Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spy Defender


  • Please log in to reply
16 replies to this topic

#1 mdlv4bb

mdlv4bb

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 March 2008 - 10:56 AM

How do I get rid of Spy Defender Pro? I do not know where this program came from, but from what I read, it is a malware program. I tried to search the forums for previous posts, but could not find any on this program. Please advise.
Thank you,
Matt

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 08 March 2008 - 11:01 AM

Please follow the instructions in the thread How to remove SmitFraud

When SmitFraudFix finishes, it will produce a log for you. Please post that log in your next reply.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 March 2008 - 12:42 PM

Thank you for the quick response. However, your link opened up this same forum page instead of linking to the forum you described. Please advise,
Thank you,
Matt

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 08 March 2008 - 12:52 PM

Sorry, Im an idiot :thumbsup:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 March 2008 - 02:37 PM

No problem with following the instructions, however it never tried to re-boot. I ran it twice and each time it came up and asked me to restore or continue in safe mode. I tried both ways and finally quit the application. Here is the print out you asked for after just running smitfraud.
Thanks,

SmitFraudFix v2.253

Scan done at 13:19:21.89, Sat 03/08/2008
Run from C:\Documents and Settings\Roberts\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1EEDDD9-6C97-4925-ADB2-1F9B2159BADB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F439F4BB-1A6B-4363-A6A2-8628CB47F715}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1EEDDD9-6C97-4925-ADB2-1F9B2159BADB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F439F4BB-1A6B-4363-A6A2-8628CB47F715}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D1EEDDD9-6C97-4925-ADB2-1F9B2159BADB}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F439F4BB-1A6B-4363-A6A2-8628CB47F715}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 08 March 2008 - 05:14 PM

Do you have the first log? (For the first time you ran it?)

If so, please add that to your next post. In addition,
Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 08 March 2008 - 11:25 PM

I apologize, I do not have the first file. I thought I had saved it before restarting, but I got sidetracked by the kitten scratching my daughter and by the time I got back to the computer I forgot to save it.
Here is the file from the online scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 08, 2008 10:21:47 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/03/2008
Kaspersky Anti-Virus database records: 616748
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 73991
Number of viruses found: 4
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:39:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{50C63F78-0B1A-4931-AEE5-831E0BDC1947}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roberts\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roberts\Desktop\DeskTopStuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Roberts\Desktop\DeskTopStuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Roberts\Desktop\DeskTopStuff\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Roberts\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Roberts\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Roberts\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Roberts\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Roberts\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roberts\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roberts\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roberts\Local Settings\History\History.IE5\MSHist012008030820080309\index.dat Object is locked skipped
C:\Documents and Settings\Roberts\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roberts\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Roberts\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SpyDefender Pro\SpyDefender.exe Infected: not-a-virus:FraudTool.Win32.SpyDefenderPro.a skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aflxhwis.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bkltqppi.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ceowjwkl.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ceutycmr.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\frsisdrj.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\htceuxya.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ielhyway.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\johhmebh.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\naifdoga.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pdcxteut.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tpnotloq.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uiwrajib.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yaogvvnl.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yebtkgsl.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ywkhemgg.dll.vir Infected: Trojan.Win32.BHO.o skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1152\A0233384.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1208\A0234968.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1208\A0234968.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1208\A0234968.exe RarSFX: infected - 2 skipped
C:\VundoFix Backups\lysquplp.dll.bad Object is locked skipped
C:\VundoFix Backups\wqgbddpx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_2nzQwfT6tNKxKtD Object is locked skipped
C:\WINDOWS\Temp\mcmsc_DDsmyLmYr9xcW9b Object is locked skipped
C:\WINDOWS\Temp\mcmsc_l1homOcusfzRDVX Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ZL6jDlH9axOjVkn Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 09 March 2008 - 02:32 AM

That appears clean. How are things running? Is Spy Defender gone?

If not, remove it as any other program from Add/Remove programs.

Have you run combofix in the past? Please note that ComboFix is not to be used outside of HijackThis forums. Combofix used incorrectly can lead to your system NEVER BEING BOOTABLE AGAIN!

Once you are done,
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Click the "Clean Up" button. This will remove some of the tools we used as well as OtMoveIt itself.
  • Allow the tool to reboot your machine.
Please note that OTMoveIt is a powerful tool that should not be used without supervision! Using this tool incorrectly can lead to a system that is non-bootable.

Please note any additional problems in your next reply.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 09 March 2008 - 09:37 AM

Spy Defender is still there. It does not show up under Add/Remove programs so I can't remove it that way. Still need some assistance removing it.
I have run Combofix in the past per instructions from this site to remove a Virus/Trojan when my system was really messed up.
I have not run OtMoveIt yet. I will wait to hear from you on what else I can do to remove Spy Defender.
Thank you.

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 09 March 2008 - 12:44 PM

  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    cd %ProgramFiles%
    dir >  %USERPROFILE%\Desktop\fileList.txt
    del %USERPROFILE%\Desktop\fix.bat
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
  • fix.bat will dump a log for you on your desktop called fileList.txt. Please post the contents of that file as a reply.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 09 March 2008 - 01:04 PM

I did everything per your instructions and the bat ran, but it did not dump a file to the desktop.

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 09 March 2008 - 02:06 PM

Ok... let me try something else.
This time it should open the file in notepad
  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    cd %ProgramFiles%
    dir >  %USERPROFILE%\Desktop\fileList.txt
    start "" notepad %USERPROFILE%\Desktop\fileList.txt
    del %USERPROFILE%\Desktop\fix.bat
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
Billy3

Edited by Billy O'Neal, 09 March 2008 - 02:07 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 mdlv4bb

mdlv4bb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 09 March 2008 - 04:01 PM

It created the file, but it is empty.
Thanks,
Matt

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:44 PM

Posted 09 March 2008 - 04:31 PM

Thats odd. I even tested that on my own system....
Oh well.

There should be some sort of "Spy Defender" folder in the program files folder on your C drive. See if you can delete that manually.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,714 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:44 PM

Posted 15 March 2008 - 09:41 PM

Hi mdlv4bb Posted Image

Please follow these instructions:

Download HijackThis™:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

Right click on it . Click 'Do a System Scan and Save logfile'.
The HJT log will open in notepad.

Copy and paste the contents of the HJT log into a NEW TOPIC in "HijackThis Logs and Malware Removal"
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Please be patient, as all of our HJT Team members work on various forums. We will get to your HJT log! :thumbsup:

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users