Remove Spyware Now! Make Your Computer Faster!
[/caption]
I was removing some spyware off a friends desktop today and all the normal programs didnt seem to work. I tried the usual Malware Bytes, Superantispyware and Combofix all without luck.
I stumbled onto this little gem, http://www.freedrweb.com – a free spyware remover.
If all else fails, its a good tool to try after exhausting the others.
Ive dealt with most of the current spyware today. Most of the time its pretty easy to fix if you follow these simple steps.
Boot Windows into Safe-Mode with Networking.
- Tap F8 on the keyboard just after seeing the BIOS screen of your manufacturer after turning it on.
Download the free version of Malware Bytes and Install it. Be sure to Check For Updates when prompted.
- Run the program and delete any found items.
If that doesnt work. Download ComboFix.
- Save the file to your desktop and then double click to run. Be sure to follow the directions and install the Repair Console when prompted.
If you click on .exe files and the files wont run, saying the file is “infected”, you need to fix the .exe association. You can download
the .exe file association fix HERE.
- This may not work once your booted up, so you may need to put this file on your desktop and reboot the laptop into safe-mode as instructed above. Then immediately when you see the desktop double click this file to enter the information into the registry before the spyware has a chance to block it. You may also be able to be quick and double click the file and press enter quickly when the pop-up comes up. Its worked for me both ways, you just need to be persistent and try.
If REGEDIT (Registry Editing) has been disabled by the Administrator, you need a .VBS file to reallow that capability. That can be found HERE.
- Again, this should be easy to install, as no spyware that I know of blocks it yet.
After you get the machines scanned in Safe-Mode, be sure to rescan the machine in regular mode and do a FULL SCAN. There will be small files throughout the OS that need to be deleted.
I have seen at least 100 laptops in the past week infected with malware from Facebook. The user clicked a link to a video that a friend had posted on the profile. The only problem is the user didnt post it, a malware posted it automatically.
If you see a link to a video on your Facebook profile, delete it or dont click on it.
This has become a growing trend in the war on spyware. The spyware makers realize what is going to be used to remove their spyware product from your computer. They are familiar with SuperAntiSpyware, Malware Bytes and Combofix.
You will find that when you try to install these programs, they either shutdown or dont install at all.
All is not lost however, its just a matter of trying different approaches to removing the malware or spyware.
If you cant get the spyware off and cant get anything to run, it really depends on what is causing it not to run. If its the .exe file that is casuing the problem, get the .exe file fixer and try to run .exe files again. If that works, great, you can try to install a program like SuperAntiSpyware.
Many times, you might have to boot into Safe-Mode by pressing F8 upon boot up. Then try installing the spyware remover there. Also, try Combofix in safe mode. That might get enough off to start using a program like Malware Bytes or SuperAnti in regular mode.
Ive received alot of feedback and would offer help if needed. Just post a comment with your email address and ill help you out. Dont worry, your email will be safe as I need to approve the comments before posted.
Also, if you are here, Id appreciate it if you click on the Google Ads to the left, they help me with monthly fees for hosting. Thats really my only costs.
Thanks!
When you type a search into Google it directs you to a page other than the page you were looking for. You have been hijacked or malware has been installed on your computer. The first thing to try is:
Internet Explorer -> Tools -> Connections -> LAN Settings
See if a Proxy has been setup. If it has, uncheck the proxy.
The next step is to get Superantipyware and run a scan. Anything it finds, remove.
Many times a pop-up stating that the file your trying to run is infected. This is simply an issue with the way the .exe file is setup to run. The spyware people add code to make another application launch when you click on this type of file. This can be overcome by editing the regsitry and correcting the .exe association.
Find the association fix here: .EXE Association Fix
Sometimes you may need to do this quickly when Windows boots before the “rogue application” loads. Also, it might be possible to do this in Safe-Mode, by pressing F8 at boot up before you see the Windows XP splash screen.
AntiToolbar is a malicious application which is used to threaten computer users and steal their money. AntiToolbar is the clone of another rogueware called AntiSpyWare 2010 and acts in a very similar manner.
Once installed AntiToolbar starts scanning your PC and, of course, detects a list of files which are considered to be infections. However, these files are created in advance by Trojans, on which the software is based. After that you keep getting annoying pop-up messages which also warn that you are in danger.
Do not trust AntiToolbar. This is a fake and maliciuos tool to trick you. If you have this rogueware on your PC, follow our site and we will provide you with the full removal instructions.
AUTOMATIC REMOVAL SOFTWARE – SUPERANTISPYWARE
Manual AntiToolbar Removal Instructions:
Stop These AntiToolbar Processes:
AntiToolbar.exe
Find and Delete These AntiToolbar Files:
AntiToolbar.exe
Remove These AntiToolbar Registry Values:
HKEY_CURRENT_USER\S-1-5-21-1172441840-534431857-1906119351-500
SpyEraser is a rogue anti-spyware application designed to deceive computer users and steal their money. As soon as SpyEraser is installed on your PC, it starts scanning your computer and then displaying maliciuos warnings that your system is in danger.
Do not trust SpyEraser. It’s fake software although looking like a legible program. SpyEraser is neither able to detect, nor to remove any infections from your PC.
AUTOMATIC SPYERASER REMOVAL BY SUPERANTIPSYWARE
Manual SpyEraser Removal Instructions:
Stop These SpyEraser Processes:
uninstall.exe
spyeraser.exe
Find and Delete These SpyEraser Files:
%ProgramFiles%\SpyEraser\data.dll
%ProgramFiles%\SpyEraser\SpyEraser.exe
%ProgramFiles%\SpyEraser\Uninstall.exe
%AllUsersProfile%\Desktop\SpyEraser.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\Launch SpyEraser.exe.lnk
%AllUsersProfile%\Start Menu\Programs\SpyEraser\SpyEraser\SpyEraser Uninstall.exe.lnk
%UserProfile%\Local Settings\Application Data\Downloaded Installations\{E5FF35CB-AAE1-4CD6-BFDE-D0BCE9CCBA4C}\SpyEraser.msi
%SystemRoot%\Installer\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}\SpyEraser.exe1_5D3FA81F1A6D4924AD5250A57005F147.exe
Remove These SpyEraser Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\software\microsoft\SpyEraser
HKEY_LOCAL_MACHINE\software\Classes\Installer\Features\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Media
HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\2E4272A663E5E2F4B9D3A41776473B9F\SourceList\Net
HKEY_LOCAL_MACHINE\software\Classes\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\SpyEraser
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\21B289D0EDBF1BD48A4C39C60AF74DE9
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA061871792C67E4997020ED0AF0253E
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBAB827A17F9D9B40B5A18854589281C
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Features
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\InstallProperties
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Patches
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2E4272A663E5E2F4B9D3A41776473B9F\Usage
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\{6A2724E2-5E36-4F2E-9B3D-4A716774B3F9}
Remove This Threat: Click Here
PcsProtector is a rogue anti-spyware program that is promoted and installed through the use of Trojans that pretend to be programs necessary to view certain online videos. When you download and install this Trojan it will install the rogue and configure it to start automatically when your computer starts. This same Trojan will also create fake malware files on your computer with random filenames that are then detected as viruses when PcsProtector scans your computer. The program, though, will state that it will not remove these files until you first purchase it. This is obviously a scam as the program is only detecting the files it created in the first place. In reality, these files are harmless and do not pose any risk to your computer. Thus this programs scan results should be ignored.
The Trojan that installed PcsProtector will also display fake security alerts and messages on your desktop. These alerts will state that active malware has been found, that your being attacked by a remote computer, or that you are sending sensitive data to a remote location. The titles of these alerts will be Spyware Alert!, Infiltration Alert!, or Security Center Alert!. The Trojan will also display a fake Windows Security Center screen that will suggest that you purchase PcsProtector to protect yourself. PcsProtector will also hijack Internet Explorer so that it randomly displays a security warning when you browse the web. This security warning will state that the site you are visiting is infected or malicious and that you should purchase PcsProtector to protect yourself. Just like the scan results, these fake warnings and messages should be ignored as they are just another attempt to make you think your computer has a security problem.
One of the biggest problems I encounter day after day is virus’s and spyware contracted through Peer to Peer sharing. Most of the time I get the excuse that the users children download music and content from these sites. I educate the user to understand that this sharing is actually illegal and results in an infection.
Guide to Limewire Virus Avoidance.
This is a general guide to avoiding viruses embedded in files commonly found in the file sharing program Limewire.
Before you even download a file always ignore the star count rating next to the file. Many people who share files DO NOT know they are infected! Instead from within the search results window right click on the file you want to download and choose advanced. Now choose look up file with Bitzi. If people have posted warnings about the file you will find it here. Lastly once you download a file DO NOT open it from within LimeWire!! Instead go to the folder where you have chosen LimeWire to store your downloads. Next find the file you just downloaded and scan (THAT FILE) with your anti-virus/spyware program. I.e. AVG anti-virus spyware allows you to right click and scan a selected file. Or you can scan the whole shared folder for example. Then you can choose to open the file. Stay proactive keep your virus/spyware definitions up to date.
1. Think about what it is that you want to download.
2. Make sure that the content you are downloading is legal.
3. Realize that searching for a game on Limewire usually results in an average of 50-70% of content to be a virus. Your game will probably be much larger than a virus. So as a general rule of thumb, anything that’s claiming to be a game but is less than 5 MB in size is most likely a virus.
4. Realize that music has a camouflage virus. For example, if you type “Temmperaturree-Sean Paul” (Mistakes and all…) a camouflage virus will be a search result and it will read “Temmperaturree-Sean Paul” as opposed to a real song which will read “Temperature – Sean Paul” and if you move the mouse over it you will see the year, CD it is from and other information; you will see nothing about the “song” when it is a camouflage virus.
5. Do not download any file types that you do not want, so if you want an mp3 music file, don’t be downloading any exe files. Remember click the tab to search for Music only.
6. Know that it depends on the size for programs. If it’s a small program like Trayit (a program that will minimize programs into the system tray) or Artmoney (a game cheat program), you’ll have to only download the .zip or .rar files and scan them for viruses. For larger programs you can usually follow the same rule of thumb for games.
7. Also look for the BitRate for Music. If there’s no BitRate in a music file, there’s no music in the file. It means that it is a virus. Videos and Software don’t have BitRates.
8. Another thing to do when you download a file, for example Mp3’s, right-click at the bar at the top (that’s the info bar), select the “length” option, and again, check if it has any length available, if not, it’s probably a virus, and if it’s ABOVE the exact length, e.g. your song is typically 2 to 3 minutes, but the file is 23 minutes, that’s probably a virus.
9. Look at how the file is displayed, most likely but not always the ones that aren’t capitalized are viruses.
10. If you do download a file look at the status, if it is going unusually fast it might be a virus.
* Your IP address is not used while chatting with a host.
* Be careful with what you download because the music industry does sue people that steal their music for millions of dollars.
* Do not download something that claims to be a downloader or something that says it contains a link in it that can download what you want. It’s usually a trick.
* Never open an .exe file that you downloaded off Limewire. Especially if it has a white box instead of a real icon. (Although, some legitimate programs just use the default Windows icon for executables…)
* Do not download video files, many of them have pop-ups and install malicious programs.
* Songs are 3-7 MB, Videos are 10 MB+, Games from 2000 or before are about 250 MB, while newer games are in the GB+ range.
* What to do if you downloaded a virus? Erase the file, scan your computer and quarantine anything that comes up. Viruses can steal credit cards, passwords, even your social security number. Be cautious!
* Be wary of more cleverly disguised files, even though they say that they are what you were looking for, they still could be dangerous, don’t download “SONGS” that are below 1 MB, Limewire should warn you automaticly if you are about to download a dangourous file. But dont rely on that to be safe, always double check what you are downloading
* Gnutella is one of the most virus filled networks. It is suggested to use alternatives such as bittorrent.
* It is possible to download Limewire Pro from Limewire! (But if you don’t want to do something illegal download frostwire instead. Its based on LimeWire Pro and its free.)
Copyright © 2009 EASY SPYWARE REMOVAL | Great Deals presents Curious ...a WordPress Theme by WebRevolutionary.
