Spyware mess help :(

[Iron Patch]

Anyone know how to get rid of this? I've downloaded virus scans and spyware programs but this thing won't let me run them.

 

Amazon Forum Fav 👍

Cry Of The Eagle: History And Legends Of The Cherokee Indians And Their Buried Treasure - Grab it through Amazon!

[Dano Sverige]

Send Smee a PM. I think he knows all about this computer stuff.

 

[Iron Patch]

Send Smee a PM. I think he knows all about this computer stuff.

I think I'll have to get someone in here, because even the smartest person on the web probably won't be able to give me advice I could actually do. I'm just too computer stupid. (I figured that out pretty quick)

 

[jeff of pa]

I'd try to run Spybot,
Then AVG Free

Then spybot again,

Then call me Nephew & say HELP !!!!!!!!!!!

good Luck !

 

[diggummup]

Here try this first. http://www.spyware-techie.com/how-to-remove-spywareiemonster/
I'm no expert but i've removed some stuff off of mine in the past using this site. You can do it manually as shown below or download the removal tool from the link I provided.


Find and remove these files:

Spyware.IEMonster.exe
Spyware.IEMonster.dll
Spyware.IEMonster.lnk

Stop These Processes:

Spyware.IEMonster.exe

Find and Delete These DLL Files:

Spyware.IEMonster.dll

Remove These Registry Values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware.IEMonster

 

[Iron Patch]

I did download several but they are being stopped from running. Anyway, I got a very good guy and he'll be by in the next couple days, and I'm good until then because I have a 2nd computer. It's not worth the hassle for me to try when he can do it easy.

 

[Smee]

Download this file onto a thumbdrive . . . you can do it on another computer if your computer won't let you download anything:

Portable Hijackthis!


Boot into safe mode ---

When you turn your computer on, continually press the "F8" key until you come to a screen that offers you several choices as to where to boot your computer. The first choice at the top is safe mode.


Place the thumbdrive into a USB socket and run the file "HijackThis.exe".

Save the logfile and send it to me in a PM. (Unless you are familiar with what should and should not be in your startup) I'll take a look and send you back a list of what you need to remove, as well as links to any special tools you may need.

Once your computer is back on its feet, you need to have a thumbdrive set aside with some "portable apps" to help with this in the future. Superantispyware Portable is a great little program, which should actually get rid of this bit of spyware. Once you get up and running, get the full version and it will help protect you in the future.

Also, change to the firefox browser. In the addons, add "NoScript". That will also help.

One more thing: Since I do a lot of research for my job, and do have to visit some unscrupulous sites occasionally, I use sandboxie. It's kinda like a "condom" for your computer. If you are running the Firefox browser inside of sandboxie and come across a site that still infects your computer, when you close your browser and throw out the sandbox, the threat goes out like emptying the cat's sandbox.

 

[crazyjarhead]

What I had to do in the past where my Kaspersky wouldn't run and remove a certain virus was to reformat the whole computer. I couldn't get rid of whatever it was. So I deleted everything to and put it back to the original condition when I bought the computer and start over again. Without actually being there It's hard to tell without playing with it and see haow it is responding. Bottom line is that your conputer has been infected with some kind of "hackers game" Don't you just love this world of cyber games Looks like multiple viruses have control of your world

 

[Nathatniel Spogsworthy]

Try getting into your start menu and set a restore point or system restore you just set a date before the crud showed up malware bytes works too. These things are maddening. I would impose the death penalty for a holes that create these things. I got the same thing and thats how I fixed it. Good luck

 

[crazyjarhead]

Try getting into your start menu and set a restore point or system restore you just set a date before the crud showed up malware bytes works too. These things are maddening. I would impose the death penalty for a holes that create these things. I got the same thing and thats how I fixed it. Good luck

Good point I overlooked. This may be a better Idea than what I mentioned. If all else fails, it's still going to cost you to take it to a shop to let the "geek squad" operate on it. My last virus cost me nearly 100 bucks. Your computer does restore points on a regular basis. So hopefully you can go back before this started and start from there. Thanks Nathatniel

 

[Smee]

The "Safe Mode" of windows, which has been around since at least windows 98, will not let most spyware and viruses run . . . thus making it the perfect place to go to remove them.

Sandboxie runs a "virtual computer" inside your operating system, which does not allow any processes started from within to make permanent changes to your system. It works so well that many anti-virus programs (including Avast) now incorporate a sandbox into their software so that you can protect your operating system from such threats.

The latest version of Avast will prompt you any time a file does not have a valid signature and ask if you want to run it "sandboxed". It does the same thing with programs which try to run from the internet.

On the other hand, I have a CD called "I Have The Password" which will run windows XP Pro from a CD. The CD comes loaded with lots of applications to allow the removal of spyware and viruses. Be careful if you find it online though as most that are available now are themselves infected.

 

[SeaninNH]

Download malwarebytes anti-malware and run it in safe mode.

Spybot, AVG, spysweeper are not nearly as good.

Malwarebytes is the best for removing spyware.

You will have to run it in safe mode. Then run it in normal mode once you are able to.

 

[Iron Patch]

Thanks everyone! I'm going to check when my computer guy (brother-in-law) is available, and if he's not for a while I'll give it a shot!

 

[Daedalus]

It might be better if you have a friend come that knows how to do this. I can tell you how but it would take a lot of typing . And you are going to have to disable your System Restore before you clean this off , if you do not it will come back as soon as you reboot.

Look on the antivirus sites also as they have special software tools to take off some like these that are hard and that normal software will not get .

 

[JoeMoto]

Boot into safe mode with networking.

Download Malwarebytes Anti-malware. Allow malwarebytes to update its virus database.

Run a full scan. This should take one to two hours. When the scan is complete be sure that all infected files are checked for removal. If malwarebytes sees it, it shouldn't be on your computer.

Reboot. You will be good to go.

You can do a system restore to before the virus popped up, but I would still run malwarebytes after the restore. I'm betting you have more than just that virus.

I do Virus Removal as a side business. I haven't seen malwarebytes not be able to remove any of the 2010/2011 fake virus programs yet.

 

[chkn]

Dell has a really excellent malware forum, they'll walk you through it. I had two machines they walked me through.

 

[Smee]

Dell has a really excellent malware forum, they'll walk you through it. I had two machines they walked me through.

. . . and Dell should know as they and HP/Compaq were in a competition for a while to see who could put the most spyware on their new units.

I cleaned up more Dell and HP computers than you would believe. Some call the programs "bloat ware" but to be honest, if it calls home all the time and tracks your activity, it's spyware.

Think "Wild Tangent" and "Backweb". Spybot S&D, AdAware, and others always flagged them. One interesting tidbit was that Backweb was always flagged, but you were warned that "backweb" was necessary on HP machines.

And I know that backweb claims to be a legitimate program, but it's the companies who install it and how they misuse it that is the problem.

Interesting post from 2004 before they tried to clean up their image: http://www.lockergnome.com/windows/2004/08/09/backweb-spyware/

 

[Treasure_Hunter]

IP,

I had the exact same thing, it is a rouge security program that runs fake scans......Usually system restore will not fix it because it has already infected the restore points. Each time you reboot it restores System Tool....There are several fixes.

here is one .....Go to this link http://www.2-spyware.com/remove-system-tool.html

You can also try to use Malwarebytes if you already have it on your computer by doing the following

1. Disabled the network.

2. if you dont have Malwarebytes and can't install it from www.malwarebytes.org you can try to do it through a different local adminstrator account, many times that is not infected.. If that doesn't work, download it on a thumb drive and excute it from there.

3. Once it runs you should get something like results below

Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 9

Record theses files then quarantined and deleted the infected files, once that is done go back and look for the files to be sure they are all removed if not then manually deleted any remaining.


Another great tool to use is Hitman PRO, it will remove 99.9% of these types of spyware programs before they invade your harddrive including this one, it will also remove it...Hitman Pro will find nasty programs and trojans that Malwarebytes and AVG miss.....Hitman comes with a free either 10 or 14 day trial period, I don't remember which and is fully functionable during those trial days.

If you are unable to get rid of it without Hitman PRO, or want to use Hitman after the trial period IM me and I will tell you a little secret about it that will help you....

 

[spartacus53]

Just buy a new computer and start all over again. Once that is done just use the computer for Treasurenet only

 

[TheDane]

Try getting into your start menu and set a restore point or system restore you just set a date before the crud showed up malware bytes works too.

I would recommend that method too.
I have removed many malewares like that !