[MasterJ]

You said you tried using Spysweeper but it wanted you to pay to fix it? It doesn't show up in your HJT log so let's check something.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

[Advertisements]

Hi there, SpySweeper didn't show up because I uninstalled it already. Same with Ad-Aware Away. In trial mode both just scan for items, tell you what you have then ask for payment. It does me little good to know what I have if I can't get rid of it. So I uninstalled them both. They are both good programs, just can't afford to purchase right now.

[seamusoldfield]

Hi there, SpySweeper didn't show up because I uninstalled it already. Same with Ad-Aware Away. In trial mode both just scan for items, tell you what you have then ask for payment. It does me little good to know what I have if I can't get rid of it. So I uninstalled them both. They are both good programs, just can't afford to purchase right now.

[MasterJ]

I would still like to see the uninstall list.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download ewido security suite it is a free version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Open Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot into normal mode.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report, along with the Ewido report and a new HijackThis log.

MasterJ

Edited by MasterJ, 11 March 2006 - 09:18 PM.

[seamusoldfield]

Hi Master J,

I already tried both the Ewido suite and Panda's scan. Honestly, I think I'm going to throw in the towel for now. I've lived with this thing for a couple of years now and I guess I can live with it for awhile longer. I want you to know that I totally appreciate all the help you've given me and all the hard work and research you put into all this. Once I'm back on my feet financially, I'll purchase Ad-Aware Away and just let it do it for me. I'm also definitely goingto make a contribution to you guys at Geeks to Go. You guys rock. Thanks again --Kevin

[MasterJ]

I wish I'd checked this earlier. Do you mean Adware Away? Let me consult with staff to make sure that that's a legit program before you buy it.

[seamusoldfield]

It found the problem straight away and was the first and only program to identify the trojan and its path. No other malware program has done that. If only it weren't $30. Of course finding is one thing, who knows if it will actually get rid of it. This thing has been a real pill.

[MasterJ]

Have a read here.

I also just got a report from a fellow staff member. He tested it and reported that it found several false positives.

I just tested it and it found 3 false positives on my main computer and it found several false positives on my virtual machine. It did find some baddies but missed a bunch too. Its website claims some good stuff I am not convinced it can do what it says.

I'll let you make the decision, but I wouldn't recommend buying it.

You said that Spysweeper also detected it, but wouldn't fix without purchase. If it were my choice between the two, I'd go with Spysweeper, but as I said before, it's your choice.

MasterJ

[seamusoldfield]

Well, once again, you rock. Thanks for the great advice. When I do go for the purchase, I'll do SpySweeper. And after I do that, I'll stop off here and put a few bucks into you guys' account. Keep up the always excellent work. --Kevin

[MasterJ]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.