Subject: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 07:29 PM A week or so ago, I found an icon in my Internet Explorer "favorites" for a spyware or adware removal tool. I clicked it to check it out, and a window opened on my computer, wanting to install something. Names of files kept flashing past, like it was scanning my computer. There were grey buttons to click to cancel installation, but I didn't trust them - so I clicked on the "x" on the upper-right corner of the window and closed it. I used Norton to scan my computer for malware, and found nothing. A few days later, I found a link to the same "utility" on my desktop. I wish I could remember the name of the thing - it was some official-sounding name that was supposed to clean dangerous things off my computer. I Googled the thing at the time, and found no negative information about the program through Google or Symantec. Nonetheless, I think it's highly suspicious because of the way it wants to do its thing without my being able to control it. Is anybody aware of this program? How did it come to install links on my desktop and "favorites"? How can I stop it from doing this? My boss at the Women's Center found the same thing on her computer today, and it keeps wanting to run. I'm trying to talk her through the removal so I don't have to drive the 40 miles to Sacramento to fix. Any hints? Here's a page that has an interesting list of "rogue anti-spyware": http://www.spywarewarrior.com/rogue_anti-spyware.htm -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: artbrooks Date: 20 Feb 08 - 07:33 PM Need the name, Joe. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 07:48 PM I had to search my Recycle bin, but I found it - the link was titled Online Security Guide, and it led to asafetyguide.com/soft, which then tried to install something on my computer. As far as I can tell, I was able to stop it from installing anything. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: artbrooks Date: 20 Feb 08 - 08:02 PM It is apparently a clone of a spyware program called "aprotectionguide.com". More here from McAfee, including a test to see if you really stopped it |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Leadfingers Date: 20 Feb 08 - 08:07 PM I had a 'Free Computer Check' thing a year or so back that decided it was going to sit on my Puter and demand I buy the whole rig ! I finished up E Mailing the vendor and asking how to get rid ! They sent the info by return ! Cant remember the name but it was some kind of security thing |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 08:38 PM I don't find anything with Google that is really incriminating, but a couple of threads at malware removal sites show HiJackThis logs that have the asafetyguide.com site listed in the browser "Trusted Sites" list. The logs were posted for removal of specific malware programs, and the experts didn't make reference to the browser list; but presence there means that the person running the computer had deliberately added the site, or that they were "surreptitiously added" by malware. IE Tools|Internet Options, Privacy tab, Sites button should show you whether something has added the website to your "approved" list. If it's there, I'd delete it, or block it specifically - and while there make sure mudcat.org1 is on your list. 1 If mudcat.org isn't on the list, and your computer keeps its cookie, you're probably running at a lower security level than you should really be using, or you're using an obsolete version of IE that should be updated. The site for rogue software shows a last update May 2007, which is much too old to be really useful(?). The info appears pretty good, and would help if a bad thing is on the list; but things change too fast to use a list that old to indicate that something it doesn't list isn't bad. John |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 08:42 PM Cross-posted with others. The McAfee page does provide incriminating info. John |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Rapparee Date: 20 Feb 08 - 09:04 PM Having my computer and my wife's repaired and malware removed cost me danged near $400 last December. This and I also had Norton 360 installed on both machines! Since then I've switched to Zone Alarm and free AVG antivirus and antispyware. It's harsh to say, but I no longer trust Norton. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 20 Feb 08 - 09:10 PM Yeah, I was surprised that neither Norton Internet Security nor McAfee picked this up (Norton at home, McAfee at work). McAfee's Website says something about it, but not really much (and not by the name that appeared on my computer). If it's not a threat, I'd be surprised. It is far too aggessive to be benign. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 20 Feb 08 - 09:47 PM Antivirus programs can't do anything about something that isn't a virus. The current most common things are phishing scams, that entice you into clicking something. When you click, you've given permission to install a program, even if the button says something else. YOU are the MASTER OF YOUR COMPUTER, and the AV/AntiMalware/AntiSPAM program that you have installed CANNOT REFUSE TO DO WHAT YOU TELL IT TO DO. If you click, and the click means "install," you override all your protections. The website found in your bin is listed as a "clone site" at the McAfee page, so everything said probably applies to the one you had (or have). Aggressiveness is not an indicator of "evil intent." Not all nastiness is technically illegal. It may just mean they want to trick you into giving them your money. If that's a surprise, you haven't tried to buy a used car lately - or talked to a politician face-to-face. John |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 20 Feb 08 - 09:49 PM The Kerio free firewall is doing a fine job, along with AVG, Spybot Search and Destroy, Spyware Blaster, and a new little program that Bill D. (my hero!) recommended called WinPatrol. Woof! SRS |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,.gargoyle Date: 20 Feb 08 - 10:30 PM JOE
Your recent clown-clones have not been nice.
Perhaps, they placed me, along with thee on ice.
Sincerely sorry
I also, have cleaned shop.
Gargoyle
nasty, nasty, stuff - In public places (showers, Ireland, Madcow UK, South America) everyone was once disinfected. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bill D Date: 21 Feb 08 - 03:18 PM wooof...woof....*pant, pant* (WinPatrol is a winner! IT is the hero, but you may pat my head...) |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 21 Feb 08 - 09:21 PM It's funny--poke the icon and it "roofs" at you when it opens. :) |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 21 Feb 08 - 09:29 PM Ah, but John, this program placed links on my desktop, and in my browser "favorites." As far as I can tell, it isn't installed on my computer. But leaving links on my computer is far more than simple aggressive advertising. That's downright malevolent. How did that happen? I'm surprised that Norton Internet Security allowed it. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,EuGene Date: 21 Feb 08 - 09:46 PM Norton is so porous that it lets all kinds of stuff through its supposed "protective shield". I would almost classify Norton as a virus whose mission is to facilitate the downloading of all sort of green meanies onto innocent computers. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Cluin Date: 21 Feb 08 - 09:58 PM Norton USED to be good software. Unfortunately, no longer. I now use AVG for virus protection with ZoneAlarm as a firewall and Spybot S&D (use the "Immunize" feature) & Ad-Aware for spyware protection/scanning. But the best defence is common sense. Don't fall for phishing emails, don't download scads of free software and demos just to "try them out", don't click ANYWHERE on pop-up windows and keep everything updated. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Joe Offer Date: 21 Feb 08 - 10:53 PM "Don't click anywhere on pop-up windows." That's the best advice I've seen yet, Cluin. From the popups that appeared on my computer, I could guess that I didn't even want to click the "cancel" button. I clicked the "x" button on the upper-right corner of the window to close the popup, and then I closed my browser and rebooted the computer. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,.gargoyle Date: 22 Feb 08 - 01:37 AM Symantic - On Line - Free Scan - is SO thorough it picks up pieces of truncated code removed years before.
If you understand "Reg Edit" and yes Joe you do .... it is an interesting half-day refresher coarse.
Even more interesting - after a thorough purge and scrub - is the FIND by Date for the last one, two, three, days.
Sincerely,
Joe get a handle on your clones - No problem if they remove half of tonight's postings (I was mean to AZZI and should not have been - she has her own row to hoe) However, Joe, you have some wicked folk ridin this gospel train. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: JohnInKansas Date: 22 Feb 08 - 02:03 AM Joe - There are many different kinds of threats out there. Norton (and any other Anti-Virus/Anti-SPAM/Anti-Adware/Anti-BrownRailroadTracksInYourShorts program) can only protect you against the kinds for which the program is designed. An icon on your computer is not necessarily a virus or other malware. The most likely source is that somewhere, sometime, someone actually "clicked" on something that made them curious, and the click was rigged to appear to do something innocent but actually did something unexpected. In this case, it probably said "save icon to desktop" and/or "add link to webpage." If your Anti-everything software prevented you from telling it to save something from the web to a file (including to your desktop) your computer would be pretty useless. A shortcut that connects you to a web site is a very normal thing, and doesn't have to contain anything that distinguishes it from any other shortcut on your computer - except possibly the destination. Some programs, including recent Norton, have lists of suspect or known-malicious destinations, and can even try to warn you about that, but until we have a complete list of every actual person and website who "doesn't play nice" there can't be complete protection. Your burglar alarm can detect when someone jimmys open a window and tries to sneak in; but it's probably useless if they knock on your front door and talk you into inviting them in. If they happen to pick up the keys to all your treasures while they're there having a cool one with you even the cops may tell you that it's not a "reportable crime" since they were an "invited guest." If your Internet Security is pre-2007 or so, you may not have the "Fraud Monitoring" plugin, and some of the Adware extensions are "extras" but all the anti- guys are trying to protect you. The problem is that MOST OF THE CRUD in circulation now is phishing, and no software can protect you from (intentionally or inadvertently) being "taken in" by a good con game. You have to do it yourself. As to aggressive, doesn't anybody remember when Sony said it was okay to put a rootkit on your computer, to track every bit of music you played, if you played one of their CDs? Or the year that TurboTax replaced your Internet Explorer with their own version, modified to collect and send all your financial data to them if you used their tax prep program? Perfectly legal(?) if you do it "in the name of profit" and if you can convince the one driving the computer to "insert the disk" or "click the button" or "open the door and let me in." John |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Acorn4 Date: 22 Feb 08 - 04:04 AM I've got strong suspicions that I've got a similar bug to the one described on my machine and various anti-virus/anti spyware programs haven't been able to detect it - apparently there is a new wave of bugs which enter via "Java", which the anti-virus people haven't been able to get on top of yet - if you disable Java in the browser and just enable it for trusted sites, this prevents further nasties getting in -presumable the anti-virus/spyware people will get on the case soon, and just keep making sure to download updates regularly. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Pete_Standing Date: 22 Feb 08 - 06:21 AM My son had something like this on his computer recently. Some security type icons appeared on his desktop and some windows kept on popping up saying his computer was at risk. I know those were rogues because I would identify all the AV/Spyware stuff I had installed - Norton, Adware and Spybot. However on the advice of my brother in law I had recently started switching over to AVG anti virus/protection. This identified and removed all the junk on my son's computer and it is now fine. When all the Norton subscriptions in the house are up, we will be an AVG shop. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 01:04 AM Speaking of AVG, someone on a thread here recently said they no longer offer free basic protection. This is not true - they do, it just takes a bit of looking through their site. Here's the limk - free offer at page bottom. http://www.grisoft.com/doc/download-free-anti-virus/ca-en/crp/2 |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Stilly River Sage Date: 23 Feb 08 - 01:27 AM You load the AVG software and if you don't pay you select the button to use it for free. Easy. I went in and told it to stop all of the reporting on the bottom of my incoming and outgoing email. It can scan it, just don't tell me about it. I was seeing emails go back and forth on discussion lists ending up with yards of AVG messages at the bottom. Here is a message I sent to the others on that list about how to turn off the footers: Did you know you can make AVG stop sending the footers on your email? -Open AVG (a four-color box on your quick launch bar) -Click on "e-mail scanner" or the "properties" button. -Select "configure" button -On "e-mail scanning" you can leave it to scan mail but not announce it in a footer. -To remove the footer, uncheck the box to "certify mail" under incoming and/or outgoing mail columns. -To change the message leave the "certify mail" box checked but click the "details" button at the bottom to find the message text box. -Click "OK" to exit. There was a report on the news today about the arrest of some folks in Canada and elsewhere who were trying to attack American computers very recently. It must have been a pretty ham-handed attempt, but I saw evidence of it on my own. I had my modem straight into the computer for a while when I was troubleshooting some router stuff. I had several hits that Kerio caught from a Canadian IP address. Same one my aunt uses in Calgary (her email). I blocked it, but it came through every so often, until I got the router back online. I bet it was them. SRS |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 11:53 AM I have no idea why, but in all the years I've been online, even when I had, for several years, no anti-virus protection at all, I've been extremely lucky and only once had a trojan invade my computer. Other than that one instance, no anti-virus program has ever recorded anything at all. Of course, my online habits are pretty clean, and I'm not addicted to exchanging cute or jokey emails with all my correspondents - one of my relatives is still a little miffed that I refused to accept her constant stream of glurge, prayer chain letters, multi-forwarded jokes and other junk. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Amos Date: 23 Feb 08 - 01:17 PM Complicated lives, you folks live. My OSX seems to take care of itself. I always check the source of any ambiguous email, and can spot a fraudulent http link readily enough. I have several good filters that move things to junk. And, I guess, I use an OS only enjoyed by ten per cent (or is it more now) of the WWW. A |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Chicken Charlie Date: 23 Feb 08 - 01:17 PM Joe--Thanks for starting this thread! Joe and other contributors--Again thanks. Lots of good info. Bee--I envy your luck, and I know where you're coming from on "glurge," which has endeared its way into my vocab list. Just last week, I told somebody to please cut out the "you must past this on to 15 friends in five seconds or you're not a decent human being" type of feel-good chain junk. Glurge. Has a real ring to it. Anybody have any opinions/experiences with Brave Sentry or Bullguard? I'd love to hear, before I install any more apparently useless "security" programs. Chicken Charlie |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Bee Date: 23 Feb 08 - 02:13 PM Chicken Charlie, I just routinely admit to not being a decent human being on that front. BTW, for anyone interested, as my free Norton trial ended last night, I installed AVG Free on my Vista Home Premium this afternoon with no obvious problems or conflicts or compatibility issues. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Jon Nix Date: 23 Feb 08 - 02:42 PM To minimise risks of many of these bugs, try using Mozilla Firefox browser. It is totally free to download and really easy to use. Most of the internet spam & viruses are written to invade Microsoft IE, but are easily blocked by Firefox, which is Linux based. I have been using Firefox for a few years now, with AVG (free) antivirus and use AdAware (free) anti-spyware. I have not had any serious infection since, though I had several whilst running Microsoft IE. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Amos Date: 23 Feb 08 - 03:29 PM ...or buy a Mac. A |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST Date: 23 Feb 08 - 04:00 PM The MAC OS is based on *nix, so very similar to Linux John |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: SINSULL Date: 24 Feb 08 - 01:07 PM I keep getting a pop up telling me that "BackWeb Plugin is out of date. Please click OK to install". It is titled BackWeb PlugIn. It's not Norton GoBack. Any ideas? Sometimes clicking the X doesn't make it go away. Very persistent. |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: bobad Date: 24 Feb 08 - 01:22 PM Some info on Backweb Plug-in here |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: Gulliver Date: 24 Feb 08 - 04:04 PM Like Bee I went for years without an anti-virus program or firewall, and had very little trouble--about 3 instances of malware in 4 years, which were removed after locating information on Google. But I did disable some Internet option when surfing dodgy sites (I think it might have been activeX) which meant I was prompted whenever a site tried to download anything onto my computer. The reason I didn't use the anti-virus software was that, when I installed it, it slowed down my computer. I got a new (well, second-hand) computer a few months ago (which isn't very fast) and installed some freebee programs that came with it: AVG, Sygate firewall, Spamfighter and Spybot. AVG still seems to slow down my computer, for example wants to run checks on every word doc and spreadsheet, and probably HTML file, as well as the email (which is protected by Spamfighter) so I'm thinking of disabling as much as possible and just running it intermittently, along with Spybot. Don |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: GUEST,Joe Offer, at the Women's Center Date: 03 Mar 08 - 07:35 PM OK, so now the Women's Center has something called "Malware Alarm" and another called "Advanced Cleaner" that want to install themselves, and keep displaying ominous warnings to get you to agree to install. So far, I haven't been able to find specific information about "Malware Alarm" and "Advanced Cleaner" at Symantec, McAfee, or any Website I trust. Also, on bootup I get a messages saying Rundll has an error loading windows\system32\nqsdjkdt.dll - and Google won't tell me what the *.dll file is. Advice? Thanks. -Joe- Oh, and the other thing is that while I'm doing this, the Women's Center cat is very interested in the process, and keeps walking across the keyboard, and sniffing around and purring and making herself a general nuisance. I admit that the cat is very good for the well-being of all the staff and guests here, but she sure is a nuisance when I'm doing computer work. When I was working on the Website and before I had a chance to back it up, I was scared to death she was going to walk over the keyboard, hit CTRL-A and "delete." this cat is too smart for her own good. The only animal I want near a computer is a mouse.... |
Subject: RE: Tech: Unwanted 'Spyware Remover' From: bobad Date: 03 Mar 08 - 07:44 PM Joe, if you Google Malware Alarm" and "Advanced Cleaner" you'll find that they are something known as "rogue antispyware" which is installed via Trojans and other computer exploits. It would probably be a good idea to give this computer a good clean out. |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Joe Offer, STILL at the Women's Center Date: 03 Mar 08 - 09:05 PM So, I ran McAfee, and it came up with nothing malicious but cookies. The "Malware Alarm" sales pitch comes up every time I open Internet Explorer. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: bobad Date: 03 Mar 08 - 09:21 PM Try "Spybot" and/or "Ad-Aware" they may do it. |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 03 Mar 08 - 09:36 PM Picked from Google: Sophos shows a "Malware Alarm" as a "potentially unwanted application" and appears to say that it's anticrud program will remove it for you. I'm not familiar with Sophos programs so can't say which class of program they're suggesting. Symantec also identifies it as a "serious threat." The Symantec response references Symantec AntiSpywareShield, which possibly indicates that this is something not typically detected by antivirus programs. (You need "Internet Security" or "Norton 360" for this kind of stuff.) The recommendation that you "visit the Symantec Security Response website" is vague (they've been taking lessons from Vista), since there ain't no such button on their header; but a search at Symantec gets me to Security Response Weblog where there's a button on the right to run the "Symantec Security Check" which might be helpful. John |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST Date: 03 Mar 08 - 11:35 PM I love using Firefox, but it does make me wonder about the use of Symantec. Last time I checked, their online scan didn't work with Firefox. I've got kerio, adaware, spybot and avg, so it doesn't really matter, I just think it's too bad they don't include it. kat - accidentally dumped my cookie |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 04 Mar 08 - 12:44 AM The kind of malware described isn't a virus and quite probably was downloaded to the computer when someone "clicked something" giving permission for it to be accepted. Common AV programs simply have no way of objecting if the operator requests a download, or installation of a program. More advanced antispyware and antiphishing programs can give some help via temporary blocking and/or warnings, but a terminally-unaware operator can override the warnings. The cat is probably hangin' close on the assumption that someone is going to try to name him/her/it as the guilty one. "The cat did it" is a well known alibi, although it's usually the dog that comes forth with that one. (Sometimes the cat did do it; but you have to know if the dog can be trusted before filing charges.) John |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 04 Mar 08 - 02:02 AM Well, I gave up for today. Guess I'll have to drive back to Sacramento tomorrow, or whenever I find a really good way to remove this nasty thing. This particular computer is used by all the staff, our college interns, and Lordy knows who else - so it has had some really dumb things loaded on it at times. It's also the computer used by Madame Executive Director, so it's important to get it back in operating condition (even though she uses it mostly for solitaire - we give her a hard time about that, but Sister Judy has a much better attitude if she can play solitaire...) As for the cat, I can't really complain. Since I am surrounded by women and the cat is also female, I have to be on my best behavior. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Joe Offer Date: 04 Mar 08 - 05:18 PM You know, I have to say I'm a bit disappointed. I was ruse somebody here would be able to tell me how to remove these things - Malware Alarm" and "Advanced Cleaner." There have been some solutions mentioned, but nothing that sounds completely credible. I'd like to remove this without getting a new program to replace McAfee (although I was disappointed that McAfee didn't find this problem and that its Website offered no solution). I'm off to the Women's Center to see if I can fix it. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: The Fooles Troupe Date: 04 Mar 08 - 09:23 PM I'm sure the women will fix you Joe... |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 04 Mar 08 - 09:36 PM Malware Alarm appears to give a pretty thorough description of this crudware, and instructions for removal. The instructions may leave some guesswork to be done in identifying everything that needs to be removed. I can't tell without a "sample" to see if the filenames given are actually what appears when you're infected. The site includes a "commercial" for a program that it says will do the removal for you, but also includes manual removal guidelines. Note: I haven't heard of either this site or the program it pushes, so I can't vouch for them. They appear to be "up front" but of course so do lots of scam sites. This looks like a reputable site. The only things I find for "Advanced Cleaner" are at blog/discussion group sites. My impression of these sites is that the advice is frequently "ill-informed," but with the problem in front of you, you may be able to judge whether one might be helpful. Best of the lot: Yahoo: smitfraud (Note the suggestion to go to the same 411-spyware.com site as for the link above.) PC World: RogueRemover John |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Joe Offer at the Women's Center Date: 04 Mar 08 - 11:59 PM Well, I installed and ran Spybot - Search and Destroy three times before the scan came out clean. I'm still getting new browser windows sending me to unwanted Websites, even though the browszer is set not to allow popups. So, I'm still working. It's 9 PM and I'm in the tough part of town, but there's a fence around the car so I guess I'm safe. -Joe- |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: JohnInKansas Date: 05 Mar 08 - 07:36 PM Joe - If Spybot S&D finds new stuff on a second run, assuming you haven't been browsing and pickup something new between the runs, it's likely that something that Spybot removed has been reinstalling itself. This would be most likely to happen with a reboot. Some spyware/malware can do this by putting an "install file" in the Startup folder - the launch platform for stuff that's loaded at each reboot. It can also come from a Registry entry that calls for a reinstall. System Restore can be very helpful if needed, but can reinstall malware at reboot in some cases. When you boot, the Registry is examined for changes, and if something has been removed that's "needed" (a file that's set to run asks for it?) the system looks for a backup Registry copy made by System Restore and puts the Registry entry, and sometimes the file, back in place. To avoid "comebacks," when trying to remove seriously embedded malware, it's necessary to TURN OFF SYSTEM RESTORE before going through the motions to try to remove stuff. When you turn off System Restore, all prior Registry copies it's made are DELETED so they can't be used to put the malware back. The usual recommendation is that you make a manual backup of the Registry somewhere so that you can (manually) restore from it if everything turns to shit. Then turn off System Restore to remove any other possibly infected copies so the system can't automatically reinstall the malware every time you reboot. The "MalwareAlarm" link above at 04 Mar 08 - 09:36 PM tells you what to delete for one of the problems you've probably been fighting with. Note that you can't delete a program that's running so you may have to fight with using Task Manager to turn things off, or may have to resort to a Safe Boot to be able to get rid of some things. Also note that when searching for files in Win Explorer you need to turn on the "Search Hidden and System Files" in the "Advanced" section of the search input. If you can delete enough of the files the malware uses to get it crippled, and can prevent System Restore from putting them back, you may get "Registry Errors" saying something like "File Not Found" when you reboot. An accurate identification of the "missing file" usually will let you search the Registry for the entry that's calling for it, so you can clean up the Reg files, if that's also needed. Even if the cat did it, she's probably too subtle to tell you how or to offer help. (Even waterboarding is generally ineffective for cats, and more likely will cause injury to the interrogators.) John |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: GUEST,Murphy Date: 06 Mar 08 - 06:27 AM I recently had a spate of these, each one telling me that my PC was infected and trying to sell me their wares. I could not eliminate any of them and eventually I tried "System Restore" which is accessed via "System Tools". This enabled me to restore the PC to a date preceding the Trojan Invasion and it worked for me. Presumably they are still hiding somewhere in my PC but I live in hope. |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Jim Martin Date: 06 Mar 08 - 06:48 AM Have tried to open Spybot prog since downloading but cannot, anyone know possible reason/s why? |
Subject: RE: Tech: Unwanted 'Spyware Remover' (& cat) From: Roger the Skiffler Date: 06 Mar 08 - 11:53 AM I guess you're safe any way, Joe, I always see you as a "Jack Reacher"* kind of guy! **BG**. I got "Access Denied" again today when I tried to access Mudcat a couple of hours earlier. Now I got in with no problems! AOL? Probably! RtS (*you all read Lee Child don't you?) |
Share Thread: |
Subject: | Help |
From: | |
Preview Automatic Linebreaks Make a link ("blue clicky") |