AntiSpyware failures!

[NeoRulz]

This is the list of failures in 2 months! I can no
longer repair my computer or keep it running without all
of these bugs coming back and preventing me from just
surfing the net! I think Bill Gates should refund
everyone all the money he charges for being exploited by
WINDOWS vulnerabilities!

NeoRulz


Trojan.Startup.0e3df3
Trojan,Trojan.BHO.NameShifter.K Browser Plug-in, Browser
Hijack Browser Modifier, Trojan.BHO.NOVO Browser Plug-in,
WinTools Trojan, ShopAtHome Spyware (removed)
WinTools Trojan (removed)
WindUpdates Browser Plug-in (removed)
CoolWebSearch Browser Modifier (removed)
AvenueMedia.DyFuCA Browser Plug-in (removed)
MoneyTree Dialer (removed)
Unclassified.Spyware.47 Spyware (removed)
WindUpdates.MediaAccess Adware (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware
(quarantined),WindUpdates.MediaPass Trojan
Downloader ,Phone Dialer Dialer (removed)
AvenueMedia.DyFuCA Browser Plug-in
(removed),eXact.BullseyeNetwork Adware (removed)
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Transponder.ABetterInternet Adware (removed)
eXact.CashBack Adware (removed)
eXact.NaviSearch Adware (removed)
eXact.Downloader Trojan Downloader (removed)
Trojan.Startup.0e3df3 Trojan (quarantined)
eXact.BargainBuddy Adware (removed)
IEPlugin Spyware (removed)
eXact.SearchBar Browser Plug-in (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware (quarantined), WinTools
Trojan (removed)
AproposMedia Browser Modifier (removed)
Possible Browser Hijack Browser Modifier (removed)
SearchMiracle.EliteBar Browser Plug-in (removed)
PacerDMedia.Installer Trojan Downloader (removed)
AdDestroyer Adware (removed)
Navidad Worm Worm (quarantined)
Virtual Bouncer Adware (quarantined),
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Possible Browser Hijack Browser Modifier (removed)
SearchMiracle.EliteBar Browser Plug-in (removed)
SurfSideKick Settings Modifier (removed),
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Begin2Search Browser Plug-in (removed)
eXact.Downloader Trojan Downloader (removed)
WindUpdates.MediaAccess Adware (removed)
SurfSideKick Settings Modifier (removed)
WeirdOnTheWeb Adware (removed), Possible Browser Hijack
Browser Modifier (removed)
Messenger.VirusWarning Trojan (removed), Possible Browser
Hijack Browser Modifier, Transponder.ABetterInternet
Adware (removed)
Possible Browser Hijack Browser Modifier (removed)
WindUpdates.MediaAccess Adware (removed)
AdDestroyer Adware (removed), ShopAtHome Spyware (removed)
WinTools Trojan (removed)
WindUpdates Browser Plug-in (removed)
CoolWebSearch Browser Modifier (removed)
AvenueMedia.DyFuCA Browser Plug-in (removed)
MoneyTree Dialer (removed)
Unclassified.Spyware.47 Spyware (removed)
WindUpdates.MediaAccess Adware (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware (quarantined), ......
and it never ends!

How can this keep happening with all the money we have to
pay out for Microsoft programs that can't keep these
malicious people in check?

I still can't get a Home page or get rid of any of these
BUGS!

NeoRulz

 

[Ron Chamberlin]

Feel better now? Good. Take a deep breath.
A quick read of your report looks like the product is saving your bacon more
often than not. Not too shabby for a freebie, IMVHO.

I'm not sure how the junk got there in the first place, and some of it may
not have been your fault.

Have you tried to boot from Safe Mode (F8) and done a scan from there? Have
you taken advantage of the built in tools to reset your browser? have you
looked for and eliminated BHO's?

Seriously, get back to us and let's get your machine working. You sound
peeved, but you took the time to write the report, and I'll respect ya for
that.

Ron Chamberlin
MS-MVP

 

[AndyManchesta]

MS Antispy isnt the cause of your problems and cannot be
expected to clear up all the malware, you will see the
same if you use any remover ,They cannot remove
everything and when you have so much malware running,its
not just a case of deleting the bad files its more
repairing all the damage thats been caused that is a
problem.

Some of the malware files you have downloaded or run by
clicking on suspect links have changed your system,Some
even deleting essential files again MS Antispy cannot
replace these,if you get the malware stopped run your
Windows disc and go to start then run and type
SFC /SCANNOW to check the windows folder for any missing
or damaged files and replace if needed.


If it was me i would do a fresh install of windows and
then get some decent protection products to stop this
happening also keep your security patches up to date and
upgrade to SP2 if you havent already.SpywareGuard &
SpywareBlaster would of blocked most of that crap from
getting on your system and they are both free,Spybots
Immunize feature is another good way to prevent these
types of problems,


If you want to remove all the crap without having to do a
fresh install you are going to need alot of different
programs to remove all the problem files and then
probably some other programs to reset your hosts file &
security & trusted zones.Its good that MS is detecting
all this on your system so running scans in safe mode may
remove alot of it.Try Running some online virus scans to
remove what you can using them


Check Add/remove screen for these and remove any found:

TS Toolbar
Websearch
Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer
Active alert
Internet Optimizer
ISTSvc
Sidefind
Slotchbar
Software Update Manager
Uninstall 180 Search Assistant
Viewpoint Media Player
WSEM Update


Heres some other scanners that would help(Install and
update in normal mode and run them in safe mode)

Adaware SE

http://www.download.com/3000-2144-10045910.html

Ccleaner

http://download.ccleaner.com/download120bin.asp

Spybot Search & Destroy

http://fileforum.betanews.com/download/Spybot_Search_and_D
estroy/1043809773/1

Ewido Security Suite

http://www.ewido.net/en/

Symantecs Wintools(Websearch) Remover

http://securityresponse.symantec.com/avcenter/FxWebsch.exe

CWShredder

http://cwshredder.net/bin/CWShredder.exe


Its not worth trying to go through the problems you have
as theres too many ,you need to get better protection if
you are going to use the sites that are spreading all
that junk but heres abit on afew of the main entries.


Maybe Nameshifter, i believe it somehow injects itself
into the MS help and support center and the event viewer
service to make removing it impossible while the 2
windows services are running.

the same trojan appears in different names in different
computers in the one i saw its name was RORsFCR.exe and
the location of this file was in c:\program
files\efggwgt\RORsfCR.exe again efggwgt is a randomly
generated folder name apart from there will some registry
entries in the run folder with the same name and if they
get deleted it immediately gets recreated on the same
location once the registry is closed,untill the above 2
services are stopped.Hijack this and Killbox will help to
show you the files and then try deleting them using
killbox.

I dont know enough about this trojan to provide any
fixes ,Leave that to the AntiSpy & AntiVirus removers if
its needed it will be included,

Browser

As above very difficult to detect & remove If you have
SP2 open a internet window then goto tools on the top bar
the to manage add-ons,Check the add-ons currently loaded
in IE and disable any you do not know the name or
publisher for,reboot to safe mode and run MS Antispy on a
full sysytem scan(Also use Ad-aware SE & Spybot in safe
mode)

in,

Follow the advise above for disabling BHO's .Trojan Novo,
it's nasty and usually only run with the users consent.It
displays a image then when you press exit,it will give
you some advise about opening programs that you dont
know,But in the background, this trojan will delete vital
Windows files that will render the system partly
inoperable after the next reboot

Some of the files affected are:

SYSTEM.DAT
USER.DAT
SYSTEM.INI
SYSTEM.CB
WIN.COM
WIN.INI

If its the same Trojan Novo & the program has been
executed, the only repair available that im aware of is a
re-install of Windows.(Note this can be done as a repair)


Wintools is a variant of IBIS use the Symantec remover i
posted in safe mode,

Shop At home (SAH Agent) Its a Winsock 2 Layered Service
Provider ,if removal goes wrong you will lose your
internet connection.MS Antispy does remove this now
without breaking the LSP chain so im suprised its coming
back,Try running MS Antispy again but this time in safe
mode

Take time to learn about rebuilding the LSP chain if
needed,If you have service pack 2 save this text below
otherwise download LSPfix incase its needed .

Windows XP ServicePack 2

Log on to the Microsoft Windows as an administrator.

Click Start, click Run, type cmd, and then click OK.

At the command prompt, type the following, and then press
ENTER:

netsh Winsock reset

When the program is finished, you will receive the
following message:
Successfully reset the Winsock Catalog. You must restart
the machine in order to complete the reset.

if you don't have WinXP SP2, get LSP-Fix - a free program
to repair
damaged Winsock 2 stacks

LSP-Fix

http://www.cexx.org/lspfix.htm


As above use the symantec removal tool,Wintools cannot be
stopped in normal mode due to 3 interacting Wintool files
stopping each other being deleted.It also installs as a
BHO so check the manage add-on page and disable if found.


Again another one that doesnt like to quit without a
fight and installs other crap,Ad-Aware/Spybot & Killbox
may remove it i found a way was to find the files change
there .exe extentions to .txt extensions so they all open
in notepad (winad.exe,,winka.exe,winupdt.exe) then
corrupt the trojan files by typing and deleting the text
inside,bring up task manager and end process for each
name and immediatly press save on the samefile that you
opened in notepad. Not a easy solution but they keep
coming back if you just try to delete the files


Could be of CWS's files try using CWShredder and see if
it removes the problem

http://cwshredder.net/bin/CWShredder.exe

Use the uninstaller from mypctuneup (I never usually
advise that but it really cannot make anything worse for
you and it will stop Aurora,then use Adaware & Ewido to
remove the files mypctuneup misses)

http://www.mypctuneup.com/uninstaller_exe.php


Its not really worth going through the full list as its
gonna take you too long to manually remove it all,do a
fresh install and get some good protection products and
decent firewall .Either that or run Ad-Aware,Spybot,MS
Antipsy in safe mode then reset the hosts file and reset
the security & trusted zones then replace the windows
files that will have been removed or damaged by Novo and
other malware then see how things look.



Good Luck

Andy

 

[stanko]

-----Original Message-----
This is the list of failures in 2 months! I can no
longer repair my computer or keep it running without all
of these bugs coming back and preventing me from just
surfing the net! I think Bill Gates should refund
everyone all the money he charges for being exploited by
WINDOWS vulnerabilities!

NeoRulz


Trojan.Startup.0e3df3
Trojan,Trojan.BHO.NameShifter.K Browser Plug-in, Browser
Hijack Browser Modifier, Trojan.BHO.NOVO Browser Plug- in,
WinTools Trojan, ShopAtHome Spyware (removed)
WinTools Trojan (removed)
WindUpdates Browser Plug-in (removed)
CoolWebSearch Browser Modifier (removed)
AvenueMedia.DyFuCA Browser Plug-in (removed)
MoneyTree Dialer (removed)
Unclassified.Spyware.47 Spyware (removed)
WindUpdates.MediaAccess Adware (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware
(quarantined),WindUpdates.MediaPass Trojan
Downloader ,Phone Dialer Dialer (removed)
AvenueMedia.DyFuCA Browser Plug-in
(removed),eXact.BullseyeNetwork Adware (removed)
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Transponder.ABetterInternet Adware (removed)
eXact.CashBack Adware (removed)
eXact.NaviSearch Adware (removed)
eXact.Downloader Trojan Downloader (removed)
Trojan.Startup.0e3df3 Trojan (quarantined)
eXact.BargainBuddy Adware (removed)
IEPlugin Spyware (removed)
eXact.SearchBar Browser Plug-in (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware (quarantined), WinTools
Trojan (removed)
AproposMedia Browser Modifier (removed)
Possible Browser Hijack Browser Modifier (removed)
SearchMiracle.EliteBar Browser Plug-in (removed)
PacerDMedia.Installer Trojan Downloader (removed)
AdDestroyer Adware (removed)
Navidad Worm Worm (quarantined)
Virtual Bouncer Adware (quarantined),
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Possible Browser Hijack Browser Modifier (removed)
SearchMiracle.EliteBar Browser Plug-in (removed)
SurfSideKick Settings Modifier (removed),
Transponder.ABetterInternet.Aurora Spyware (removed)
Transponder.ABetterInternet.DrPMon Spyware (removed)
Begin2Search Browser Plug-in (removed)
eXact.Downloader Trojan Downloader (removed)
WindUpdates.MediaAccess Adware (removed)
SurfSideKick Settings Modifier (removed)
WeirdOnTheWeb Adware (removed), Possible Browser Hijack
Browser Modifier (removed)
Messenger.VirusWarning Trojan (removed), Possible Browser
Hijack Browser Modifier, Transponder.ABetterInternet
Adware (removed)
Possible Browser Hijack Browser Modifier (removed)
WindUpdates.MediaAccess Adware (removed)
AdDestroyer Adware (removed), ShopAtHome Spyware (removed)
WinTools Trojan (removed)
WindUpdates Browser Plug-in (removed)
CoolWebSearch Browser Modifier (removed)
AvenueMedia.DyFuCA Browser Plug-in (removed)
MoneyTree Dialer (removed)
Unclassified.Spyware.47 Spyware (removed)
WindUpdates.MediaAccess Adware (removed)
180search Assistant Adware (quarantined)
Zango Search Assistant Adware (quarantined), ......
and it never ends!

How can this keep happening with all the money we have to
pay out for Microsoft programs that can't keep these
malicious people in check?

I still can't get a Home page or get rid of any of these
BUGS!

NeoRulz
.
I hate to ask, but exactly what sites are you surfing to

get all that???

 

[Guest]

Hello
I too have had to unistall Antispware as it caused many problems and I found
I had a trojan horse in my system and another virus. I uninstalled all my
Norton Internet security and bought the latest versions, even tho' my other
versions had not expired. I THINK I have now got rid of the viruses, BUT
still have 1 problem unresolved. Can you help please? I am not a technical
person, so please keep it simple. In my Control Panel when I click on the
Add or Remove icon, I have found that some programs have disappeared and the
ones left only show Size and Used on the right hand side! the Change and
Remove boxes are no longer there. Can you help please? Thanks. Martin

 

[Dave M]

Hi Martin;
The Change and Remove boxes only show up when you left click on one of the
listed programs, so I guess my question is - are you just looking at the Panel
or are you actually selecting one of the programs by left clicking and
highlighting it? Roughly, what percentage and how many of the programs are
missing compared to what you had before the virus removals? Is show updates
checked at the top?

If you felt that you needed to dump MSAS that's your decision certainly, but I'd
stay off the internet until you find a replacement or decide to give it a re-try
when you're clean. Perhaps you are using the new Norton's Anti-Spyware that's
now bundled with some of the Symantec Suites? Anyway, you need at least one
recommended Anti-Spyware installed to be on the internet these days. Note that
we have had some (but not many) conflict problems reported with Norton's 2005+
and MSAS.

 

[Guest]

Hello Dave M
Thanks for your prompt & helpful message. Yes, I have clicked and
highlighted the left side on each program remaining. Only 2 or 3 show Change
& Remove boxes (the most recent installed programs only). Yes, I have tried
clicking on the Show Updates at the top. They appear but again only give the
date installed. I would guess about half of my programs have disappeared,
BUT everything seemes to be working OK now, apart from the Add or Remove
program. All my Toshiba programs are missing, for example, but thet are
still in my Start/All Programs list, and when I click on them they seem to
work. Regarding protection, I already had Spyware Doctor and Spybot S&D
installed, so I think they might have prevented (?) any more harm. Do you
know how I can re-install or repair The Add or Remove Program please? Would
I use the MS Office disk or MS Windows (OEM) disk? Thanks again.
Martin

 

[Dave M]

OK Martin;
Here's a few links to help you, but the second one involves registry editing so
you might get a friend to help if your not comfortable with that... most people
aren't. Seems like most of the time it's a big white space in the middle of
that Panel that makes you think your at the end of the list... scroll down to
see the missing progs. Remember Google is your friend... I found these doing a
Google search with the search parameters: Control Panel Add or Remove populate

If you use AutoCAD look here:
http://www.alegsa.com.ar/Visitas/i58/Add - remove program fails to populate.php

If not look here at post #52
http://www.wilderssecurity.com/showthread.php?t=47155& page=3

if neither of these apply, try that same Google search, as there are lots of
possibilities.