Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware Soft came back


  • Please log in to reply
15 replies to this topic

#1 Paulrenno

Paulrenno

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:11:53 PM

Posted 24 May 2010 - 03:14 AM

My sons laptop (Vista) was infected with Antispyware Soft recently. By following a post on Bleeping, I managed to clear it with Malwarebytes.
The other day it came back. My son used Malwarebytes which found the stuff, and removed it.

I then decided in my wisdom, to change his antivirus from Avast to Microsoft security essentials, but this just didnt suit his machine at all, and windows wouldnt complete loading at all. I managed to uninstall this eventually, and put AVG 8 on from a CD I had saved it on to. At least then the laptop booted up normally and shuts down ok.

He has installed on his machine; Zone Alarm free firewall, AVG 8 free, Malwarebytes, Spybot (with immunisation), Spywareblaster, and Advanced System Care. Is this enough, or too much?

BC AdBot (Login to Remove)

 


#2 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:10:53 PM

Posted 25 May 2010 - 03:04 PM

Programs like Advanced System Care are not recommended for the following reasons:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Demystifying the Windows Registry.

• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.



As I've said many times, registry cleaners, tune-up programs, and so-called "optimizers" are the current snake-oil of the internet. There are countless free programs like this and apparently some paid ones, as well.

Do not be deceived. They promise performance you can only dream about....but only deliver a computer that is worse off than it was to begin with.

The rest of the programs you listed are okay. Consider adding the free version of SUPERAntiSpyware while you're at it.
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#3 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:11:53 PM

Posted 25 May 2010 - 07:12 PM

I like most have tired many things. If it means any thing I agree with keyboardNinja I have found them to be snake oil. There is no miracle programs. The good news Paulrenno is that you are here at Bleeping Computer. Some times I think a miracle has happened from what I learn here. Read the post, study and learn.

#4 craigmarshall2

craigmarshall2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 25 May 2010 - 10:15 PM

I found success in removing this prick of a virus with combofix. I would suggest it. go into safe mode with networking. download it if you need to from there. and let it go. took half an hour or so and rebooted a couple of times.

#5 Paulrenno

Paulrenno
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:11:53 PM

Posted 26 May 2010 - 03:34 AM

What is Combofix and what do I do with it?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:53 AM

Posted 26 May 2010 - 05:49 AM

Paulrenno, it is not recommended to run Combofix on your own. It is a very powerful tool and can do quite some harm to your computer when used improperly. Combofix should only be run when instructed by a trained helper.

Please let us know if you need any help removing active malware or if you are just interested to know what security programs to use.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Paulrenno

Paulrenno
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:11:53 PM

Posted 26 May 2010 - 06:04 AM

At present, there is no sign that this virus is still there. I used Malwarebytes to remove it twice. If it does emerge again, I will come back on to this forum for help.

I was concerned that my son wasnt covered with his current AV and malware programmes. Especially with this virus getting through. He had Avast previously but I have now replaced that with AVG. I installed Malwarebytes on to this laptop plus Sypbot with the immunisation feature. His firewall is Zone Alarm and he also has Spywareblaster installed. I will be looking at putting SuperAntispyware on to his system also but I dont want to bog his system down.

Should all this be strong enough to catch the virus next time before it runs on his system?

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:53 AM

Posted 26 May 2010 - 07:53 AM

Personally I'd rather go for Avast, Avira or MS Security Essentials instead of AVG.

Spybot is a good program, but only if you know how to use the Teatimer function (which only prevent registry changes from being made). I usually recommend MBAM and super antispyware as Antispyware apps.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Paulrenno

Paulrenno
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:11:53 PM

Posted 26 May 2010 - 09:38 AM

I tried MS Security Essentials but it stopped the laptop from starting up!! I have that programme on my pc and ive been quite pleased with it, but it just wouldnt let me get past the Welcome screen on my sons laptop. I had to uninstall it and put AVG on. (He had the latest version of Avast already installed when this virus hit - that is the reason why I have changed to AVG).

As far as Spybot, I was only going to use it for its immunisation feature.

I just dont want to bog his system down. Do you think I should uninstall Spybot and install SuperAntispyware or keep both?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:53 AM

Posted 26 May 2010 - 09:45 AM

You can keep them both, but I recommend turning off Spybots Teatimer and Superantispywares Real time protection.

(He had the latest version of Avast already installed when this virus hit - that is the reason why I have changed to AVG).

There is no single AV product that is going to protect you 100%. Just as important is keeping all programs (including Java and Adobe) updated and practicing safe browsing behaviour.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Paulrenno

Paulrenno
  • Topic Starter

  • Members
  • 302 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Willenhall, UK
  • Local time:11:53 PM

Posted 26 May 2010 - 10:02 AM

Thank you Elise025 for your time, and your recommendations to me. Let's hope that after all this, his laptop doesnt get infected again.
Thankfully, most of the programmes he's got, such as AVG, update automatically, and I know he has got Windows update turned on.

I wonder why Microsoft Security Essentials affected his computer the way it did? Anyway, we'll give AVG a try.

I hope I dont need to come back, but thanks for everything.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:53 AM

Posted 26 May 2010 - 10:42 AM

You are welcome :thumbsup:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Avi Jacobson

Avi Jacobson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 28 May 2010 - 07:14 PM

I first of all wanted to thank the folks on this site for the excellent instructions at http://www.bleepingcomputer.com/virus-remo...ntispyware-soft and elsewhere regarding removal of the Antispyware Soft virus which infected my wife's computer last night.

I am a fairly sophisticated Windows user with lots of hands-on experience, but this one stumped me. (I personally tired of virus threats and other Windows vulnerabilities long ago and use Ubuntu Linux on both my laptop and desktop, but other family members need to use Windows due to certain software requirements.)

I wanted to add a point that does not seem to be covered in the instruction set linked above:

One behavior of this virus that does not seem to be documented here is that it causes the DHCP client service not to start on reboot, even if it is set to Automatic. This happens for the first time (and on every subsequent boot) when you reboot into Safe mode. Disabling DHCP (and thus, your network connection), of course, makes it impossible to connect to the Internet to download Malwarebytes or rkill.com. If you download from another computer and transfer via thumb drive, Malwarebytes will not detect Antispyware Soft because the default Malwarebytes signatures predate Antispyware Soft, and Malwarebytes cannot update itself.

I was not aware of rkill when I started to work on the problem. I booted into safe mode but had no DHCP. Then I ran a System Restore to a restore point (which apparently kept the virus from running but did not fix any of the damage to the registry, services, etc.). I was stumped as to why there was no network connectivity, but when I checked MSCONFIG to see if there were any suspicious processes running, I noticed on the service tab that the DHCP client service was stopped. I had no trouble starting it, but after I downloaded and ran Malwarebytes and rebooted, DHCP was stopped again.

I also noticed that the Themes service had been stopped, making the GUI look like Windows 2000. This service, too, could easily be restarted manually, but was stopped again on each subsequent reboot.

A little research led me to tdsskiller, which takes about a minute to run and solved that problem.

Thanks again for this wonderful resource!

#14 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:11:53 PM

Posted 28 May 2010 - 10:20 PM

Just a note; you can have all the security programs you can fit on your hard drive and they will only help so much. Knowing where to go on the web and what to down load and from where is a must. This can only be done by the user. The user is the first security program on a computer that is online.

#15 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:12:53 AM

Posted 29 May 2010 - 12:23 AM

Hi folks,
Just a few words of wisdom, especially to you, Paulrenno, anyone here should stay here. Come when you feel like it. Speak your mind, and learn. Don't be one of those people who just comes for one instance and then is never seen again. But thank God your son's laptop's all right. And another thing I'd encourage you to do is to encourage him to research things. Like for example, he should look up AntispywareSoft and learn about where he got it. That is what I do when I get viruses/trojans (which is not very often thank God). I am actually a big security lover. I'm always looking up stuff like that. If he looks at it's common infection vectors, that might give him some hints on how not to be infected with a rogue again. But tel him to be careful. And a little caution I'd like to tell you about. I've had some awful experiences with AVG. The first is when my friend's laptop was infected with SpywareProtect 2009, and AVG was basically disabled and defenseless. So if there is ever again a rogue on that laptop, it probably will not be AVG who comes to the rescue for you. The other problem with AVG I've seen in my own computer is that it is incapable of cleaning the VB code from a macro virus such as w97M/Marker. all others have no issue with this. Maybe even try NOD32. That thing's a killer!

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users