Spyware recovery

[Gary Walker]

Details:

Win/XP home(neighbor's system)
Contracted non-malicious(apparently) intruder - "pest trap".
Many other non-significant details, but I became so im-
patient with this system so clogged with unknown/needed
process(es), I initially began a serious SF removal and
clean-up. Response time was measured in 15 minute
intervals. <g>

So, have I now compromised any ability for a recovery
point restore as an attempt at PT removal?

Or, any other suggestions?


Thank you,

Gary

 

[Guest]

Rather than manually attempting removal, (loads of work and usually not
effective)
use the free software out there to do the removal, and scans, hijack this,
adaware,
free online scans for malware and virus etc.
Since you didn't give details on what you did, there is no way of telling if
you did damage. what does SF removal mean??

 

[David H. Lipman]

From: "Gary Walker" <[email protected]>

| Details:
|
| Win/XP home(neighbor's system)
| Contracted non-malicious(apparently) intruder - "pest trap".
| Many other non-significant details, but I became so im-
| patient with this system so clogged with unknown/needed
| process(es), I initially began a serious SF removal and
| clean-up. Response time was measured in 15 minute
| intervals. <g>
|
| So, have I now compromised any ability for a recovery
| point restore as an attempt at PT removal?
|
| Or, any other suggestions?
|
| Thank you,
|
| Gary
|



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate section.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.



Part 1
-----------

Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
but your PC will automatically be shutdown. It is suggested that you move the report out of
c:\mcafee before performing another scan.

It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


ALTERNATE:

S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

* * * Please report back your results * * *

 

[Rock]

Details:

Win/XP home(neighbor's system)
Contracted non-malicious(apparently) intruder - "pest trap".
Many other non-significant details, but I became so im-
patient with this system so clogged with unknown/needed
process(es), I initially began a serious SF removal

What is a "serious SF removal"?

and clean-up. Response time was measured in 15 minute
intervals. <g>

Response time for what?

So, have I now compromised any ability for a recovery
point restore

What do you mean by a "recovery point restore"?

as an attempt at PT removal?

What is "PT removal"?

Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Richard Harper's Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm