Welcome Guest (Log In | Create Account)
New Member? Join for free.


  

How to remove SpywareRemover (Removal Instructions)

Posted by on February 25, 2008 @ 08:54 PM · Views: 5,996

Add to Favorites Add to Favorites!   Print Guide Print Guide!
  • Share

 

What this infection does:

SpywareRemover is a rogue anti-spyware program that is advertised through the use of malware. When this malware, labeled Hoax.Win32.SpyWare.d by Kaspersky antivirus, are installed on your computer you will start to see popups for a variety of services. One of these is advertisements is a misleading popup stating you are infected and that you should install SpywareRemover to remove it. The title of this popup is Spyware detected! and the content of the popup is:

Windows has detected a spyware infection!
Please install Spywareremover to remove the infection.

Once SpywareRemover is installed, it will automatically scan your computer for infections and then display a variety of false positives as well as an interesting find; the malware that installed it in the first place. In order to remove these infections, though, you must first purchase a license of the software. Screen shots of the SpywareRemover program and the popup stating you are infected can be seen below.

 

 

SpywareRemover Screenshot
SpywareRemover Screenshot

 

Examples of False Positives found in SpywareRemover
Popup advertising SpywareRemover

 

 

This guide will walk you through removing the SpywareRemover program.

 

Threat Classification:

 

Entries for this program found in the Add or Remove Programs control panel:

SpywareRemover

 

Tools Needed for this fix:

 

Symptoms that may be in a HijackThis Log:

O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe

 

Guide Updates:

02/25/08 - Initial guide creation.

 

Automated Removal Instructions for SpywareRemover using SmitFraudFix:

 

  1. Print out these instructions as we will need to close every window that is open later in the fix.

  2. Download SmitfraudFix.exe from here and save it to your desktop:

    SmitFraudFix.exe

    Confirm that the file SmitfraudFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:




  3. Next, please reboot your computer into Safe Mode by doing the following:

    1. Restart your computer

    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

    3. Instead of Windows loading as normal, a menu should appear

    4. Select the first option, to run Windows in Safe Mode.

    5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.

  4. When your computer has started in safe mode, and you see the desktop, close all open Windows.

  5. Now, double-click on the SmitFraudfix icon that should be residing on your desktop.The icon will look like the one below:



  6. When the tool first starts you will see a credits screen. Simply press any key on your keyboard to get to the next screen.

  7. You will now see a menu as shown in the image below. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).




  8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program as shown by the image below.





    This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will should continue with step 11.

  9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the enter key.


  10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.
  11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer. Examine this log, and when you are done, close the Notepad screen.

Your computer should now be free of the SpywareRemover infection.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

 

This is a self-help guide. Use at your own risk.

BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can ask for malware removal assistance in our Virus, Trojan, Spyware, and Malware Removal Logs forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.

 

 

Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides


© 2003-2012 All Rights Reserved Bleeping Computer LLC.
PGT: 0.07972 Queries: 11