SpywareSecure

[Annie_mo]

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Dave M]

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active. ie. still keeps trying to make me buy the product to get rid
of unwanted spyware. Says I am infected with 45 items. Also says
windows will shut me down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving
me nuts! I have done all the suggested things, which is how I found
out what it was.
As it's still active even though windows defender says its in
quaranteen I don't know how to remove it. Many thanks for any help
Annie_mo

Annie
It depends on where it's located, as to if Defender can remove all traces.
For instance, if it's in your System Restore Checkpoints, Defender won't
remove those, and that could be re-infecting you. If you're given the
location(s) you could post them here, but one thing you can easily do for
that sort of problem is to remove all System Restore checkpoints after
running a Defender Full Scan. Another possibility is to run Defender in
SAFE boot mode to prevent files from being locked during a scan. I'd
probably do both, if it were happening to me. Let us know how you do with
that.

 

[Engel]

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-

 

[Engel]

OT

The URLs provide by Dave, are down, sorry.

At approximately 1:30 AM July 8, 2008 CastleCops Wiki, German site, Hashes,
Volunteer Blogs as well as other services were taken offline due to a DDoS in
excess of 100 m/s, which was negatively impacting the ISPs other clients.
Both the sites are still currently offline while servers are prepared for
them at a new location.
<http://www.castlecops.com/>

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Bill Sanderson]

Sad news...

OT

The URLs provide by Dave, are down, sorry.

At approximately 1:30 AM July 8, 2008 CastleCops Wiki, German site,
Hashes,
Volunteer Blogs as well as other services were taken offline due to a DDoS
in
excess of 100 m/s, which was negatively impacting the ISPs other clients.
Both the sites are still currently offline while servers are prepared for
them at a new location.
<http://www.castlecops.com/>

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active.
ie. still keeps trying to make me buy the product to get rid of
unwanted
spyware. Says I am infected with 45 items. Also says windows will
shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out
what it
was.
As it's still active even though windows defender says its in
quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Bill Sanderson]

Additionally, you can call Microsoft PSS for free help with spyware, virus,
or problems with security patches.

In the U.S. or Canada, call 1-866-pcsafety.

Elsewhere, call the local number for paid support and ask for the free
support for the above-mentioned issues.

 

[Kayman]

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Annie_mo]

Hi Dave,
I'm afraid I still have problems. My system restore does not work. I tried
when this problem started and several times last night. I get the message
"system restore was unable to reverse the followi ng restoration.....No
changes have been made... To choose another restroe point, re-start system
restore"

It was working fine prior to this problem. I did check that it was still on
which it is.
You said to try in safe boot mode. How do I do this please?
Any other ideas from anyone.?
Many thanks for your help guys. Annie

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active. ie. still keeps trying to make me buy the product to get rid
of unwanted spyware. Says I am infected with 45 items. Also says
windows will shut me down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving
me nuts! I have done all the suggested things, which is how I found
out what it was.
As it's still active even though windows defender says its in
quaranteen I don't know how to remove it. Many thanks for any help
Annie_mo

Annie
It depends on where it's located, as to if Defender can remove all traces.
For instance, if it's in your System Restore Checkpoints, Defender won't
remove those, and that could be re-infecting you. If you're given the
location(s) you could post them here, but one thing you can easily do for
that sort of problem is to remove all System Restore checkpoints after
running a Defender Full Scan. Another possibility is to run Defender in
SAFE boot mode to prevent files from being locked during a scan. I'd
probably do both, if it were happening to me. Let us know how you do with
that.

 

[Annie_mo]

Hi Kayman, thanks I will try this too. Are we sure it's safe? And...free?
Not much dosh! Many thanks Annie

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Annie_mo]

Thanks for the advice Engel, shame it's off line now. Do you know if it will
be up and running soon? I intend to try the safe boot mode suggestion from
Dave next. My system restore seems to have packed up about the same time I
got infected too. Thank you for the adice though. Annie

OT

The URLs provide by Dave, are down, sorry.

At approximately 1:30 AM July 8, 2008 CastleCops Wiki, German site, Hashes,
Volunteer Blogs as well as other services were taken offline due to a DDoS in
excess of 100 m/s, which was negatively impacting the ISPs other clients.
Both the sites are still currently offline while servers are prepared for
them at a new location.
<http://www.castlecops.com/>

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Annie_mo]

Hi again Kayman,
I just clicked on your link and it actually activated the SpywareSecure that
I am infected with!
Such a pain. Annie

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Dave M]

Hi Dave,
I'm afraid I still have problems. My system restore does not work.
I tried when this problem started and several times last night. I
get the message "system restore was unable to reverse the followi ng
restoration.....No changes have been made... To choose another
restroe point, re-start system restore"

It was working fine prior to this problem. I did check that it was
still on which it is.
You said to try in safe boot mode. How do I do this please?
Any other ideas from anyone.?
Many thanks for your help guys. Annie

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active. ie. still keeps trying to make me buy the product to get
rid of unwanted spyware. Says I am infected with 45 items. Also
says windows will shut me down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am
not infected.
Can anyone tell me how to completely remove it please? It's driving
me nuts! I have done all the suggested things, which is how I found
out what it was.
As it's still active even though windows defender says its in
quaranteen I don't know how to remove it. Many thanks for any help
Annie_mo

Annie
It depends on where it's located, as to if Defender can remove all
traces. For instance, if it's in your System Restore Checkpoints,
Defender won't remove those, and that could be re-infecting you. If
you're given the location(s) you could post them here, but one thing
you can easily do for that sort of problem is to remove all System
Restore checkpoints after running a Defender Full Scan. Another
possibility is to run Defender in SAFE boot mode to prevent files
from being locked during a scan. I'd probably do both, if it were
happening to me. Let us know how you do with that.

Annie;
I think you miss-read my post, you need to turn *OFF* System Restore, not
try a System Restore:
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
Doing that will prevent traces from being saved in System Restore
checkpoints because it will delete all restore points.
Don't forget to turn System Restore back on when you're through.

To get into SAFE mode try the F8 key technique here FIRST for your own
Operating System:
http://www1.laplink.com/support/kb/article.asp?ID=102

If none of the above removes Spyware-Secure, you might try using
Malwarebytes' RogueRemover FREE to remove it since it's a rogue application
specialist. Using any of these removal applications in SAFE will prevent
the malware from resisting removal:
http://malwarebytes.org/rogueremover.php
http://www.malwarebytes.org/roguenet.php?id=332

 

[Bill Sanderson]

I believe that Superantispyware is legit and well-regarded.

If by activated you mean that SpywareSecure saw it as a threat and attempted
to block it, I'd view that as a testimonial.

Have you considered calling Microsoft?

It will take some time, and it can be tedious, but this sounds like an issue
they can solve--and more quickly than interchange in a newsgroup or web
forum.

Hi again Kayman,
I just clicked on your link and it actually activated the SpywareSecure
that
I am infected with!
Such a pain. Annie

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active.
ie. still keeps trying to make me buy the product to get rid of
unwanted
spyware. Says I am infected with 45 items. Also says windows will
shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out
what it
was.
As it's still active even though windows defender says its in
quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Bill Sanderson]

Safe mode followed by scans with Windows Defender and your up to date
antivirus is always a good recommendation.

If you are leary about doing in all the system restore points, you can
choose accessories, system tools, disk cleanup. Wait for a bit, until a
window with tabs at the top appears, and choose the right-hand tab. One of
the choices on this tab will remove all but the most recent system restore
point.

I disagree with Dave on one point, I think: My belief is that traces of
malware located in system restore points have a low likelihood of causing
further problems--they won't infect automatically--only if you choose to
restore the system using that restore point.

It would be very helpful for this conversation if you could post exactly
where the traces that Windows Defender finds are located. One way to get at
that information is to look at the Windows Event logs--I believe the System
event log--and go back to the time of the original detection. The exact
location will be included in the log records at that time, and there's a
button to cut and paste to the clip board, and you can then cut and paste to
a message in this thread.

Thanks for the advice Engel, shame it's off line now. Do you know if it
will
be up and running soon? I intend to try the safe boot mode suggestion
from
Dave next. My system restore seems to have packed up about the same time
I
got infected too. Thank you for the adice though. Annie

OT

The URLs provide by Dave, are down, sorry.

At approximately 1:30 AM July 8, 2008 CastleCops Wiki, German site,
Hashes,
Volunteer Blogs as well as other services were taken offline due to a
DDoS in
excess of 100 m/s, which was negatively impacting the ISPs other clients.
Both the sites are still currently offline while servers are prepared for
them at a new location.
<http://www.castlecops.com/>

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-



:

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still
active.
ie. still keeps trying to make me buy the product to get rid of
unwanted
spyware. Says I am infected with 45 items. Also says windows will
shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving
me
nuts! I have done all the suggested things, which is how I found out
what it
was.
As it's still active even though windows defender says its in
quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Kayman]

Hi again Kayman,
I just clicked on your link and it actually activated the SpywareSecure that
I am infected with!
Such a pain. Annie

Don't panic, Annie!

SuperAntispyware is a top-notch, well regarded and legit application!

Try this:
Download Kaspersky® AVPTool and, if possible, run in Safe-Mode.
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
There's no updating involved since the scanning engine is updated
several times a day and you simply download the updated scanner whenever
you want to do a scan.

After scanning is completed and (hopefully) the 45 items are removed,
reboot. Once clean, then, and only then, you can disable the System Restore
cache:
Right-click My Computer, click Properties, click System Restore tab, place
a checkmark in the box next to "Turn off System Restaore on all drives",
click OK.
Reboot and then re-enable (remove the checkmark) the System Restore cache
to flush out malware in the System Restore Cache. Then manually create a
new restore point after re-enabling the System Restore Cache.
To manually create a restore point:
1. Click Start, point to All Programs, point to Accessories, point to
System Tools, and then click System Restore.
2.On the Welcome page, click Create a restore point.
3.On the Create a Restore Point page, enter a descriptive name for your
restore point and then click Create.

Reboot.

Try using SuperAntispyware once more.

Then Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is required in any of the below before posting a log

http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://forums.tomcoyote.org/index.php?showforum=27
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.spywarewarrior.com/viewforum.php?f=5

Rest assured that the above download links and applications/utilities are
safe to use!

Good luck

 

[Robinb]

if anything is going to get rid of this spyware it is superantispyware and
it is the safest best spyware remover you can have
if you cannot get it to download- try going to another computer- download it
and put it on a flash drive. and put it on the infected computer and install
it
it should wipe it out- do a full scan
robin

 

[Annie_mo]

Hi everyone, Hope you don't mind a group reply to all of you who are trying
to help me.
I have tried most of the suggestions without a resolution as yet.
Here is a summary so far....
I cannot do anything in Safe Mode at all. Each time I try my computer
becomes more unstable and crashes, then shuts down. So I was concerned to
try in normal mode.
I have backed up my work and the registry.
SuperAntiSpyware did not detect Spyware Secure.
I looked at the website for Malwarebytes Rogue Remover but have not used it
yet as Spyware Secure is not listed in their detections, so I e-mailed them
to ask for advice first especially as I cannot use Safe Mode.

Tried KasperskyAVP tool but could not use it in Safe again. It got rid of a
couple of minor problems but did not detect SpywareSecure. I could not
follow all the instructions given by Robin "Kayman" as it was never cleaned.

More anoyingly I seem to have identified some other Spyware by trying
various anti-spy proucts. So....I now have a persistent problem with...
SpywareSecure...identified as Program:Win32/Sp...high risk
also says its in Documents & settngs & a container
file?
Mata Hari in docs & settings, Alexa Windows System 32..severe
Adware hotbar...medium allso docs & settings and...Error Killer +
WinfernoPowerClearer described as dangerous both I previously used and
uninstalled ages ago!!! They are in Program Files & directory
And....
instant Access DiHKEY\software MicRegKey
Instant Access DiHKEY\SOFTWARE\MicRegValve
I aim to try the other advice you have all given but tit will take me some
time.
I am also going to try the advice given by Symantec as they seem to know all
about Sypware Secure.
Anyway, so much has happened I can't write everything down but please pass

 

[Bill Sanderson]

Microsoft lists SpywareSecure as number 9 on their top list of
spyware/adware at:

http://www.microsoft.com/security/portal.

In the Recovery Steps section of their article, they say that there may be
an entry in add or remove programs, and that Windows Defender should be able
to remove it.

Have you called Microsoft?

This is a free call.

 

[Engel]

Hi Annie,

CastleCops are up a running again.
-=-

Thanks for the advice Engel, shame it's off line now. Do you know if it will
be up and running soon? I intend to try the safe boot mode suggestion from
Dave next. My system restore seems to have packed up about the same time I
got infected too. Thank you for the adice though. Annie

OT

The URLs provide by Dave, are down, sorry.

At approximately 1:30 AM July 8, 2008 CastleCops Wiki, German site, Hashes,
Volunteer Blogs as well as other services were taken offline due to a DDoS in
excess of 100 m/s, which was negatively impacting the ISPs other clients.
Both the sites are still currently offline while servers are prepared for
them at a new location.
<http://www.castlecops.com/>

Hello Anie,

See if the solutions in this thread helps.

<http://www.microsoft.com/communitie...6e52&mid=f8926139-a84a-4ae8-9d1f-9361024e5254>

Also look here:
<http://www.microsoft.com/communitie...7dd4&mid=474909b4-6e30-4852-8b8c-943910ea7dd4>


I hope this post is helpful.

Let us know how it works ºut.


Good luck
-=-



:

I have identified this spyware on my system.
Window Defender has quaranteen it [SpywareSecure] but it is still active.
ie. still keeps trying to make me buy the product to get rid of unwanted
spyware. Says I am infected with 45 items. Also says windows will shut me
down to protect my computer.
I am scanning with AdAware and also AVG spyware but they say I am not
infected.
Can anyone tell me how to completely remove it please? It's driving me
nuts! I have done all the suggested things, which is how I found out what it
was.
As it's still active even though windows defender says its in quaranteen I
don't know how to remove it. Many thanks for any help Annie_mo

 

[Dave M]

Hi everyone, Hope you don't mind a group reply to all of you who are
trying to help me.
I have tried most of the suggestions without a resolution as yet.
Here is a summary so far....
I cannot do anything in Safe Mode at all. Each time I try my computer
becomes more unstable and crashes, then shuts down. So I was
concerned to try in normal mode.
I have backed up my work and the registry.
SuperAntiSpyware did not detect Spyware Secure.
I looked at the website for Malwarebytes Rogue Remover but have not
used it yet as Spyware Secure is not listed in their detections, so I
e-mailed them to ask for advice first especially as I cannot use Safe
Mode.

Tried KasperskyAVP tool but could not use it in Safe again. It got
rid of a couple of minor problems but did not detect SpywareSecure.
I could not follow all the instructions given by Robin "Kayman" as it
was never cleaned.

More anoyingly I seem to have identified some other Spyware by trying
various anti-spy proucts. So....I now have a persistent problem
with... SpywareSecure...identified as Program:Win32/Sp...high risk
also says its in Documents & settngs & a
container file?
Mata Hari in docs & settings, Alexa Windows System 32..severe
Adware hotbar...medium allso docs & settings and...Error Killer +
WinfernoPowerClearer described as dangerous both I previously used and
uninstalled ages ago!!! They are in Program Files & directory
And....
instant Access DiHKEY\software MicRegKey
Instant Access DiHKEY\SOFTWARE\MicRegValve
I aim to try the other advice you have all given but tit will take me
some time.
I am also going to try the advice given by Symantec as they seem to
know all about Sypware Secure.
Anyway, so much has happened I can't write everything down but please
pass on ideas if what I have writen rings any bells.
Many thanks to all. Annie

Annie;
Sorry to read of all your problems. Rogue Remover does remove
SpywareSecure they just spell it this way "Spyware-Secure". It's item #341
here: http://www.malwarebytes.org/roguenet.php

However, I'm going to change my recommendation after hearing of your latest
extensive infection list. I now think you do need to go to an assisted
removal forum for guided expert assistance in multiple removals. I
absolutely agree with Kayman's above advice and his list of HJT forums are
all top notch.