| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 100015 | 2009-05-23 03:37:00 | "Spyware Protect 2009" alerts... | BasketballOSU (14267) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 776165 | 2009-05-23 03:37:00 | Obvious malware popping up as "Spyware Protect 2009" Followed several step-by-step instruction pages online specifically geared toward getting rid of this, but none of them worked... Any ideas where I should start with this? |
BasketballOSU (14267) | ||
| 776166 | 2009-05-23 03:54:00 | Disable System restore first. Right Click my computer>properties>system restore tab>tick disable system restore on all drives. For Vista you will need to select Advanced settings in the properties window first Then Download MBAM. download.cnet.com Download, Install, update then perform a full scan. Post the created log here when done. Then download HijackThis, perform a system scan and save a logfile then paste here for analysis. www.trendsecure.com Cheers Blam |
Blam (54) | ||
| 776167 | 2009-05-23 04:55:00 | I had previously run MBAM before posting here, and it didn't work, so I re-started and tried it again in safe mode, and it appeared to have worked. If it pops up again, I'll re-visit here. Thanks for the quick response! |
BasketballOSU (14267) | ||
| 776168 | 2009-05-23 04:56:00 | This particular one an sometimes be harder to remove - Malwarebytes wont normally get it all, even with system restore turned off it reinfects due to hidden processes that MB and HiJackThis cant find. Last time I got rid of this from a customers PC was the following. Download and run Combofix (www.bleepingcomputer.com) - read the site as to how to use it -- LEAVE SYSTEM RESTORE ON. let it do its thing completely - dont stop it, even if it appears to be doing nothing, you will know when its finished when the report pops up AFTER a reboot. Then turn Off system restore, run Ccleaner first, then Malwarebytes, Super Antispyware, ( in FULL SCAN modes) Spybot S & D - remove anything they find. Thats generally enough to remove it. Then you can remove combo fix by going to start/run type in combofix /u <press Enter> |
wainuitech (129) | ||
| 1 | |||||