SEP (spyware) Keeps Reinstalling

I am using Microsoft Spyware software to detect/remove spyware from my
computer.

However, there is one that it cannot permanently remove. It removes it
completely (supposedly) from my PC, but it installs itself IMMEDIATELY back
onto my PC.

I did remove it from the registery, but to no avail. There is obviously
something else on my PC that is reinstalling it.

Any advice is welcome!

Thanks,

Doug
dbfugate@cox.net

Restart your computer in safe mode and do a full system scan. On the Scan
Page choose Scan Options > Full System Scan.

--

Andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"Doug F." <dbfugate@cox.net> wrote in message
news:dKOf58AIFHA.1676@cpmsftngsa06.privatenews.microsoft.com...
>I am using Microsoft Spyware software to detect/remove spyware from my
>computer.
>
> However, there is one that it cannot permanently remove. It removes it
> completely (supposedly) from my PC, but it installs itself IMMEDIATELY
> back onto my PC.
>
> I did remove it from the registery, but to no avail. There is obviously
> something else on my PC that is reinstalling it.
>
> Any advice is welcome!
>
> Thanks,
>
> Doug
> dbfugate@cox.net
>

>-----Original Message-----
>Restart your computer in safe mode and do a full system
scan. On the Scan
>Page choose Scan Options > Full System Scan.
>
>--
>
>Andre
>http://spaces.msn.com/members/adacosta
>FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
>"Doug F." <dbfugate@cox.net> wrote in message
>news:dKOf58AIFHA.1676@cpmsftngsa06.privatenews.microsoft.
com...
>>I am using Microsoft Spyware software to detect/remove
spyware from my
>>computer.
>>
>> However, there is one that it cannot permanently
remove. It removes it
>> completely (supposedly) from my PC, but it installs
itself IMMEDIATELY
>> back onto my PC.
>>
>> I did remove it from the registery, but to no avail.
There is obviously
>> something else on my PC that is reinstalling it.
>>
>> Any advice is welcome!
>>
>> Thanks,
>>
>> Doug
>> dbfugate@cox.net
>>
>
>
>.
>I have the same problem. Running a full scan in save
mode did not bring any solution.Http://rl.webtracer.cc/-
/bayzm keeps coming back as internet start-page (shown in
internet properties) and gives me Http://utruuh.globe-
finder.cc/bayzm as starting page. Does someone face a
similar problem? And what alternative solution is to
apply? By the way, Spybot Search and destroy couldn't
either fix this problem.

Thanks,
Peter.
phoogeveen@chello.nl

Hi Doug

If MS fails in safe mode make sure you have removed all
registry entries.
This spyware is related to Wintools & Lycos SideSearch so
also check your system for thess incase its Helping it
reappear (Typically Wintools is in the Windows/Common
Files Folder) And sidesearch can be found on the
Add/Remove screen.Wintools is difficult to kill but can
explain more if its found ive listed a couple of its
registry values and location just so you can check while
removing the SEP values.


First enable Hidden Files and Folders

Enable viewing of hidden files and folders and
extensions; Start Windows Explorer and click on
your main hard drive, usually c:\. Then select Tools from
the top of Windows Explorer and then Folder Options. Go
to the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types.



Registry Values Connected to SEP & Wintools


Start your computer in safe mode. (Tapping F8 on reboot)

Start the registry editor.

This is done by clicking Start then Run.
Type regedit and click OK.

Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ Run'


In the right pane, delete the value called 'WinTools', if
it exists. Delete all these if found !!

Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \
{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'

Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows
\ CurrentVersion \ Explorer\Browser Helper Objects \
{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'


Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet
Explorer \ Toolbar'

In the right pane, delete the value called {C5183ABC-EB6E-
4E05-B8C9-500A16B6CF94},

Exit the registry editor.

Restart your computer.

Start Windows Explorer and delete:

C:\Program Files\SEP\ (Any Files or Folders Found)
C:\Program Files\Common files\WinTools folder (If present)

Also do a search with hidden files enabled for:

TB_setup & TBPS

If Wintools is present resetting or cleaning your hosts
file may be needed:

You can do this manually if you know about the hosts file

Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32
\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts

or if you are not sure about it just download and run
this small program which will reset your hosts file to
the Microsoft default setting:

http://members.aol.com/toadbee/hoster.zip

Press 'Restore Original Hosts' and press 'OK'
Exit Program.



Next: Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.

Next: Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp).

Thats It mate Good Luck

Andy

Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP


"phoogeveen@chello.nl" <anonymous@discussions.microsoft.com> wrote in
message news:3deb01c52028$3711a0d0$a601280a@phx.gbl...
>
>>-----Original Message-----
>>Restart your computer in safe mode and do a full system
> scan. On the Scan
>>Page choose Scan Options > Full System Scan.
>>
>>--
>>
>>Andre
>>http://spaces.msn.com/members/adacosta
>>FAQ for MS AntiSpy
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>
>>"Doug F." <dbfugate@cox.net> wrote in message
>>news:dKOf58AIFHA.1676@cpmsftngsa06.privatenews.microsoft.
> com...
>>>I am using Microsoft Spyware software to detect/remove
> spyware from my
>>>computer.
>>>
>>> However, there is one that it cannot permanently
> remove. It removes it
>>> completely (supposedly) from my PC, but it installs
> itself IMMEDIATELY
>>> back onto my PC.
>>>
>>> I did remove it from the registery, but to no avail.
> There is obviously
>>> something else on my PC that is reinstalling it.
>>>
>>> Any advice is welcome!
>>>
>>> Thanks,
>>>
>>> Doug
>>> dbfugate@cox.net
>>>
>>
>>
>>.
>>I have the same problem. Running a full scan in save
> mode did not bring any solution.Http://rl.webtracer.cc/-
> /bayzm keeps coming back as internet start-page (shown in
> internet properties) and gives me Http://utruuh.globe-
> finder.cc/bayzm as starting page. Does someone face a
> similar problem? And what alternative solution is to
> apply? By the way, Spybot Search and destroy couldn't
> either fix this problem.
>
> Thanks,
> Peter.
> phoogeveen@chello.nl
>
>
>

Thanks for you advice.

I went into safe mode, didn't have an TMP or TEMP folders to remove, removed
my temp history folder contents via IE, cleaned out my cache, then searched
the registry and removed all instances of SEP (that were not related to Real
or Sony), ran AntiSpyware, Ad-Aware SE Personal, and Spy Subtract until all
was clean, then rebooted.

And SEP Adware is back. I cannot get rid of it. Any other suggestions
(besides reformatting my drive??????)? I don't really want to reformat, but
I'm getting to the point that it would be easier to deal with that then
dealing with constant removal of SEP Adware. It's quite a Pain.

Thank you for all your help,

Doug
dbfugate@cox.net

Doug F. wrote:
> Any other suggestions besides reformatting my drive??????)? I don't really want to reformat, but
> I'm getting to the point that it would be easier to deal with that then
> dealing with constant removal of SEP Adware. It's quite a Pain.

Hi

Follow this, forum in step 8

http://aumha.org/a/quickfix.php

or go to another forum where you get
real guidance, it´s impossible without Hijackthis logs
to really help you and in this NG you get broken URL.s
and so on for special tools.

http://www.a-sap.org/ left menu

--
plun

Thanks - I'll give it a shot.

Doug


"plun" <paralun@msn.com> wrote in message
news:CrZhAccIFHA.2020@cpmsftngsa06.privatenews.microsoft.com...
> Doug F. wrote:
>> Any other suggestions besides reformatting my drive??????)? I don't
>> really want to reformat, but I'm getting to the point that it would be
>> easier to deal with that then dealing with constant removal of SEP
>> Adware. It's quite a Pain.
>
> Hi
>
> Follow this, forum in step 8
>
> http://aumha.org/a/quickfix.php
>
> or go to another forum where you get
> real guidance, it´s impossible without Hijackthis logs
> to really help you and in this NG you get broken URL.s
> and so on for special tools.
>
> http://www.a-sap.org/ left menu
>
> --
> plun

Thank you Andy,

It seems to have cleared it out. Yesterday I removed anything related to
SEP and the registry setting, and today I followed your advice. I didn't
find anything related to Wintools, thank goodness. I know there was stuff
yesterday - so I believe I removed them too. I was desperate.

Today I finished the clean up. Hopefully it's gone! I've printed your
information for future reference. HOpefully I never need it!

Thank you again for your time and advice,

Doug
"AndyManchesta" <andyorange334@hotmail.com> wrote in message
news:2b5401c52045$219a26b0$a501280a@phx.gbl...
> Hi Doug
>
> If MS fails in safe mode make sure you have removed all
> registry entries.
> This spyware is related to Wintools & Lycos SideSearch so
> also check your system for thess incase its Helping it
> reappear (Typically Wintools is in the Windows/Common
> Files Folder) And sidesearch can be found on the
> Add/Remove screen.Wintools is difficult to kill but can
> explain more if its found ive listed a couple of its
> registry values and location just so you can check while
> removing the SEP values.
>
>
> First enable Hidden Files and Folders
>
> Enable viewing of hidden files and folders and
> extensions; Start Windows Explorer and click on
> your main hard drive, usually c:\. Then select Tools from
> the top of Windows Explorer and then Folder Options. Go
> to the View tab. Scroll down to the folder icon that says
> Hidden files and folders and check show hidden files and
> folders. Also, right below it, uncheck the hide file
> extensions for known types.
>
>
>
> Registry Values Connected to SEP & Wintools
>
>
> Start your computer in safe mode. (Tapping F8 on reboot)
>
> Start the registry editor.
>
> This is done by clicking Start then Run.
> Type regedit and click OK.
>
> Browse to the key:
> 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
> CurrentVersion \ Run'
>
>
> In the right pane, delete the value called 'WinTools', if
> it exists. Delete all these if found !!
>
> Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \
> {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'
>
> Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows
> \ CurrentVersion \ Explorer\Browser Helper Objects \
> {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'
>
>
> Browse to the key:
> 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet
> Explorer \ Toolbar'
>
> In the right pane, delete the value called {C5183ABC-EB6E-
> 4E05-B8C9-500A16B6CF94},
>
> Exit the registry editor.
>
> Restart your computer.
>
> Start Windows Explorer and delete:
>
> C:\Program Files\SEP\ (Any Files or Folders Found)
> C:\Program Files\Common files\WinTools folder (If present)
>
> Also do a search with hidden files enabled for:
>
> TB_setup & TBPS
>
> If Wintools is present resetting or cleaning your hosts
> file may be needed:
>
> You can do this manually if you know about the hosts file
>
> Windows 95/98/Me c:\windows\hosts
> Windows NT/2000/XP Pro c:\winnt\system32
> \drivers\etc\hosts
> Windows XP Home c:\windows\system32\drivers\etc\hosts
>
> or if you are not sure about it just download and run
> this small program which will reset your hosts file to
> the Microsoft default setting:
>
> http://members.aol.com/toadbee/hoster.zip
>
> Press 'Restore Original Hosts' and press 'OK'
> Exit Program.
>
>
>
> Next: Delete Temp Internet files :
> Open a internet browser window, click Tools then Internet
> Options.
> Click on the Delete Cookies and the Delete Files buttons,
> then click OK and close the browser window.
>
> Next: Delete Windows Temporary Files - (start,run then
> type %temp% delete all files you can in this folder
> The Windows temporary directory (usually located at
> C:\windows\temp).
>
> Thats It mate Good Luck
>
> Andy
>
>
>