i have tried all the suggestions in remove razespyware. nothing seems to work. help?

is there any thing to get this razespyware off?
jasonkrizovAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
Eric AKA NetminderCommented:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.spywarewarrior.com/family_resemblances.htm#22

Can you be a little more specific about what you've tried, either by posting links to the instructions you've received, or by posting the steps you've taken?

Here's one thread that talks specifically about it... http://www.landzdown.com/index.php?topic=3707.0

If you can post a HijackThis log`to someplace like geocities or angelfire, so we can take a look at it, then we might be able to help.

ep
0
 
GUEENCommented:
Download Hijack this:
http://www.spywareinfo.com/~merijn/

Run it then then analyze it here:
http://www.hijackthis.de/

post back here or compare with pcbutts file below and checkmark these items off.

Look for settings like below and checkmark them for deletion (or post your log file back here)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://deluxe-se.com/pr/remove_spyware/1/index.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 218.145.25.11:8080
O1 - Hosts: 81.86.13.50 drod
O1 - Hosts: 152.114.231.8 sun
O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} -
C:\WINDOWS\system32\sxpdr32.dll (filesize 82432 bytes, MD5
213732819D2B560638E0E630AEAA7509)
O4 - HKCU\..\Run: [klop] C:\WINDOWS\5B.tmpC:\WINDOWS\5B.tmp
O4 - HKCU\..\Run: [kqwf]
C:\PROGRA~1\COMMON~1\kqwf\kqwfm.exeC:\PROGRA~1\COMMON~1\kqwf\kqwfm.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://mail.rs6000.co.uk/iNotes.cab 
O16 - DPF: {7CDEF321-1112-237A-0001-F763FAF2E70D} -
http://cashdeluxe.net/bho/loader.exe 
O17 -
HKLM\System\CCS\Services\Tcpip\..\{C6F9D268-A73E-4DD0-8BD9-2760CCA7E05B}:
NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\ENAPI2.dll
(file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
C:\WINDOWS\system32\ehaofgoj.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
C:\WINDOWS\system32\miamgkpl.dll (file missing)


After all is said and done - download pcbutts killbox here http://www.pcbutts1.com/downloads/killbox.zip

0
 
war1Commented:
Greetings, jasonkrizov !

Use SmitRem to remove RazSpyware, and then clean up the Desktop. Follow the instructions here?

http://www.help2go.com/Tutorials/Protect_Your_PC/RazeSpyware_Removal_:_A_How-To.html

Best wishes!
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
jasonkrizovAuthor Commented:
hello,

ok so i tried all the steps you have said in the past about raze, war1. i tried the msdos thing in safemode, did not find anything. i tried the hijackthis still nothing. i even tried the microsoft customer service in which i was referred here. with microsoft what we did was. we went regedit and msconfig on the run icon actually we typed this in and what i found was all these spy programs there was like 20 or so programs that had spy in them. i deleted all these files. then i we tried some other stuff i cant remember what. but it got me closer to getting the banner off my desk top. so after 1 and 1/2 hours still the banner was there. so i came here. i started reading all the steps that you and ian went over and tried them. nothing. it was not in those areas you discussed. i did not find zybigui.dll or svchct32.exe. so i came back to read more. what did find was that if i went to control panel-display-desktop-customize desktop-web, that there was security checked so i deleted this and it seems to have worked at least for now. but if i have any more problems i will be sure to contact you. i don't know if this will help anyone but do not get spyfalcon it is a ripoff company ah a rogue anti-spyware software if you will.

i hope this helps you guys in fighting this crap.

jason
0
 
jasonkrizovAuthor Commented:
oh sorry for not mentioning the other two replys shekerra and ericpete thanks for your hard work in helping me.

jason
0
 
GUEENCommented:
I hate to be the bearer of bad tidings but if you have xp and have system restore enabled - that is bad all the way around because that little hijack is inside a restore point... This particular hijack is really quite nasty.

If it happened to me I would back up all my docs and save what I needed then Fdisk/format. Not an answer that most people want to hear - but hijacks and such still leave hooks and can often wake up when you least expect it.
0
 
jasonkrizovAuthor Commented:
so if the thing is still there then i need to fdisk/format. ok first what does that mean and second how do i do this.  another thing to is i was defragmentating my computer and so in the file lines trojan.something. i think this is bad but not sure.

jason
0
 
jasonkrizovAuthor Commented:
yes i have windows defender, spybot and ad aware se. i tried downloading the others mentioned above and could not get them to down load.

jason
0
 
GUEENCommented:
What it all means is that your system is seriously compromised (trojan being very bad as well.) There should be computer specialists in your community that you should consult with to have this properly taken care of. A good computer specialist would wipe your system and reinstall all.

Best to you.
0
 
jasonkrizovAuthor Commented:
ok well i will talk with them and see what has to happen thanks

jason
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.