Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyhunter4


  • This topic is locked This topic is locked

#1
Vandax

Vandax

    Member

  • Member
  • PipPip
  • 17 posts
I was recently hit again with the Arestocrat virus; fortunately, I was able to remove it before it locked up my computer. I used one of the programs recommended here on this site, called SpyHunter. I ran it, and about 15-30 minutes later, it reported that I had almost 1000 instances of worms, viruses, and other malicious software. In order for SH to fix them, I was directed to a pay-pal site where I was supposed to enter in my financial information. Big red flags here, why would I enter critical information if I have hundreds of bugs in my computer?!?!?!?!? I attempted to uninstall it.. and ended up having to do it a second time, because for some reason, it didn't want to be ripped from my hard drive. Thinking it was long gone, I later attempted to open a program called "Open Office" (similar to MS Office). Out of nowhere, Spyhunter pops up, and denies me access to the program. Not only that, but it wouldn't let me open another (new) webpage to seek help. It locked up my ctrl-alt-delete, and I was forced to hard-boot my PC.

SpyHunter is a malicious program that needs to be removed (and not 'suggested as a fix'). How do I go about uninstalling, and blocking the effects of this program? In that same thought, how do I re-enable the programs that Spyhunter has blocked?
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Vandax, Welcome back to the forums.

I used one of the programs recommended here on this site, called SpyHunter.

Please tell me where SpyHunter was recommended on this site. I have never seen it recommended.

What you are experiencing was likely aided by the infection you had in June of 2013 that never got completely removed. You abandoned the topic before it could be completely removed.

Can you boot into Windows normally?
If not, can you boot into Safe Mode with Networking?
  • 0

#3
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
After looking again, you are correct, spyhunter was recommended on another site, and not this one; my apologies. I'm quite sure the problem was resolved soon after June, as I ended up reformatting the hard drive since then. My computer seems to work fine, for the most part, with the exception that spyhunter seems to be causing havoc with my system. As with the earlier mentioned issue of blocking me from safe programs that I had been using, I've also noticed that now, I cannot use my CD to install programs (that once worked well in the past). As far as abandoning the topic from June, I came back and found that it had been locked up, so I didn't see a point in rattling the cage to say that I was reformatting to remove any problems. I've looked for spyhunter on this computer, but cannot seem to find any files associated with it.

Since the reformat, my task manager doesn't work correctly, but since I don't use it very often, I haven't considered it to be a problem. However, because it doesn't allow me to properly access it, I cannot view the actual tasks and operations that might be running, nor do I have the ability to end them. (attached pic of current task manager). The task manager issue is unrelated to Arestocrat or SpyHunter. I only bring it up to show that I cannot be sure what programs are running in the background.

Attached Thumbnails

  • taskmanager.png

  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Are you booted into Windows normally? If so can you download any programs?
  • 0

#5
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
yes, as far as I can tell, I managed to bypass the Arestocrat attack before it had a chance to do any significant damage. I ran OTL (think it's called) from this site, soon after the SpyHunter (which I thought was another recommended program, until just a few minutes ago). After running OTL, and fixing the issues, I did a reboot. The computer seemed to be operating fine, and has been.. until I tried to use Open Office, and found that spyhunter had blocked it. It is possible that there are actual 'issues' supposing that SpyHunter's analysis was correct, there could be up to 800 or so instances of maligned effects going on in my computer.
  • 0

#6
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, now this is odd.. I can now access "Open Office" fine. I haven't done any troubleshooting (aside from looking for spyhunter files), so I find it odd that now the program works fine, where before it was blocked. This raises a red flag, but then again, it might have just been a 'glitch' of some sort.
  • 0

#7
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Would you post the OTL fixes log? And the original OTL.txt log and Extras.txt log.
  • 0

#8
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, now this is odd.. for some reason, I can't find OTL on my computer. I didn't delete it. I can run it again, and post the requested logs.
  • 0

#9
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here are the two recently run logs

Attached Files


  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs. In the future please don't attach logs unless I ask you to. Just copy and paste them into your posts. It makes them easier to research.
The only remnant of SpyHunter is a driver file that is missing but the system is trying to load it. We will remove that.

SpyHunter is a Rouge Antivirus / AntiSpyware program. Once it gets on the computer it runs and alerts you to all kinds of threats. Then it tells you that the only way to clean them is to pay a fee or buy the program. But they were all false positives and not threats to begin with.
That's why I said that I've never seen it recommended here. I've seen it removed plenty of times, but never recommended.

Other than that driver the OTL scan doesn't show anything. After the OTL fix we will scan all users and get an adware scan.
Once we are sure the system is clean we'll look at the taskmanager issue.


IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.



Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

1. Please copy all of the text in the quote box:

:COMMANDS
[createrestorepoint]

:OTL
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

:FILES
C:\Program Files\Enigma Software Group

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do not follow these directions as they could damage the workings of your system.

1. Please re-open Posted Image on your desktop.
2. Paste the text inside the Posted Image textbox.
3. Click the Posted Image button.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Please ]Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image OTL Scan

Please re-open Posted Image on the desktop.

  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes please post the OTL log.

Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Run AdwCleaner
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do not delete anything at this time.
  • Click the Report button to get the log. Post it in your next reply.
  • Close the program.


Step-4.

Things For Your Next Post:

1. The OTL fixes log
2. The new OTL.txt log
3. The AdwCleaner[R0].txt log
  • 0

Advertisements


#11
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
While I appreciated your condescending attempt to assist me, I am going to ask that you put me in contact with someone who isn't quite so rude. The tone you've taken with me is quite alarming, and it's better that I waited a while before responding. For starters, you asked me to send information. Apparently it wasn't the way you like to see it, and felt that telling me several different times, was the only way I'd understand. Using red angry letters capitalizing "Do Not"... I got it the first time!

In your first response, you accused me of 'abandoning the topic', claiming that my current problems were somehow linked to that. Yet, when I explained that I reformatted soon after, and by the time I got back to the post it was locked up, and pointless at that stage to re-open it.

"What you are experiencing was likely aided by the infection you had in June of 2013 that never got completely removed. You abandoned the topic before it could be completely removed."

This is what you asked me to do:

"Would you post the OTL fixes log? And the original OTL.txt log and Extras.txt log."

No where in that does it say a thing about copy/paste... instead, it asks me to get you the information, which I did.

" In the future please don't attach logs unless I ask you to. Just copy and paste them into your posts. It makes them easier to research."

"A report will open. Copy and Paste that report in your next reply."

"Please copy the contents of this file and paste it into your reply. To do that:
◦On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.

◦Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window."

"Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The new OTL.txt log
3. The AdwCleaner[R0].txt log "

I already acknowledged my mistake (more than once) for associating it with THIS site, apologized for the mistake. Apparently, that wasn't enough and you had to remind me again.. Would you bathing in my children's blood absolve me of this?!? Or can you learn to drop it once both sides come to an agreement?

"That's why I said that I've never seen it recommended here. I've seen it removed plenty of times, but never recommended."

"SpyHunter is a Rouge Antivirus / AntiSpyware program. Once it gets on the computer it runs and alerts you to all kinds of threats. Then it tells you that the only way to clean them is to pay a fee or buy the program. But they were all false positives and not threats to begin with."

Rouge is a color.. Rogue is the word you were looking for. And yes, I'm well aware of negative effects of SpyHunter.. hence, why I was alarmed that anyone had recommended it in the first place. But since I admitted my mistake, apologized, and attempted to move past it; somehow, you seem fixated on wagging your finger about it. If this is the kind of 'help' you prefer to dish out, then maybe you are in the wrong line of work. Please put me in contact with someone that isn't such a rectal oriface.
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
First, let me apologize. Our mission here is to help people. And I take pride in our efforts to do that. We realize that having malware on the computer can be frustrating and at times infuriating and it is not our intention to add to that. But I'm not sure that is what is going on here so please let me address your concerns.

In your first response, you accused me of 'abandoning the topic', claiming that my current problems were somehow linked to that. Yet, when I explained that I reformatted soon after, and by the time I got back to the post it was locked up, and pointless at that stage to re-open it.

I said that your problems were likely a result of the first infection because you entitled the first topic "Arestocrat strikes again" and the first sentence in this new topis was "I was recently hit again with the Arestocrat virus;...".
The person helping you in that first topic was Essexboy. In his signature is this:
"Post that are not replied to after 4 days will be closed, PM me to reactivate"
So I'm sorry, again, but you did abandon that topic.

"Would you post the OTL fixes log? And the original OTL.txt log and Extras.txt log."

No where in that does it say a thing about copy/paste... instead, it asks me to get you the information, which I did.

You are correct. I normally cover that in an opening post. In this case I didn't know what kind of system we were dealing with here or even if it was booting properly so I wanted to get that info. first.
But if you had looked under the "Virus, Spyware, Malware Removal" forum link you would have seen a highlighted link entitled "BEGIN HERE: Malware and Spyware Cleaning Guide".
In that guide there are steps to download OTL, run the scan and how to copy and paste it here. It even has pictures.

The tone you've taken with me is quite alarming, and it's better that I waited a while before responding. For starters, you asked me to send information. Apparently it wasn't the way you like to see it, and felt that telling me several different times, was the only way I'd understand. Using red angry letters capitalizing "Do Not"... I got it the first time!

The instructions I post are used for everyone. Not just you. I have used abbreviated instructions in the past. But a lot of the users would reply saying that they got a screen that I didn't tell them about or telling me that they didn't understand what they were supposed to do. So I adjusted the instructions to be more detailed.
And I used to just use bold text for important notices. But I found that they got overlooked. So I now use red text for important changes.

I already acknowledged my mistake (more than once) for associating it with THIS site, apologized for the mistake. Apparently, that wasn't enough and you had to remind me again.. Would you bathing in my children's blood absolve me of this?!? Or can you learn to drop it once both sides come to an agreement?

I had already dropped it. But I think offering to sacrifice you children's blood indicates a larger problem than some malware on a computer.

Rouge is a color.. Rogue is the word you were looking for. And yes, I'm well aware of negative effects of SpyHunter.. hence, why I was alarmed that anyone had recommended it in the first place. But since I admitted my mistake, apologized, and attempted to move past it; somehow, you seem fixated on wagging your finger about it. If this is the kind of 'help' you prefer to dish out, then maybe you are in the wrong line of work. Please put me in contact with someone that isn't such a rectal oriface.

Yep, I misspelled rogue. You got me. I'm sorry that you think I was wagging my finger. I was just trying to give you some information. Most people appreciate that.
And I don't work here. I volunteer here.

Having said all that I will offer to continue to assist you. And I will adjust any future posts to remove any bold or red text and scale them to the minimum.
But I won't ask any of my colleagues to take over and endure this kind of verbal attack.
If that isn't acceptable I will close this topic. That will leave you a few options:

1. Feel free to start a new topic. I will put a warning on your account linking back to this discussion so every staff member can see who they are dealing with before offering their assistance.

2. Go back to the site that recommended SpyHunter. Or another site.

3. Take the computer to a repair shop and pay them the $100 and up to put up with the verbal abuse.

Please let me know what you want to do.
  • 0

#13
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
"But I won't ask any of my colleagues to take over and endure this kind of verbal attack."

I asked for someone new, because of YOUR tone and attacks. Citing your various attempts of badgering me, when I clearly understood the first time. Even now, instead of backing down, apologizing, or attempting to move ahead, despite your being called on the carpet, you then give me an ultimatum of options... telling me to 'like it or leave it'. Do what you feel you need to do, I came here with an issue and don't feel that I'm being assisted (by you), and would rather resolve this with someone that gets to the root of the problem and not rehash posts from June, or repeatedly telling me "Do Not attach log files unless I ask for it."

You might want to change your footer. "Please post your final results, good or bad. We like to know! " because apparently you only want to hear 'good' things.
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Even now, instead of backing down, apologizing, or attempting to move ahead, despite your being called on the carpet, you then give me an ultimatum of options... telling me to 'like it or leave it'. Do what you feel you need to do,

I did apologize. Several times. And I offered to move ahead. The ball is in your court now. If you wish to continue please complete the fix and scans in post #10 and post the logs I requested. I have revised the instructions to remove any objectionable coloring.(I can't do anything about the blue link color. The board does that automatically).

You might want to change your footer. "Please post your final results, good or bad. We like to know! " because apparently you only want to hear 'good' things.

We want all feedback. You are the second person who was / is unhappy with my assistance. I asked my colleagues to take over on the first one. And they were abused just as badly as I was. That's why I won't do that again.

If you haven't posted a reply in 4 days the topic will be considered abandoned and will be closed.
  • 0

#15
Vandax

Vandax

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
"If you haven't posted a reply in 4 days the topic will be considered abandoned and will be closed."

I told you what I would prefer, and that's to have assistance from someone other than yourself. You claim to be the victim of verbal abuse, and that you've apologized, yet you go right back to wagging the finger, defending you behavior, and chastising me for calling you out for it. I didn't realize this was your personal platform to berate people with computer issues. Be sure to link this to any future posts, I'm sure your colleagues will begin to see the image you project. I'm the second person that is displeased with your treatment and manner of assistance. I simply asked that you step away, because this isn't moving forward. You make too many assumptions. First, you assumed that this was related to the first issue from 7 months ago (duh!). Second, you assumed that I understood you when I attached the files, instead of copy/paste them. Third, you assumed that I needed to be told several times that you only want that if you directly specifically ask for it. Fourth, you assume that you've been 'helpful' and that I've only come to this site to berate you, I came to this site, because of the success I've had in the past, and this time, it is clearly not successful.

I asked for someone else, because I'd rather have instructions for fixing my computer problem. Instead, I've been given long posts of tertiary responses, duplicated instructions, defense of bad behavior.

"First, let me apologize."

This was the one and only time you offered an apology, not several times as you claimed. It was immediately followed up by accusations of abandoning a topic from 7 months ago to 'clarify' your distain. Since it's clear your version of 'assistance' involves accusations, assumptions, and defense of your actions and word choices, you forego in transferring me to someone else. If I were dissatisfied with a particular doctor, I'd ask for another, not go to a new hospital for treatment. The same goes for an auto-mechanic, I'd still frequent the same shop, but request that someone else works on my car.. but here... that's just not in your plan.. so I must endure your attitude problems, or go somewhere else. As I said before, I've had great success in the past with this site, but you've made it clear I must deal with you and you alone.. or else!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP