Security news and informationSpyMarshal is more than it seems
Last month Sunbelt broke the news about a new Rogue anti-spyware product called SpyMarshal. This program is just like all the rest. Comes bundled with malware, hijacks your DNS settings, displays fake alerts all as a scare tactic to have you purchase the commercial version of this software.
Analysis from some of the Bleeping Computer HJT Team has also shown that SpyMarshal has come bundled with a rootkit as shown in the Gmer image below.
Please be patient while we create a self-help guide for the removal of SpyMarshal. For now, though, if you are infected with this malware please post a HijackThis log in our forums. Instructions on how to do so can be found here:
Preparation Guide For Use Before Posting A Hijackthis Log
theonlyrick said,
April 22, 2007 @ 8:09 pm
I *think* I’ve found a really quick and easy way to remove this thieving little crapplication from your PC… (It took me about 5 mins.)
Download the Sophos anti-rootkit application. (Sophos = trusted internet security). I found that the spyware didn’t want me getting to it, so it would redirect my attempts to get to the Sophos page. I got there by visiting a cached version of a sub-page on the Sophos site. Basically, you can get there if you click around enough.
You need to register your details with Sophos. Like I say, they’re a reputable company, but obviously you don’t *have* to fill out the form 100% honestly.
Run and install the anti-rootkit app. Tell it to clean everything it can.
Ctrl+Alt+Delete, and close the process that’s keeping SpyMarshal alive. For me, it was ‘XPupdate.exe’. Sounds legitimate, but it’s not!
Then you can remove SpyMarshal via Add/Remove programs in Control Panel.
Run the Sophos thing again, restart the PC and then run Sophos again.
I’m not promising it will work for you, but it worked a treat for me.
Good luck!