Antispyware Beta & Adware.Websearch

[Joe]

Recently installed the latest version of Beta, and it
seems to work very well. But, it only WARNS at each
computer startup that it has blocked Websearch from
changing the page on my IE browser, stating that this a
known Browser hijack attempt. In this Antispyware dialog
box, it also has a prompt to "Manage blocked URLs", but
when I click on this, the next screen comes up with no
URLs listed. And, why is it that Websearch has never
come up in the scans run by Antispyware Beta?
I also have Norton Antivirus 2005 installed, and it does
detect this, and calls it "Adware.Websearch", and informs
me that this spyware is located in several compressed
files, and gives the location where the files are stored.

Tried to use the "Suspected Spyware Reporting Tool, but
it gave me the "reset your IE proxies or try later" error
message. I SUSPECT THAT WEBSEARCH HAS BURROWED INTO THE
WINDOWS ANTISPYWARE (BETA)....WHY? Only since I tried to
report this as stated above, has a very aggressive popup
appeared during the process-It shows itself as being
for "WinSpyware 2005", and the ad states: "Your current
antispyware protection is inadequate, blah, blah, blah,
and to click on OK to run a system scan for Spyware".
Clicking on the "Cancel" button in this Ad has no effect,
and the Ad aggressively attempts to scan my computer,
WITHOUT MY CONSENT. Clicking on the Close Window (X) 4
to 5 times seems to stop this and close the Ad, but I am
not sure what could be happening in the background....
Anyone familiar with Websearch, and can I do anything to
rid my system of this?

 

[AndyManchesta]

Websearch has Add/Remove screen entries called any of
these (Websearch, Wintools, Search Toolbar, Websearch
Toolbar,Wintools Easy Installer) but generally it should
be removed in safe mode to make it go without a fight, It
has 3 executable files that all protect each other from
being removed and one part running as a windows service
so safe mode is the best option.

The pop-ups for winspyware could be a sign of a different
infection and you are right to close this, If its
WinAntispyware then its scumware and the same company as
winfixer and winantivirus and the pop ups are being
caused alot recently by the Vundo infection although MSAS
would detect Virtumonde in the scan if it was related to
this.

The scum producers are making it very difficult to remove
some of this junk, for example the PacerD bundle that
installs surfsidekick, Aurora, Aproposmedia etc.. also
installs a rootkit which uses a device in the
system32/drivers folder to hide files in various places
on the system, once the device is removed in safe mode as
it will not appear in normal mode then the rest of the
files will become visable and can then be removed,


Symantec do make a removal tool for websearch so its
worth trying,

http://securityresponse.symantec.com/avcenter/FxWebsch.exe

delete temp and unused files from your system , Ccleaner
works well for that but it can also be done by going to
start> run > and typing cleanmgr > then press enter and
choose temp files and press ok

Here's Ccleaner if you need it

http://www.ccleaner.com/ccdownload.asp


also use Ewido Security Suite and run a full system scan

Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/download/

Install ewido.

During the installation, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

Launch ewido

On the left side of the main screen click update
Click on Start and let it update.

run a scan in safe mode by clicking Scanner then Complete
system scan.



Its not likely that websearch has damaged MS Antispy but
it could be detected in the quarantine folder, they can
be cleared easily if needed also if its identified in
system volume information this can be removed without
problems by clearing the restore points.

Id go for the above removers first and see whats revealed


Download The fixtool and Ccleaner then install and update
Ewido


Boot into safe mode (Reboot and keep tapping F8 then
choose safe mode)

Check Add/Remove screen for the items listed at the top
of this response, Run the symantec fixtool, Run Ewido &
MSAS and choose complete system scan then finally run
Ccleaner to remove temp and unused files from your system

After this goto Start Menu > Control Panel > Internet
Options and go to the "Programs Tab" press "Reset Web
Settings" and include the homepage then go back to
the "General Tab " and enter the homepage you wish to use
into the space provided then press apply and exit

Reboot back to normal mode

Let us know if you have any problems

Regards

Andy