AproposMedia comes back after deleting in registry

[Rich]

I have used Microsoft AntiSpyware, Spybot, and Spyware Doctor in Normal Mode
and Safe Mode on a Windows XP Home Edition SP2 PC to remove the AproposMedia
Adware, but it appears again in the registry every time I get on the
Internet. There's a folder in HKEY LOCAL MACHINE\software called Aprps.
Microsoft Antispyware finds it and says it removes it, but it comes back. I
tried to manually remove it and it still won't go away for good.
How do I get rid of this?

Thank you,

Rich

 

[Andre Da Costa]

Andy Manchesta wrote:
Try Ewido and Ccleaner , There is probably files in temp
folders as a backup incase you delete the main files and
using Ewido & Cceaner will clear these

download, install and update the free version of
Ewido trojan scanner:

http://www.ewido.net/en/download/

When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

From the main ewido screen, click on update in the left
menu, then click the Start update button.
After the update finishes (the status bar at the bottom
will display "Update successful").

Exit Ewido DO NOT SCAN yet


Please download CCleaner,

http://www.ccleaner.com/ccdownload.asp

Install it but do not run it yet.



Boot into safe mode:

Restart your computer and as soon as it starts booting up
again start tappin the F8 key.

A menu should come up where you will be given the option
to enter Safe Mode.

Run ewido, click on the Scanner button in the left menu,
then click on the Complete scan.

If ewido finds anything, it will pop up a notification.
You can select "Remove" and check the boxes "Perform
action with all infections" and "Create encrypted backup"
before clicking on OK.

When the scan finishes, there will be some options at the
bottom of the screen, click on "Save Report". This will
create a text file, save that to your desktop incase we
need it later

Run MS Antispy on a full scan and remove anything found

Run Ccleaner and press "Run Cleaner"

Reboot back to Normal mode.


Let us know if you need any more help with this


Regards Andy

--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Engel]

Hello Rich;


See;
http://securityresponse.symantec.com/avcenter/venc/data/sp
yware.apropos.b.html


From: "AndyManchesta" Subject: Re: Apropos is Very
Resilient Sent: 9/8/2005 1:32:26 PM

Try Ewido and Ccleaner , There is probably files in temp
folders as a backup incase you delete the main files and
using Ewido & Cceaner will clear these

download, install and update the free version of Ewido
trojan scanner:

http://www.ewido.net/en/download/

When installing, under "Additional Options"
uncheck "Install background guard" and "Install scan via
context menu".

From the main ewido screen, click on update in the left
menu, then click the Start update button.
After the update finishes (the status bar at the bottom
will display "Update successful").

Exit Ewido DO NOT SCAN yet

Please download CCleaner,

http://www.ccleaner.com/ccdownload.asp

Install it but do not run it yet.

Boot into safe mode:

Restart your computer and as soon as it starts booting up
again start tappin the F8 key.

A menu should come up where you will be given the option
to enter Safe Mode.

Run ewido, click on the Scanner button in the left menu,
then click on the Complete scan.

If ewido finds anything, it will pop up a notification.
You can select "Remove" and check the boxes "Perform
action with all infections" and "Create encrypted backup"
before clicking on OK.

When the scan finishes, there will be some options at the
bottom of the screen, click on "Save Report". This will
create a text file, save that to your desktop incase we
need it later

Run MS Antispy on a full scan and remove anything found

Run Ccleaner and press "Run Cleaner"

Reboot back to Normal mode.

Let us know if you need any more help with this

Good luck

Engel

 

[AndyManchesta]

Here's a couple more options

Download symantecs removal tool

http://securityresponse.symantec.com/avcenter/FixAprop.exe

Save to desktop

Reboot into safe mode (Reboot and keep tapping F8)and run
the Symantec removal tool by double clicking FixAprop.exe
then use Ewido and Ccleaner

(Safe mode is important as products with real time
protection can prevent changes being made which may
interfere with the removal of malware)

Also check your add/remove screen(Start Menu>Control
Panel>Add/Remove Programs) for:

Apropos
AproposClient
AproposMedia
POP (People on Page)

And remove if found.

Regards Andy

 

[Rich]

Andy,

I did everything you suggested. The Symantec tool did not find anything.
Ewido found some things but not AproposMedia. Same with Ccleaner. I ran
all three in Safe Mode. I also ran Microsoft Antispyware in Safe Mode and
it found the Aprps folder in the registry and removed it. I rebooted. As
soon as I got on the Internet the Aprps folder came back.

Any more suggestions?

Thank you,

Rich

 

[Tom Emmelot]

Hello Rich,

try the Beta from Trend:

http://www.trendmicro.com/download/trial/trial-as.asp

Regards >*< TOM >*<

 

[Rich]

Thank you for everyone's suggestions.
Well, I tried the Trend Antispyware and that detected a few more items, but
not the AproposMedia Aprps folder in the registry.

This is very frustrating. Has anybody else had this rough of a time getting
rid of this Aprps folder in the registry? I've also done the manual
removals I see on most Security websites. It seems all traces of
AproposMedia are gone except for the Aprps folder in the registry and when I
delete it, it shows up again when I get on the Internet.

Any more suggestions?

Rich

 

[AndyManchesta]

Hi Rich

Its hard to know what the next step should be if
Add/Remove doesnt list Apropos or POP and symantec and
Ewido Shows clean, It would make sense If MSAS was
finding files and reg entries for apropos each time but
not just reg entries because there is no reason they
should keep returning if there isnt malware files
running.

Try Toms suggestion and see if this helps and if you
still have problems use Hijack This and post the log it
produces and I can check your system in more detail.

Check add/remove again and make sure none of these
entries are present :

AproposClient/Apropos/POP/AMServer/CtxPls/SysAI

Remove if found

Also check the C:\Program Files area for these names and
delete the folders if any exist

Try Hijack This if you need to and post the log on here
to my email and I will check it over for any malware
entries

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Save to desktop or c:drive , extract and run HJT and
choose to do a system scan and save the logfile, when its
finished scanning it will open the reults in notepad ,
post them back and I will try help more on this

I cannot think of any other option now if you have tried
Add/Remove & Safe mode plus ewido and Ccleaner so the
Hijack log would help to show if there is any problems on
your system **Note most of what Hijack This finds will be
harmless or essential so post the log before fixing things

Thanks Andy

 

[Rich]

I tried Hijack This and it didn't find it in the registry. I tried all the
suggestions here. Looks like I'll have to clean the drive it if gets worse.
Thank you to everyone who offered their suggestions.

Rich

 

[Guest]

Rich-

I've got the same problem!

Did you ever get a solution that worked???

--Jonny

 

[Guest]

Hey Fuzzmaster. Ever find a solution?

Rich-

I've got the same problem!

Did you ever get a solution that worked???

--Jonny

 

[Guest]

No. No luck. You're the only reply I got. This one's a real pain. I suppose a
fix will eventually be developed. Just keep downloading anti-virus updates.
Let me know if you hear of anything new and I'll do the same.

Jonny