Tricky spyware application, it's got a pretty hidden source 1

[AmazingKman]

Dealing with a pretty malicious spyware application. Downloaded ZoneAlarm and NOD32, wiped out a majority of the spyware and viruses. I've run SpyBot S&D, SpySweeper and Ad-Aware. SB and SS run through, but apparently miss it. AA locks up and fires to a black screen. The black screen happens outside AA, sometimes when I'm searching for the spyware in the registry. I've tried deleting the keys, exporting the clean registry and getting things rebooted, but it always manages to lock up. Even if I do get a reboot, my saved registry is "reset" just like the one that loads. I'm hoping that a wipe isn't necessary, but it might be the way I need to go. Here are the files if anyone's dealt with them before:

http://www.abetterinternet.youknowhat

(sorry, didn't want someone to accidentally click the link, replace youknowhat with com)
buddy.exe
igotxdg.exe
fzula.exe
7uz14boz.exe
thnall1a.exe
aurareco.exe
ZoneAlarm picked up the company name as Direct Revenue and the IP as 216.148.227.68:53

If anyone can help with this one, that would be super. For information, AVOID ANYTHING WITH THESE PROGRAMS! They are deceptively well protected behind a fake name and will just pop back up on your computer no matter how hard you try to get rid of them. Unless the root file that's creating them is taken out.

So, if anyone knows the one that keeps loading these, that would be great.

Thanks,
Kevin

 

[crobg]

Have you done your scans and clean up work in safe mode? That should stop the program from running in the first place. Also make sure that system restore is turned off. That also allows the program to come back.

Also try Microsoft's Anti-Spyware program as well. It has been successful for many other users on this forum.

 

[pechenegs]

* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.



* Click here for info on how to boot to safe mode if you don't already know
how.


How to boot to safe mode

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



* Now run Ewido:

* Click on scanner
* Put a check by the following before you scan:
o Binder
o Crypter
o Archives
* Click the Start Scan button to start the scan.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop




download and run ccleaner.

http://www.ccleaner.com/

Run ActiveScan online virus scan here

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!

 

[BadBigBen]

Hola, you have gotten good advice sofar, my suggestion is complimentary to theirs...

Download HiJackThis! (

http://www.spywareinfo.com/~merijn/)

run it and save a ScanLog, then copy that Log and Paste it here (

http://www.Hijackthis.de/en)

for an analasys...

Ben

If it works don't fix it! If it doesn't use a sledgehammer...

 

[wvajenm]

You might check a couple of posts down on this forum, there are a couple that deal with aurora/nail.exe which is the better internet deal, and it's a pain to remove, but the instructions on those posts were good.

 

[AmazingKman]

pecheng's directions were right on! Ewido is amazing, although the scan took an hour and 17 minutes, it was WELL WORTH IT! It cleaned 177 pieces of malware that SpyBot, SpySweeper and Ad-Aware couldn't get. Problem solved, thanks to everyone's help!

Thanks,
Kevin