Annoying spyware

[Akh-Horus]

Picked up an annoying little bugger of spyware - it highlights some words and links them off to all sorts of stuff. Malwarebytes doesnt see it nor does Nortons.

Ideas?

[Creekin]

Quote:

Originally Posted by Akh-Horus

nor does Nortons.

super anti spyware
and Kaspersky

[power]

Quote:

Originally Posted by Akh-Horus

Picked up an annoying little bugger of spyware - it highlights some words and links them off to all sorts of stuff. Malwarebytes doesnt see it nor does Nortons.

Ideas?

try resetting your browser and clean everything out with CCleaner.

[Creekin]

Quote:

Originally Posted by power

and clean everything out with CCleaner.

or you could just randomly delete system files and rebuild registry entries with no clue as to what they are
run crapcleaneriscrap in manual mode some time and actually have a look at what it does...

Quote:

hmm ive found a broken registry entry here for ms word...better point it at norton av...

norton/adobe/avg are targeted by virus writers because they are so popular..
i have NEVER seen a pc come into my shop with norton that did not have infections..and norton always says all is good with big green ticks and dots..
they admitted a few years ago it was broken and they tried to fix it and have failed.
besides the fact they charge a fortune for useless sw...

if you want to spend money get Kaspersky.
if you dont, get MS Security Essentials and run a known trusted free anti spyware prog like superanti or malwarebytes..
if super anti cant remove the problem then its format c: time..
even if it can its usually best...

its kinda like termites...removing the problem does not repair the damage it has already done.

[Psychotria]

Backup personal docs and reinstall from scratch is what I'd being doing.

[power]

Quote:

Originally Posted by Creekin

or you could just randomly delete system files and rebuild registry entries with no clue as to what they are
run crapcleaneriscrap in manual mode some time and actually have a look at what it does...



norton/adobe/avg are targeted by virus writers because they are so popular..
i have NEVER seen a pc come into my shop with norton that did not have infections..and norton always says all is good with big green ticks and dots..
they admitted a few years ago it was broken and they tried to fix it and have failed.
besides the fact they charge a fortune for useless sw...

if you want to spend money get Kaspersky.
if you dont, get MS Security Essentials and run a known trusted free anti spyware prog like superanti or malwarebytes..
if super anti cant remove the problem then its format c: time..
even if it can its usually best...

its kinda like termites...removing the problem does not repair the damage it has already done.

So helpful, I didn't say use the registry cleaner....

[Akh-Horus]

Everything links to easyonline or similar - wants me to get an iphone lol.

[Creekin]

Quote:

Originally Posted by power

So helpful,

your welcome

Quote:

Originally Posted by power

I didn't say use the registry cleaner....

errr yeah u did..

Quote:

Originally Posted by power

try resetting your browser and clean everything out with CCleaner.

all CC does is delete temp files and edit the registry..badly!
u suggested op manually clean his browser then run cc....what else would there be for it to do but edit the reg?

im just sick of ppl recommending such a well known crap, noob program, esp here on ocow.. wp maybe
if you have a spyware infection, which op does..running CC will have no beneficial effect what so ever...in fact it will probably make things a LOT worse as it has NFI what it is doing...
nor will clearing ur net temp files most likely...

if a decent anti spyware/av program cant remove it(rescanning after reboot to confirm) then nuke it.

[Psychotria]

Quote:

Originally Posted by Creekin

if a decent anti spyware/av program cant remove it(rescanning after reboot to confirm) then nuke it.

I agree with everything you said except for this. I'd be scanning from a boot disk or some other "offline" method. Probably easier to reinstall and make a disk image so next time an infection occurs the OP can just restore from the image (which is, generally, a lot quicker than a full reinstall)

[Creekin]

Quote:

Originally Posted by Psychotria

I agree with everything you said except for this. I'd be scanning from a boot disk or some other "offline" method. Probably easier to reinstall and make a disk image so next time an infection occurs the OP can just restore from the image (which is, generally, a lot quicker than a full reinstall)

def do it offline on a 2nd machine...
but like i said removing the infection is only half the problem
if its broken IE ur better off reinstalling
and i disagree with using an image..sure it may be a few mins quicker
but they can have their own problems...mbr repair for one
always best to do a fresh clean install imho

[Psychotria]

Quote:

Originally Posted by Creekin

... and i disagree with using an image..sure it may be a few mins quicker
but they can have their own problems...mbr repair for one

Well, yeah that's true. But if you take a disk image after installing all your common software it can be heaps quicker. But it does obviously take a bit of setting up and there is the MBR issue (although the software I use does overwrite the MBR... *but* there is always a but it can get complicated if you have multiple OSs and/or drives), so yeah... maybe disk imaging is not quicker for everyone

[imajican]

Hitman pro has been working well on customers machines lately and then combofix if needed , run ccleaner first to clean out temp files etc

Hitman pro - http://www.surfright.nl/en

combofix - http://www.bleepingcomputer.com/download/combofix/

[Holland_BFG]

Quote:

Originally Posted by imajican

Hitman pro has been working well on customers machines lately and then combofix if needed , run ccleaner first to clean out temp files etc

Hitman pro - http://www.surfright.nl/en

combofix - http://www.bleepingcomputer.com/download/combofix/

Yeah I've been using Hitman pro as well at work.

We have had 3 Trojans in the last month or 2. Same one just modified a little.

Malwarebytes and Symantec Endpoint protection picked up the second file but not the first one that was creating it. Did a scan with Hitman Pro and found the first one. Sent file to both Malwarebytes and Symantec. Malwarebytes added it to the next definition but Symantec didn't add it for about 2 weeks...

Found out later on in the week it was a ex-employee that was adding it to the system... All fix now.

on topic.

+1 Hitman Pro and submit it to Malwarebytes

if that don't find it try Kaspersky Rescue Disk 10 http://support.kaspersky.com/faq/?qid=208282173

[Akh-Horus]

HitmanPro is churning away and theres all sorts of files being identified.

[power]

Quote:

Originally Posted by Creekin

blah blah blah

a lot of this stuff hides in temp files and running CCleaner to clear out temp files is a good start.

It also means any future scans will run quicker.

anyway sounds like a browser hijack or rootkit.

be sure to run TDSSKiller as well.

I've heard quite a few people recommending Hitman Pro but I'm yet to see it do that much for me,

Don't forget to check msconfig for any weird startup items and services as well.