Official Anti-Spyware Thread

[ZhengHe]

X-Cleaner is also an excellent spyware remover and cleaning tool, athough you do need to update it every 30 days or to obtain every advantage of new builds.

]Jv16 Power Tools is registry cleaning and optimization client, which can do much insofar as getting rid of registry entries that spyware leads behind. It Also can do much to get your system running more efficiently so that if you are infected you would know a bit sooner.

[Methious]

I just got done with a PC AVG antivirus/spyware, Geede.exe slipped right past both, and so did xpx? ( ? being a special character ) root kit. I been using Avg AV and Windows Defender so I checked my system32 directory and fortunately I'm clean. If you find Geede.exe or Geede.dll in system32 (and there are a bunch of other lettered names it uses) it's a bad one. Even in safe mode you can't delete the .dll, and after reboot the .exe is back. Edit Geede out of the registry and the machine hangs at "windows is loading" forever. AVG root kit did detect and try to remove it but to many files were infected.

Common names GEEBB.EXE,GEBYV.EXE,DDABY.EXE,SSTTU.EXE,PMKJH.EXE,AWTST.EXE,GEBCA.EXE,DDCYY.EXE,SSTTQ.EXE,DDAYX.EXE,AWVTR.EXE,GEEDE.EXE,MLLMJ.EXE,
MLJJI.EXE,MLLJG.EXE,MLJGF.EXE,AWTSS.EXE,VTURR.EXE,SSQPQ.EXE,SSQRQ.EXE,PMKJI.EXE,PMNNO.EXE,GEBYA.EXE,JKHFF.EXE,DDCCD.EXE,DDAYA.EXE,
VTURS.EXE,MLLMK.EXE,AWTQP.EXE,DDCCY.EXE,SSQPM.EXE.

Summary : Trojan.Downloader-ConHook.Process
Description : Conhook/Vundo-related downloader component

Here's the scary part, he got it from a 3dmark06 he downloaded from some game site. Thought I'd pass the info. By the time I got the machine he had over a hundred infections (he downloaded it yesterday), had to reload his rig.

[skier]

what was the site he got it from?

[ibleet]

The gamer site I use for all my downloads is Gamershell.com...never a problem.

[Methious]

He didn't remember what site he got it from, he had the same version I have but his was 23k larger. I suspect GEEDE and the rootkit came from the benchmark as the antivirus reported it as infected, why it failed to catch and clean it I don't know.

The other infections probably came from all the key generators he had, I'm surprised he didn't come in with an eye patch and a parrot on his shoulder. I could get the AVG to scan and find them, but every time it tried to clean any thing immediate reboot. He needed it done cheap so I gave up quickly and reloaded it. (By quickly I mean an hour) Darn shame seems like losing all that porn was like losing a long time pet to him. Every time I download I right click the file and click scan just to be safe, saved me more than once.

[Softix]

AVG Free is the most popular free solution available at no cost to home users and provides the high level of detection capability that millions of users around the world trust to protect their computer

http://free.grisoft.com/doc/5390/us/frt/0

[skier]

AVG Free is the most popular free solution available at no cost to home users and provides the high level of detection capability that millions of users around the world trust to protect their computer

http://free.grisoft.com/doc/5390/us/frt/0

ummm, you dont happen to work for AVG do ya

[unfaithfulsfan]

We use these on a regular basis to remove spyware, malware, and viruses in general here at the shop:
SuperAntiSpyware www.superantispyware.com/
Dr Web Cureit www.freedrweb.com/cureit/

They both work great and both are free. SuperAntiSpyware is more thorough in safe mode

[Major_A]

Malewarebyes' Anti-Malware
http://www.malwarebytes.org/

[nightblood]

I use Superantispyware and combofix to get rid of spyware infections on my client pcs.

[shamrok3]

Although not a dedicated anti-spyware programme, I use a program called Advanced System Care It also defrags, registry cleans and generally cleans out the junk on your computer, although you will need to run the windows disk clean quite often in order to remove all the built up system restore points, once I gained back a whole 150GB from doing this!!! I was very surprised when, the first time I ran this program it removed something along the scale of 7000 Spyware programs! And this was only about 2 Months after a clean Windows install. Well, it seems to work.

[Pingspike]

I just had a computer repair (infestation) to clean up and the only thing that would fix it was Spyware Terminator. I had never heard of it untill i used it but stone me it worked. The infestation was a combination (yes im not kidding) of virtumonde variants (yes multiple, on the same machine) and a ie hacked .exe and Control Center in the winlogon (fake spyware protection popup).
The machine had (because i put it there last time) AVG free 9 and S&D and windows firewall *cough*.
both were disabled and the firewall had exceptions of course.
MSE could install but not update, making it utterly useless (p.s. who ships an antivirus/spyware app without definitions?!?!? wtf)
AVG could install but not run, buttons disabled. again, useless.
spybot S&D would install but crashed during update or scan.
did i mention IE was replaced ? popup-tastic batman... oh and BHO's up the wazoo.
So the long and short is that Spyware Terminator cleared enough of a path. It also has ClamAV in it.

Needless to say I recommend he delete Limewire and use an alternative browser.

[Major_A]

Most idiots who have infected machines use Limewire. Is that because it is the dumb person's client? Anyone who knows nothing about sypware and viruses should not be allowed to install any P2P software on their machine.

From the sound of it I'm surprised you didn't find Bonzi Buddy .

Another useful app is ClamAV. It's an open source AV that includes spyware definitions.
http://www.clamav.net/download/

[iseeman]

I use avast and it is the best anti-virus and spyware..i have used spy sweeper too and it is also very good but it kinda slow downs ur pc...avg is useless barly detects anything..avast and spy sweeper does this to viruses ---->

[Sventek]

Bored and randomly checking out threads. Figured I could contribute to this thread. Below is a copy of some notes I keep out there for our new techs, these steps have cleaned about 98% of the machines I have run into. As for the other 2%... lets just ponder how unfun multiple rootkits are to clean.

1. Copy all necessary software to desktop or folder easily accessible.
2. If possible, update any malware removal tools (malwarebytes, superantispyware, etc). Some malicious code prevents these from running, if you have one of those, dont worry for now.
3. Unplug machine from network
4. Rename Process Explorer's (http://technet.microsoft.com/en-us/sysi ... s/bb896653) exe to iexplore.exe.
5. Run 'iexplore.exe' from step 5. Kill any obvious malicous processes. Leave this running while continuing, check it periodically and kill the processes if they respawn.
6. Run Hijackthis. Remove anything obvious. After removing it, scan again, knowing if it came back can help later.
7. Run rkill (http://www.bleepingcomputer.com/downloa ... irus/rkill). If you cant run the normal rkill.exe/.com/etc rename it explorer.exe or iexplore.exe (in a different location from the process explorer one).
8. Run malwarebytes / superantispyware / etc. "Quick" scans are usually sufficient initially. Run more then one utility to be safe.
9. Run tdsskiller (http://support.kaspersky.com/viruses/so ... =208280684). Pray it doesnt find anything (god I HATE this rootkit some days). Have it nuke anything it finds. If it finds something, repeat steps 9 and 10 until you are 101% sure nothing is left. Usually it only takes 1-2 loops as long as you followed step 4.
10. Reboot.
11. Repeat from Step 5 just to be sure. As a last resort you can run combofix (http://www.bleepingcomputer.com/downloa ... s/combofix), I only run this as a last resort because it has destroyed IE on me many times. If it does, you get to install IE again!
12. Connect machine to network again.
13. Go deal with other ridiculous user requests for a bit.
14. Scan machine again. Hope you didnt miss anything.

This may not help most, but hopefully it helps someone