Some help from Andy Manchesta here:
The "Nameshifter" name is just used by MS Antispy which
then gets passed on to Counterspy but the name itself
doesnt show what the infection is so it's always hard to
answer nameshifter questions, Only the MS team would know
what infection this relates to all its really saying it
that it can change its name so that could be alot of
malware (Look2me,Qoologic,Aurora,Elite,CoolWebSearch
etc..)
Here's a few options
When you say it keeps coming back, MSAS should tell you
what the filename is and where it is located, If its
in "System Volume Information" let us know as you can
just flush your system restore to remove it.
This could change it's name everytime you reboot like
Aurora's entry or it could just change its name when you
delete it like Look2me,CWS & Qoologic as there may be
another part protecting the files.
Goto Jotti's site and upload the nameshifter file to find
out what it is and what infection it is conected with
http://virusscan.jotti.org/
press browse, find the file then press "Submit"
Download Ewido and Ccleaner
Ewido
http://www.ewido.net/en/
Install ewido.
During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".
Launch ewido
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe
mode.
Ccleaner
http://www.ccleaner.com/ccdownload.asp
Download and Install
Reboot into safe mode (Reboot and keep tapping F8 then
choose safe mode from the list)
Run Ewido and from the main menu choose scanner then
Complete Scan
Click the Start Scan button to start the scan.
During the scan it will prompt you to clean files, click
OK
When the scan is finished, look at the bottom of the
screen and click the Save report button.
Save the report to your desktop
Run MS Antispy in safe mode on a full system scan and
remove anything found
Finally Start Ccleaner and click "Run Cleaner" to remove
temp and unused files
Then reboot back to normal mode
Let us know if you have problems and what Jotti's site
detects if you can locate the file.
Regards
Andy
--
Andre
Extended64 |
http://www.extended64.com
Blog |
http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
"faddat" <(E-Mail Removed)> wrote in message
news:008645D7-886A-4865-BD92-(E-Mail Removed)...
> This is one mean piece of Spyware. I've googled and googled and not found
> any hint of how to manually remove it. MSAS tells me that it can find it,
> but it tries to remove it and by the time the PC is restarted, good old
> Trojan.Startup.Nameshifter.GL has come back.
>
> Has anyone run into this very mean piece of spyware and had a success at
> getting rid of it?
>
> Is there anything that I can do to tweak MSAS so that it stays gone?
>
> Thanks!
>
> -Jake
Similar Threads
