Computer Support Forum

remove malware, Spyware Protect 2009

Question: remove malware, Spyware Protect 2009

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Schlatterer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.dell.com
mDefault_Page_URL = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [PlaxoUpdate] c:\program files\plaxo\3.19.0.16\PlaxoHelper_en.exe -a
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [PlaxoSysTray] c:\program files\plaxo\3.19.0.16\PlaxoSysTray.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [kdx] c:\windows\kdx\KHost.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098826898265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38086.3924421296
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} - hxxp://www.gamespot.com/KDX/kdx.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-31 207656]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-31 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-31 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-31 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-31 34152]

=============== Created Last 30 ================

2009-03-16 01:32 16,896 a------- c:\windows\svcho.exe
2009-03-16 01:32 16,896 a------- c:\windows\syssvc.exe
2009-03-16 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-03-15 09:46 364,560 a------- c:\windows\sysguard.exe
2009-03-07 18:46 2 a------- c:\windows\msoffice.ini
2009-02-28 08:37 <DIR> --d----- c:\program files\DeductionPro 2008
2009-02-28 08:33 <DIR> --d----- c:\program files\TaxCut08

==================== Find3M ====================

2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-17 16:30 61,224 a------- c:\documents and settings\john schlatterer\GoToAssistDownloadHelper.exe
2006-08-15 23:12 82,736 a------- c:\docume~1\johnsc~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 2:46:36.82 ===============

Relevance 100%
Preferred Solution: remove malware, Spyware Protect 2009

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREOrange Blossom

2 more replies
Relevance 102.5%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 97.58%

I recently had the program "Spyware Protect 2009" pop up on my screen and tell me I need to pay for their software to remove a bunch of malware from my PC. I tried to just exit the screen, but apparently it was too late.

I first ran my antivirus software AVG Free Edition and it found 3 items that it said it fixed, but I still had many problems with my PC. I've also noticed "iexplore.exe" showing up in my running processes when I don't use internet explorer, so I've been killing that process regularly (it keeps coming back after a few minutes).

Secondly I downloaded and ran Spyware Doctor with Anit Virus, but I was not willing to pay for them to remove what they found. I manually deleted all files they said were bad, and I used regedit to delete any bad keys or values. Spyware Doctor also said some registry values needed repaired, but since I didn't know what to change them to, I just left them alone.

Third, I downloaded malware bytes and tried to install it, but it would not install. I read in a forum to rename the file, so I changed the install filename to mba.exe and it finally began to install. After 15 minutes of the "Finish Installation" screen, I got a screen that let me chose to update malwarebytes and start the application, but I haven't seen anything from the application since.

I read a forum posting on malwarebytes.org where someone had used combofix at this point, but the guide to combofix said only use the application when told to... Read more

Answer:Help me remove Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 96.35%

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files&... Read more

Answer:Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 95.53%

I am having the exact same problem. I did manage to install Malwarebytes, but can't get it to run. I tried renaming the file; I tried using hijackthis, I tried booting windows into safe mode. None of this will run. I even tried combofix and it won't run either. What can I do manually that would temporarily help? I have windows xp.cheezfriquote name='rigel' date='Mar 1 2009, 12:32 PM' post='1158038']Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.[/quote]

Answer:Cant remove Spyware Protect 2009 malwarebytes won't work

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

3 more replies
Relevance 95.53%

I am new to this Forum, have read people's message, and recently my computer is infected with browser redirect virus. I saw at least three guys posted message here, but I do not know how to reply those message, therefore I post this message and have my experience to be shared of removing this virus.

At least you need remove the virus first by using window xp installer's repair method, to delete several DLLs int system32 and windows which you need identify them by time of date. and delete one system file in the system32\drivers. Be very careful, if you delete wrong one, you system will not work properly. I also replaced userinit.exe, which is bigger size than normal one. Also fixed disabled task manager menu item issue. Then finally fix browser redirect issue. To fix browser redirect, Go to internet options, then programs tab, then click Manage add-ons, disable those not familiar items. Browser redirect is caused by some of add-ons. So far the virus in my machine is gone. Good luck.
 

More replies
Relevance 95.53%

Hi, I've looked at all of your methods, and others online on how to remove spyware protect 2009 from my computer. At least I can use aol browser, but not IE. I've used AVIRA, aol spyware protection, adaware first with no luck. They didn't even find it.

So I went online to see how others got rid of it. I followed their directions. I tried shutting off system restore, then downloading malwarebytes. I couldn't get malwarebytes to run! It just created an icon, but didn't do anything. I then uninstalled it, turned system restore back on, tried to go back to an earlier time, but it wouldn't allow me to do so. I couldn't click the calendar to go back. I then tried another link to download malwarebytes again, but it did the same thing.

While I'm typing this, I just got a message from Norton pc checkup that they found spywareprotect, but it will cost me 129.00 to buy their software. Plus they have my performance as only 2 stars (fair)

I am really not very good at computer lingo, so if anyone can help me, please know I'm not a geek, just a person that can follow step by step directions. Thanks in advance to anyone who can advise.

DJ

Answer:Cant remove Spyware Protect 2009 malwarebytes won't work

Try to rename the Malwarebytes file to red.com and see if it runs like that. The infection you have is watching for that file to be run. What version of Windows are you using? Please update Avira and run a scan - post its log.

1 more replies
Relevance 95.53%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 93.48%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 92.25%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 81.18%

So somewhere I got the Spyware Protect 2009 virus/trojan. I have tried Malwarebytes, ComboFix, AVG 8.0, and tired to install Hijack This!!!! I did this all while in SafeMode and no luck. I click on the install, and the hourglass shows up, and then after awhile it disappears. I even renamed Malwarebytes etc. What do I do besides get the gasoline can ready?

Answer:Infected with Spyware Protect 2009...Can't install any spyware removal tools

Let's see if any of these help.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

11 more replies
Relevance 79.13%

Please instruct on how to remove Spyware protect 2009.

Answer:spyware protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

I had thh same problem in my computer.

Your solution is perfect.

Thank you very much

Answer:Spyware Protect 2009

Hi IGOmichigan. I split your post to it's own topic, Thanks for that but this infection has probably left a few more footprints. So I would like you to do this MBAm scan and be sure.Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Th... Read more

1 more replies
Relevance 79.13%

Hello,

Yesterday evening I found that I had gotten a rogue anti-spyware by the name of Spyware Protect 2009. I wasn&#8217;t too concerned at first, as I&#8217;d gotten it before a couple of weeks ago (although I have no idea how, as I read it was contracted by opening spam emails, which I hardly get, much less open). Last time, after reading up on it for several hours, I finally came across Malwarebytes&#8217; Anti-Malware, and it worked like a charm. It was gone. So, my first instinct this time was to open that up to get rid of it. Except I found that it wouldn&#8217;t load. I even tried to Run As&#8230;Administrator, only to find that I didn&#8217;t have access (which I should).

Last time, after reading all the manual ways of deleting it, I was quick to find all the program files and processes they were telling me to find and delete/end were either missing or hidden. That wasn&#8217;t an option. So I tried to get on IE to find alternatives. That&#8217;s when I discovered that this version of Spyware Protect 2009 was much more potent. It let me open my browser, but if I typed anything about Spyware Protect 2009 or getting rid of it into Google, IE would suddenly fail or I would be redirected to a site (along the lines of browser-security-windows.com, although I don&#8217;t remember exactly as hasn&#8217;t happen again in a bit).

My friend thought he could help and tosses several programs my way (over AIM, since I couldn&#8217;... Read more

Answer:Spyware Protect 2009 help!

Not meaning to be a bother, but it's been 5 days? Is that normal? XD
 

2 more replies
Relevance 79.13%

I recently got the Spyware Protect 2009 virus on my laptop. I am unable to access the internet now because of it. How do i remove this virus without being able to access the internet? I tried finding it in the add/remove programs but it is not there.
any help would be appreciated.
thank you

Answer:Spyware Protect 2009

If you cannot use the Internet or download any programs, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Please download Dr.Web CureIt and Malwarebytes Anti-Malware, save them to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then run the programs. If you cannot transfer to the infected machine, try running directly from the flash drive or CD.You will also need to, manually download the database updates for MBAM, save and transfer them as well. After installing MBAM, just double-click on mbam-rules.exe to install and update.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-MalwareVista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-MalwareIf you cannot see the folder, then you may have to Reconfigure Windows to show it.Print out and follow these Instructions for scanning with Dr.WebCureIt in "safe mode".If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Print o... Read more

1 more replies
Relevance 79.13%

My computer got infected with some kind of virus, mcaffee keeps telling me it removed whole bunch of trojans and viruses but doesnt look like it realy solves the problem. i ran combofix but the spyware alert keps showing up and asking me to buy a program clled spyware protect 2009. so i need help

Answer:spyware protect 2009

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

7 more replies
Relevance 79.13%

So I've been trying to get rid of this thing for a few days now and haven't been very successful overall. I got rid of some of the stuff it brought but the fake virus scanner keeps popping up a long with a slough of fake error messages and the inability to run any other anti-virus/malware program. I've tried the malware removal guide but cant run any of the tools, and I've tried disabling TDSSserv.sys in the control panel but no such driver exists. I'm at my wits end here.:confused
 

Answer:Spyware Protect 2009

I know you indicated you have tried some of the below, but see the notes and additional info and try again. Also remember to try safe mode and also renaming files. You need to be very clear on explaining what you can and cannot do. For example, download the files, installing the programs, and running the actual scans are 3 distinct phases and you need to tell us exactly which pieces you can and cannot do for ALL of the tools we ask you to run.


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below i... Read more

15 more replies
Relevance 79.13%

I have mcafee and its seems to not be able to update to get rid of this spywareprotect thing. husband is even more computerdummy than me and probably authorized this thing. please help not sure if i got all the logs i was supposed to i was only able to save these two


DDS (Ver_09-03-16.01) - NTFSx86
Run by michelle at 17:41:05.12 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.peoplepc.com/websearch
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://home.peoplepc.com/search
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://home.peoplepc.com/search
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\_agcutils.pyd
mWinlogon: userinit=c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - No File
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\... Read more

Answer:help please with spyware protect 2009

Hello -

There should also have been another log created by DDS, attach.txt

If you did not save it, please run DDS once again, save attach.txt and attach it to your next reply.

19 more replies
Relevance 79.13%

Dear Computer Professionals,I hope that I have come to the right forum and my problem will be solved with your help.Background:Recently my desktop computer (operating system: windows XP) was infected with Spyware Protect 2009. Antivirus (AVG 7.5, free edition) was already installed on my computer. I scanned my computer with AVG and found spyware protect 2009, after that it was deleted.Now:Even though spyware is deleted, but now I have three main problems in my computer.(1) My computer is running very slow.(2) IE always directs to this page, browser-security.microsoft.com/block.php?r=17.2, but nothing appears on this page. Firefox is fine, but internet is very slow.(3) I have dial-up internet connection, whenever I open Internet connection window, and click on Connect button, my computer restarts automatically, always. But if I close/cancel these processes (ServiceLayer, alg, SMAgent, MDM, SEPCSuite, SMax4, LaunchApplication, apdproxy, acrotray, VM303_STI) from task manager, then only I am able to connect to the internet.I think my computer is still infected with something. I also tried to install Spyware Doctor, SmitFraudFix, and Malwarebytes Anti-Malware, but all these programs are not running.Please help me, to fix my computer.Please also note that I am not a computer guy, so guide me step by step.Thank you.

Answer:Spyware Protect 2009

Hello and welcome please run these next. Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update i... Read more

13 more replies
Relevance 79.13%

I attempted to remove Spyware Protect 2009 from my niece's computer. I also attempted to remove MyWayWebSearch. After running Spybot S&D, I kept getting the registry change box popping up MANY times. The entry part said SpybotDeleting (with many different numbers behind it). Now I'm wondering if I should have denied those changes. I thought it was Spybot deleting them but now on booting up there is numerous command windows popping open. I'll post a HJT log and hopefully one of the wonderful helpers here will be able to point me in the right direction.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:32 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent... Read more

Answer:Spyware Protect 2009 & more

I don't know what happened but the above HJT log does not show the Spybot deleting lines that I need to know if I should have HJT 'fix' them. AND if so, after HJT fixes them do I allow the registry change in tea time or should I disable tea timer before fixing them?

Anywise here's an upated HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:15 AM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
... Read more

1 more replies
Relevance 79.13%

I am receiving a pop up called Spyware Protect 2009. There is an item loaded in the sys tray which shows a balloon "windows security alert" and a pop up that displays a fake virus scan.

McAfee does not detect this virus with the latest DAT and engine updates.

I am running windows Xp, patch 3.


DDS (Ver_09-03-16.01) - NTFSx86
Run by hpadmin at 22:32:05.07 on Tue 04/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.392 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataB... Read more

Answer:Spyware Protect 2009

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware appli... Read more

11 more replies
Relevance 79.13%

I recently had this problem which was resolved thanks to you guys, but am back. Same computer has been infected by"Spyware Protect 2009". I've looked around online and tried to delete it but it prevents some files from running it would appear. You just click an icon and it does nothing.Symptoms:-Cannot run MBAM, but can run ad aware for example (which finds nothing wrong). Tried to reinstall it and it does not run. -Tried to run Spyware Doctor, cannot even get it to install.Where can I even start on this issue??

Answer:Spyware Protect 2009

Hi here are some tips to try to MBAM to run so you can post a log.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ***If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloadi... Read more

1 more replies
Relevance 79.13%

Hi,
I have the spyware protect 2009 malware. I tried to follow the instructions in this website on installing malwarebytes anti malware - but it doesnt run. I disabled norton 360 and tried running in safe mode, it still does not seem to run
Please help....the spyware is now causing firefox and IE to close as well....

DDS (Ver_09-03-16.01) - NTFSx86
Run by Shaji at 0:50:03.25 on Wed 05/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.415 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svch... Read more

Answer:Spyware Protect 2009 - Please Help

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please include the C:\ComboFix.txt in your next reply for further review.

4 more replies
Relevance 79.13%

Having some trouble....spyware protect 2009 pops up.. XP SP3.....here is my highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22



7FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe... Read more

Answer:Spyware Protect 2009

I need you to run malwarebytes and then combofix and post both of their logs and post a new hijackthis log.
The programs can be found in my guide below

The log you postes is heard to read

9 more replies
Relevance 79.13%

dds attached... thank you

Answer:spyware protect 2009

Hi,Please don't attach your logs.* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

5 more replies
Relevance 79.13%

What an annoying bit of malware this thing is...

I've run the full XP cleaning procedure and am not having any issues currently. Figured I'd rather be safe than sorry and consult the experts!

Logs are attached!

All help appreciated,
Whitty
 

Answer:Spyware Protect 2009- I think I got it, but want to be sure...

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

6 more replies
Relevance 79.13%

Daughters PC infected with Spyware Protect 2009. I ran Malaware Bytes and McAffeee Virus scan with limited succes. Spyware Protect 2009 removed but PC wouldn't display desktop icons. Couldn't switch between users. I enabled explorer.exe and icons appeared but his was only a temporary fix. Did a little research and decided to run combofix. I know I shouldn't have rushed into it but I have a long week ahead of me and wouldn't be able to help the kids with this PC. Any way, combofix seems to have corrected the problem but I am not an expert and would greatly appreciate a review. Attached please find my DDS and attach logs.

Thanking you in advance for your time and effort.

Sincerely,
Dave

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kathryn at 23:18:07.76 on Sun 05/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.64 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\m... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 79.13%

System xp media ed.sp3Spyware protect 2009 pops up on my in-laws computer I have screen shoots of some of the pop ups It keeps changing saying that it is being attacked from the internet."Infltration Alert"Your computer is being attacked by an internet virus. It could be a password -stealing attack, a trojan - dropper or similar.

Answer:spyware Protect 2009

DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 9:30:47.00 on Fri 04/03/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.81 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program File... Read more

17 more replies
Relevance 79.13%

Hello, Is there anyway a relatively inexperienced PC user can get rid of the spyware protect 2009 nasty pop up? I am running windows xp. This is nothing I downloaded intentionally & it is interupting access to my e-mail and a lot of websites. I see several others have this same problem but some of their "fixes" look a bit beyond me! Many Thanks for any assistance!
 

Answer:spyware protect 2009... HELP!

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

3 more replies
Relevance 79.13%

Having issues with IE and Spyware 2009.
DDS (Ver_09-03-16.01) - NTFSx86
Run by lcole at 9:36:00.70 on Wed 04/01/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2717 [GMT -4:00]

AV: eTrust ITM *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\OmniBack\bin\omniinet.exe
C:\oracle\ora9i\bin\omtsreco.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

I have no idea where it came from but all of a sudden I keep getting a baloon window that indicates a windows security alert and then says windows reports that computer is infected. Antivirus software helps to protect your computer against viruses....blah blah blah.. It also shows a Spyware Protect 2009 alert box that indicates a infiltration alert indicating my computer is being attacked. It has taken over my search engine so that each time I put in www.google.com in my search it gives me a faux internet explorer cannot display this page message.here is the dds.txt logDDS (Ver_09-03-16.01) - NTFSx86 Run by Jodi Tabicas at 22:37:19.01 on Wed 03/25/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.22 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

Folks,

I'm on a Dell Inspiron 1520 with Windows XP Pro that has a corporate version of Symantec running with automatic updates.
I was out surfing the web last weekend when I clicked on an innocent looking link that behaved oddly. Before I knew what had happened I began getting Spyware Protect 2009 popups operating on my system.

I stopped what I was doing and try to let Symantec run a full scan and it found a few things, and I downloaded the spyware program from PCTools which seemed to get rid of the Spyware Protect popups, but I'm still having problems.

My disk defragmenter won't run, either through the program or using the defrag in RUN mode. Internet Explorer often won't open and when I can get it to open by going through Yahoo messagenger and opening mail, it often redirects my searches. I can't get my flash memory to open. It doesn't show up when I plug it into my computer when it's operating and if I startup my computer when it's already attached, it give a message about the number of secrets being exceeded.

I downloaded spybot search and destroy at the recommendation of a friend, but it won't open either.

I've also downloaded hijack this and have generated the following log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:04 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WI... Read more

Answer:Spyware Protect 2009?

I'm learning somethings by following other thread in this forum. I don't have a lot of data on this computer, so last night I dug up my Windows XP CD and have moved my data off onto a CD. Tonight I'm going to re-install my system and then put the anti-malware software that's been suggested here back on, and finally try moving my data files back on to the computer.

Even though I haven't received direct help. I'm happy to have had access to thoughts and advice from the experts on this site via other threads.

Jerome
 

1 more replies
Relevance 79.13%

Hello! My son called me at work yesterday from home to tell me that he was getting several popups on our home PC. He e-mailed me a screen shot and I saw that it was Spyware Protect 2009. While still at work I did some research (including this site) and printed out sheaves of instructions. I also downloaded several malware removers and Windows security updates, renamed them and burned them to a CD. I went home in the evening and spent several hours running malware removers and going through manual removal steps to make sure I got everything. (I used MBAM, HijackThis and SUPERAntiSpyware, and I went through a couple of different manual routines including Microsoft's. Microsoft's instructions included some suggestions for hardening my system, which I followed.) Then I ran a complete virus scan using my free Avira antivirus (last updated 4/27/09), which found nothing. I think the computer is clean.But I'm still having three problems (that I know of):1. No Internet access.2. The BITS service won't start.3. The Automatic Update service won't start. (error 0x80072772)The PC is a Dell XPS running Windows XP Media Center Edition. It's the only PC with Internet access, and it's hooked up by cable into a DSL connection.Logs from MBAM, HijackThis and SUPERAntiSpyware are listed below. I ran them in that order. I also have ComboFix on the CD, but I haven't run it. (I did see a post from bigjeff80, who was apparently having the same problem as me. He said ComboFix solved... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 79.13%

April Fool's Day hit me with a bunch of pop-ups from Spyware Protect 2009. Attached are my logs. Please let me know if there are further steps to take.
 

Answer:Spyware Protect 2009

Let's start with this:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knockerClick to expand...

After clicking Fix, exit HJT.

Now Download HostsXpert and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

NOw use windows explorer to find and delete:
h:\windows\Tasks\At1.job
h:\windows\system32\udehgur.dll

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
 

3 more replies
Relevance 79.13%

Well unfortunately I have came in contact with this issue. I have just got struck with spyware protect 2009 and I can't figure out how to get rid of it. I don't want to load any of the programs that suppose to get rid of them until I know they aren't "one of them". If you can tell me how to remove it myself or a program that will assist and is safe that would be great. These pop-ups are very annoying. Thanks for your ssistance in advance.

Answer:spyware protect 2009

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 79.13%

DELL VOSTRO 1000 running Windows XP Problem 1 Have Spyware Protect 2009 pop-ups I was trying to get this removed but can't get access to any web pages other than home page (Yahoo). This appears in browser window : browser-security.microsoft.com/.blocked.php. Any suggestions? Thanks!
 

More replies
Relevance 79.13%

I am running XP Home and have been infected by a fake hijack alert which is trying to make me download a program this I declined but it now flashes up om screen every minute telling me I am being hijacked giving me a windows security alert. I have scanned with my antivirus software which found a trojan horse and fake alarm, these were removed but I suspect the software for this is deep in the system. I have tried system restore but although I have restore points before the infection it will not restore. How do I get rid of Spware Protect 2009

Answer:Spyware Protect 2009

Have you tried Mbam click here and Superantispyware click here ?

4 more replies
Relevance 79.13%

I'm not sure if this is the correct place to post this, but I did not see another place that seemed to fit. My computer has seemed to have downloaded and installed Spyware Protect 2009.

I have tried to download the suggested application, Malwarebytes Anti-Malware, however, my computer will now not let me execute any files like this.

My computer also wont let me into my web browser. All attempts are greeted with a webpage from Spyware Protect stating that the site is unsafe and wont let me proceed.

It also seems to be shutting off my firewall.

Is there anything that I can do to clean this out? I've done searches on my computer for files and programs associated with Spyware Protect, but can't seem to find anything.

Answer:Spyware Protect 2009

Hello you are in the right place.Try these first...Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

4 more replies
Relevance 79.13%

i think i got hit with spyware protect 2009. i could use some help to get it off my computer. i think i have some adware also. i am running windows xp and using firefox if that helps.

Answer:think i got hit with spyware protect 2009

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

8 more replies
Relevance 79.13%

System is not responding very well, keeps hijacking internet and will not allow system restore nor have I been able to get COMBO FIX TO RUN see attatched log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\svcho.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Program Files\Tre... Read more

Answer:Spyware Protect 2009

bump has been two days really need some help
 

3 more replies
Relevance 79.13%

I keep getting popups in the bottom right hand corner of my screen with "INFILTRATION ALERT." from Spyware Protect 2009. I also get popups saying "Vulnerabilities found" ahd I have the option of Activate Spyware Protect 2009 or Stay unprotected, of which I choose the latter. The popups come every 30 seconds to a minute or so. Thanks in advance for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:55 PM, on 4/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
C:\WIND... Read more

Answer:Spyware Protect 2009

6 more replies
Relevance 79.13%

Hello, i've been infected by something which has installed Spyware Protect 2009 into my PC.

It won't allow me to access any webpage. Right now, im using the internet in Safe Mode. It also won't let me open several programs including SuperAntiSpyware and Malwarebytes.

I've managed to update Malwarebytes in Safe Mode and i'm running a Full System Scan in Safe Mode as well.

I would really appreciate some help in trying to rid my computer of this.

Thanks.

Answer:Spyware Protect 2009

Try running RKill.... then as quicka as you can run Mbam and / SASPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

1 more replies
Relevance 79.13%

This is a program that is trying to sell my anti-spyware protection and produces many annoying pop-ups, and any assistance in removing it would be appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:40 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\... Read more

Answer:Spyware Protect 2009

bump
 

2 more replies
Relevance 79.13%

I was infested with Spyware Protect 2009 yesterday. I have Windows Live OneCare and it gave me a warning but did not seem to remove everything.

I downloaded CounterSpy which seemed to delete everything but I got a warning a little bit ago that said:
16 bit ms-dos subsystem the ntvdm cpu has encountered an illegal instruction

I have a feeling something is still not correct with the system.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:58:44.17 on Wed 04/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1170 [GMT -4:00]

AV: *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files... Read more

Answer:Spyware Protect 2009

Please disregard now. I decided to reformat my hard drive and do a clean install.

2 more replies
Relevance 79.13%

Hey, thanks in advance for any help you can provide me. My computer recently started acting funny and I was recieving the message: The application or DLL C:\windows\system32\digeste.dll is not a valid windows image. Please check this againstyour installation diskette; when I booted up my computer and then sometimes when ever I opened certain programs. I didn't think much about it or that my computer was running slower. Then after a few weeks Spyware Protect 2009 began popping up. I updated my Norton (Norton 360) and ran a scan. It found and quartined (I guess) Bloodhound.sonar.1 and Hacktool.rootkit and prompted me to reboot. Things would run fine but I would still get the DLL message when I booted up and then Spyware Protect would come back. We would do the same thing all over again.Also my A drive light would come on about every 20 seconds and if you put a disk in there and formated it and left it in there, 20 seconds later it would put something it. My father-in law said it looked like it was created a boot disk. I disabled the A drive for now. I have done all the begginng steps and have my HijackThis log below. Thank you again and please feel free to contact me if you need more information. Sorry for being so wordy, trying to give you as much info as possible.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Peo Osornio at 13:58:37.42 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.1... Read more

Answer:Spyware Protect 2009 HELP!

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

2 more replies
Relevance 79.13%

Spyware Protect 2009 just popped up on my comp. How do I get rid of it?

Heres my MBAM Log:

5/13/2009 11:00:52 PM
mbam-log-2009-05-13 (23-00-52).txt

Scan type: Quick Scan
Objects scanned: 123538
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Vundo.V) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted suc... Read more

Answer:How can I get rid of Spyware Protect 2009?

Please download and scan with Dr.Web CureIt - alternate download link.Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.Please post a complete MBAM log to include the top portion which shows the program/database version, operating system, date of scan and scan type.

1 more replies
Relevance 79.13%

Hello,Short Background:I had a virus Spyware Protect 2009. After posting my problem in Am I infected? What do I do?, I was helped by boopme and was asked to run ATF Cleaner, Malwarebytes Anti-Malware, SUPERAntiSpyware Free, SmitfraudFix, and dds. I could not run SmitfraudFix, and dds. So, then I was asked to run RSIT, and now I am posting my log.txt file in this forum.(For complete background, please go to this link http://www.bleepingcomputer.com/forums/t/209360/spyware-protect-2009/)Scanning Results:Logfile of random's system information tool 1.05 (written by random/random)Run by kuwait at 2009-03-16 19:53:36Microsoft Windows XP Professional Service Pack 2System drive C: has 60 GB (51%) free of 117 GBTotal RAM: 511 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:53:40 PM, on 3/16/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\VM303_STI.EXEC:\Program Files\Adobe\Acrobat... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

12 more replies
Relevance 79.13%

So my other computer caught a virus called spyware protect 2009. I think you know what it is. It's a phony anti-virus program that gives fake results and what not. I managed to get rid of it by task manager. But when i reboot the computer, it comes back. I tried using this method: http://www.ehow.com/Printarticle.html?id=4751003 but when the program installed, it didn't give me a destination to put the program to and the folder it made didn't have anything in it.

The computer is running windows xp professional. Please help.
 

Answer:Spyware Protect 2009

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a fla... Read more

1 more replies
Relevance 79.13%

My desktop PC has been infected with the Spyware Protect 2009. I can't get online with the desktop, which means I also am unable to network to my printer I am using another laptop in the house at the moment, & am able to transfer info as needed via a thumb drive.

I have followed this thread: http://forums.techguy.org/malware-removal-hijackthis-logs/797462-spyware-protect-2009-help.html and so far have run Malwarebytes' Anti-Malware, then SUPERAntiSpyware, then HijackThis.

I am not sure what I need to do next other than I started my own thread. I have all the reports noted above ready to post. Can someone get me started on fixing this?

Thanks in advance for your help
 

More replies
Relevance 79.13%

Ok, help!

Friday afternoon my work laptop was infected with Spyware Protect 2009. I have followed the guide on this site and many others by removing registry keys, deleting files in the windows folder, programs folder, etc - stopping processes etc.

BUT I cannot run ANY anti-virus programs - or anti malware - most notably malwarebytes. I even created a boot disc with Avira to scan and it found nothing!

I know I have the spyware protect virus because I got the popups, found the corresponding files & registry keys (sysguard.exe, etc). They are all gone - but I'm getting increasingly worse performance with my laptop. I even tried to run the malwarebytes program from safe mode - same result. I also tried the suggestions by changing the file name AND extensions - no good.

This wonderful malware also prohibits me from visiting your site so I have to post from my personal laptop.

What am I missing - and what in the world can I do to at least get malwarebytes to run?

I'm getting random popups in firefox still, security and random other sites are blocked, can't run any anti-virus/anti-malware programs, and most recently this evening I can no longer connect via VPN to my work network, AND I couldn't login to Windows normally. When I tried to press "CTRL + ALT+ DEL" to login to normal windows it did nothing. I can log into safe mode w/ networking though.

Please, any help would be appreciated anything that can help would help me out!

I'... Read more

Answer:Spyware Protect 2009 - Tried EVERYTHING

Rename this file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeTo something else such as:abcde.batThen double click the file and see if Malwarebytes will run.

1 more replies
Relevance 79.13%

Usually I know how I got infected and that is that I did something stupid. This time I don't know how I got the infection. To make matters worse I had a hardware problem that I have resolved but now my PC crashes every ten minutes or so. Not sure if it is from the infection or a new hard ware issue. While firefox is working and allows me internet access IE is down and gives me an error message.

At the time I got infected I wasn't even using my computer I was in bed. Firefox was running with Star pirates up on it, but not IE.

Unfortunately I can not complete the GMER scan at this time.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kevin at 16:20:45.29 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2537 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\... Read more

Answer:Spyware protect 2009

Hiya,


Quote:




Unfortunately I can not complete the GMER scan at this time.




Can you give more detail about this? Is it crashing? What happens when you try to run it?

1 more replies
Relevance 79.13%

I just got a popup about sypware protect 2009 and a popup in the task tray on the right hand side. I closed the window with the task manager. I know it's a virus and I ran a mbam scan, which seems to have gotten rid of it, but still I would like to be sure that it's all gone and that it doesn't happen again. I have windows XP, sp3, and eset nod32 antivirus 4

thanks!

Answer:spyware protect 2009

Follow with these...Run ATF and SAS:From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make su... Read more

35 more replies
Relevance 79.13%

My computer was infected and here is my Highjack This log.Any help would be appreciated. I cannot tell if PC Cillin removed it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:44 AM, on 4/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files&#... Read more

Answer:Spyware Protect 2009

Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfec... Read more

2 more replies
Relevance 79.13%

Hi,
I am having an issue getting rid of the above listed spyware. I downloaded Malware, but it will not open or run a scan. Any advice? Thank you Denese

Answer:Spyware Protect 2009

Hello and welcome. First I am moving this from the XP forum to Am I Infected for scans.Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a fla... Read more

1 more replies
Relevance 79.13%

Had the spyware protect 2009 on this computer and i think i have cleaned it off, could someone verify for me, and make any suggestions you see fitthanks in advanceCris-------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:09:06 PM, on 3/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

Answer:spyware protect 2009

There are still problems for sure, I cannot install malwarebytes, sdfix or combofix. internet explorer freezes and crashes. I found this removal guide and attempted to follow it.

--------------------------------------------------------------------------------

Spyware Protect 2009 manual removal:
Kill processes:
c:\\WINDOWS\\aazalirt.exe c:\\WINDOWS\\dkekkrkska.exe c:\\WINDOWS\\dkewiizkjdks.exe c:\\WINDOWS\\iddqdops.exe c:\\WINDOWS\\ienotas.exe c:\\WINDOWS\\iqmcnoeqz.exe c:\\WINDOWS\\irprokwks.exe c:\\WINDOWS\\jikglond.exe c:\\WINDOWS\\jiklagka.exe c:\\WINDOWS\\jrjakdsd.exe c:\\WINDOWS\\jungertab.exe c:\\WINDOWS\\kitiiwhaas.exe c:\\WINDOWS\\kkwknrbsggeg.exe c:\\WINDOWS\\klopnidret.exe c:\\WINDOWS\\krkdkdkee.exe c:\\WINDOWS\\krkmahejdk.exe c:\\WINDOWS\\krtawefg.exe c:\\WINDOWS\\krujmmwlrra.exe c:\\WINDOWS\\ktknamwerr.exe c:\\WINDOWS\\kuruhccdsdd.exe c:\\WINDOWS\\ooorjaas.exe c:\\WINDOWS\\oranerkka.exe c:\\WINDOWS\\oropbbsee.exe c:\\WINDOWS\\otnnbektre.exe c:\\WINDOWS\\otowjdseww.exe ... Read more

3 more replies
Relevance 79.13%

Can someone please help me with this? This thing keeps poping up on my computer saying "Spyware Protect 2009" and it wants me to buy this thing. I can't get rid of it. I have malware bytes and ran a scan. It said I have virus and it would remove them when I rebooted. I did that and it's still all messed up. How do I fix this?

Thanks...
 

Answer:Please Help! Spyware Protect 2009

Here's a log... I tried to send as an attachment but I'm not sure if I did it right so I copied and pasted. It's nearly impossible to even post because my browswer keeps redirecting and closing. It's makeing me crazy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:59 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\eHome\ehSched.ex... Read more

3 more replies
Relevance 79.13%

My laptop just got that infection Spyware Protect 2009, well I came in and turned my computer on just now a few times and once the Windows screen comes on, it goes black and the mouse is in the middle of the page and it will not go past that, I cannot even get to the desktop. I need help, please. I keep AVG, Spybot, and Adaware up to date also.

Thanks.
 

More replies
Relevance 79.13%

This virus is killing my computer and my work efficiency. Can someone PLEASE tell me how to remove it FOREVER!!!

Thanks,

 

Answer:Spyware protect 2009

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Relevance 79.13%

Hello,I just joined your community today, and I am in need of some help.I have been infected with spyware protect 2009 also kown as antivirus 2009.I will will tell you what I have done so far.The first thing I did was went to task manager in the process tab and stopped it from running.Then next I went into msconfig and stopped it from starting up with the pc.Then I went into program files and deleted it from there, I also went into add/remove but there was nothing there.After that, the pop ups stopped and everything seemed fine until I try to use any type of browser.I pefer to use opera or safari and not IE7 very often.The problem I have now is safari and IE7 wont even connect and opera will only go to certain sites. If I try to go to any type of virus/malware removal site I get redirected to some fake garabage.I even tried a system restore but would not let me do it. I do have spybot and avast, malwarebytes but none of these programs will even open for me to sacan the pc.So I did a HJT log so you guys could take a look and hopefully help me figure out what is wrongLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:49 PM, on 1/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32�... Read more

Answer:spyware protect 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 79.13%

I ran ComboFix.exe to erradicate Spyware Protect 2009. I think it is gone!

Answer:Spyware Protect 2009

Hello.Do you want us to check or something? What was the purpose of this topic? Combofix WarningComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.Try running MBAM and see if it finds anything else.Download and run MalwareBytes Anti-Malware(Full Scan)Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is... Read more

5 more replies
Relevance 79.13%

This problem initially started as a Spyware Protect 2009. I don't see that popping up anymore, but the Malware Bytes won't work either. Ran the SAS and posted it, and was told to run these and post them.DDS (Ver_09-03-16.01) - NTFSx86 Run by Stephanie Smith at 18:57:31.65 on Tue 04/14/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.comcast.net/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 78.72%

My laptop is infected with Spyware Protect 2009 - using Avast anit-virus; spybot and the spyware remains. Here is my hijack log... please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:28 AM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauc... Read more

Answer:Rogue Spyware - Spyware Protect 2009 - HELP!

Used Malwarebyte's Anti Malware - problem solved.
 

1 more replies
Relevance 78.72%

I seemed to have picked up the trojan/spyware called Spyware Protect 2009.It essentially installs a program that acts as a fake spyware checking program, frequently producing popups that say your computer is at risk. It also makes Internet Explorer and Firefox VERY slow; it takes around 1 - 2 mins just to load some websites. I am redirected to a Microsoft security site occasionaly when I try to open run a search using the Windows search feature.I've already removed the program from my start up list using msconfig, so I no longer get the annoying popups. I am unable to revert to a previous system restore point. Macafee anti-virus software does not detect anything. I can not open Spybot - Search and Destroy. CWShredder runs, and removed one file. I was only able to install Malwarebytes' Anti-Malware after renaming the install file, but I can not run it now that it's installed. Ad-Aware seems to work ok, but did not solve the problem.There are suggestions on other websites for files to search for and delete, but none of these files are showing up on my computer.Does anyone have any further steps I can take?(Moderator edit: thread moved to more appropriate forum. jgw)

Answer:Spyware Protect 2009 trojan/spyware

You have posted in the wrong forum, you should have posted in the Am I infected? What do I do? forum.This tutorial might be able to help How to remove Spyware Protect 2009Good Luck!

3 more replies
Relevance 78.31%

Hi. This appeared on my computer today. Are there any step by step instructions available to remove this troublesome virus? Thank you!

Answer:Spyware Protect 2009 Alert

Hello shamrock1125 and welcome to BC! This is not the correct forum to post it but you are a new member so it's okay, I'll let a Moderator know to move this topic. In the meantime, let's run the following scanner.Download and Run ATFCleanerPlease download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.Under Main Select Files to Delete choose: Select All.Click the Empty Selected button.If you use Firefox browser also...Click Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser also...Click Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes... Read more

1 more replies
Relevance 78.31%

I recieved spyware protect 2009 one day as a present. I am so lucky. I removed it by deleting sysquard.exe , No more pop ups, but now I get a pop up that says NT authority system has encountered a problem and will shutdown in 1:00 minute. I run shutdown -a to keep the computer from shutting down. I also get a pop up that says Google installer has encountered a problem and needs to shut down. I also get redirected when doing a search on google or yahoo.
I tried to download malwarebytes but had several problems doing so. It appears to finally be loaded but it will not run.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Carlos Ybarra at 12:52:17.06 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\ja... Read more

Answer:It started with spyware protect 2009

Hello gearheadtools,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

2 more replies
Relevance 78.31%

This is the second time I have been infected by the Spyware Protect 2009 (SYSGUARD) issue in just a few days. Although, I now suspect it may never have gone away. I have followed all the recommended methods for getting rid of it. It now appears that the main culprits are gone (i.e. SYSGUARD.exe removed, Registry entries for SYSGUARD cleaned up etc.). However, I had a lot of trouble getting MALWAREBYTES to run (had to rename execution program) and SUPERANTISPYWARE won't run at all (even with a rename). I try to run them and nothing happens. I have had both of these programs on my system for sometime now and have never had this problem. It also appears that my Norton Antivirus gets shut off whenever I reboot.

Unfortunately, I have tried to provide all the logs that are requested. However, the only thing I can provide is the logs from MGTOOLS. As noted above, nothing else will run.

Another Note: I can get my existing version of Malwarebytes to run (by changing the execution file name). However, I cannot get or install a new updated version. When I run my existing version of Malwarebytes I get 'nothing found'. When I try to install an update it simply stops after the initial install process (i.e. does not start MALWAREBYTES).

Note: This first attachment was created while running in Safe Mode. I'll try to create another one after I do a normal start.

I can usually fix most of these issues myself by running the tools in these threads... Read more

Answer:It all started with Spyware Protect 2009!!!

Here are the logs not running in safe mode.
 

5 more replies
Relevance 78.31%

So here's my problem. While using the internet the Spyware Protect 2009 scanner popped up on my screen. I didn't realize that it was a fake scanner so I let it scan. So now my computer got installed with and infected by Spyware Protect 2009, and it won't go away. It continuously gives me pop ups saying that there are infections on my computer. I scanned it with the most recent version of MBAM a few times, and it removed the infection, but it keeps coming back. Please help.

Answer:Spyware Protect 2009 infection

Hi there! to Bleeping Computer.Please update MBAM, do a full scan, then please post the log in to your next reply!(Note to advisors: User may have to go to HijackThis according to BC Removal Tutorial)

6 more replies
Relevance 78.31%

Hi AllI am infected by Spyware Protect 2009I installed Combofix and run according to instruction.I got this in note pad belowwhat should I do next to remove thatthank youComboFix 09-02-02.04 - aytekim 2009-02-03 14:00:09.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1523 [GMT -5:00]Running from: c:\documents and settings\aytekim\Desktop\ComboFix.exeAV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Updated)AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\iehelper.dllc:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exec:\windows\system32temp#01.exec:\windows\wiaserviv.log.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_WinDriver((... Read more

Answer:I am infected by Spyware Protect 2009

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 78.31%

Does anyone know how to get rid of this virus? I cannot open cmd, close programs through task manage, install new anti-spy/malware. I cannot find the file or anything.
Your help would be much appreciated.
p.s im running vista

Answer:Help- I've got spyware protect 2009 virus

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply... Read more

2 more replies
Relevance 78.31%

I've been working on this thing since Saturday afternoon and have yet to get rid of this nasty bug.

Basically, it's a false spy-ware program which consists of an annoying pop-up telling me I need to buy their program to get rid of "detected spyware" on my computer. Program is "Spyware Protect 2009."

Steps I've already taken.

Malwarebytes scan (both in regular and safe modes). Did not pick it up.
Spybot S&D unable to update.
Can't open "regedit" to manually delete files.
I've re-booted in safe-mode, searched for "sysguard" in "files and folders" and deleted it. Also deleted "iehelper.dll". Computer runs fine after reboot and then 15 minutes later the program seems to re-install.

Any help? I'm desperate!

This is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:39 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Updat... Read more

More replies
Relevance 78.31%

Hello, my mother's computer is infected with Spyware Protect 2009. I am unable to use internet explorer from her computer at all but have been able to use the Google Chrome browser; however, it is incredibly slow. I attempted to use the DDS but that sat for about 20 minutes and no logs came up. I was able to use Hijack This and have attached a log from that. I hope that will work for your purposes.

There are two pop-ups that are coming up regularly - one is an 'infiltration alert' that has various "attacks listed" the other is similar to that and comes in the middle of the screen and has stay unprotected as an option.

I do not know what my mother clicked on to become infected with this.

Answer:Spyware Protect 2009 alert

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 78.31%

How do I get rid of it?

I have tried running Malwarebytes's Anti-Malware, but the virus has attacked it in a way that I cannot open it. I have even uninstalled and reinstalled it. I run Symantec Corporate edition, and I pick up Trojans, but no luck dropping this one. Anyone else able to kick this PITA?
 

More replies
Relevance 78.31%

Hi. I have been infected with the Spyware Protect 2009 rouge spyware and have followed all the instructions on bleepingcomputer.com to attempt to remove with no luck. I am attaching my hijackthis logs for review by someone smarter than me! I appreciate any help.

Nancie
DDS (Ver_09-03-16.01) - NTFSx86
Run by Test at 11:42:43.84 on Fri 04/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.219 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Linksys Wireless-G USB Wireless Network Monito... Read more

Answer:Infected with Spyware Protect 2009

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

3 more replies
Relevance 78.31%

Computer has been noticeably slow and sluggish for the past month. I have AVG (free version) as my main anti-virus program and also frequently run Spybot, Malwarebytes and Ad-Aware.

Last week things started getting worse. I ran a remote scan from Bit Defender's website and it reported to find viruses on both my operating hard drive and my old hard drive (which I knew to be infected with a virus that I'm slaving off the main hard drive). Bit Defender reported to have removed the viruses off the main hard drive, but it also reported that it was unable to remove some of the viruses off the older slaved hard drive. I'm not necessarily concerned about the older infected slaved hard drive as I simply use it to pull off old files such as MS Word docs, Excel docs and pictures and music.

After running the Bit Defender remote scan and seeing the report, I thought everything would be good again but in fact things took a turn for the worst. Immediately after the Bit Defender scan I started getting the following pop up message in the lower right hand corner of my screen:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now." Note the poor grammar. Dead giveaway in my opinion that this is some type of bogus spyware.

Additionally, I'm unable to run any of my anti-virus/malware programs. When I try to... Read more

Answer:Need help with removal of Spyware Protect 2009

8 more replies
Relevance 78.31%

Hello-
Thank you for any help you can provide -- I've been trying to fight this thing for a couple of weeks, and it's time I turn to someone far smarter than I am.

I've got, well, a lot of junk. I have the spyware protect 2009 virus -- I get a really big popover when I start up my computer -- it runs like it's doing a virus scan and then prompts me to try to download a fix because it claims there are viruses on my computer. I also get popups from the right hand tray, very misspelled, warning me that my system has a virus and I need to take action.

I have read through several forums -- thought I would be able to take it out by running Malwarebytes Anti-Malware -- but I can't even get the program to install on the infected computer. (I jumped the files from an uninfected computer.)

I can start the system in normal mode, but it doesn't stay stable for very long. McAfee virus scan has also reported the following viruses that it couldn't repair: spy-agent.bw!mem and Generic Dropper (Trojan).

I've got a Hijack This log below. Thank you again for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:04 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C... Read more

Answer:Spyware Protect 2009/spy-agent.bw!mem

Hello -- I'd still greatly appreciate any help you can offer -- even if it's just the bad news that it's a lost cause. Thank you!
 

1 more replies
Relevance 78.31%

Further to Tim's help with spyware,I would appreciate some more advice ..

Recently I was infected with the Kaka virus (sysguard etc). It stopped me
logging onto any progs or the web. I was however able to open in safe mode
and set PC back a couple of days to a good point, which seemed to have
reverted back to normal service. Question is, am I likely to still be infected ? (Spybot and AVG don't can't find anything).

Thanks you
Rob
 

Answer:Sysguard/Spyware Protect 2009

It is always possible to have reverted back to an infected restore point. We would not be able to know for sure without seeing the requested logs from doing the Read and Run First Instructions.
 

1 more replies
Relevance 78.31%

A few days ago, my computer starting displaying alerts to buy SpywareProtect 2009. I did not purchase it and after reading on a different site some advice about getting rid of it, I ended the process from the taskbar and deleted one of it's executable files. That eliminated the pop ups but problems persisted. I attempted to run Malwarebytes but the system wouldn't let me do it. I read on the forums here about renaming mbam.exe to mbam.com and after doing so, it ran. Unfortunately I still have erratic computer behavior. I can't go to certain sites unless I type in the address in my browser and I still can't run mbam without renaming it. Also when visiting certain sites my Firefox browser just closes down by itself.

I just ran my Norton Antivirus and it can't find anything. Every time I now run Malwarebytes it finds something, I delete them, restart the computer and they come back. I believe I am using the latest version of Malwarebytes (version 1.34 from Feb 21).Here is the latest output from Malwarebytes. Please help.

Malwarebytes' Anti-Malware 1.34
Database version: 1793
Windows 5.1.2600 Service Pack 2

3/4/2009 6:27:45 PM
mbam-log-2009-03-04 (18-27-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201160
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memor... Read more

Answer:Spyware Protect 2009 infection

Update MBAM to the newest definitions, use the update tab in the program window, run another quick scan but run ATFCleaner firstPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".After a reboot if required to remove files, please run Smitfraudfix as a scanPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious"... Read more

10 more replies
Relevance 78.31%

These are both counterfeit antispyware scams. Trying to get you all freaked out so you'll buy this "FAKE" software to remove "FAKE" issues that these programs claim to detect. DO NOT FALL FOR THESE SCAMS.

So I come into work on Tuesday after the long holiday weekend and All of my PC's (6) either have PCenter or Spyware Protect 2009 on them. I'm not sure exactly how this happened but it certainly was a one shot deal probably over the network.

PCenter: How to Remove PCenter - P Center Removal Guide | Windows Protection
Spyware Protect 2009: How to Remove Spyware Protect 2009/SysGuard.exe (Removal Info) For XP/Vista

FYI, I was able to remove them completely with Trojan Remover 6.7.9
Download Trojan Remover

Just thought I would throw these up here. TR worked.

More replies
Relevance 78.31%

It looks like my brother's pc got hit with a trojan, it's popping up the Spyware Protect 2009 page, with the standard "you are infected" line. I had him run a HJ scan, here is the log. He'd definitely appreciate any help. =)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:32:52 PM, on 1/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Motherboard Monitor 5\MBM5.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\mouse32a.exeC:\Program Files\Micro Innovations\Wireless Keyboard & Optical Mouse\kbdap32a.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfm... Read more

Answer:Spyware Protect 2009 Trojan

Anyone want to take a shot at this?

6 more replies
Relevance 78.31%

First thing, let me explain that i'm having to post this using my daughters computer, because after this attack, I can no longer connect to BleepingComputer web site with my PC.

Sunday evening I turned on my computer and found there was a Windows "Alert" on the right lower corner (click on the balloon) and it was listed as "Spyware Protect 2009 Alert" (looked original for a second), and when I clicked the ballon it started scanning my system. I noticed it wasn't from AVG, and after a few seconds I cancelled it a quick as I could. However, the pop-up screen could not be removed from the middle of my screen, and after several attemps, I just decided to reboot the PC. It rebooted, but this time it had the error box stating:
"Windows has encountered a problem with this program (WMI) and has closed it" (or something close to that). I noticed my PC was running very slow, but I could pull up an internet speed checking site (through my DSL provider), and the speed was actually showing good. The Spyware Protect 2009 Alert "windows" were still loaded in the middle of my screen.

I decided to run a virus scan, and it did find 4 trojans, and moved them to the vault (i guess). I then rebooted into safe mode, and ran another scan which didn't really seem to be working correctly. So, I rebooted back to normal Windows XP, and the Spyware protect alert was still there, along with the "WMI" problem.

I have since re-scanned the PC... Read more

Answer:Spyware Protect 2009 Alert!

Moved from HJT forum to the more appropriate.

6 more replies
Relevance 78.31%

Lately, I've been having a bit of difficulty removing a rogue anti-virus program called Spyware protect 2009 that somehow installed itself on my computer without my consent. This was making me kind of scared since I'm not really computer-savy. I think I managed to remove most of it, but I have feeling it left some dangerous things/trojans on my computer that my anti virus/spyware/malware programs can't detect. The programs that I've used were...Zone Alarm Internet Suite: It wasn't able to get rid of Spyware protect 2009 making it useless.and...Malwarebytes Anti-malware: This program helped me a lot in getting rid of most of the trojans including Spyware protect 2009.However, I used Malwarebytes lately and it couldn't delete some of the trojans (usually two were left). It said it would delete them upon reboot, but it didnt. I did 3 scans from Malwarebytes; here is the log:Malwarebytes' Anti-Malware 1.35Database version: 1931Windows 5.1.2600 Service Pack 34/2/2009 12:18:55 AMmbam-log-2009-04-02 (00-18-55).txtScan type: Quick ScanObjects scanned: 70460Time elapsed: 15 minute(s), 13 second(s)Memory Processes Infected: 1Memory Modules Infected: 1Registry Keys Infected: 14Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 22Files Infected: 68Memory Processes Infected:C:\WINDOWS\svcho.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot... Read more

Answer:Was infected with Spyware protect 2009; please I need help

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

23 more replies
Relevance 78.31%

Dear Sir, After many hours, I finally was able to remove Spyware Protect 2009 from my computer, or so I thought. Ever since then, my computer has been running much slower, particularly on startup, so i checked my msconfig -> startup settings and noticed a new startup item named "2cfd402c1" with a command line of "rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\2cfd402c1.dll". I have tried everything from removing the registry line via regedit (line keeps popping back up after restart), to deleting the file in the specified folder (comes back after restart), to disabling that command in msconfig (item comes back checked after each restart." Malwarebytes has found 8 infections related to this, but is unable to clean them...it says itll clean on reboot, but when i run malware again after the reboot, the same infections popped up. Super antispyware doesnt find anything. Here are the logs:Malwarebytes' Anti-Malware 1.34Database version: 1813Windows 5.1.2600 Service Pack 32/28/2009 8:47:35 PMmbam-log-2009-02-28 (20-47-35).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 137476Time elapsed: 24 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 8Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(... Read more

Answer:Spyware Protect 2009 Residuals - Please Help!

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

13 more replies
Relevance 78.31%

Hello. So I'm new to this deep of a level of anti-virus/trojan/etc. security. When I logged into my computer today my firewall (Default windows XP firewall) was turned off and Spyware Protect 2009 was on my computer, spraying popups and alerts at me. I looked here for help and got Malwarebytes' and that seems to have fixed it. I want to be sure though that there isn't anything obscene about my registry and such that is screwing with my computer. I followed the instructions in the sticky post and here is what I have (Thanks for any help in advance):
DDS (Ver_09-03-16.01) - NTFSx86
Run by RJ at 16:03:57.26 on Fri 04/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1333 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS&#... Read more

Answer:Spyware Protect 2009 and other problems.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 78.31%

Yesterday my computer was infected with spyware protect 2009, I shut the computer down and when I turned it on the next day the desk top won't come up. I can see the desktop screen but there are no icons or menu bar nothing but the picture. After it sits for a few minutes the screen saver will start runing which is the pictures I have saved on the comuter. Do you know what I can do to fix this problem? Please help. I have XP ProfessionalEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Spyware Protect 2009 Virus

Take a look here: How to remove Spyware Protect 2009 (Uninstall Instructions)

4 more replies
Relevance 78.31%

Hi I just signed up to your site saying that you read/help with Hijackthis logs. I am posting this because well..I'm not sure how to use Hijackthis properly and don't want to mess up my PC more than it already is. Okay now to the point. My computer has been running REALLY slow lately. It's laggy on videos now and when I run Firefox 3.0 It takes up 100% CPU usage. It's never been this slow before. About a week ago my computer had been infected with a virus/trojan/malware known as Spyware Protect 2009 and it was an absolute PAIN to remove. I haven't had any alerts on my PC since...but I feel like it still might be on here since my PC is still running so slow! I'm running Windows XP home edition, version 2002 service pack 3 and my computer is a Intel® Celeron® CPU 2.53GHz. 2.53 GHz, 512 MB of RAM. *Note that I've used Malware Bytes Anti-Malware, Spyware Terminator, Ad-Aware, Superantispyware free edition, Spybot S&D, Smitfraud Fix and Combofix to fix this problem. It's STILL running slow, and I have done Disk defrags, Registry cleanup/fix, and general computer cleaning (Ccleaner).This is much appreciated and thank you! =)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:59:01, on 2/24/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\... Read more

Answer:Spyware Protect 2009/Hijackthis log

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 78.31%

Hello!

I have the Spyware Protect 2009 virus and I have tried downloading free antispyware (pcdoctor.com) but, after it scans and finds the virus I have to pay $30 to actually get the virus removed.

Is there a way to get rid of this virus without buying some type of antispyware? If so, what are the steps I need to take to get rid of it?

Thank you!
Aden

Answer:Spyware Protect 2009 is taking over!

Don't buy anything!Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully.... Read more

1 more replies
Relevance 78.31%

First, I want to say thanks. I found a lot of useful information here, and I wanted to share my experience to help others.

Last Friday our laptop became infected with a virus that called itself "Spyware Protect 2009." And I want to caution EVERYONE to be very careful even after this virus is "removed." Our computer was still infected, but with a different virus.

Spyware Protect 2009 made a similar showing as others have described for the Antivirus 2009. The pc ran really slow and access to websites was very slow or blocked with claims of infection. The virus produced lots of pop-ups telling me the pc was infected with viruses and claimed to have found a few. Then, a McAfee (antivirus that was installed and running) pop-up indicated that a virus was found and quarantined.

It's a clever strategy that the real virus program actually starts loading other real viruses on your pc to trick you. Your resident antivirus program flags one or two, but their pop-ups tell you about that and more to convince you that you need their product. It's also impossible to close their pop-ups in a safe way.

We never fell for the virus tricks, and we'd power down the computer and start-over, but over time the virus becomes more aggressive in blocking internet access.

The real virus program will not let you even visit the malwarebytes website by name -- the website is blocked as an infected site. If you search the malware hjt forums, you can find links to the ... Read more

Answer:Spyware Protect 2009 and keylogger

6 more replies
Relevance 78.31%

My son's computer is running Windows XP with Service pack 2. He has 1GB of RAM and a 1.5Ghz processor. He was watching videos today on Hulu and then went to search for one particular video. He found a site called something like parodies (dot) com and clicked the link. The computer froze and he shut down Firefox. At that point he started getting pop ups for "Spyware Protect 2009." He let me know and after I made sure he didn't click on any of the acceptance buttons I started running scans as per First Steps.

The DDS file is below and I am attaching the other files.

Christina in GA

_____________________________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by William at 16:27:46.87 on Wed 04/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.668 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Office Keyboard\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.... Read more

Answer:Spyware Protect 2009 on son's computer

Hello -

I noticed you didn't complete your previous topic with chemist for your machine.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------


I see no AntiVirus application installed. An AntiVirus is a must have for machines connected to the internet today.

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

There are excellent free AntiVirus applications available today, so there's no reason to be unprotected.

We will address that during the course of this fix. I will tell you when.

=========================================================
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your q... Read more

16 more replies
Relevance 78.31%

While using Firefox, I suddenly started getting popups from Spyware Protect 2009. Spybot seemed to be stopping registry changes but it kept on having popups. I ran Hijackthis - log below - and downloaded Malwarebytes. However now, I can't get any site on the internet, Malwarebytes won't run, nor will spybot. I am having to use another computer to post this query.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:39, on 20/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Network Associat... Read more

Answer:Spyware protect 2009 complications

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 78.31%

Well, my kid did it again. Last night while I was watching a ball game, my 11 year old was on a "kids" game site and click something that created this Spyware Alert. I am not able to get online with this computer so I am communicating with my laptop. Below is my dss file, and attached are the other two compressed files that the pre post instructions have called for. I am running XP. Thank you in advance.
John


DDS (Ver_09-03-16.01) - NTFSx86
Run by John at 7:00:10.90 on 2009-04-16
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1507 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\Goo... Read more

Answer:Spyware Protect 2009 Alert

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix to a USB drive on another computer and transfer it to your desktop.

------------------------------------------------------

Please download Comb... Read more

7 more replies
Relevance 78.31%

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 19:21:04.73 on Thu 02/26/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.230 [GMT -6:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
FW: Webroot AntiVirus with AntiSpyware *disabled*
FW: Webroot Desktop Firewall *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Progra... Read more

Answer:Infected with Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies