Tags:



Advertise here: Contact FM.


Spywarequake sucks!
March 25, 2006 5:18 PM   RSS feed for this thread Subscribe

Grrrr...blinking Virus Alert! icon and popup message in my taskbar tray and undead SpyWareQuake software keeps reinstalling itself. Help!

Done a search for every possible solution, AVG doesn't pick it up, nothing I can find or do will help. Any ideas?
posted by jimmythefish to computers & internet (7 comments total)
assuming windows machine?
have you tried the usual suspects?

by which i mean, on another, uninfected computer grab updated definitions for spybot, adaware, avg put em on a usb key or something.

reboot machine in safe mode with the ethernet unplugged/wifi off.

update spybot/adaware/avg and run the scans
check start->run->msconfig
under services & startup, google anything that doesnt look familiar and disable it if google shows its not benign.

also [insert editing registry disclaimer]
start->run->regedit
google anything that shows up under

HKEY_CURRENT_USER->Software->Microsoft->Windows->CurrentVersion->Run
HKEY_CURRENT_USER->Software->Microsoft->Windows->CurrentVersion->RunOnce
HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run
HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run

and delete anything that google shows as not benign
posted by juv3nal at 5:46 PM on March 25, 2006


Dslreports has a page on it here.
posted by Dipsomaniac at 5:47 PM on March 25, 2006


If you haven't run Windows Update for a while, go visit. Once a month Windows Update has Microsoft's latest version of its malware removal program on it. (There's actually a URLyou can visit where you can manually run it, but I don't remember it. Sorry.)
posted by Steven C. Den Beste at 5:48 PM on March 25, 2006


the second
HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run

should be


HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->RunOnce
posted by juv3nal at 5:50 PM on March 25, 2006


Thanks guys....used Dipsomaniac's link and seemed to work. Appreciate the posts.
posted by jimmythefish at 10:42 PM on March 25, 2006


According to Dipsomaniac's link, it's a Smitfraud variant. Spybot Search & Destroy has had Smitfraud on its shitlist for at least a year, so I'd be surprised if that didn't do a good job of getting rid of it.

One gotcha with the current SS&D (version 1.4): exit and restart it right after downloading updates, otherwise it doesn't always start a scan when you tell it to.

Obligatory broken-record barn-door-after-horse-bolted advice: if you use Firefox instead of Internet Explorer, crap like this will no longer infect your Windows box. And if you install the Adblock Plus and Adblock Filterset.G Updater extensions into Firefox, even the most clueless of your Windows box's users are unlikely to even see those shiny shiny click-me banners that cause most of the trouble.
posted by flabdablet at 10:54 PM on March 25, 2006


If you edit the registry, I recommend you edit any of the items in CurrentVersion->Run/RunOnce instead of deleting, just in case something is useful. Edit it ro read rem C:\path\executable.exe, which makes it a remark, and it will not be run, and you won't get an error message.
posted by theora55 at 8:58 AM on March 26, 2006


« Older my brother may be heading for ...   |   Why are magazine subscription ... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
Norton stinks April 28, 2008
Seeking advice on anti-virus and other security... March 12, 2008
What are the lightest-weight antispyware and... February 16, 2008
Help with anti virus July 15, 2007
Need to carry a toolbox for boxen April 26, 2007