How to remove this sucker from my system?
Already tried: spybot s & d was installed and immunized and still
got infected no result
cwshredder no result
Hijack this no result
Powerful cookies no result
Register key removed no result came right back
Started in safe mode and tried all of the above no
result

Somebody have a sollution for this?

René

Disable System Restore. This will blow out all your restore points, but is
probably the only way to remove your problem. These malicious applications
can put a copy of themselves in a restore point, they are that sneaky. Run
CWShredder again. Run Spybot Search and Destroy again. When you are
satisfied your system is clean, enable System Restore once again.

"René Heijmans" <(E-Mail Removed)> wrote in message
news:43360df8$0$3389$(E-Mail Removed)...
> How to remove this sucker from my system?
> Already tried: spybot s & d was installed and immunized and still
> got infected no result
> cwshredder no result
> Hijack this no result
> Powerful cookies no result
> Register key removed no result came right back
> Started in safe mode and tried all of the above no
> result
>
> Somebody have a sollution for this?
>
> René
>
>

In news:(E-Mail Removed),
Kevin <(E-Mail Removed)> had this to say:

My reply is at the bottom of your sent message:

> Disable System Restore. This will blow out all your restore points,
> but is probably the only way to remove your problem. These malicious
> applications can put a copy of themselves in a restore point, they
> are that sneaky. Run CWShredder again. Run Spybot Search and
> Destroy again. When you are satisfied your system is clean, enable
> System Restore once again.
> "René Heijmans" <(E-Mail Removed)> wrote in message
> news:43360df8$0$3389$(E-Mail Removed)...
>> How to remove this sucker from my system?
>> Already tried: spybot s & d was installed and immunized and still
>> got infected no result
>> cwshredder no result
>> Hijack this no result
>> Powerful cookies no result
>> Register key removed no result came right back
>> Started in safe mode and tried all of the
>> above no result
>>
>> Somebody have a sollution for this?
>>
>> René

With all due respect the above is not the best information available at this
time. To disable system restore will remove the chance you have to go back
should you make an error while cleaning the system. Beyond that nothing has
ever automatically re-installed itself from restore, ever. The only way for
something to be reactivated from restore is to have used it to restore. In
other words if you have a million viruses in a restore point you'll get a
dirty scan result but there's no way for those to climb back out and
re-infect you unless you restore to that point. The idea of disabling
restore is a commonly propagated myth even by some of the major malware
cleaning sites.

I'd try again with various malware cleaners. Install them, update them, and
then do a scan in safe mode.

Malware Cleaners and Repair :
http://kgiii.info/windows/all/general/malwarefix.html

Galen
--

"You know that a conjurer gets no credit when once he has explained his
trick; and if I show you too much of my method of working, you will
come to the conclusion that I am a very ordinary individual after all."

Sherlock Holmes

In news:(E-Mail Removed),
Kevin <(E-Mail Removed)> typed:

> Disable System Restore. This will blow out all your restore
> points,
> but is probably the only way to remove your problem.


No, it is not wise to disable sustem restore until *after* the
problem has been solved. If your attempts to uninfect the system
fail, and everything gets screwed up, it's good to be able to use
System restore to take you back. It's far better to be able to
restore to an infected system, where you can still work on the
problem, than have no system at all.

It's very important to realize that an infection in a restore
point is completely innocuous and can't harm you in any way,
*unless* you restore from it. So keep those restore points, but
don't restore from them (unless it's your only alternative).

Once the infection is gone, and it's clear that you won't need
the restore points, *then* disable System Restore to get rid of
them, then re-enable it.


> These malicious
> applications can put a copy of themselves in a restore point,
> they
> are that sneaky.


No, they don't normally put themselves in a restore point. What
happens is simply that when a restore point of an infected system
is created, the restore point will contain the infection. If you
copy something with an infection, the copy contains the infection
too.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup


> Run CWShredder again. Run Spybot Search and
> Destroy again. When you are satisfied your system is clean,
> enable
> System Restore once again.
> "René Heijmans" <(E-Mail Removed)> wrote in message
> news:43360df8$0$3389$(E-Mail Removed)...
>> How to remove this sucker from my system?
>> Already tried: spybot s & d was installed and immunized and
>> still
>> got infected no result
>> cwshredder no result
>> Hijack this no result
>> Powerful cookies no result
>> Register key removed no result came
>> right back
>> Started in safe mode and tried all of
>> the
>> above no result
>>
>> Somebody have a sollution for this?
>>
>> René

Really really really NASTY !

I had it on my PC and couldn't remove it ,tried so many programs with no
/less result.
Then all I did was to re-install my OS and so I did.

Anyway....Again Try :

>>SpyBot Search and Destroy
>>Ad-Aware SE Personal
>>Microsoft Antispyware
http://www.microsoft.com/athome/secu...s/default.mspx

>>CWShredder
>>Trial version of Panda Titanium
http://www.pandasoftware.com/products

>>Try to manually remove it from the registry

Do everything in Safe Mode with updated definitions

If nothing help,create a back-up of all you files (only files) ,check it for
viruses ,format and re-install Windows

Re-installing seems stupid,I normally do not recommend it but with
CWS,surely YES.

Good luck!

Panda_man
" Let's beat malware black and blue "
" No new epidemic of all kind of malware -> Panda TruPrevent "


"René Heijmans" wrote:

> How to remove this sucker from my system?
> Already tried: spybot s & d was installed and immunized and still
> got infected no result
> cwshredder no result
> Hijack this no result
> Powerful cookies no result
> Register key removed no result came right back
> Started in safe mode and tried all of the above no
> result
>
> Somebody have a sollution for this?
>
> René
>
>
>

See the links below for information regarding System Restore and malware:

http://antivirus.about.com/od/window...temrestore.htm

http://www.techbuilder.org/recipes/60402485

http://www.michaelhorowitz.com/removespyware.html

My personal experience with System Restore has never left me with any
problems. I've disabled it several times, on a couple of different systems,
with no difficulties resulting at all. The thing to remember is that when
you disable System Restore you have eliminated all your system restore
points, which means you have no safety margin to fall back on. Ideally, you
would know which of your points were uncompromised and restore back to that
clean, uninfected point.

"Galen" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Kevin <(E-Mail Removed)> had this to say:
>
> My reply is at the bottom of your sent message:
>
>> Disable System Restore. This will blow out all your restore points,
>> but is probably the only way to remove your problem. These malicious
>> applications can put a copy of themselves in a restore point, they
>> are that sneaky. Run CWShredder again. Run Spybot Search and
>> Destroy again. When you are satisfied your system is clean, enable
>> System Restore once again.
>> "René Heijmans" <(E-Mail Removed)> wrote in message
>> news:43360df8$0$3389$(E-Mail Removed)...
>>> How to remove this sucker from my system?
>>> Already tried: spybot s & d was installed and immunized and still
>>> got infected no result
>>> cwshredder no result
>>> Hijack this no result
>>> Powerful cookies no result
>>> Register key removed no result came right back
>>> Started in safe mode and tried all of the
>>> above no result
>>>
>>> Somebody have a sollution for this?
>>>
>>> René
>
> With all due respect the above is not the best information available at
> this time. To disable system restore will remove the chance you have to go
> back should you make an error while cleaning the system. Beyond that
> nothing has ever automatically re-installed itself from restore, ever. The
> only way for something to be reactivated from restore is to have used it
> to restore. In other words if you have a million viruses in a restore
> point you'll get a dirty scan result but there's no way for those to climb
> back out and re-infect you unless you restore to that point. The idea of
> disabling restore is a commonly propagated myth even by some of the major
> malware cleaning sites.
>
> I'd try again with various malware cleaners. Install them, update them,
> and then do a scan in safe mode.
>
> Malware Cleaners and Repair :
> http://kgiii.info/windows/all/general/malwarefix.html
>
> Galen
> --
>
> "You know that a conjurer gets no credit when once he has explained his
> trick; and if I show you too much of my method of working, you will
> come to the conclusion that I am a very ordinary individual after all."
>
> Sherlock Holmes
>

In news:%(E-Mail Removed),
Kevin <(E-Mail Removed)> had this to say:

My reply is at the bottom of your sent message:

> See the links below for information regarding System Restore and
> malware:
> http://antivirus.about.com/od/window...temrestore.htm
>
> http://www.techbuilder.org/recipes/60402485
>
> http://www.michaelhorowitz.com/removespyware.html
>
> My personal experience with System Restore has never left me with any
> problems. I've disabled it several times, on a couple of different
> systems, with no difficulties resulting at all. The thing to
> remember is that when you disable System Restore you have eliminated
> all your system restore points, which means you have no safety margin
> to fall back on. Ideally, you would know which of your points were
> uncompromised and restore back to that clean, uninfected point.
>
> "Galen" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> In news:(E-Mail Removed),
>> Kevin <(E-Mail Removed)> had this to say:
>>
>> My reply is at the bottom of your sent message:
>>
>>> Disable System Restore. This will blow out all your restore points,
>>> but is probably the only way to remove your problem. These
>>> malicious applications can put a copy of themselves in a restore
>>> point, they are that sneaky. Run CWShredder again. Run Spybot
>>> Search and Destroy again. When you are satisfied your system is
>>> clean, enable System Restore once again.
>>> "René Heijmans" <(E-Mail Removed)> wrote in message
>>> news:43360df8$0$3389$(E-Mail Removed)...
>>>> How to remove this sucker from my system?
>>>> Already tried: spybot s & d was installed and immunized and still
>>>> got infected no result
>>>> cwshredder no result
>>>> Hijack this no result
>>>> Powerful cookies no result
>>>> Register key removed no result came right
>>>> back Started in safe mode and tried all of
>>>> the above no result
>>>>
>>>> Somebody have a sollution for this?
>>>>
>>>> René
>>
>> With all due respect the above is not the best information available
>> at this time. To disable system restore will remove the chance you
>> have to go back should you make an error while cleaning the system.
>> Beyond that nothing has ever automatically re-installed itself from
>> restore, ever. The only way for something to be reactivated from
>> restore is to have used it to restore. In other words if you have a
>> million viruses in a restore point you'll get a dirty scan result
>> but there's no way for those to climb back out and re-infect you
>> unless you restore to that point. The idea of disabling restore is a
>> commonly propagated myth even by some of the major malware cleaning
>> sites. I'd try again with various malware cleaners. Install them, update
>> them, and then do a scan in safe mode.
>>
>> Malware Cleaners and Repair :
>> http://kgiii.info/windows/all/general/malwarefix.html
>>
>> Galen
>> --

Oh I know the various links. Even major companies like Symantec will tell
you to do such things while it's impossible (at this time it seems to be as
nothing has ever done so yet) for anything to automatically re-infect a
system from the restore point location. To disable it prior to making the
cleaning gives no chance to use it if the cleaning process ruins something.
To cut the safety line of restore, which may or may not even work but the
chance is there, to clean malware is an excessive step and one potentially
leading to additional complications. It is generally better to remove any
restore points after having cleaned any malware instances not in the
_restore file location and then to create a new clean one immediately after
cleaning and testing to make sure the system is functional.

Galen
--

"You know that a conjurer gets no credit when once he has explained his
trick; and if I show you too much of my method of working, you will
come to the conclusion that I am a very ordinary individual after all."

Sherlock Holmes

Clean reinstall.

--
Ted Zieglar
"You can do it if you try."

"René Heijmans" <(E-Mail Removed)> wrote in message
news:43360df8$0$3389$(E-Mail Removed)...
> How to remove this sucker from my system?
> Already tried: spybot s & d was installed and immunized and still
> got infected no result
> cwshredder no result
> Hijack this no result
> Powerful cookies no result
> Register key removed no result came right back
> Started in safe mode and tried all of the above no
> result
>
> Somebody have a sollution for this?
>
> René
>
>

Sounds like the malware is re-installing itself.
Run Spybot again, in Advanced Mode.(make sure spybot is upto date by using
its auto update feature)
This time check your BHO's, and ActiveX.
Ignore any entries that you're absolutley certain are not that cause of you
problems.
Next check your Startup Items.
Look at each entry to find the filename & location of each program loaded.
Find each file listed and right click on it and select properties, then the
Version tab.

If it doesnt have a version tab ... Be suspicious of it ..
If it does, then review the info listed on that tab. There's a good chance
that the info contained on it
may be an obvious indicator.

Then check the Process List for any entries that are suspicious or programs
you've deemed
suspicious from above.

Try killing processes that you believe are the source of problem, then have
Spybot try and remove
it.
Be warned, the prgram may try copying itself and running the copy when it's
killed and you should refresh the process list to look for new entries.

If you can find the registry entry/entries that load it, you can try using a
regestry monitoring program to see which program replaces the entry.

You can also use msconfig.exe, to temporarily disable start up item to see
which one is responsible.

if all else fails, consider a clean re-install of your os


"René Heijmans" <(E-Mail Removed)> wrote in message
news:43360df8$0$3389$(E-Mail Removed)...
> How to remove this sucker from my system?
> Already tried: spybot s & d was installed and immunized and still
> got infected no result
> cwshredder no result
> Hijack this no result
> Powerful cookies no result
> Register key removed no result came right back
> Started in safe mode and tried all of the above no
> result
>
> Somebody have a sollution for this?
>
> René
>
>