• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 875
  • Last Modified:

i have tried all the suggestions in remove razespyware. nothing seems to work. help?

is there any thing to get this razespyware off?
0
jasonkrizov
Asked:
jasonkrizov
3 Solutions
 
Eric AKA NetminderCommented:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.spywarewarrior.com/family_resemblances.htm#22

Can you be a little more specific about what you've tried, either by posting links to the instructions you've received, or by posting the steps you've taken?

Here's one thread that talks specifically about it... http://www.landzdown.com/index.php?topic=3707.0

If you can post a HijackThis log`to someplace like geocities or angelfire, so we can take a look at it, then we might be able to help.

ep
0
 
GUEENCommented:
Download Hijack this:
http://www.spywareinfo.com/~merijn/

Run it then then analyze it here:
http://www.hijackthis.de/

post back here or compare with pcbutts file below and checkmark these items off.

Look for settings like below and checkmark them for deletion (or post your log file back here)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://deluxe-se.com/pr/remove_spyware/1/index.html 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/uk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 218.145.25.11:8080
O1 - Hosts: 81.86.13.50 drod
O1 - Hosts: 152.114.231.8 sun
O2 - BHO: sxpdr32.MyBHO - {5D0F16E6-47DF-11DA-8802-00024493948B} -
C:\WINDOWS\system32\sxpdr32.dll (filesize 82432 bytes, MD5
213732819D2B560638E0E630AEAA7509)
O4 - HKCU\..\Run: [klop] C:\WINDOWS\5B.tmpC:\WINDOWS\5B.tmp
O4 - HKCU\..\Run: [kqwf]
C:\PROGRA~1\COMMON~1\kqwf\kqwfm.exeC:\PROGRA~1\COMMON~1\kqwf\kqwfm.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) -
http://mail.rs6000.co.uk/iNotes.cab 
O16 - DPF: {7CDEF321-1112-237A-0001-F763FAF2E70D} -
http://cashdeluxe.net/bho/loader.exe 
O17 -
HKLM\System\CCS\Services\Tcpip\..\{C6F9D268-A73E-4DD0-8BD9-2760CCA7E05B}:
NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\ENAPI2.dll
(file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} -
C:\WINDOWS\system32\ehaofgoj.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} -
C:\WINDOWS\system32\miamgkpl.dll (file missing)


After all is said and done - download pcbutts killbox here http://www.pcbutts1.com/downloads/killbox.zip

0
 
war1Commented:
Greetings, jasonkrizov !

Use SmitRem to remove RazSpyware, and then clean up the Desktop. Follow the instructions here?

http://www.help2go.com/Tutorials/Protect_Your_PC/RazeSpyware_Removal_:_A_How-To.html

Best wishes!
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
jasonkrizovAuthor Commented:
hello,

ok so i tried all the steps you have said in the past about raze, war1. i tried the msdos thing in safemode, did not find anything. i tried the hijackthis still nothing. i even tried the microsoft customer service in which i was referred here. with microsoft what we did was. we went regedit and msconfig on the run icon actually we typed this in and what i found was all these spy programs there was like 20 or so programs that had spy in them. i deleted all these files. then i we tried some other stuff i cant remember what. but it got me closer to getting the banner off my desk top. so after 1 and 1/2 hours still the banner was there. so i came here. i started reading all the steps that you and ian went over and tried them. nothing. it was not in those areas you discussed. i did not find zybigui.dll or svchct32.exe. so i came back to read more. what did find was that if i went to control panel-display-desktop-customize desktop-web, that there was security checked so i deleted this and it seems to have worked at least for now. but if i have any more problems i will be sure to contact you. i don't know if this will help anyone but do not get spyfalcon it is a ripoff company ah a rogue anti-spyware software if you will.

i hope this helps you guys in fighting this crap.

jason
0
 
jasonkrizovAuthor Commented:
oh sorry for not mentioning the other two replys shekerra and ericpete thanks for your hard work in helping me.

jason
0
 
GUEENCommented:
I hate to be the bearer of bad tidings but if you have xp and have system restore enabled - that is bad all the way around because that little hijack is inside a restore point... This particular hijack is really quite nasty.

If it happened to me I would back up all my docs and save what I needed then Fdisk/format. Not an answer that most people want to hear - but hijacks and such still leave hooks and can often wake up when you least expect it.
0
 
jasonkrizovAuthor Commented:
so if the thing is still there then i need to fdisk/format. ok first what does that mean and second how do i do this.  another thing to is i was defragmentating my computer and so in the file lines trojan.something. i think this is bad but not sure.

jason
0
 
jasonkrizovAuthor Commented:
yes i have windows defender, spybot and ad aware se. i tried downloading the others mentioned above and could not get them to down load.

jason
0
 
GUEENCommented:
What it all means is that your system is seriously compromised (trojan being very bad as well.) There should be computer specialists in your community that you should consult with to have this properly taken care of. A good computer specialist would wipe your system and reinstall all.

Best to you.
0
 
jasonkrizovAuthor Commented:
ok well i will talk with them and see what has to happen thanks

jason
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now