Spyware removal help needed

[cwyman]

I have a customer that appears to be deeply infected with lord knows what. I know that they are spyware and not actual viruses because they have black ice, and AVSW (I think it's NAV).

Can I post my hijack this among others? I know that the user is getting an error on something called Umonitor which is definitely spyware.

We have adaware and I believe we also have spysweeper installed (free versions of both I believe).

She's also getting this popup on her computer:

> Security Alter: Spy Software may be installed in your Computer

Current Spyware Threats

Location:
C:\Windows\Systems\32Spybotter
C:\Windows\Systems\Documents/Trojan.Mitglieder.l
C:\My Documents and Settings\AllUsers\Blaster.T.Worm
C:\My Documents and Settings\Desktop\SoftwareKiller.dll
C:\My Documents and Settings\SharedDocuments\W32.Netsky
C:\My Documents and Settings\Backdoor.Medias
C:\Documents and Settings\Desktop\Worm.ExploreZip
C:\Documents and settings\Desktop\Sextracked

Unable to Remove Items

[ OK Button ]

>System Status: Urgent Attention
Click the OK button to Remove Items

I have a highjack log and Find-it log if you need me to post it.

Let me know as soon as possible please.

Thank you.

Carrie

 

[tonycard]

Have you turned off system restore and then run a virus scan in safe mode. I have used NOD32 (NAV) and it wasn't that good. Try Avast its also free.

 

[carrr]

You can post your Hijack This! log in forum760 for input

Tired of waiting for an answer? Try asking better questions. See: faq222-2244

 

[jimp56]

Hi-
You'd be better off posting this same information on the adware/spyware forum here:

http://www.tek-tips.com/threadminder.cfm?pid=760

Also, netsky and blaster are common high threat worms/viruses - so blackice and the A/V didnt do their jobs. it requires patches from windows update to protect the system from these after removal.

But for starters:
download a winsock fix program in case removing the spyware "breaks" the PC's internet connection:

http://www.spychecker.com/program/winsockxpfix.html

turn off system restore and empty the recycle bin. go to internet options in control panel and choose to delete temp internet files. then....

1) go to control panel- add/remove programs. remove any programs that look suspicious - i.e. cool search, web rebates, smileys, "wind updates" etc. then reboot.

2) go to

http://housecall.trendmicro.com

and run the free virus scan. allow it to download the plugin necessary for scanning. this will remove some of the worms and trojans. reboot again.

3) download the LATEST versions of ad-aware and spybot, and update them to the latest dat files within the software. run spybot's "immunize" feature. run full system scans with both software, removing anything they find.

4)run hijack this and post the log here or in the adware forum. remove the items whomever replies suggests. reboot again.

re-run full scans from trend, ad-aware, and spybot again.

you should be fairly clean after all of this - so I would then go to windows update and patch the system fully. run full scans one last time.

if housecall doesnt remove netsky and blaster, go to NAI.com (mcafee) and download and run their STINGER.EXE removal tool.

Then consider getting a different antivirus software (I prefer trend micro's, but that is your call).

if these scanners continue to fail removing the items, run as many of them as possible within safe mode. if it fails after that, then it will require in-depth manual removal, which is best done by a good tech that can research the particular threats and knows the procedures.