Help with Spyware

[o_tennovan]

A friend of mine dropped his computer off the other day and asked me to clean it up for him. I went through and got everything except for one virus thats been buggin the shit out of me. Its a browser hijacker I guess and I think its called Spy Heal. You open up IE 6/7 and it redirects you to some site called "asecurityissue.com" or something like that. I've ran AVG, Ad-aware, and Spybot S&D in safe mode with system restore turned off and none of them cleaned the problem.

Spybot S&D did find several instances of Spy Heal and removed them but it didn't help. For now, I've installed Firefox and removed IE from his desktop in hopes that he'll start using FF but I'd like to give his box back without any trojans/worms/viruses/adware/spyware/insert-malware-name-here. Can anyone help?

[o_psycnet]

http://housecall.trendmicro.com/

All you'll ever need

[o_ihmhi]

Run Spybot & AVG Anti-virus.

Whether or not you know it some viruses/malware can progress to the point where they just can not be removed. The best way to clean things up at that point is a full format.

Even if you removed the spyware the home page may indeed still be set in IE. Try changing the home page. Whether or not you can change it, run Spybot and AVG again. If you are unable to clean up the problem, then backup what data you can to another HD (or burn it to DVD) and then do a format and full reinstall of Windows.

After that, restore the data and run the scans again.

Either way, make sure that there is a damned firewall up as well!

[o_stricknine]

kinda sounds like spyware quake. I had that on my pc once, and i believe the program i used to get rid of it also removes spyware heal. check this link out.

http://www.bleepingcomputer.com/forums/topic47826.html

[o_someoldguy]

You can also try here:

http://www.schrockinnovations.com/removespyheal.php

[o_lithium]

http://www.kaspersky.com/ - removed shit everything else couldn't.

[o_swampthing360]

lol only thing about kaspersky is that it will delete files and some times they are files you need so becareful useing that one

[o_tennovan]

I will take a look at some of those. And yeeeees I've made sure the homepage was correctly set in IE, I'm not retarded.

[o_exarch]

Tell "your friend" to stop looking at porn sites

[o_icarus]

Quote:

Originally Posted by Exarch

Tell "your friend" to stop looking at porn sites

Learning to remove spyware is a less drastic solution

[o_uber]

Uninstall IE, first of all. Second, find what file is infected, if it's still there. Delete it manually (two ways to do that; one easy, one hard). Run anti-viruses again. Install IE only if it is absolutely necessary.

[o_tennovan]

I installed IE7 in hopes that it would make things disappear but it didn't. All anti-virus and anti-spyware apps are coming back clean and the computer runs beautifully except for the IE hijack. I am going to try the links StrickNine, SOG, and Lith provided but besides that, I guess there's nothing else I can really do since he doesn't want a format. When this friend dropped his computer off, he requested that I protect his computer so that he could "look at porn" so I'm assuming thats where he got it.

I'm just afraid that if I don't get this off his box, its going to reinfect and then I'm stuck back here trying to figure out how to remove it. He's not exactly the smartest guy so I'm sure he'll be right back using IE in a day or two. Maybe I could just change the icon and shortcut name to look like IE hahaha.

[o_lithium]

Get him supermegaspoof , that thing is a porn website kazaa , it's spoofed urls and it's free porn. www.supermegaspoof.com

[o_catzeyes93]

For times where spybot and adaware do not do it, I then do a google on the internet to find out how to remove it.

Here is the first site that came up for that:
http://www.anti-spyware-101.com/remove-spyheal/

And if you think tutorials out there are too drastic, just remember... what do you have to loose. If it doesnt work, you can always reformat like you were about to do anyway.

Anyway... I had a program that for the life of me I couldnt get rid of, and running a google on it fixed me up with a tutorial and it fixed it like a charm.

Good luck with that~!

[o_tennovan]

Thanks for the tip guys. I always google it first since there are easier fixes than running a full scan sometimes. In any case, the links StrickNine and SOG provided linked to a program called smitRem which ultimately took care of it. I just dropped the box off and am glad to be done with it. That has to be the most stubborn piece of malware I've ever dealt with. In the end, I think it came down to some obscure registry value I was missing.

For those who might encounter the same problem, I simply scanned the computer with AVG, Ad-Aware, and Spybot S&D in safe mode with system restore turned off. I restarted, downloaded/extracted smitRem.exe, restarted in safe mode, ran the .bat file and then rebooted when it finished. That fixed it.

[o_skull]

Download and Install Unlocker, find the infected file, delete it using the Unlocker
(This program never let me down before)