice to tell it wasn’t. This is certainly something that would fool most people.”
And because the link to the bogus phishing site often isn’t even coming through in email, but rather through some other form like a Trojan, your anti-spam and anti-spyware programs are unlikely to catch this one (which is of course why they do it).
So what can you do to protect yourself? Be very aware of the sites on which you end up by clicking on any link. And if you aren’t sure, when in doubt, get out.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
I had this problem as well , more then once , but have used a free program called SPYBOT SEARCH AND DESTROY . taken care of the problem every time. IM suprised at Mircrosoft for not making every one aware of this spyware scam.
Some one killed Chinese Hacker virus problem
This is the fucking executable
that causes the annoying PopUp
warnings:
SpyQuake
C:\WINDOWS\system32\sivudro.dll
i found this later .
http://www.bleepingcomputer.com/forums/topic47826.html#automated
Final Solution !
Update.
Ran antipuper .. did really help .
Followed the
and that helped alittle more.
Running Mozilla is the key here because this garbage really fucks up exploder .. hince the name .
googe :
antimalware which is the root of annoying false security alarms your find more tools at:
these fuckers need shot, than sued.
the antipiper didn’t really cure
this fucking thing.
Luckly I use forefox/mozilla which is not affected by pop ups.
i have this sinnaka thingumy, i was nearly fooled by this site, i wanna get this trojan dude and kick his ass.
good luck everyone
Cheers!
sorry this is the link to the mcafee suggestions:
i have/had this.i’m not so sure anymore.i got rid of the fake warnings popping up in the corner with ad-aware and then found some random program which sorted out the problem with homepage.HOWEVER i DONT know if this program can be trusted.i took the risk and everything seems to be fine but im still very wary and im goin to try and make sure it’s definately gone and i havent messed my computer up anymore. here’s the link for those that do want to take the risk but do so AT YOUR OWN RISK, it’s not supported by any security programs and could be another virus:
i found this after a google search for sinnaka and this came up but it does appear to be on the mcafee website although not supported by it.
these are the steps that mcafee suggest but i cant open ‘regedit’, to back up my registry keys, i don’t really know what all this means but anyway, in the run menu, which it advises so i haven’t attempted to do any of the rest of the steps yet. anyway, hope this helps
PS Guard… is a virus and almost impossible to get rid of once you have downloaded the software… I have it but since I have been usinf Microsoft AntiSpyware (Beta-1) at least it is quarantined daily daily and is not messing with my software… As bad as I hate to use Ms at least it is free, for now and keeps these creeps at bay. Below is the web page.
I HAVE HAD THE SAME PROBLEMS WITH MY PC, BUT WITH THOSE PROBLEMS I CANT EVEN CONNECT TO THE INTERNET TO DOWNLOAD ANYTHING HOW WOULD I GET ID OF THE WORLD ANTISPY, RESTORE MY PC WITHOUT DOING THIS OR FORMATTING MY PC
AHH I’ve been infected with this for a while now but can’t get round to reformatting. I am truly the definition of a computer illiterate person. Someone please email me with moron-friendly instructions on how to dispose of it and the accompanying popups. My email is rothepro71@hotmail.com
sry Comment by Caleb — 10/6/2005 @ 6:09 am not Comment by Norm Mcleod ? 10/2/2005 @ 7:22 pm but still HELP
“Comment by Norm Mcleod — 10/2/2005 @ 7:22 pm
Terry, I share your sentiments. I’d like to take a sledge hammer to the computer of the guy who wrote that trojan. It took me 2 hours to hunt down and correct all of the problems it caused. A once trust-worthy utility site is no longer trust-worthy. I had to use HiJack and AutoRun to locate the hijacked registry keys. Here’s what I had to do to reclaim my computer. Bring up the task manager and shut down the processes INTMON.EXE, INTMONP.EXE, and MSOLE32.EXE. There’s a start-up registry key that automatically loads MSOLE32.EXE into memory. Delete it all in its entirity. Your virus scan should locate the downloader (Puper, aka Popuper) trojan and delete it. If it doesn’t, then do an internet search on the Puper trojan, and it will give you information. Once all of that is done, reboot, and go to C:\Windows\System32\ and delete the three files mentioned above. Also delete any TMP files that begin with the letters HP. As a matter of fact, delete any and all files that have the same modification date as the three above. Don’t delete anything prior to the date you started having problems, but it is safe to wipe out anything modified afterwards. There are icon files using MS’s security shields. There’s a file using the “warning” symbol (a yellow triangle with an exclamation mark in the center). Delete it. There’s an html file that contains the Spy Trooper info. Delete it. Then reboot for assurance.”
I CANT FIND THOSE PROCESSES, SHIT WHAT DO I DO?????
I have deleted the desktop hijack, but the PS Guard keeps showing up in my spyware scans and I cant even delete it when I run “regedit” and try to delete it from the registry, what can I do to get rid of it? Thanks for your help smart people :)
i have just been fooled by this page and downloaded and ran the spyware programmes,but i did not register or buy them, has this caused any further problems that i should be aware of ?
err I have just fallen pray to this hidious delima!! If I could get my hands around the guys neck who did this well you know what I would do! Ok with that said I actual paid the register fee for world Antispy and knew that I was taken. I will be talking to my bank tomorrow and I have already sent there support team a nice e-mail. I actualy purchased PC tools Spyware Doctor after ready this and it clean evrything up for me. My PC is back to normal!
have the same problem as jon who posted 10/25. Have no wallpaper just white screen. What to do? Any help out there?
have successfully removed the sinnaka prob from my comp(thank you, everyone!)but i still cannot restore my desktop settings, i.e. no wall paper, just white screen. cna anyone help?
Thanks for this muchly! I was at a site and this was placed on my comp….no cilk toget it it just flooded my desktop..now i am permanently on “restore my desktop” white screen with normal icons, as first the thing placed 22 icons on my desktop..iwish i knew who..I’d report them mto the CRTC here in canada.
Hi. I’ve just had this problem. Try this http://www.geekstogo.com/forum/index.php?showtopic=2852
how do i get rid of the spy ware thing off of my background
Terry, I share your sentiments. I’d like to take a sledge hammer to the computer of the guy who wrote that trojan. It took me 2 hours to hunt down and correct all of the problems it caused. A once trust-worthy utility site is no longer trust-worthy. I had to use HiJack and AutoRun to locate the hijacked registry keys. Here’s what I had to do to reclaim my computer. Bring up the task manager and shut down the processes INTMON.EXE, INTMONP.EXE, and MSOLE32.EXE. There’s a start-up registry key that automatically loads MSOLE32.EXE into memory. Delete it all in its entirity. Your virus scan should locate the downloader (Puper, aka Popuper) trojan and delete it. If it doesn’t, then do an internet search on the Puper trojan, and it will give you information. Once all of that is done, reboot, and go to C:\Windows\System32\ and delete the three files mentioned above. Also delete any TMP files that begin with the letters HP. As a matter of fact, delete any and all files that have the same modification date as the three above. Don’t delete anything prior to the date you started having problems, but it is safe to wipe out anything modified afterwards. There are icon files using MS’s security shields. There’s a file using the “warning” symbol (a yellow triangle with an exclamation mark in the center). Delete it. There’s an html file that contains the Spy Trooper info. Delete it. Then reboot for assurance.
To get around the initial popup go to MY COMPUTER on your desktop and enter the URL you are seeking directly into the address bar where My Computer is displayed. This will take you to the net without the ADS popping up.
There is a free version of ad-aware you can find at downloads.com that takes care of Fake Windows W32.Sinnaka.a Alert quite nicely.
Ad Aware if you can get it to download while you have this garbage will do it. If memory recalls AdAware lets you make recovery disks. Then between Hi jack this and looking through you drive for fluky files you can start to remove it.I do not care what microsoft says create a extra drive besides c: if you do have to reinstall and then use it. That in itself has saved me countless times. Lastly the person(s) that is creating such crap if I ever see you I WILL dislocate your jaw for being so greedy
Like habilmorgan, please let me know how to get rid of this damn sinnaka fraud… please please please…. thanks!
Very informative indeed. I was infected by this trojan “W32.Sinnaka.A@mm” yesterday and suffered the consequences you describe above. Ay tips on how I can get rid of it? I’ve tried at least a dozen top-rated spyware removal softwares but the problems persist: my homepage is changed everytime I open Internet explorer, porn sites have been added to My favourites, computer is slower, etc. How can I solve this without having to re-format my hard drive?
Thank you.
H.
A great Article! The one thing I cant say enough to my visitors is “Get Educated” if you are going to be online. Its no different than any other task you do in this world, like learning to skydive, you learn all you can before you jump out of that plane.