I want to thank the experts bleeping computer who posted the Spyware Removal instructions for aiding me to successfully remove as many as 12 infected clients in 6 weeks.
Just this past Friday I received a call from one of my clients describing a Spyware infection that he got after opening an attachment to a FedEx email.
When I went right over & checked his system he had a Smart Protection 2012 infection on his XP desktop.
As I had doe before I used my iPad to find the solution on BleepingComputer, but after following the removal instructions step by step there were some minor anomalies and the infection came back.
I tried for 4 hours and was unable to rid the system of Smart Protection 2012.
Later that afternoon, another client contacted me explaining they opened an attachment to a FedEx email and were infected as well.
I went there and following the same steps successfully removed the Smart Protection 2012 infection.
So I will explain what the anomalies are and I hope someone can assist me with steps to follow on Monday when I return to try again to remove the infection.
Steps I followed:
Booted into Safe Mode with Networking
In Internet Explorer under Internet Options, Connections, LAN Settings - in the Proxy Server section, the checkbox labeled Use a proxy server for your LAN was NOT checked as expected.
There was no problem connecting online.
Next I downloaded and ran TDSSKiller and it found 'Zero' threats - also not as expected.
Next I downloaded and renamed RKill before running it and it reported no 'Processes Terminated' - also not as expected.
Next I downloaded, renamed and Updated Malwarebytes' Anti-Malware before running a complete scan. Each time [of the 4 times] MBAM found infections and removed them. The totals went from 53 'Objects Detected" -> 4 -> 1 -> 1 [the single object detected was the renamed RKill file].
Before rebooting as MBAM requests, I went to the final steps.
Next I ran hosts-perm.bat successfully and then replaced the Hosts file in the correct XP folder
Finally I rebooted as MBAM requested and as soon as XP booted the Smart Protection 2012 infection was back.
I need assistance from someone on Monday Pacific time to guide me through the steps to disinfect this clients computer.
Thanks to any and all that help.
Do not confuse Data with Information, Information with Knowledge - or Knowledge with Wisdom!
Edited by jerseyguy, 19 February 2012 - 05:52 PM.