Hey guys..

I would like to know any good programs to take out spyware.

My friend came over to do some typing on my computer and brought over a USB drive. And after opening his documents, my internet explorer and firefox's homepage changed. And the thing is it won't let me change it back.
Its also in my other hard drive since he was fiddling around with my stuff. Now my C drive is infected and my D drive where all my important stuff is there is infected.

I tried formatting but whenever i open my D drive it screws it up again. So i know the spy thing is in my D drive and i tried almost every program available to download in download.com.

I was thinking of burning all my files to dvd but the thing is the trojan will be carried over to the cd as well and when i open the cd it will get infected again.

Now I just want to get rid of it and its really pissing me off. I was also thinking of going to best buy and tell those Geeks to fix it for me but i know they steal your money.

So any input will be appreciated.

Heres a pic of how it turned out when i want to change the homepage.

http://img167.imageshack.us/img167/8553/untitledza8.jpg (http://imageshack.us)

Adaware, spybot...those are the ones I use. They should eliminate most things.

If they still don't work afterwards, try hijack-this, and post the results of it to their forums. Their tech guys can fix it all up for you.

Or you can just open task manager, go to processes, see whats suspicious, and google that process up to see how to remove it.

my friend was telling me earlier this week that he went to best buy to get rid of some virus and they made him buy norton and spy sweep or spy sweeper oof them...maybe try spy sweep

I hope that helps bro...Good Luck

what homepage are you directed to? then maybe we can supply a solution

I recommend using both Adaware and Spybot Search & Destroy. In addition, go to www.trendmicro.com using IE (only works with IE) and run their free virus and privacy scanner. It's pretty comprehensive and will take a long time, but it may pick up something the other didn't (plus it'll scan for viruses).

Being able to see the URL in the picture would've been helpful, too. Also go through your Add/Remove programs list to see any weird things that was installed recently. Google them first to make sure they aren't necessary programs.

I recommend using both Adaware and Spybot Search & Destroy.


+1

I had a bad bought with spyware a while back. Both programs, used together one after the other, removed the peskiest pieces of spyware from my system. Things weren't the same afterwards, but at least I was able to get my important documents to another partition before formatting and reinstalling Windows.

Yet another good reason to switch to a Mac.

1. Boot to safe mode, ctrl-alt-del 'end task' anything suspicious
2. run a standard antivirus (I use kaspersky), spybot, lavasoft, then regscrubxp (let the app decide then click fix selected)
3. boot to normal mode, clear cookies/cache
4. start>run>'msconfig' , servers tab, hide MS services, unselect suspicious items (use the web to see if it's a security threat or not), then goto startup tab and do the same.
5. add/remove programs, remove anything suspicious
6. reboot
7. repeat step 2 in normal mode

if all else fails, if you have system restore enabled you can restore it, but I don't recommend it. =P
hope it helps n' good luck

Thanks for all the in put guys...

I tried all the listed programs already but it doesn't work.
I tried spybot, adaware, trendmicro and non of them works.

The really gay thing is that some of the programs found them and i removed them.
But they didn't REALLY removed them. I dont know wha tthey did cause the spyware is still there.

I'll try drunknfoo's way first and if that doesn't work then i'll have to go to best buy and ask.

And i also download spysweep. It works they found a few but they make me pay before deleting or healing any files.

I'm using my laptop right now so i do'nt want to find the site and post it up.
I'll turn my pc back on and post it up again in a fwe mins.

The reason that the programs have reappeard is becasue you didn't fully delete them....once they get into your computer they creat roots in a sense...and when you rip it out persay the main root is gone but there is still a partial left allowing it to come back. I wanna say its a dll. file normally that allows it to come back but i can't remember 100% from when i had these problems...might want to try bazooka?

Tell your friend he owes you dinner for infecting your computer!

here is the site...

but please beware not to click on it.

http://www.okcity.com.cn/

hmmm if your formatted 1 drive but the 2nd drive is carrying over the infection, try to save the documents to a cd/dvd, do a scan to ensure that disc is clean, then format the 2nd drive because it sounds like the boot sector is messed in the 2nd drive.

if the sh*t replicated itself to your c:, you'll have to format both, that'll fix it for sure.

btw its best to isolate your computer and not have access to the internet while you are troubleshooting, if the sh*t phishes and you have an active internet connection, it will allow more to come in

and keep your ff or ie home/start page to about:blank

I always had my home page blank because i don't like loading homepages.

I'm currently at safe mode scanning with trendmicro again.

here is the site...

but please beware not to click on it.

http://www.okcity.com.cn/


ah.. you need to get some white friends ;)

jokes aside.. beating the dead horse.. adaware, spybot, norton corp, ffox with adblock keep me safe.. sometimes when you install spyware software AFTER spyware's infected your pc u'r SOL.. there have been instances where the above products would either only detect it or partially delete the spyware as it usually spawns itself in multiple locations and comes back under a different filename.. while in safe mode go to the services start>ctrl panel>admin tools>services and see if you can locate services that look funny.. lowercase names or some garbled shit.. also you can regedit and go to local machine and current user hives then under software>microsoft>windows>current version>run you can see other things that are started up by your pc.. good luck and keep us posted

sounds like a L2M to me.
search the internet for something called L2M destroyer or something along the lines of that.. download.. run see if that helps.
i got that once.. antivirus, spyware software kept detecting it.. deletes it.. but the essential files are still there and spawns that shit over again.. try it.. it helped me.

Alright thanks everyone especially majic....I'll try all that and Also thanks chuckie...I'll try to get it fixed tomorrow and follow those steps. If it helps then i'll post it up. If not then i'm fu*ked

4.* start>run>'msconfig' , servers tab, hide MS services, unselect suspicious items (use the web to see if it's a security threat or not), then goto startup tab and do the same.
5. add/remove programs, remove anything suspicious
6. reboot
7. repeat step 2 in normal mode

if all else fails, if you have system restore enabled you can restore it, but I don't recommend it. =P
hope it helps n' good luck


Did you do the above steps? Most of the time you can disable all of the services. In fact do it, go to the services tab and make sure you check "Hide all MS services"....and disable everything....also from the Start-Up tab select "disable all". This will stop any extra start-up items and services...including your antivirus software, but do it still just to see if it prevents the malware from loading, if you are lucky then you can systematicaly allow services/startup items until you find the culprit. For someone that is not deeply computer literate, this can be frustrating but just do it systematically and you have nothing to worry about.

Another thing you can do is in IE
Goto:
tools
internet options
advanced
Unclick "Enable third party browser extensions (requires restart)" <= that will get rid of anything attached to IE including all toolbars etc...
(also the requires restart...does not mean the system, just close all instances of IE and start a new one.
~~~if you don&#039;t notice anything funny anymore with IE after doing this, it does not mean that the malware is removed, it just means that it is stopped from loading

...out of that whole list of AV...get AVG 7.5 Free...it is a free AV but a pretty good one and will alow you to quarantine/remove whatever you want. Also install Windows Defender Beta...it is damn good with removing/blocking spyware.

If you manage to remove the malware and IE doesn&#039;t fully survive you can rebuild it (please don&#039;t do this before removing the malware)
Steps:
Go to* C:\WINDOWS\inf
Locate ie.inf
Make sure you have your windows XP disc already in
Right-click on it and select install
(this mostly works alot better in Win2k...most of the time if you have to do this in WinXP then IE was royally owned and it is better to rebuild)

If all those steps don&#039;t work then rebuild the box

From working for Microsoft Enterprise previously most of the time the hassle is not worth it to remove nasty viruses that you battle for days, and even if you remove it, you can&#039;t really trust
your system with sensitive info anymore (ie online transactions/personal data)

It is best to back up all of your data and blow away both of the drives (before putting the data back have it scanned by 2-3 AV apps and you should be good to go in 1-2 hours. To save a lot of headaches in the future, try to have regular backups, so that when something like this happens again, you can be up and ready in no time without headaches.

Thanks everyone that contributed to this thread.

I have manage to clean out all the spyware (hopefully)

I used chuckies idea to search for L2M but nothing came up but instead it lead me to a forum that helps people fix there problems.

www.bullguard.com

And i found one of the thread that told people to use http://www.2-spyware.com/review-hijackthis.html
And download it to search and then post up what it says.

This program is so easy to use and took me 10 secs to search. Now my computer is running good and fine.

Thanks again who helped me in this.
much much appreciated.

I used chuckies idea to search for L2M but nothing came up but instead it lead me to a forum that helps people fix there problems.

www.bullguard.com

And i found one of the thread that told people to use http://www.2-spyware.com/review-hijackthis.html
And download it to search and then post up what it says.

This program is so easy to use and took me 10 secs to search. Now my computer is running good and fine.

Thanks again who helped me in this.
much much appreciated.


next time take time to read what people suggest on this forums :-\



If they still don&#039;t work afterwards, try hijack-this, and post the results of it to their forums. Their tech guys can fix it all up for you.

Yes i know...i missed it and just found out after posted it up.
But still thanks everyone for helping.

Hey guys,

My computer is set up with multiple users on XP, when doing a virus scan or a spyware scan, do I need to do a scan in each users profile in order for the computer to be scanned properly?

Hey guys,

My computer is set up with multiple users on XP, when doing a virus scan or a spyware scan, do I need to do a scan in each users profile in order for the computer to be scanned properly?


I think it should be fine if you login an administrator acct.