spyware/adware

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Help, I have 'isearch' spyware on my XP home system, I've downloaded
'Adaware' and 'Spybot'. They removed the toolbar and desktop icons but
'isearch' seems to have morphed and now appears floating behind the task bar
at the bottom of the screen. pop ups are worse than ever even with 'Yahoo'
popup blocker activated. I also have on my Add/remove programs a program with
no file size called 'adware & spyware', when I try and remove it I get
directed to a web site for 'nospyx'. I don't want to install SP2 until I'm
rid of this stuff. I'm still learning but I'm not daft, any help would be
greatly appreciated.
cheers Chris.
6 answers Last reply
More about spyware adware
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    ChrisN wrote:

    > Help, I have 'isearch' spyware on my XP home system, I've downloaded
    > 'Adaware' and 'Spybot'. They removed the toolbar and desktop icons but
    > 'isearch' seems to have morphed and now appears floating behind the
    > task bar at the bottom of the screen. pop ups are worse than ever even
    > with 'Yahoo' popup blocker activated. I also have on my Add/remove
    > programs a program with no file size called 'adware & spyware', when I
    > try and remove it I get directed to a web site for 'nospyx'. I don't
    > want to install SP2 until I'm rid of this stuff. I'm still learning
    > but I'm not daft, any help would be greatly appreciated.
    > cheers Chris.

    You are very wise not to install SP2 until you get your computer clean
    up. Ad-aware and Spybot are great, but you need to make sure they are
    updated and that you do all scans with malware removal tools in Safe
    Mode. You should run through the removal steps I will give you below.
    In addition, I Googled for "remove isearch" and came up with this
    promising link to instructions for manual removal from Computer
    Associates:

    http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453082740

    General malware removal:

    1) Scan in Safe Mode with current version (not earlier than 2003)
    antivirus using updated definitions.

    2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
    programs are free, so use them both since they complement each other.
    There is a new version of CWShredder from Intermute. I would not
    install the other Intermute programs, however. Alternately, there are
    CoolWebSearch malware removal steps at SilentRunners.

    Be sure to update these programs before running, and it is a good idea
    to do virus/spyware scans in Safe Mode. Make sure you are able to see
    all hidden files and extensions (View tab in Folder Options).

    HijackThis is an excellent tool to discover and disable hijackers, but
    it requires expert skill. See below for HijackThis links. A combination
    of HijackThis and About:Buster works well in removing the About:Blank
    homepage hijacker. Again, this is an expert tool and novices should get
    help with it.

    3) If you are running Windows ME or XP, you should disable/enable System
    Restore because malware will be in the Restore Points. With ME, you
    must disable System Restore completely. With XP, you can delete all but
    the most recent (presumably clean) System Restore point from the More
    Options section of Disk Cleanup (Run>cleanmgr).

    4) Make sure you've visited Windows Update and applied all security
    patches. Do not install driver updates from Windows Update.

    5) Run a firewall.

    Links to help with malware:

    Software/Methods:
    http://www.safer-networking.org - Spybot Search & Destroy
    http://www.lavasoftusa.com - Ad-aware
    http://www.majorgeeks.com - good download site
    http://www.intermute.com/spysubtract/cwshredder_download.html
    http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

    HijackThis:
    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    Eshelman
    http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    forum
    http://www.wilderssecurity.com/
    http://forums.tomcoyote.org/
    http://www.spywareinfo.com/forums/

    General:
    http://forum.aumha.org/ - look under "Security" for various forums
    http://rgharper.mvps.org/cleanit.htm
    http://mvps.org/winhelp2002/unwanted.htm
    http://www.aumha.org/a/parasite.htm - The Parasite Fight
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Malke
    --
    MS MVP - Windows Shell/User
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    My homepage has been hijacked by Home Search and the program hijackthis was
    unable to resolve my problem even in safe mode. Then in my add/remove
    programs 2 programs Home Search Assistent & Shopping Wizard have been
    installed and every time I try to uninstall them it takes me to their website
    to uninstall them but it doesn't. Can anyone please help me I would greatly
    appreciate your help.

    Thank You
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download SYSCLEAN.COM and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt333.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    2) Update Adaware with the latest definitions.
    3) If you are using WinME or WinXP, disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) If you are using WinME or WinXP, create a new Restore point

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html


    "specter623" <specter623@discussions.microsoft.com> wrote in message
    news:C9092DB8-2D40-4111-BDD2-207F188F9FC6@microsoft.com...
    | My homepage has been hijacked by Home Search and the program hijackthis was
    | unable to resolve my problem even in safe mode. Then in my add/remove
    | programs 2 programs Home Search Assistent & Shopping Wizard have been
    | installed and every time I try to uninstall them it takes me to their website
    | to uninstall them but it doesn't. Can anyone please help me I would greatly
    | appreciate your help.
    |
    | Thank You
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I've downloaded trend sysclean package and I've downloaded the latest
    patterns and put them in the same folder.But everytime I try to run sysclean
    it says Pattern file "LPT$VPN.*" is missing, Please download a copy. Is that
    something I should worry about or did I do something incorrectly?
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    specter623 wrote:

    > I've downloaded trend sysclean package and I've downloaded the latest
    > patterns and put them in the same folder.But everytime I try to run
    > sysclean it says Pattern file "LPT$VPN.*" is missing, Please download
    > a copy. Is that something I should worry about or did I do something
    > incorrectly?

    Did you unzip the pattern file? You need to.

    Malke
    --
    MS MVP - Windows Shell/User
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    That error message indicates that you failed to extract the Pattern File from the pattern
    File distribution ZIP file and place the Pattern File in the SAME directory as you placed
    SYSCLEAN.COM.

    --
    Dave


    "specter623" <specter623@discussions.microsoft.com> wrote in message
    news:81DC5090-99AE-4B9A-8F36-169E17CEBBE1@microsoft.com...
    | I've downloaded trend sysclean package and I've downloaded the latest
    | patterns and put them in the same folder.But everytime I try to run sysclean
    | it says Pattern file "LPT$VPN.*" is missing, Please download a copy. Is that
    | something I should worry about or did I do something incorrectly?
Ask a new question

Read More

Spyware Windows XP