"Common name" spyware won't get gone
February 2, 2012 4:39 AM Subscribe
How to get rid of "common name" spyware on my laptop? Do I need to?
This thing has been on my computer for months. Malwarebytes and Spybot don't get rid of it.
I'm told it's not much of a problem since I rarely have to use internet explorer, but I want this thing gone.
A friend who knows much more about computers than I spent a few hours trying to rid of it the other day, but was unsuccessful. So, help!
This thing has been on my computer for months. Malwarebytes and Spybot don't get rid of it.
I'm told it's not much of a problem since I rarely have to use internet explorer, but I want this thing gone.
A friend who knows much more about computers than I spent a few hours trying to rid of it the other day, but was unsuccessful. So, help!
Response by poster: We ran HijackThis. Do you suggest running these in the order you give? Will that make the last more effective?
posted by goofyfoot at 5:05 AM on February 2, 2012
posted by goofyfoot at 5:05 AM on February 2, 2012
Not entirely, but it is possible for rootkits to completely hide files and processes, so I usually start by looking for rootkits first (unless the active infection is preventing things from running as well).
You may also want to check out deezil's profile for some additional tools to try. ComboFix I normally would save as a last resort, as it go incredibly well..or incredibly bad if it breaks mid-clean.
posted by samsara at 5:50 AM on February 2, 2012
You may also want to check out deezil's profile for some additional tools to try. ComboFix I normally would save as a last resort, as it go incredibly well..or incredibly bad if it breaks mid-clean.
posted by samsara at 5:50 AM on February 2, 2012
@empath: Be careful on spybuster, as it might have compromised pages.
posted by samsara at 6:47 AM on February 2, 2012
posted by samsara at 6:47 AM on February 2, 2012
Here's the removal instructions from Bleeping Computer using HijackThis
posted by samsara at 6:48 AM on February 2, 2012
posted by samsara at 6:48 AM on February 2, 2012
Response by poster: Okay, we've done TDSSKiller, GMER, HiJackThis (for the second time), and my friend took a look at spybuster and didn't trust it.
Before that, we checked out the spybot forums and followed their instructions. We're about to do that again now. Microsoft securities essentials found nothing.
My friend is thinking it's a false positive. Malware bytes doesn't come up with it, HiJack This didn't find it. Only Spybot finds it.
Can it be that this is something I don't need to worry about? My computer is a Toshiba laptop running Windows 7; I use Firefox only, but FAFSA may require me to use IE.
So I''m still worried. Any further knowledge or advice would be lovely.
posted by goofyfoot at 9:15 PM on February 4, 2012
Before that, we checked out the spybot forums and followed their instructions. We're about to do that again now. Microsoft securities essentials found nothing.
My friend is thinking it's a false positive. Malware bytes doesn't come up with it, HiJack This didn't find it. Only Spybot finds it.
Can it be that this is something I don't need to worry about? My computer is a Toshiba laptop running Windows 7; I use Firefox only, but FAFSA may require me to use IE.
So I''m still worried. Any further knowledge or advice would be lovely.
posted by goofyfoot at 9:15 PM on February 4, 2012
Response by poster: Ha HA! Spybot just finished running again and the spyware is gone!
YAY!
Friend thinks it was GMER but isn't sure. SOMTHING worked.
posted by goofyfoot at 9:40 PM on February 4, 2012 [1 favorite]
YAY!
Friend thinks it was GMER but isn't sure. SOMTHING worked.
posted by goofyfoot at 9:40 PM on February 4, 2012 [1 favorite]
« Older Weekend/Day Trip Suggestions from Cambridge, UK? | Acquiring new skills - how can I add more value? Newer »
This thread is closed to new comments.
Download and run GMER. Take note of anything highlighted in red.
Download and run HijackThis (2.0.5 beta). Remove any suspicious BHOs, startup items, or services. Or post here the results of its findings if unsure.
posted by samsara at 4:53 AM on February 2, 2012