Same spyware keeps appearing

[Dina]

I just downloaded the MS anti-spyware last week and the
installation went great however, every time the software
runs a scan and reports the spyware and threats that are
detected
I go ahead and remove them and then reboot the computer and
run the scan again (as recommeded). Well, whenever the
scan runs again, almost the same spyware and threats are
reported again and I end up doing the removal, etc all over
again.
Basically, it feels like an endless process where I am
scanning, removing, rebooting and scanning again all the time.
Is this normal or do I have bigger problems?
I have even downloaded a couple of other anti-spyware
programs (Spyware Doctor, which ended up removing my
taskbar and Ad-Aware)to see if they could help me remove
some of the spyware permanantly but the same stuff keeps
appearing when I run the MS anti-spyware scan.
Thanks in advance for any assistance!

 

[Andre Da Costa]

Does the spyware have a name? Also send a suspect spyware report from the
Tools menu in Microsoft AntiSpyware. Restart your computer in safe mode,
open Microsoft AntiSpyware, on the scan page choose scan options > full
system scan >(check the boxes below) > click "Run Scan Now".

Apply the same principles with the following AntiSpyware solutions in safe
mode, two of which you already have installed:
Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - www.webroot.com
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Dina]

Thanks so much, I will try that!

-----Original Message-----
Does the spyware have a name? Also send a suspect spyware report from the
Tools menu in Microsoft AntiSpyware. Restart your computer in safe mode,
open Microsoft AntiSpyware, on the scan page choose scan options > full
system scan >(check the boxes below) > click "Run Scan Now".

Apply the same principles with the following AntiSpyware solutions in safe
mode, two of which you already have installed:
Ad-Aware - www.lavasoftusa.com
Spybot - http://www.safer-networking.org/
CWShredder - http://www.intermute.com/products/cwshredder.html
Spy Sweeper - www.webroot.com
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm





.

 

[Andre Da Costa]

Restart in safe mode instructions:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Nocturnal]

Your programs are not enough to get rid of such a mess.

I suggest using Lavasoft's Ad-Aware in conjunction with Spybot Search and
Destroy version 1.4 as well as Microsoft's Anti-Spyware program which is
currently in beta. Also you will need CCleaner to help you with removing
all of your temporary files in each user's account you have on your
computer.

First and foremost I would boot into safe mode into each user's account one
by one and open up and use CCleaner and clean out all the temporary internet
files as well as the temp files that programs use when installing onto your
computer. These are two directories that viruses and spyware love to hide
themselves in. Make sure you reboot after each cleaning of each account.

After the initial cleaning, use Ad-Aware on each user account in safe mode.
Make sure you update the definitions to the most updated version available.
After using the program I would reboot and get back into safe mode and run
Spybot Search and Destroy. I wouldn't run any two programs consecutively
just to be on the safe side. Again, after running the Spybot program I'd
reboot and get back into safe mode and do a scan with Microsoft's
Anti-Spyware.

After you do all of this I would use Hijack This and post your log at
www.spywaretalk.org to get help on removing the various entries that you
don't need or that may be hindering your computer.

 

[Andre Da Costa]

Yeah, thats what I recommend doing, but remember, our aim is also to improve
the detection quality of MSAS, by also reporting what its not finding.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Dina]

Well, I did everything that Andre suggested and I even
tried to send a spyware report from MSAS but I kept getting
a message saying that an error had occurred while trying to
send my report and the reports would not send.
Ultimately, the main problems that I am dealing with (and
that continue to appear on my computer after all that
cleaning) are:

Transponder.ABetterInternet Aurora Adware
ShopAtHome Spyware
IEPlugin Spyware
Transponder.ABetterInternet.DrPMonAdware
Transponder.ABetterInternet Adware
I will go ahead and try what Nocturnal has suggested and
see if that helps.
Thanks again for all your help so far!

 

[Alan]

There might be an easier way to deal with this in the
future, that is if it happens again (let's hope not).
Also these step assume you are running XP, or a system
running the .NETFramework.

First run a scan and see what, if any, spyware your
system has been infected with.

Now go to c:\windows\prefetch and see if any files there
with filenames that contain the same spyware. For
ABetterIntenet, look for filenames containing
ABetterInternet.

If you find any shred them with a file shredder. You can
download a FREE copy from download.com.

This should keep ABetterInternet and others from
returning to your system.

The prefetch folder stores code to allow programs to
startup quicker. The problem with the folder is, that as
time has gone on, spyware/malware, virus, Trojan, and
Internet worm writers have gotten smarter, and are using
the folder to insert code that's linked to another
program. With ABetterInternet, the code is associated
with IE. When one launches IE, the ABetterInternet code
is launched, and ABetterInternet once again infects the
system.

As for using Spybot, I recommend against it, as I've had
problems in the past. Mainly with the Immunization
feature. If you need to change your IE settings, you
have to launch Spybot and turn off the Immunization
feature pertaining to the changing of IE settings. Then
you can change the settings. However, you must go back
to Spybot and turn this feature back on in order to be
protected from having your IE settings changed by someone
other than yourself. This is a hassle, and I've chosen
to use Ad-Aware and MSAS instead. Another knock on
Spybot is you, the user, must update the software, as
there is no automatic update feature as there is in MSAS.

Hope this helps.

Alan

 

[Dandy Lion]

what is the spyware? trojan horses could be reinstalling
it. If you haven't already, you should download a free
copy of AdAware, unplug your internet connection and run
it, then reboot and run AdAware again to see if it comes
back (assuming AdAware cleaned it).

 

[Dina]

Okay, I think I have bigger problems than I may have
realized. I have basically spent the entire weekend so far
in front of this computer trying to permanently remove
these pesky spyware programs and nothing seems to work!
I have followed all the instructions from Andre, Nocturnal
and now Alan and the problem continues.
Alan, when I tried to shred the known spyware files in
prefetch, I kept getting an error message that stated that
the files were in use (even in safe mode). So the files
can't be shredded.
I am ready to throw this computer out the window and start
fresh (but I won't since I spent a lot of money on this
thing and it is only 3 years old!)
Does anyoen have any more suggestions...I am even willing
to pay to have this crap off my computer for good!
Thanks and sorry for sounding so harsh but I am just
getting really frustrated at this point.
-Dina

 

[plun]

Hi Dina

Dont destroy more time.

Time for HijackThis and maybe a forum for these logs.

HijackThis download:
http://www.merijn.org/files/hijackthis.zip

How to use HijackThis (be careful):
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42


Directlink for removal:

http://www.daniweb.com/techtalkforums/thread25443.html



If you want support choose one of these HijackThis forums and
they help you with this. Within these forums you also can find
threads with abetterinternet removals.

http://aumha.net/viewforum.php?f=30

or

http://www.merijn.org/forums.html


Important, Register, read announcements and sticky notes
before you post !

 

[Alan]

Sorry about the length of time it took me to get back to
this posting, I've been extremely busy all weekend at
work.

I agree with Plun's suggestion.

There might be some remnants of spyware programs left in
the registry, which is causing some of, or most, of the
problems.

As for the problem with the files being in use, if using
HijackThis doesn't help with these files, make certain
that IE or another web browser isn't running. If it is,
this can cause Windows to access the files in the
prefetch folder. Press Crtl-Alt-Delete, and see if IE or
another web browser is running. If so, then delete the
process, as it's likely the culprit. Another thing to
try is when booting into Safe Mode, select an option that
doesn't have network support (i.e., no web connections).

My guess is that some spyware/malware program is running
in the background and using those files, which is trying
those files up, and you can't even shred them.

What you might want to do is scan your system with a AV
product, such as Norton or McAfee and see if any viruses,
Trojans, or Internet worms are on your system, as these
might also have something to do with the problems.

If you use AOL, you can download a free copy of McAfee
VirusScan Online. This product can also can for spyware,
but it's results might not be very reliable in regards to
spyware.

Alan