Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > SPYWARE

Reply
Thread Tools

SPYWARE

 
 
alan
Guest
Posts: n/a
 
      05-20-2007
Cananybody help me please, i have tried various programs (HIJACK
THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
Spybot led me to HKEY_USERS
\S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
\aldd. i have deleted aldd but it keeps coming back,i have
deleted it in safe mode and it still comes back any help please.

 
Reply With Quote
 
 
 
 
thanatoid
Guest
Posts: n/a
 
      05-20-2007
alan <(E-Mail Removed)> wrote in
news:(E-Mail Removed) oups.com:

> Cananybody help me please, i have tried various programs
> (HIJACK THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of
> this spyware. Spybot led me to HKEY_USERS
> \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICR
> OSOFT \aldd. i have deleted aldd but it keeps
> coming back,i have deleted it in safe mode and it still
> comes back any help please.
>
>


Googling for "key aldd" brought this up, among others:

http://forums.spybot.info/showthread...8e6f33cfa1e0fd
52a83be8db3&t=13577

Of course, you could have done the search yourself.

--
Disagreements and the usual insults expected and welcomed.
 
Reply With Quote
 
 
 
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      05-20-2007
alan <(E-Mail Removed)> wrote:

>Cananybody help me please, i have tried various programs (HIJACK
>THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
>Spybot led me to HKEY_USERS
>\S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
>\aldd. i have deleted aldd but it keeps coming back,i have
>deleted it in safe mode and it still comes back any help please.


Run Autoruns and disable the parent -
http://www.microsoft.com/technet/sys.../Autoruns.mspx
usually sits in your temp dir, reboot

Then delete the reg key, reboot

Start | Run <type in>
%TEMP%
<enter>

Run AVG spyware, it's really very good at what it does.
http://free.grisoft.com/doc/20/lng/us/tpl/v5
--

40 yrs ago...
http://youtube.com/watch?v=gZez_k4vAzU
 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      05-20-2007
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>disable the parent


To add you can also find the parent with Process Explorer
http://www.sysinternals.com/Utilitie...sExplorer.html

Double click on the odd Process and read it's image it will show you
the path to the parent program.


--

40 yrs ago...
http://youtube.com/watch?v=gZez_k4vAzU
 
Reply With Quote
 
Postilion
Guest
Posts: n/a
 
      05-20-2007
On May 19, 4:14 pm, alan <(E-Mail Removed)> wrote:
> Cananybody help me please, i have tried various programs (HIJACK
> THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
> Spybot led me to HKEY_USERS
> \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
> \aldd. i have deleted aldd but it keeps coming back,i have
> deleted it in safe mode and it still comes back any help please.


I do not want to discourage you but I would seriously consider backing
up all the important data and blowing out the system and re-installing
everything. I do IT work for a living and I have helped several people
with these type of issues and I have spent hours trying to clean
systems only to find out later that the problem is back and I failed.
The reason it gets so bad is this spyware hides on the system. In the
registry under the RUN and RUN Once keys and in vital system folders
such as Windows and System32. They load into memory and if you have a
constant internet connection such as DSL or Cable they immediately go
back out to the internet and reinstall themselves. That is why they
design them to load into memory immediately from boot up so they
cannot get deleted until they can re-establish a presence back on the
hard drive.Anyway, if you do not want to redo the system you should
use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
free versions but of course the pay versions are a little better. Also
the only way to at least control a bad infection of spyware is to use
a firewall program like ZoneAlarm which has a free version. After you
run multiple scans and clean up everything they find then make sure
you have ZoneAlarm or something like it installed and it will prompt
you when something on your system is going out to the internet without
your knowledge. Which is how they spyware programs reinstall
themselves. Then you can not allow those connection and essentially
trap the spyware (like a quarantine) on your system. Remember, I still
think the best long term solution is to redo the system and then keep
an updated version of NAV, Spyware and firewall software on a new and
clean system. That will keep this happening again. Good Luck!

 
Reply With Quote
 
Bullseye
Guest
Posts: n/a
 
      05-20-2007
On 19 May 2007 22:37:08 -0700, Postilion wrote:

> On May 19, 4:14 pm, alan <(E-Mail Removed)> wrote:
>> Cananybody help me please, i have tried various programs (HIJACK
>> THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
>> Spybot led me to HKEY_USERS
>> \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
>> \aldd. i have deleted aldd but it keeps coming back,i have
>> deleted it in safe mode and it still comes back any help please.

>
> I do not want to discourage you but I would seriously consider backing
> up all the important data and blowing out the system and re-installing
> everything. I do IT work for a living and I have helped several people
> with these type of issues and I have spent hours trying to clean
> systems only to find out later that the problem is back and I failed.
> The reason it gets so bad is this spyware hides on the system. In the
> registry under the RUN and RUN Once keys and in vital system folders
> such as Windows and System32. They load into memory and if you have a
> constant internet connection such as DSL or Cable they immediately go
> back out to the internet and reinstall themselves. That is why they
> design them to load into memory immediately from boot up so they
> cannot get deleted until they can re-establish a presence back on the
> hard drive.Anyway, if you do not want to redo the system you should
> use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
> free versions but of course the pay versions are a little better. Also
> the only way to at least control a bad infection of spyware is to use
> a firewall program like ZoneAlarm which has a free version. After you
> run multiple scans and clean up everything they find then make sure
> you have ZoneAlarm or something like it installed and it will prompt
> you when something on your system is going out to the internet without
> your knowledge. Which is how they spyware programs reinstall
> themselves. Then you can not allow those connection and essentially
> trap the spyware (like a quarantine) on your system. Remember, I still
> think the best long term solution is to redo the system and then keep
> an updated version of NAV, Spyware and firewall software on a new and
> clean system. That will keep this happening again. Good Luck!


Before reformatting I would try a couple of things first. If it is indeed
something that is loading into memory, then I would download and install
BoClean, as it pounces it specializes on malware that loads itself into
memory. If you can determine which exe is loading into memory, you can use
Winpatrol or Sysinternals Autoruns to disable it from the startup items
(this doesn't always work, but worth a shot). Also, while the suggestion
above is commendable, MS Antispyware, Spybot & Adaware are not really
adequate to do the job. Microsoft's security software is not rated very
highly, and Spyboy & Adaware are close to obsolete if not totally useless
against the new variants of malware. I clean peoples' computers on a
constant basis, and while some of the tools I use are somewhat advanced,
the three that seem to do the best job are Superantispyware, AVG
Antispyware (with Ewido engine) and Kaspersky antivirus. You can do an
online scan with Kaspersky and have it clean what it finds, or you can
download a trial version of Kaspersky which is good for 30 days. Then also
do acans with AVG and SAS and let them clean. Along with using BoClean,
those three will get rid of most anything. There are some other programs
that are useful, such as 'Unlocker' and 'Rootkit Unhooker' that can also be
used to disable malware so it can be removed, but I would hesitate to
recommend those unless you really know what you are doing. In addition,
get rid of Norton and put something like Kaspersky or NOD32 on your system.
I would say that 90% of the infected computers I deal with are running
Norton AV, which shows how well it protects your system. Also, Zone Alarm
firewall is a decent choice unless you want a little more control over your
applications, which ports they can access, etc. Sumbelt (Kerio) also has a
free version which also provides packet filtering and much tighter control.
There are some other tools I could recommend, depending on the user's skill
level. If all else fails then do as instructed in the above post and start
from scratch. So far, with the tools I've used, I've never had to go that
route with anyone's computer.
 
Reply With Quote
 
alan
Guest
Posts: n/a
 
      05-20-2007
On May 20, 3:37 pm, Postilion <(E-Mail Removed)> wrote:
> On May 19, 4:14 pm, alan <(E-Mail Removed)> wrote:
>
> > Cananybody help me please, i have tried various programs (HIJACK
> > THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
> > Spybot led me to HKEY_USERS
> > \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
> > \aldd. i have deleted aldd but it keeps coming back,i have
> > deleted it in safe mode and it still comes back any help please.

>
> I do not want to discourage you but I would seriously consider backing
> up all the important data and blowing out the system and re-installing
> everything. I do IT work for a living and I have helped several people
> with these type of issues and I have spent hours trying to clean
> systems only to find out later that the problem is back and I failed.
> The reason it gets so bad is this spyware hides on the system. In the
> registry under the RUN and RUN Once keys and in vital system folders
> such as Windows and System32. They load into memory and if you have a
> constant internet connection such as DSL or Cable they immediately go
> back out to the internet and reinstall themselves. That is why they
> design them to load into memory immediately from boot up so they
> cannot get deleted until they can re-establish a presence back on the
> hard drive.Anyway, if you do not want to redo the system you should
> use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
> free versions but of course the pay versions are a little better. Also
> the only way to at least control a bad infection of spyware is to use
> a firewall program like ZoneAlarm which has a free version. After you
> run multiple scans and clean up everything they find then make sure
> you have ZoneAlarm or something like it installed and it will prompt
> you when something on your system is going out to the internet without
> your knowledge. Which is how they spyware programs reinstall
> themselves. Then you can not allow those connection and essentially
> trap the spyware (like a quarantine) on your system. Remember, I still
> think the best long term solution is to redo the system and then keep
> an updated version of NAV, Spyware and firewall software on a new and
> clean system. That will keep this happening again. Good Luck!


thanks for your help i found a small program that deletes this
spyware (SMITFRAUDFIX) did the job ,cheers Alan

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Spyware guard 2008 removal guide! How to remove spyware-guard 2008manually dfinc Computer Security 1 01-23-2009 07:35 AM
spyware.bearshare found by "Spyware Detector" PeterOut Computer Security 18 11-14-2007 10:33 PM
spyware.bearshare found by "Spyware Detector" PeterOut Computer Support 21 11-13-2007 08:01 PM
Wireless after SP2 : Spyware rears its hideous head =?Utf-8?B?UmljayBLb3JiZWNr?= Wireless Networking 0 09-09-2004 08:13 AM



Advertisments