Help! Can't get rid of spyware

[Charlie]

If I am not in the right group please direct me there.
I am running Window XP Home with all the current updates. I have recently
picked up some spyware and can't get rid of it. I have run Adaware 6.0 and
Sypbot 1.2 and the crud seems to regenerate again at boot time. Adaware
alerts me to the attempts to make registry changes and hijack my browser.
The object running is msbb.exe and the vendor is listed as NCase. This thing
keeps trying to change my default browser page to www.blazefind.com.

Any help in getting rid of this thing will greatly be appreciated.

 

[Jim Macklin]

The current version of Ad-Aware is 6.181 and there are new
updates every week or so. SpyBot has updates every few
weeks, be sure you have the latest updates.

Also, a Google for "ncase removal" will find a wealth of
info.


| If I am not in the right group please direct me there.
| I am running Window XP Home with all the current updates.
I have recently
| picked up some spyware and can't get rid of it. I have run
Adaware 6.0 and
| Sypbot 1.2 and the crud seems to regenerate again at boot
time. Adaware
| alerts me to the attempts to make registry changes and
hijack my browser.
| The object running is msbb.exe and the vendor is listed as
NCase. This thing
| keeps trying to change my default browser page to
www.blazefind.com.
|
| Any help in getting rid of this thing will greatly be
appreciated.
|
|

 

[f/fgeorge]

panicware.com has a spyware removal tool too and it is FREE! I use it
and it seems to find more things than adaware.

 

[PA Bear]

Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

CoolWebSearch Chronicles
http://www.merijn.org/cwschronicles.html

You *must* seek updates for Ad-Aware, Spybot, etc., before each and every
use, even "right out of the box". But even then, they can't catch
everything. When all else fails, HijackThis
(http://www.merijn.org/files/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your files to http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**

Also update your virus definitions and then run a full system scan. From
now on, do both daily.

[Many anti-spyware sites continue to suffer from a week-long DoS attack.
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page: http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH VSOP

What You Should Know About the Mydoom Worm Variants:
Mydoom.A, Mydoom.B, and Mydoom.C (a.k.a. Doomjuice)
http://www.microsoft.com/security/antivirus/mydoom.asp

Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html

 

[Kelly]

Hi Charlie,

Do a search for msbb.exe and delete it. One will be listed in C:\Windows
and twice in the registry (runkeys). The uninstaller works as well.
http://www.n-case.com/ncaseuninstall.html

 

[Gene K]

If I am not in the right group please direct me there.
I am running Window XP Home with all the current updates. I have recently
picked up some spyware and can't get rid of it. I have run Adaware 6.0 and
Sypbot 1.2 and the crud seems to regenerate again at boot time. Adaware
alerts me to the attempts to make registry changes and hijack my browser.
The object running is msbb.exe and the vendor is listed as NCase. This thing
keeps trying to change my default browser page to www.blazefind.com.

Any help in getting rid of this thing will greatly be appreciated.

You have been highjacked I think. Go here and download "HijackThis.exe"
and run it to find and eliminate this:
http://216.239.39.104/search?q=cach...www.spywareinfo.com+HijackThis&hl=en&ie=UTF-8
Gene K

 

[Helob]

Try Spy sweeper. It picks up adware that both adware 6 & sypbot
misses.
Share with us your findings.

 

[Patrick Casher]

Adding a hosts file will block most adware see:

http://mvps.org/winhelp2002/hosts.htm

Patrick