Crazy fake antispyware/antivirus utilities
...and how to remove them? I've seen these crop up on a few computers lately, and I haven't found any way to remove them as yet. Examples include Anti Spyware Master and XP (or System or Win) Antivirus 2008... they're spyware disguised as utilities that remove spyware or viruses, but no actual, legit spyware removal app that I know of manages to remove them. All I can turn up on Google is an antispyware app called Spyware Doctor, which may or may not be legit, but which I'm disinclined to trust because they use shady tactics, such as publishing a bunch of fake articles on different domains about these programs and linking their for-pay software as a "removal tool."
Anyone have any experience with actually getting rid of this crap?
Boot in safe mode, try an alternate data stream tool to find hidden data. HijackThis to exterminate entries,
and always keep Process Explorer around to see the hidden processes. Then look at Norman's free utilities
for malware cleaning:
There are a couple of tools for specific rootkits there, and you might find a few others.
I basically only trust Ad-Aware and Spybot now. Googling will unfortunately lead you to a lot of fake sites also :/
Buy a frickin' Mac.
None of those work actually. I've got a couple other leads: superantispyware, smitfraudfix, and vundo fix. Moot point now, though, as windows has had to be uninstalled for other reasons. Not my computer, btw. Thanks though.
I clean this crap off PCs every week. Here's my general routine:
1. boot in safe mode
2. copy my tools from USB stick: ERUNT, Autoruns, Cleanup!, CCleaner, SuperAntiSpyware, Combofix, Smitfraudfix, SDFix.
3. Install and run ERUNT to backup registry
4. Run Autoruns and manually disable obvious bad stuff in Logon and IE tabs
5. Install and run Cleanup
6. Run Combofix -- usually requires reboot
7 Run CCleaner on Registry
8. Install SuperAntiSpyware, update, and run Quick Scan
That works about 90% of the time.
spyware doctor is listed in pc magazine as "very good", "fair" by readers
Originally Posted by extarbags
Spyware Terminator is pretty good, better than SuperAntiSpyware in my experience. Guildboss's post describes textbook anti-spyware tactics, btw.
Vundo and Smitfraud are the two most common infections I'm seeing these days, so I'll bet cashy money that's what you've got on there.
I've had some seriously good luck with spybot S&D.
Still king of lost
Like GuildBoss I've had to help clean this kind of stuff a lot. My thoughts on it, I don't care how good or well rated a product for security is, it should never install and remove the option to uninstall from someone with admin privileges. Never. Period. Therefore they get the giant finger of DELETE WITH FUCKING PREJUDICE from me when I find them.
Usually a combination of below items works.
A thread on exactly how to clean everything with links to the tools. Although written in 2004, it's updated frequently by the author.:
Summary of what that link covers for XP:
1) Get the tools.
2) Turn off System Restore.
3) Run Windows Disk Cleanup utility.
4) Run CWShredder.
5) Run RogueRemover, update, clean.
6) Run AdAware, update, clean. (I pick either 6 or 7, I find both to be overkill.)
7) Run Spybot S&D, update, clean. (I pick either 6 or 7, I find both to be overkill.)
* Stop here. You're probably clean if it's not virus related. If you think there is the possibility of a virus, continue
8) Run AVG AntiVirus, update, clean. (Preferably do not use the AV product already installed ... since it failed at this point. Instead, remove it and use something different.)
a) Optionally use Trend Micro's HouseCall product for a java based scan, then load an AV program and continue from there.
9) Update the PC via Windows Update.
10) If using a different AV, remove AVG's product and install a fresh and up to date copy of your preferred AV.
EDIT: If the PC in question has a history of getting stuff on it like this, I would recommend using step 7, load the latest Spybot S&D and leaving it installed afterward for the resident active blocking tool that it installs (aka TeaTimer.) The addition of it to most PC's should give adults more information when they get something trying to be malicious. This doesn't help much for kids though.