Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant Remove Tspy Puper


  • Please log in to reply
8 replies to this topic

#1 TC2

TC2

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 23 September 2008 - 09:07 PM

I have an issue with my friends PC. I think I just found out the name of this annoying, nasty bug is Tspy Puper.
It does some crazy things to DNS and redirects what is typed in the address bar to random sites.(as if the address bar is a search engine) Mostly sites trying to sell you something. This problem stumped me!!! I tried AVG, Ad-aware, Spybot, LSP fix and Winsock fix, latest versions of each and still had the same issue. Unfortunately my friend grew impatient with me and picked up her pc because the issue stumped me for 4 days. Even though I dont have access to the problem machine any more.. I still would love to know if there is a fix for this Tspy -puper. SOme examples of the sites Im redirected to are.. mostermarketplace, big tree health, etc..This is the craziest thing I have ever seen. By the way I can't get to pandascan or housecall.. I get fake pages can't be displayed!!!!Please respond with any info you have!!! I can't post a hjt log because I no longer have the pc.
Thanks
TC
Running WIN XP home

Edited by TC2, 23 September 2008 - 10:13 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 24 September 2008 - 12:26 PM

Please print out and follow the generic instructions for using "SmitfraudFix".
-- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!
-- If using Windows Vista be sure to Run As Administrator
  • Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
  • The tool will go through a series of cleanup processes and automatically start the Disk Cleanup program to remove Temporary files. Wait for it to complete and Disk Cleanup to finish.
-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (typically C:\), and run it from there.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 TC2

TC2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 24 September 2008 - 03:17 PM

will try that .... thank you..have you heard of this nasty bug before?

#4 TC2

TC2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 26 September 2008 - 09:03 PM

Tried SmitfraudFix on another machine. an XP box running IE 7.0. This machine is having a different problem. I am unable to browse secure websites. I have checked all the normal things, correct time/time zone on the machine. The cipher strenhgth and verison is BLANK whe checing under the IE help menu. I have tried uninstalling and reinstalling IE7 several times, removed the folder from the c drive and all traces of IE from the registry. The prgram STILL reinstalls with the cipher strength and version BLANK. Im unable to run any online scanners, can't reach the pages. Im unable to download ad adware because the download window seems almost as if its blocked by a pop up blocker. Its strange!!! Spybot is installed on the machine but I am unable to update it. I get error messages when trying to retrieve the lastest version. I can't download a new version of spybot because downloading seems to be blocked.!! Please assist.. Luckily I could get to SmitfraudFix ..but it was no help

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 27 September 2008 - 06:58 AM

Smitfraudfix is a specific fix tool designed for a specific infection.

Please either start a new thread for the different machine or wait until this one is cleaned up. Trying to provide fix instructions on for different computers in the same thread causes too much confusion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 TC2

TC2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 27 September 2008 - 11:16 PM

ok.. gave up on the first machine.. reforamatted and reloaded xp
Thanks

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 29 September 2008 - 08:48 AM

Sometimes that's the best solution.

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.

Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 TC2

TC2
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 04 October 2008 - 05:25 PM

thanks.. will try those prevention steps you mentioned

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 AM

Posted 05 October 2008 - 06:33 AM

You're welcome.
Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users