Removal of Spyware

[John McKenzie]

Hi,
I let my nephew use my computer and now none of my spyware removal tools
work i.e. Malwarebytes, SuperAntiSpyware, Ad-Aware.

Do any of you have any idea to discover what is going on. I am
relatively certain that the computer is infected with something.

 

[John McKenzie]

Hi,
I let my nephew use my computer and now none of my spyware removal tools
work i.e. Malwarebytes, SuperAntiSpyware, Ad-Aware.

Do any of you have any idea to discover what is going on. I am
relatively certain that the computer is infected with something.

I might also add that the restore point does not work and the OS is Win
XP Pro SP3

 

[Leonard Grey]

That was not the real Leythos--he would never give that advice--it's
Patrick Butts posing as Leythos.

To answer your question: Your computer is almost certainly infected with
malware. There are specific types of malware that disable your ability
to use or update your security software.

 

[Bob Lucas]

Some malware infections have the ability to block access to
anti-virus and security websites. They can also interfere with
the functionality of antivirus and spyware removal tools.

The URL at
http://tech.amikelive.com/node-144/tdss-trojan-and-bediddle-adware-removal-guide
may help. The instructions describe how to download Malwarebytes
to an uninfected computer. Then, you rename the program to avoid
detection by the malware - and use it to remove the infection.

A second possibility is to remove the hard drive from the
infected computer. Then, connect the drive physically to an
uninfected computer (as a slave drive or via a USB caddy).
Ensure the second computer has up to date protection against
viruses and similar malware. However, the risk of
cross-infection is small, because the second computer won't need
to boot from the infected disk.

Use the uninfected computer to run Malwarebytes and perform a
full scan of the infected drive. Then, you should use the
uninfected computer to perform additional scans, using
alternative anti-virus and spyware removal tools.

One word of warning. Another contributor to this thread has
advised you to "Use my Remove-it software". As with any
download, you do so at your own risk.

 

[Jose]

Hi,
I let my nephew use my computer and now none of my spyware removal tools
work i.e. Malwarebytes, SuperAntiSpyware, Ad-Aware.

Do any of you have any idea to discover what is going on.  I am
relatively certain that the computer is infected with something.

Yes. Some of this malicious software will just not allow executables
that might be used to remove them to run just by the name of the .exe
file that shows up as a process. MBAM shows up as mbab.exe in Task
Manager so may not run.

I would stick with MBAM and SAS. Locate the mbam.exe file and make a
copy called john.exe and then run john.exe and see what that turns
up. If still problems, do the same for SAS.

Lately, I have fixed several where things like regedit, cmd, and the
System Restore utility won't run. Try regedit and cmd just for fun
and let us know about that. The bad software doesn't want you do run
anything to remove it or go to any WWW sites that might help you
(except this one).

Now if your regedit and cmd still don't work but everything else now
does, we can fix that too.

Jose

 

[Leythos]

Path: news.astraweb.com!border5.newsrouter.astraweb.com!newshub.sdsu.edu!flph200.ffdc.sbc.com!prodigy.net!flph199.ffdc.sbc.com!prodigy.com!flpi107.ffdc.sbc.com!nlpi065.nbdc.sbc.com.POSTED!1244ae27!not-for-mail
From: "Leythos" <[email protected]>
Newsgroups: microsoft.public.windowsxp.help_and_support
References: <[email protected]>
In-Reply-To: <[email protected]>
Subject: Re: Removal of Spyware
Lines: 23
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Antivirus: avast! (VPS 090512-0, 05/12/2009), Outbound message
X-Antivirus-Status: Clean
Message-ID: <[email protected]>
NNTP-Posting-Host: 76.198.93.184
X-Complaints-To: (e-mail address removed)
X-Trace: nlpi065.nbdc.sbc.com 1242223056 ST000 76.198.93.184 (Wed, 13 May 2009 09:57:36 EDT)
NNTP-Posting-Date: Wed, 13 May 2009 09:57:36 EDT
Organization: at&t http://my.att.net/
X-UserInfo1: TSU[@ION_BWWR\X[ZZOFJFTBTR\B@GXLN@GZ_GYO^BVNDQUBLNTC@AWZWDXZXQ[K\FFSKCVM@F_N_DOBWVWG__LG@VVOIPLIGX\\BU_B@\P\PFX\B[APHTWAHDCKJF^NHD[YJAZMCY_CWG[SX\Y]^KC\HSZRWSWKGAY_PC[BQ[BXAS\F\\@DMTLFZFUE@\VL
Date: Wed, 13 May 2009 06:57:36 -0700

Use my Remove-it software, it will remove that malware from your system.
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

Abuse reported to prodigy and att.

 

[John McKenzie]

Yes. Some of this malicious software will just not allow executables
that might be used to remove them to run just by the name of the .exe
file that shows up as a process. MBAM shows up as mbab.exe in Task
Manager so may not run.

I would stick with MBAM and SAS. Locate the mbam.exe file and make a
copy called john.exe and then run john.exe and see what that turns
up. If still problems, do the same for SAS.

Lately, I have fixed several where things like regedit, cmd, and the
System Restore utility won't run. Try regedit and cmd just for fun
and let us know about that. The bad software doesn't want you do run
anything to remove it or go to any WWW sites that might help you
(except this one).

Now if your regedit and cmd still don't work but everything else now
does, we can fix that too.

Jose

both cmd and regedit work

 

[John McKenzie]

both cmd and regedit work

Disk Defragmenter does not

 

[Jose]

Disk Defragmenter does not

Okay, did you try renaming MBAM.EXE and running the copy or did I miss
a post?

 

[Jose]

Disk Defragmenter does not

Disk Defragmenter would be:

Start, Run, dfrg.msc

or, Start, Run, cmd and then c:\windows\System32\dfrg.msc

Try MBAM (or your copy) first.

What does "does not (work)" mean?

Does a copy of dfrg.msc work?

 

[John McKenzie]

Disk Defragmenter would be:

Start, Run, dfrg.msc

or, Start, Run, cmd and then c:\windows\System32\dfrg.msc

Try MBAM (or your copy) first.

What does "does not (work)" mean?

Does a copy of dfrg.msc work?

it loads OK but then the message disk fragmented could mot run.

 

[Elmo]

Hi,
I let my nephew use my computer and now none of my spyware removal tools
work i.e. Malwarebytes, SuperAntiSpyware, Ad-Aware.

Do any of you have any idea to discover what is going on? I am
relatively certain that the computer is infected with something.

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

 

[Jose]

it loads OK but then the message disk fragmented could mot run.

Disk fragmented could mot run?

Well, see what MBAM or your copy has to report. You should do that
first.

 

[David H. Lipman]

| it loads OK but then the message disk fragmented could mot run.



Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13

 

[John McKenzie]

Disk fragmented could mot run?

Well, see what MBAM or your copy has to report. You should do that
first.

I have no idea what MBAM is. It does not show up in taskmanager in any
form.

 

[John McKenzie]

From: "John McKenzie" <[email protected]>


| I have no idea what MBAM is. It does not show up in taskmanager in any
| form.

You said...

"...none of my spyware removal tools work i.e. Malwarebytes..."

MBAM -- MalwareBytes Anti Malware

Thanks I did not associate 'Anti Malware' with MalwareBytes never seen
it in that form.
Thanks for all the help to all of you.

 

[Twayne]

Some malware infections have the ability to block access to
anti-virus and security websites. They can also interfere with
the functionality of antivirus and spyware removal tools.

One way to beat that is to use their IP instead of their text address.
Any whois will show the IP needed. I haven't yet seen any that stop the
IP from being used.

Twyane`

 

[Leythos]

How many complaints are you going to file before you will realize that it is
not a valid complaint and nothing will be done? Are going to file a
complaint on everyone who posts with the name Leythos. You need to grow up.

I will continue to file complaints as long as the abuse continues - it's
that simple.

What you fail to understand is the damage you do to your already poor
reputation and poor image with each post Chris.