win32/reno

[Bill]

I have this spyware, defender identifies it as a high risk problem and
removes it. but then if I reboot it comes back. How do I get rid of this
permanently?

 

[Stu]

Have you tried rebooting into safe mode ... then run the scan?

Stu

 

[Bill]

yup.

last night I would boot into safe mode, run defender, and it would clean it
out. (If I wasn't in safemode I got a warning to shut down IE so files could
be removed)

reboot into safe mode, as I recall it was ok

reboot into normal mode, the sujmptoms were back. it's like there is a
program that spawns the spyware, defender get's rid of the spyware but not
the program that spawns it

 

[Stu]

OK. RU using XP as your OS?

Stu

yup.

last night I would boot into safe mode, run defender, and it would clean it
out. (If I wasn't in safemode I got a warning to shut down IE so files could
be removed)

reboot into safe mode, as I recall it was ok

reboot into normal mode, the sujmptoms were back. it's like there is a
program that spawns the spyware, defender get's rid of the spyware but not
the program that spawns it

 

[Bill]

yes, xp home, I believe I have Sp3

OK. RU using XP as your OS?

Stu

 

[Stu]

OK. Try this.

First delete your system restore points in XP cos if you have an infection
it may well be contained in a System Restore point and reinfect at a latter
time: here`s how:

http://www.lockergnome.com/windows/2005/04/12/delete-system-restore-points-to-free-disk-space/

Reboot into safe mode then try WD again making sure you have the latest defs
first.

They are available here on a daily basis for 32/64 bit systems.

http://www.microsoft.com/security/portal/

Stu





on a daily basis:. I would suggest at least three passes in safe mode? If
you don`t get a `clean bill of health` post back here.

Stu

 

[Bill]

Somewhat foolishly, i never made system restore points, unless they are made
automagically

Unless the defs have been updated in the last few days, i have latest defs,
I've repeatedly ran Defender in safe mode, every time I do it, I can reboot
in safe mode, run defender again, and it finds nothing. I boot back into
normal mode, and my desktop has changed; all the symptoms are back

 

[nass]

What the name of the spyware identified by DFNDR?
Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
Download, install and run a full scan with Malwarebytes
http://www.malwarebytes.org
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Run disk clean up on your Drive.
You can download this tool o run clean up:
http://www.ccleaner.com
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

You can download this tool "AutoRuns for Windows"
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Don't forget to flush your System Restore after doing these cleaning steps
then create a clean Restore point.
Clear the Restore Points as they seems to be infected by the trojans!
Do this:
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and check this box:
[ ] Turn off System Restore on all drives

Click [Apply] then click [OK] try to access some programs on your machine
then do the stpes again to access the System Restore to create a new clean
restore Point and this time Uncheck the check box [ ].
Right click "My Computer" icon and select Properties from the drop down list.
On the system Properties click on System Restore Tab and Uncheck this box:
[ ] Turn off System Restore on all drives

HTH
nass