Official Anti-Spyware Thread

Anything and everything software related that doesn't fit above can go in here!
ZhengHe
Legit Fanatic
Legit Fanatic
Posts: 100
Joined: Sat Sep 30, 2006 5:51 am

Re: Official Anti-Spyware Thread

Post by ZhengHe »

X-Cleaner is also an excellent spyware remover and cleaning tool, athough you do need to update it every 30 days or to obtain every advantage of new builds.

]Jv16 Power Tools is registry cleaning and optimization client, which can do much insofar as getting rid of registry entries that spyware leads behind. It Also can do much to get your system running more efficiently so that if you are infected you would know a bit sooner.
User avatar
Methious
Legit Extremist
Legit Extremist
Posts: 893
Joined: Thu Oct 18, 2007 9:39 am
Location: Joplin Mo.

Re: Official Anti-Spyware Thread

Post by Methious »

I just got done with a PC AVG antivirus/spyware, Geede.exe slipped right past both, and so did xpx? ( ? being a special character ) root kit. I been using Avg AV and Windows Defender so I checked my system32 directory and fortunately I'm clean. If you find Geede.exe or Geede.dll in system32 (and there are a bunch of other lettered names it uses) it's a bad one. Even in safe mode you can't delete the .dll, and after reboot the .exe is back. Edit Geede out of the registry and the machine hangs at "windows is loading" forever. AVG root kit did detect and try to remove it but to many files were infected.

Common names GEEBB.EXE,GEBYV.EXE,DDABY.EXE,SSTTU.EXE,PMKJH.EXE,AWTST.EXE,GEBCA.EXE,DDCYY.EXE,SSTTQ.EXE,DDAYX.EXE,AWVTR.EXE,GEEDE.EXE,MLLMJ.EXE,
MLJJI.EXE,MLLJG.EXE,MLJGF.EXE,AWTSS.EXE,VTURR.EXE,SSQPQ.EXE,SSQRQ.EXE,PMKJI.EXE,PMNNO.EXE,GEBYA.EXE,JKHFF.EXE,DDCCD.EXE,DDAYA.EXE,
VTURS.EXE,MLLMK.EXE,AWTQP.EXE,DDCCY.EXE,SSQPM.EXE.

Summary : Trojan.Downloader-ConHook.Process
Description : Conhook/Vundo-related downloader component

Here's the scary part, he got it from a 3dmark06 he downloaded from some game site. Thought I'd pass the info. By the time I got the machine he had over a hundred infections (he downloaded it yesterday), had to reload his rig.
Image
User avatar
skier
Moderator
Moderator
Posts: 4450
Joined: Mon Mar 26, 2007 3:29 pm
Location: Maine
Contact:

Re: Official Anti-Spyware Thread

Post by skier »

:shock: what was the site he got it from?
-Austin
Image
Screamin' BCLK: Image
775 System (Overclocking Platform): Q8400/Q8300/E8400/E7400/E7500 - GA-EP45-UD3R v1.1 - 4GB (2x2) OCZ Reaper HPC DDR2 1066 CL5 2.1v Corsair TX-750w
Gamer: Asrock Z77 Extreme4, i7 3770K @4.6GHz, ThermalTake Armor A90 modded, 2x4GB GSKILL RipjawsX DDR3 2133 CL9, Corsair HX-750w, MSI GTX660 Twin Frozr
Server2012: Q9300 - 8GB DDR2 - Asus P5QL Pro - Corsair CX430 - Mirrored 2TB Seagate's with 2TB WD cav for fileshare backups, 1TB WD for OS backups
User avatar
ibleet
Legit Extremist
Legit Extremist
Posts: 1529
Joined: Thu Mar 08, 2007 5:40 pm

Re: Official Anti-Spyware Thread

Post by ibleet »

The gamer site I use for all my downloads is Gamershell.com...never a problem.
User avatar
Methious
Legit Extremist
Legit Extremist
Posts: 893
Joined: Thu Oct 18, 2007 9:39 am
Location: Joplin Mo.

Re: Official Anti-Spyware Thread

Post by Methious »

He didn't remember what site he got it from, he had the same version I have but his was 23k larger. I suspect GEEDE and the rootkit came from the benchmark as the antivirus reported it as infected, why it failed to catch and clean it I don't know.

The other infections probably came from all the key generators he had, I'm surprised he didn't come in with an eye patch and a parrot on his shoulder. I could get the AVG to scan and find them, but every time it tried to clean any thing immediate reboot. He needed it done cheap so I gave up quickly and reloaded it. (By quickly I mean an hour) Darn shame seems like losing all that porn was like losing a long time pet to him. Every time I download I right click the file and click scan just to be safe, saved me more than once.
Image
Softix
Legit User
Legit User
Posts: 5
Joined: Fri Jan 11, 2008 4:20 am

Re: Official Anti-Spyware Thread

Post by Softix »

AVG Free is the most popular free solution available at no cost to home users and provides the high level of detection capability that millions of users around the world trust to protect their computer

http://free.grisoft.com/doc/5390/us/frt/0
Sig removed by the LR Staff
User avatar
skier
Moderator
Moderator
Posts: 4450
Joined: Mon Mar 26, 2007 3:29 pm
Location: Maine
Contact:

Re: Official Anti-Spyware Thread

Post by skier »

Softix wrote:AVG Free is the most popular free solution available at no cost to home users and provides the high level of detection capability that millions of users around the world trust to protect their computer

http://free.grisoft.com/doc/5390/us/frt/0

ummm, you dont happen to work for AVG do ya :|
-Austin
Image
Screamin' BCLK: Image
775 System (Overclocking Platform): Q8400/Q8300/E8400/E7400/E7500 - GA-EP45-UD3R v1.1 - 4GB (2x2) OCZ Reaper HPC DDR2 1066 CL5 2.1v Corsair TX-750w
Gamer: Asrock Z77 Extreme4, i7 3770K @4.6GHz, ThermalTake Armor A90 modded, 2x4GB GSKILL RipjawsX DDR3 2133 CL9, Corsair HX-750w, MSI GTX660 Twin Frozr
Server2012: Q9300 - 8GB DDR2 - Asus P5QL Pro - Corsair CX430 - Mirrored 2TB Seagate's with 2TB WD cav for fileshare backups, 1TB WD for OS backups
User avatar
unfaithfulsfan
Legit Extremist
Legit Extremist
Posts: 761
Joined: Fri Mar 28, 2008 6:52 pm
Location: Buffalo NY

Re: Official Anti-Spyware Thread

Post by unfaithfulsfan »

We use these on a regular basis to remove spyware, malware, and viruses in general here at the shop:
SuperAntiSpyware www.superantispyware.com/
Dr Web Cureit www.freedrweb.com/cureit/

They both work great and both are free. SuperAntiSpyware is more thorough in safe mode
"A payphone was ringing and it just about blew my mind,
when I picked it up & said 'Hello' this foot came through the line"
~Bob Dylan
User avatar
Major_A
Legit Extremist
Legit Extremist
Posts: 3793
Joined: Tue May 15, 2007 2:11 pm
Location: Houston, TX

Re: Official Anti-Spyware Thread

Post by Major_A »

Malewarebyes' Anti-Malware
http://www.malwarebytes.org/
nightblood
Legit Fanatic
Legit Fanatic
Posts: 124
Joined: Thu Jun 30, 2005 3:33 pm

Re: Official Anti-Spyware Thread

Post by nightblood »

I use Superantispyware and combofix to get rid of spyware infections on my client pcs.
User avatar
shamrok3
Legit Extremist
Legit Extremist
Posts: 269
Joined: Mon Dec 21, 2009 7:53 pm
Location: Australia
Contact:

Re: Official Anti-Spyware Thread

Post by shamrok3 »

Although not a dedicated anti-spyware programme, I use a program called Advanced System Care It also defrags, registry cleans and generally cleans out the junk on your computer, although you will need to run the windows disk clean quite often in order to remove all the built up system restore points, once I gained back a whole 150GB from doing this!!! I was very surprised when, the first time I ran this program it removed something along the scale of 7000 Spyware programs! And this was only about 2 Months after a clean Windows install. Well, it seems to work.
Multiple Exclamation marks - The first sign of an unsound mind.

Rig: Intel 3930K, Noctua U12P-SE2 , ASUS P9X79, 16GB RAM, 60GB OCZ Vertex 3, 2x3TB Seagate (RAID 0), 1TB Samsung F3, EVGA GTX760, CM 650 Watt PSU
NZXT HU002 Case, LG Blu-Ray Writer/Combo
21.5" BenQ E2200HD @ 1920x1080, Razer Lachesis/Lycosa/Sennheiser HD558, Windows 8.1 Pro 64 Bit
Pingspike
Legit User
Legit User
Posts: 15
Joined: Wed Dec 09, 2009 1:14 pm
Location: Maine, USA.
Contact:

Re: Official Anti-Spyware Thread

Post by Pingspike »

I just had a computer repair (infestation) to clean up and the only thing that would fix it was Spyware Terminator. I had never heard of it untill i used it but stone me it worked. The infestation was a combination (yes im not kidding) of virtumonde variants (yes multiple, on the same machine) and a ie hacked .exe and Control Center in the winlogon (fake spyware protection popup).
The machine had (because i put it there last time) AVG free 9 and S&D and windows firewall *cough*.
both were disabled and the firewall had exceptions of course.
MSE could install but not update, making it utterly useless (p.s. who ships an antivirus/spyware app without definitions?!?!? wtf)
AVG could install but not run, buttons disabled. again, useless.
spybot S&D would install but crashed during update or scan.
did i mention IE was replaced ? popup-tastic batman... oh and BHO's up the wazoo.
So the long and short is that Spyware Terminator cleared enough of a path. It also has ClamAV in it.

Needless to say I recommend he delete Limewire and use an alternative browser.
My Box: AMD X2 4200/2GB/nF4/1TB-ish/24"TFT/HD3870/Win7-64
My Lappy: AMD Athlon TF-20/2GB/136GB/15"TFT/HD3200/Win7-64
Wifes Box: AMD Athlon/2GB/dunno/500GB/19"TFT/HD3870/WinXP
Wifes Lappy: AMD Turion X2/1GB/errr yeah/120GB/15"TFT/lol?/WinVistaeeeuuugh*barf*
Server: some P4 2.4ghz Dell box running Ubuntu server.</end_geek_code>
User avatar
Major_A
Legit Extremist
Legit Extremist
Posts: 3793
Joined: Tue May 15, 2007 2:11 pm
Location: Houston, TX

Re: Official Anti-Spyware Thread

Post by Major_A »

Most idiots who have infected machines use Limewire. Is that because it is the dumb person's client? Anyone who knows nothing about sypware and viruses should not be allowed to install any P2P software on their machine.

From the sound of it I'm surprised you didn't find Bonzi Buddy :P .

Another useful app is ClamAV. It's an open source AV that includes spyware definitions.
http://www.clamav.net/download/
iseeman
Legit Aficionado
Legit Aficionado
Posts: 59
Joined: Fri Sep 25, 2009 12:29 pm

Re: Official Anti-Spyware Thread

Post by iseeman »

I use avast and it is the best anti-virus and spyware..i have used spy sweeper too and it is also very good but it kinda slow downs ur pc...avg is useless barly detects anything..avast and spy sweeper does this to viruses ----> :axe:
Sventek
Legit Little One
Legit Little One
Posts: 2
Joined: Thu Apr 28, 2011 4:00 pm

Re: Official Anti-Spyware Thread

Post by Sventek »

Bored and randomly checking out threads. Figured I could contribute to this thread. Below is a copy of some notes I keep out there for our new techs, these steps have cleaned about 98% of the machines I have run into. As for the other 2%... lets just ponder how unfun multiple rootkits are to clean.

1. Copy all necessary software to desktop or folder easily accessible.
2. If possible, update any malware removal tools (malwarebytes, superantispyware, etc). Some malicious code prevents these from running, if you have one of those, dont worry for now.
3. Unplug machine from network
4. Rename Process Explorer's (http://technet.microsoft.com/en-us/sysi ... s/bb896653) exe to iexplore.exe.
5. Run 'iexplore.exe' from step 5. Kill any obvious malicous processes. Leave this running while continuing, check it periodically and kill the processes if they respawn.
6. Run Hijackthis. Remove anything obvious. After removing it, scan again, knowing if it came back can help later.
7. Run rkill (http://www.bleepingcomputer.com/downloa ... irus/rkill). If you cant run the normal rkill.exe/.com/etc rename it explorer.exe or iexplore.exe (in a different location from the process explorer one).
8. Run malwarebytes / superantispyware / etc. "Quick" scans are usually sufficient initially. Run more then one utility to be safe.
9. Run tdsskiller (http://support.kaspersky.com/viruses/so ... =208280684). Pray it doesnt find anything (god I HATE this rootkit some days). Have it nuke anything it finds. If it finds something, repeat steps 9 and 10 until you are 101% sure nothing is left. Usually it only takes 1-2 loops as long as you followed step 4.
10. Reboot.
11. Repeat from Step 5 just to be sure. As a last resort you can run combofix (http://www.bleepingcomputer.com/downloa ... s/combofix), I only run this as a last resort because it has destroyed IE on me many times. If it does, you get to install IE again!
12. Connect machine to network again.
13. Go deal with other ridiculous user requests for a bit.
14. Scan machine again. Hope you didnt miss anything.

This may not help most, but hopefully it helps someone
User avatar
sbohdan
Legit Extremist
Legit Extremist
Posts: 1306
Joined: Sun Jul 17, 2005 9:33 am
Location: Canada
Contact:

Re: Official Anti-Spyware Thread

Post by sbohdan »

I use:

the free 3 in 1 free zonealarm antivirus-antimalware-firewall: http://download.zonealarm.com/bin/free/ ... 52_000.exe

I also use Spybot S&D: http://spybot-search-destroy.en.softonic.com/download#

Spyware blaster: https://www.brightfort.com/sbdownload_free.html To passively block harmful sites.

Malwarebytes: http://downloads.malwarebytes.org/file/mbam/

All these kind of komplement each-other and work very well for me. No problems ever.
Main rig: NZXT Phantom modded case with Danger Den WC, Gigabyte B550 Aorus Elite, Ryzen 5800X @ stock, 32GB Patriot Viper DDR4 3200Mhz 16-18-18-36-1T, AMD RX 5700XT + AlphaCool WC, ACER Nitro XV2 27", SP 1TB nvme PCiE GEN3, Samsung 2TB; Cooler Master MW Gold 650W, Win10 Pro 64
my complete GFX tuneup & cooling mod: http://forums.legitreviews.com/viewtopi ... highlight=
User avatar
viv_smith
Legit User
Legit User
Posts: 14
Joined: Thu Jan 30, 2014 10:34 am
Contact:

Re: Official Anti-Spyware Thread

Post by viv_smith »

I use Spybot and Ad-aware Free antivirus. They work just fine one with each other for almost an year.
Computers follow your orders, not your intentions.
Upcoming iOS/Android games for 2015.
Post Reply