8 Replies Latest reply on Nov 14, 2009 5:23 AM by BMann

    can't get rid of spyware protect 2009

      I have tried malwarebytes and superantispyware as recommended elsewhere on this site and after the initial run they have not found anything on my computer yet the fake antivirus alerts and pornographic websites keep popping up on my computer. I have tried to locate the processes for this to stop them but I can't locate any of the process files that are listed as those associated with this virus. I never clicked yes to download the fake spyware program but obviously it loaded something on to my computer but I can't seem to locate it to remove it. I am at my wit's end as to what to do next. I would appreciate any advice you could give regarding this.

        • 1. Re: can't get rid of spyware protect 2009

          Hi...

          ... give 'Spyware Doctor' a try.

          If it fails, we have to do it manually.

           

          Raziel

          • 2. Re: can't get rid of spyware protect 2009

            Spyware Doctor is exactly the program that my Cyber attack is attempting to force me to purchase. We shouldn't be held hostage to buying yet another program.  I would think that most of us have already purchased programs that we thought would protect us.

            • 3. Re: can't get rid of spyware protect 2009
              maziz

              Hi

               

              Please download the McAfee Stinger from HERE by clicking on Stinger v10.0.1.624

               

              Once you have downloaded this file, save it to your desktop and double click on it. Before clicking on "Scan Now" , click on "Preferences" and under "Scan these targets" make sure both options are ticked.

               

              Also, under "Heuristic network check for suspicious files" there should be a drop down currently set to disabled. Change this to "Very High" and click OK. Then select "Scan Now".

               

              Hope this helps.

              • 4. Re: can't get rid of spyware protect 2009

                Thank you. That was the final cure.  Super Anti-Spyware helped for a while, but it was Stinger that really fixed the problem.  I had asked a similar question (which apparently affects a lot of people as there were 222 views) and received a response to try the Super Anti-Spyware and Malware (which I already had).  They helped for awhile, but it was YOUR HELP that did the trick.  When I posted the other question about  being attacked by Cyber, I received a response and an e-mail.  I could not have gotten onto the internet without that e-mail.  Is it possible you can e-mail your answers, also?  Anyway, you fixed the problem and I am so thankful. It is absolutely necessary to have those links included in responses.

                • 5. Re: can't get rid of spyware protect 2009

                  I hope you tried Stinger.  It finally fixed my problem.  The link and instructions were posted my Mohammed Aziz.  I don't know enough to direct you there, so I can just give you my advice.  I keep running the scans, Super Anti-Spyware, Malware and Stinger.  Also, McAfee finally kicked in and may have been some help.  We shouldn't be held hostage to buy that Doctor  something program.That's exactly what the Cyber attack was attempting to force me to do.  I am so thankful for this site.  I don't know what I would have done.  I feel your frustration.

                  • 6. Re: can't get rid of spyware protect 2009

                    I have tried Stinger but it keeps coming up with nothing. Could there be another underlying virus that I am missing? I keep removing the same files with the three recommended anti-spyware/malware programs but when I restart my computer all of the spyware protect 2009 files are back.

                    • 7. Re: can't get rid of spyware protect 2009
                      BMann

                      If it keeps coming back there are a few things we can look at:

                       

                      1.  Do you have System Restore running?  If System Restore is enabled then I would recommend disabling it when you clean up the threat.  This will get rid of any restore points so don't have to worry about restore bringing it back for you.  Once you are sure the machine is clean then you can re-enable System Restore.

                       

                      2.  Your hosts file was probably modified by the threat.   If you go to C:\Windows\system32\drivers\etc you file a file called "hosts".  A clean hosts file should look something like:

                       

                      # Copyright (c) 1993-1999 Microsoft Corp.
                      #
                      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
                      #
                      # This file contains the mappings of IP addresses to host names. Each
                      # entry should be kept on an individual line. The IP address should
                      # be placed in the first column followed by the corresponding host name.
                      # The IP address and the host name should be separated by at least one
                      # space.
                      #
                      # Additionally, comments (such as these) may be inserted on individual
                      # lines or following the machine name denoted by a '#' symbol.
                      #
                      # For example:
                      #
                      #      102.54.94.97     rhino.acme.com          # source server
                      #       38.25.63.10     x.acme.com              # x client host

                      127.0.0.1       localhost

                       

                      If there are any entries below the 127.0.0.1 line, delete them and save the hosts file.  You can open and edit the hosts file using notepad.

                       

                      3.  Take a look in your c:\Program Files folder and see if there is a Spyware Protect or similarly named folder.  If so, open up the folder and ensure all the files inside that folder are deleted.  If it's actually running on your system you may not be able to delete unless you are in safe mode.

                       

                      4.  Make sure all the registry keys are gone.  If you run Regedit you can check to see if these keys, or similar, are in the registry and delete them if they are

                       

                      HKEY_CURRENT_USER\Software\Spyware Protect 2009
                      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\uninstall\Spyware Protect 2009
                      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Spyware Protect 2009

                       

                      If you don't know what you are doing in the registry you may want to find a friend who is more experienced that would delete these for you.  Deleting or modifying the wrong items in the registry can cause serious system issues.

                       

                      Hopefully some of the above will help you out.

                      • 8. Re: can't get rid of spyware protect 2009

                        blondonix, it looks like you got an expert reply from Brian Mann.  I am new at this, so just tracking discussions and solutions.  It appears this is a problem for many people as there have been 242 views.  That's just by the people who are fortunate enough to find this site.  I hope you were able to solve your problem because I know how frustrating it can be.  I received an e-mail response to my question.  This was extremely helpful because I couldn't even get on the Internet.  I am so thankful for this site and the experts who take the time to help us  with our problems.  Thank you, McAfee and thank you experts. You have recovered my faith in computers.