i have tried all the suggestions in remove razespyware. nothing seems to work. help?

is there any thing to get this razespyware off?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eric AKA NetminderCommented:

Can you be a little more specific about what you've tried, either by posting links to the instructions you've received, or by posting the steps you've taken?

Here's one thread that talks specifically about it... http://www.landzdown.com/index.php?topic=3707.0

If you can post a HijackThis log`to someplace like geocities or angelfire, so we can take a look at it, then we might be able to help.

Download Hijack this:

Run it then then analyze it here:

post back here or compare with pcbutts file below and checkmark these items off.

Look for settings like below and checkmark them for deletion (or post your log file back here)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer =
O1 - Hosts: drod
O1 - Hosts: sun
O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} -
C:\WINDOWS\system32\sxpdr32.dll (filesize 82432 bytes, MD5
O4 - HKCU\..\Run: [klop] C:\WINDOWS\5B.tmpC:\WINDOWS\5B.tmp
O4 - HKCU\..\Run: [kqwf]
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
O16 - DPF: {7CDEF321-1112-237A-0001-F763FAF2E70D} -
O17 -
NameServer =
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\ENAPI2.dll
(file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
C:\WINDOWS\system32\ehaofgoj.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
C:\WINDOWS\system32\miamgkpl.dll (file missing)

After all is said and done - download pcbutts killbox here http://www.pcbutts1.com/downloads/killbox.zip

Greetings, jasonkrizov !

Use SmitRem to remove RazSpyware, and then clean up the Desktop. Follow the instructions here?


Best wishes!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

jasonkrizovAuthor Commented:

ok so i tried all the steps you have said in the past about raze, war1. i tried the msdos thing in safemode, did not find anything. i tried the hijackthis still nothing. i even tried the microsoft customer service in which i was referred here. with microsoft what we did was. we went regedit and msconfig on the run icon actually we typed this in and what i found was all these spy programs there was like 20 or so programs that had spy in them. i deleted all these files. then i we tried some other stuff i cant remember what. but it got me closer to getting the banner off my desk top. so after 1 and 1/2 hours still the banner was there. so i came here. i started reading all the steps that you and ian went over and tried them. nothing. it was not in those areas you discussed. i did not find zybigui.dll or svchct32.exe. so i came back to read more. what did find was that if i went to control panel-display-desktop-customize desktop-web, that there was security checked so i deleted this and it seems to have worked at least for now. but if i have any more problems i will be sure to contact you. i don't know if this will help anyone but do not get spyfalcon it is a ripoff company ah a rogue anti-spyware software if you will.

i hope this helps you guys in fighting this crap.

jasonkrizovAuthor Commented:
oh sorry for not mentioning the other two replys shekerra and ericpete thanks for your hard work in helping me.

I hate to be the bearer of bad tidings but if you have xp and have system restore enabled - that is bad all the way around because that little hijack is inside a restore point... This particular hijack is really quite nasty.

If it happened to me I would back up all my docs and save what I needed then Fdisk/format. Not an answer that most people want to hear - but hijacks and such still leave hooks and can often wake up when you least expect it.
jasonkrizovAuthor Commented:
so if the thing is still there then i need to fdisk/format. ok first what does that mean and second how do i do this.  another thing to is i was defragmentating my computer and so in the file lines trojan.something. i think this is bad but not sure.

jasonkrizovAuthor Commented:
yes i have windows defender, spybot and ad aware se. i tried downloading the others mentioned above and could not get them to down load.

What it all means is that your system is seriously compromised (trojan being very bad as well.) There should be computer specialists in your community that you should consult with to have this properly taken care of. A good computer specialist would wipe your system and reinstall all.

Best to you.
jasonkrizovAuthor Commented:
ok well i will talk with them and see what has to happen thanks

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.