01-22-2007, 06:06 AM | #1 |
Join Date: Jun 2005
Location: Texas
Posts Rated Helpful 0 Times
|
Help with Spyware
A friend of mine dropped his computer off the other day and asked me to clean it up for him. I went through and got everything except for one virus thats been buggin the shit out of me. Its a browser hijacker I guess and I think its called Spy Heal. You open up IE 6/7 and it redirects you to some site called "asecurityissue.com" or something like that. I've ran AVG, Ad-aware, and Spybot S&D in safe mode with system restore turned off and none of them cleaned the problem.
Spybot S&D did find several instances of Spy Heal and removed them but it didn't help. For now, I've installed Firefox and removed IE from his desktop in hopes that he'll start using FF but I'd like to give his box back without any trojans/worms/viruses/adware/spyware/insert-malware-name-here. Can anyone help? |
|
01-22-2007, 06:53 AM | #2 |
Join Date: Nov 2005
Location: Calgary, Canada eh?
Posts Rated Helpful 0 Times
|
|
|
01-22-2007, 06:57 AM | #3 |
Join Date: Apr 2006
Location: Newark, NJ
Posts Rated Helpful 0 Times
|
Run Spybot & AVG Anti-virus.
Whether or not you know it some viruses/malware can progress to the point where they just can not be removed. The best way to clean things up at that point is a full format. Even if you removed the spyware the home page may indeed still be set in IE. Try changing the home page. Whether or not you can change it, run Spybot and AVG again. If you are unable to clean up the problem, then backup what data you can to another HD (or burn it to DVD) and then do a format and full reinstall of Windows. After that, restore the data and run the scans again. Either way, make sure that there is a damned firewall up as well! |
|
01-22-2007, 07:05 AM | #4 |
Join Date: Jul 2005
Posts Rated Helpful 0 Times
|
kinda sounds like spyware quake. I had that on my pc once, and i believe the program i used to get rid of it also removes spyware heal. check this link out.
http://www.bleepingcomputer.com/forums/topic47826.html |
|
01-22-2007, 11:09 AM | #5 |
Join Date: Feb 2005
Location: Just east of the jug handle
Posts Rated Helpful 0 Times
|
|
|
01-22-2007, 11:31 AM | #6 |
Join Date: Jan 2005
Posts Rated Helpful 0 Times
|
http://www.kaspersky.com/ - removed shit everything else couldn't.
|
|
01-22-2007, 11:34 AM | #7 |
Join Date: Jul 2006
Location: Surrey, SE England
Posts Rated Helpful 0 Times
|
lol only thing about kaspersky is that it will delete files and some times they are files you need so becareful useing that one
|
|
01-22-2007, 01:32 PM | #8 |
Join Date: Jun 2005
Location: Texas
Posts Rated Helpful 0 Times
|
I will take a look at some of those. And yeeeees I've made sure the homepage was correctly set in IE, I'm not retarded.
|
|
01-22-2007, 02:33 PM | #9 |
Join Date: Jan 2006
Location: Bath, UK
Posts Rated Helpful 0 Times
|
Tell "your friend" to stop looking at porn sites
|
|
01-22-2007, 02:59 PM | #10 | |
Join Date: Feb 2005
Posts Rated Helpful 0 Times
|
Quote:
|
|
|
01-22-2007, 04:37 PM | #11 |
Join Date: Jun 2005
Posts Rated Helpful 0 Times
|
Uninstall IE, first of all. Second, find what file is infected, if it's still there. Delete it manually (two ways to do that; one easy, one hard). Run anti-viruses again. Install IE only if it is absolutely necessary.
|
|
01-22-2007, 10:07 PM | #12 |
Join Date: Jun 2005
Location: Texas
Posts Rated Helpful 0 Times
|
I installed IE7 in hopes that it would make things disappear but it didn't. All anti-virus and anti-spyware apps are coming back clean and the computer runs beautifully except for the IE hijack. I am going to try the links StrickNine, SOG, and Lith provided but besides that, I guess there's nothing else I can really do since he doesn't want a format. When this friend dropped his computer off, he requested that I protect his computer so that he could "look at porn" so I'm assuming thats where he got it.
I'm just afraid that if I don't get this off his box, its going to reinfect and then I'm stuck back here trying to figure out how to remove it. He's not exactly the smartest guy so I'm sure he'll be right back using IE in a day or two. Maybe I could just change the icon and shortcut name to look like IE hahaha. |
|
01-22-2007, 10:26 PM | #13 |
Join Date: Jan 2005
Posts Rated Helpful 0 Times
|
Get him supermegaspoof , that thing is a porn website kazaa , it's spoofed urls and it's free porn. www.supermegaspoof.com
|
|
01-22-2007, 11:12 PM | #14 |
Join Date: Jan 2005
Posts Rated Helpful 0 Times
|
For times where spybot and adaware do not do it, I then do a google on the internet to find out how to remove it.
Here is the first site that came up for that: http://www.anti-spyware-101.com/remove-spyheal/ And if you think tutorials out there are too drastic, just remember... what do you have to loose. If it doesnt work, you can always reformat like you were about to do anyway. Anyway... I had a program that for the life of me I couldnt get rid of, and running a google on it fixed me up with a tutorial and it fixed it like a charm. Good luck with that~! |
|
01-23-2007, 12:57 AM | #15 |
Join Date: Jun 2005
Location: Texas
Posts Rated Helpful 0 Times
|
Thanks for the tip guys. I always google it first since there are easier fixes than running a full scan sometimes. In any case, the links StrickNine and SOG provided linked to a program called smitRem which ultimately took care of it. I just dropped the box off and am glad to be done with it. That has to be the most stubborn piece of malware I've ever dealt with. In the end, I think it came down to some obscure registry value I was missing.
For those who might encounter the same problem, I simply scanned the computer with AVG, Ad-Aware, and Spybot S&D in safe mode with system restore turned off. I restarted, downloaded/extracted smitRem.exe, restarted in safe mode, ran the .bat file and then rebooted when it finished. That fixed it. |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|