?
Solved

Spy wares and addwares...immediate

Posted on 2006-04-19
21
Medium Priority
?
794 Views
Last Modified: 2010-04-11
i want immediate help plzzzz...........................i have been infected by spywares and adult addwares :)   .............. my system had slowed down really ........i am using mccaffe 10 , for virus protection but no virus or threat has been detected


plz tell me which one is the best spyware romover ( no demo plz i want a permanet solution)...because the net is floded with thousands of spyware removers ......well there are tools which are free  recommend those too .........but recommend the best one in the market .....adult adwares are killin me out :P

one thing which continiously disturbes me is suddenly a popup appairs in the startup panel and when i click on it it opens www.spywarequake.com....it annoys me a lot specially when using programs like an encyclopedia or playing a game...
the pop is red in colour and reads

"critical system error....system detected virus activities..this may cause system faiiliure pls use antimalware software to clean and protect ur system with parasital activities click to get available software " 
0
Comment
Question by:lov_hacker
  • 8
  • 5
  • 2
  • +4
19 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 200 total points
ID: 16491012
Hello there,

Go here for the 2 best spyware/adware removers. They work great!

Spybot S&D

http://www.spybot.info/en/download/index.html (download 1.4)

Adaware SE Personal

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5 

Hope this helps
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16491022
You can also download hijackthis

http://www.download.com/HijackThis/3000-8022_4-10379544.html

also another great program
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16491040
Also go to command line and type "msconfig"

Go to the startup tab and disable any/all of the programs that you don't want running when windows starts.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:lov_hacker
ID: 16491055
yeah i have done that one i am checking the linkz too








thankz
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16491315
Anytime

:-)

let me know if they get rid of the spyware that you have. I also know a few other programs that might help. But the ones that I gave you should do the trick.
0
 

Author Comment

by:lov_hacker
ID: 16491582
ya from "add aware se" the adult addwares and other r removed......but i am still geting the massage of  alert system enfected continuesly which open a site   www.spywarequake.com   :@  ......that is really anoying....the site is abt a program named spyware quake which is an anti spyware , but this had becomed a great spyware for me now .......the icon is continuesly in the system tray and is not removing .....one more it also open a site named www.spyguard.com :P ....
plz tell me abt this too if ya knew ...





abt this link hijack ..........mccaffe 10 has deleted this saying this one is a trojan :-o  .......... do see it....

http://www.download.com/HijackThis/3000-8022_4-10379544.html
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16491934
Have you gone into add/remove programs and see if there is anything that is associated with this program that is running in the system tray?

Did you try Spybot? You didn't mention this one. When you install it make sure that you do an update and install everything that comes up. when the updates are finished go into Immunize and update that as well.

Try and do these scans in Safemode. The program is probably loading automatically when you start windows.

Another thing you can try doing is go into administrative tools and "Services" and see if the program is in there. If it is disable it.

Also you could go to Google.ca and then click on the link www.google.com then click more. Download the google pack and it will give you a list of software. You will find Norton Antivirus 2005 this is a 6 month full version trial. Download that and run a full system scan on your computer in safe mode.

hope this helps
0
 

Author Comment

by:lov_hacker
ID: 16491977
i am abt to try spybot lets see what happens ..................i will post soon now after nortan installation , i think that would surely help ....may this i pray


see ya
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16491999
Sounds good

:-)
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 200 total points
ID: 16492923
Hi,
If you still have problems,
Do this to remove SpywareQuake popups.

1. Download Smitrem.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in Safe Mode:

Open the "smitRem" folder, then double click the "RunThis.bat" file to start the tool. Follow the prompts on screen.  Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.


2. Then, download roguescanfix.exe , and save it to your desktop.
http://www.martijnc.be/tools/roguescanfix.exe
Double click roguescanfix.exe to install it.
Open the roguescanfix folder, and doubleclick run.bat. Make Sure you have an active internet connection!
Your desktop and icons will disappear and then reappear again, this is normal.
Wait till the message "Completed script execution" appears, then click OK.
Click "Exit" to close BFU.
Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall". Please wait until it is finished.
WARNING: You will be asked to reboot your computer. Wait until the uninstallers did their job before clicking YES.

*In case you still get the message BFU.exe is not present, download BFU.zip:
http://www.merijn.org/files/bfu.zip
Unzip it and place BFU.exe in the Roguescanfix-folder. Then doubleclick Run.bat again.


If problem persists,
Let us look at your Hijackthis log, turn off Mcafee while scanning(mcafee does that eventhough hijackthis is NOT a trojan.


You can also try Ewido anti-malware.
Download and install the free version of Ewido anti-malware.
http://www.ewido.net/en/download/
Update first then scan in safe mode.
0
 
LVL 11

Assisted Solution

by:phileoca
phileoca earned 200 total points
ID: 16499885
1) stop downloading Porno games
2) stop downloading porno
3) stop looking for free applications online
4) stop using the internet

when you're done with those, take the suggestions of the above people.
when all else fails

FDISK and FORMAT
0
 

Author Comment

by:lov_hacker
ID: 16501459
gr8 reply phileoca i am looking to gave u immediate 500 points for such a great answer :) ..........abt porno games and porns well majority people do it , and i am not a speacial one who does this...... (well good guessing thou by loking at some of my questions :)  ......)  

*****************************************************************************************

ya i can't still get rid off the quake message and it is annoying me a lot :@ so i would try ur linkz too man  "rpggamergirl"


see ya
bye
0
 

Author Comment

by:lov_hacker
ID: 16501529
why do u people  say me to scan my drives on  safe mode ?? what is the diffrence in scaning in safe mode and the GUI mode ...??
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16503059
@ phileoca, lol, stop using internet? I'm off for a "week-long" holiday tomorrow to a place where there's no internet access, but nice views and lots of fishing. I'm looking forward to it but I think I'll also miss my internet access! :)

lov_hacker,
Scanners works better in Safe Mode because not many services loads in safe mode, less conflicts and most importantly common malware doesn't run in safe mode so your scanner can easily sweep them off.

On the other hand, must NOT run Hijackthis in safe mode because it will produce a "next to useless" log.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16506548
Safemode is suggested because the malware programs can't be wiped clean because they are running in the background.

Did any of the things above help???
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 16512643
Please post a comment about any of the thing thats you have tried and let us know if any of the things listed are helping..

thanks
0
 
LVL 12

Assisted Solution

by:Heem14
Heem14 earned 200 total points
ID: 16537355
If your machine is as bad as you make it out to be. Stop wasting your time here looking for anti-spyware, and rebuild the machine. get your important documents... or.. maybe in this case.. pictures.. backed up somewhere and wipe out the machine. no amount of anti-anything is going to get rid of every last problem without major frustration.

And while you are rebuilding... perhaps you'd like to consider switching to Linux.... no threat of spyware like windows.

0
 
LVL 1

Expert Comment

by:nothing8171
ID: 16539312
dude, you need to change your name from "lov_hacker" to "know_nothing_about_hacking"
0
 

Assisted Solution

by:damod2k
damod2k earned 200 total points
ID: 16541067
By running your mahcine in safe mode and scanning with Ad-aware and Spyboy with their latest definitions you should be able to remove all the spyware intalled. If not use the manual method. You should also look at spyware protection softwares such as SpywareGuard, a very light real time scanning engine (free to download from http://www.javacoolsoftware.com/sgdownload.html), and also SpywareBlaster which doesn't run any processes in the background but blocks cookies, activeX etc. (free from www.javacoolsoftware.com/spywareblaster.html)

Manual method of removing SpywareQuake:

To remove SpywareQuake, first you must stop any SpywareQuake processes that are running in your computer's memory. To stop all SpywareQuake processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the  "Processes" tab, and select the following SpywareQuake processes:

spywarequakeinstaller.exe
spywarequake.exe
uninst.exe

Right-click these SpywareQuake processes and select "End Process."

Delete SpywareQuake Registry Keys

1. To delete SpywareQuake registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button.

2. Select "Run," and type "regedit" into the box.

3. Click "OK" button. Once the Registry Editor is open, find the following registry values:

Remove SpywareQuake registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SpywareQuake
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_CLASSES_ROOT\Typelib\{661173EE-FA31-4769-97D4-B556B5D09BDA}
HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelper Objects\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareQuake HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\App Paths\SpywareQuake.exe\: "%programfiles%\SpywareQuake\SpywareQuake.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run\SpywareQuake: "%program files%\SpywareQuake\SpywareQuake.exe /h"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayName: "SpywareQuake 2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\UninstallString: "%programfiles%\SpywareQuake\uninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayIcon: "%programfiles%\SpywareQuake\SpywareQuake.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\DisplayVersion: "2.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\NSIS:StartMenuDir: "SpywareQuake"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\URLInfoAbout: "http://www.spywarequake.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\SpywareQuake\Publisher: "SpywareQuake.com"
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake\refid: "1"
HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake\Language: "1033"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}
KEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{5790B963-23C5-43C1-BCF5-01C9B5A3E44E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{5D42DDF4-81EB-4668-9951-819A1D5BEFC8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{76D06077-D5D3-40CA-B32D-6A67A7FF3F06
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{9283DAC1-43F5-4580-BF86-841F22AF233
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{AE90CAFC-09D4-47F0-9E11-CE621C424F08}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{BA397E39-F67F-423F-BC6E-65939450093A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{C4EEDC19-992D-409A-B323-ED57D511AFA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{DD90F677-D205-4F70-9014-659614AABCB2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{E3DF91F3-F24F-441E-9001-D61F36024322}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{F459EADB-5903-48D5-864C-2B7B46AB1424}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}

4. Click on these SpywareQuake registry values to select them, then click "Delete."

Unregister SpywareQuake  DLL Files

To un-register a SpywareQuake DLL file, you'll first need to find the SpywareQuake DLL files on your hard drive.

1. Click on the Windows "Start" button and then select "Run."

2. A window will popup. Type "cmd" into the box of the Window that appears.

3. Then click "OK". Locate the following SpywareQuake DLL files:
(Example: To unregister a file called "myDll.dll," located in the "C:\windows\system32" folder, you would type "%WinDir%\System"regsvr32 /u myDll.dll".)

Unregister SpywareQuake DLL files:
stickrep.dll
msvcp71.dll
msvcr71.dll
ex. 2020search2.dll,2020search.dll

4. Click "Enter." The message "DllRegisterServer in C:\Windows\SystemFolder\XXXXXX.dll succeeded" will appear when the SpywareQuake DLL file is successfully unregistered.

Remove SpywareQuake Files

To completely get rid of SpywareQuake, you must manually remove SpywareQuake files.

Detect and Delete these SpywareQuake files:
dfrgsrv.exe
mssearchnet.exe
nvctrl.exe
spywarequake 2.0 website.lnk
spywarequake 2.0.lnk
uninstall spywarequake 2.0.lnk
spywarequake 2.0.lnk
blacklist.txt
ref.dat
spywarequake.url
sq.ini
english.ini
hp[X].tmp
ld[X].tmp

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question