SPYWARE

Discussion in 'Computer Support' started by alan, May 20, 2007.

  1. alan

    alan Guest

    Cananybody help me please, i have tried various programs (HIJACK
    THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
    Spybot led me to HKEY_USERS
    \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
    \aldd. i have deleted aldd but it keeps coming back,i have
    deleted it in safe mode and it still comes back any help please.
    alan, May 20, 2007
    #1
    1. Advertising

  2. alan

    thanatoid Guest

    alan <> wrote in
    news::

    > Cananybody help me please, i have tried various programs
    > (HIJACK THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of
    > this spyware. Spybot led me to HKEY_USERS
    > \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICR
    > OSOFT \aldd. i have deleted aldd but it keeps
    > coming back,i have deleted it in safe mode and it still
    > comes back any help please.
    >
    >


    Googling for "key aldd" brought this up, among others:

    http://forums.spybot.info/showthread.php?s=91d26478e6f33cfa1e0fd
    52a83be8db3&t=13577

    Of course, you could have done the search yourself.

    --
    Disagreements and the usual insults expected and welcomed.
    thanatoid, May 20, 2007
    #2
    1. Advertising

  3. alan

    Guest

    alan <> wrote:

    >Cananybody help me please, i have tried various programs (HIJACK
    >THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
    >Spybot led me to HKEY_USERS
    >\S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
    >\aldd. i have deleted aldd but it keeps coming back,i have
    >deleted it in safe mode and it still comes back any help please.


    Run Autoruns and disable the parent -
    http://www.microsoft.com/technet/sysinternals/Security/Autoruns.mspx
    usually sits in your temp dir, reboot

    Then delete the reg key, reboot

    Start | Run <type in>
    %TEMP%
    <enter>

    Run AVG spyware, it's really very good at what it does.
    http://free.grisoft.com/doc/20/lng/us/tpl/v5
    --

    40 yrs ago...
    http://youtube.com/watch?v=gZez_k4vAzU
    , May 20, 2007
    #3
  4. alan

    Guest

    , May 20, 2007
    #4
  5. alan

    Postilion Guest

    On May 19, 4:14 pm, alan <> wrote:
    > Cananybody help me please, i have tried various programs (HIJACK
    > THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
    > Spybot led me to HKEY_USERS
    > \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
    > \aldd. i have deleted aldd but it keeps coming back,i have
    > deleted it in safe mode and it still comes back any help please.


    I do not want to discourage you but I would seriously consider backing
    up all the important data and blowing out the system and re-installing
    everything. I do IT work for a living and I have helped several people
    with these type of issues and I have spent hours trying to clean
    systems only to find out later that the problem is back and I failed.
    The reason it gets so bad is this spyware hides on the system. In the
    registry under the RUN and RUN Once keys and in vital system folders
    such as Windows and System32. They load into memory and if you have a
    constant internet connection such as DSL or Cable they immediately go
    back out to the internet and reinstall themselves. That is why they
    design them to load into memory immediately from boot up so they
    cannot get deleted until they can re-establish a presence back on the
    hard drive.Anyway, if you do not want to redo the system you should
    use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
    free versions but of course the pay versions are a little better. Also
    the only way to at least control a bad infection of spyware is to use
    a firewall program like ZoneAlarm which has a free version. After you
    run multiple scans and clean up everything they find then make sure
    you have ZoneAlarm or something like it installed and it will prompt
    you when something on your system is going out to the internet without
    your knowledge. Which is how they spyware programs reinstall
    themselves. Then you can not allow those connection and essentially
    trap the spyware (like a quarantine) on your system. Remember, I still
    think the best long term solution is to redo the system and then keep
    an updated version of NAV, Spyware and firewall software on a new and
    clean system. That will keep this happening again. Good Luck!
    Postilion, May 20, 2007
    #5
  6. alan

    Bullseye Guest

    On 19 May 2007 22:37:08 -0700, Postilion wrote:

    > On May 19, 4:14 pm, alan <> wrote:
    >> Cananybody help me please, i have tried various programs (HIJACK
    >> THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
    >> Spybot led me to HKEY_USERS
    >> \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
    >> \aldd. i have deleted aldd but it keeps coming back,i have
    >> deleted it in safe mode and it still comes back any help please.

    >
    > I do not want to discourage you but I would seriously consider backing
    > up all the important data and blowing out the system and re-installing
    > everything. I do IT work for a living and I have helped several people
    > with these type of issues and I have spent hours trying to clean
    > systems only to find out later that the problem is back and I failed.
    > The reason it gets so bad is this spyware hides on the system. In the
    > registry under the RUN and RUN Once keys and in vital system folders
    > such as Windows and System32. They load into memory and if you have a
    > constant internet connection such as DSL or Cable they immediately go
    > back out to the internet and reinstall themselves. That is why they
    > design them to load into memory immediately from boot up so they
    > cannot get deleted until they can re-establish a presence back on the
    > hard drive.Anyway, if you do not want to redo the system you should
    > use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
    > free versions but of course the pay versions are a little better. Also
    > the only way to at least control a bad infection of spyware is to use
    > a firewall program like ZoneAlarm which has a free version. After you
    > run multiple scans and clean up everything they find then make sure
    > you have ZoneAlarm or something like it installed and it will prompt
    > you when something on your system is going out to the internet without
    > your knowledge. Which is how they spyware programs reinstall
    > themselves. Then you can not allow those connection and essentially
    > trap the spyware (like a quarantine) on your system. Remember, I still
    > think the best long term solution is to redo the system and then keep
    > an updated version of NAV, Spyware and firewall software on a new and
    > clean system. That will keep this happening again. Good Luck!


    Before reformatting I would try a couple of things first. If it is indeed
    something that is loading into memory, then I would download and install
    BoClean, as it pounces it specializes on malware that loads itself into
    memory. If you can determine which exe is loading into memory, you can use
    Winpatrol or Sysinternals Autoruns to disable it from the startup items
    (this doesn't always work, but worth a shot). Also, while the suggestion
    above is commendable, MS Antispyware, Spybot & Adaware are not really
    adequate to do the job. Microsoft's security software is not rated very
    highly, and Spyboy & Adaware are close to obsolete if not totally useless
    against the new variants of malware. I clean peoples' computers on a
    constant basis, and while some of the tools I use are somewhat advanced,
    the three that seem to do the best job are Superantispyware, AVG
    Antispyware (with Ewido engine) and Kaspersky antivirus. You can do an
    online scan with Kaspersky and have it clean what it finds, or you can
    download a trial version of Kaspersky which is good for 30 days. Then also
    do acans with AVG and SAS and let them clean. Along with using BoClean,
    those three will get rid of most anything. There are some other programs
    that are useful, such as 'Unlocker' and 'Rootkit Unhooker' that can also be
    used to disable malware so it can be removed, but I would hesitate to
    recommend those unless you really know what you are doing. In addition,
    get rid of Norton and put something like Kaspersky or NOD32 on your system.
    I would say that 90% of the infected computers I deal with are running
    Norton AV, which shows how well it protects your system. Also, Zone Alarm
    firewall is a decent choice unless you want a little more control over your
    applications, which ports they can access, etc. Sumbelt (Kerio) also has a
    free version which also provides packet filtering and much tighter control.
    There are some other tools I could recommend, depending on the user's skill
    level. If all else fails then do as instructed in the above post and start
    from scratch. So far, with the tools I've used, I've never had to go that
    route with anyone's computer.
    Bullseye, May 20, 2007
    #6
  7. alan

    alan Guest

    On May 20, 3:37 pm, Postilion <> wrote:
    > On May 19, 4:14 pm, alan <> wrote:
    >
    > > Cananybody help me please, i have tried various programs (HIJACK
    > > THIS, SPYSUBTRACT , SPYBOT,) and cannot get rid of this spyware.
    > > Spybot led me to HKEY_USERS
    > > \S-1-5-21-507921405-1606980848-1957994488-1004\SOFTWARE\MICROSOFT
    > > \aldd. i have deleted aldd but it keeps coming back,i have
    > > deleted it in safe mode and it still comes back any help please.

    >
    > I do not want to discourage you but I would seriously consider backing
    > up all the important data and blowing out the system and re-installing
    > everything. I do IT work for a living and I have helped several people
    > with these type of issues and I have spent hours trying to clean
    > systems only to find out later that the problem is back and I failed.
    > The reason it gets so bad is this spyware hides on the system. In the
    > registry under the RUN and RUN Once keys and in vital system folders
    > such as Windows and System32. They load into memory and if you have a
    > constant internet connection such as DSL or Cable they immediately go
    > back out to the internet and reinstall themselves. That is why they
    > design them to load into memory immediately from boot up so they
    > cannot get deleted until they can re-establish a presence back on the
    > hard drive.Anyway, if you do not want to redo the system you should
    > use Microsoft's AntiSpyware, Spybot and Adaware. I think they all have
    > free versions but of course the pay versions are a little better. Also
    > the only way to at least control a bad infection of spyware is to use
    > a firewall program like ZoneAlarm which has a free version. After you
    > run multiple scans and clean up everything they find then make sure
    > you have ZoneAlarm or something like it installed and it will prompt
    > you when something on your system is going out to the internet without
    > your knowledge. Which is how they spyware programs reinstall
    > themselves. Then you can not allow those connection and essentially
    > trap the spyware (like a quarantine) on your system. Remember, I still
    > think the best long term solution is to redo the system and then keep
    > an updated version of NAV, Spyware and firewall software on a new and
    > clean system. That will keep this happening again. Good Luck!


    thanks for your help i found a small program that deletes this
    spyware (SMITFRAUDFIX) did the job ,cheers Alan
    alan, May 20, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UmljayBLb3JiZWNr?=

    Wireless after SP2 : Spyware rears its hideous head

    =?Utf-8?B?UmljayBLb3JiZWNr?=, Sep 9, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    464
    =?Utf-8?B?UmljayBLb3JiZWNr?=
    Sep 9, 2004
  2. Taller Than The Fence

    Mozilla Spyware Killer?

    Taller Than The Fence, Oct 8, 2004, in forum: Firefox
    Replies:
    4
    Views:
    740
    charles
    Oct 9, 2004
  3. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Support
    Replies:
    21
    Views:
    935
    Dustin Cook
    Nov 13, 2007
  4. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Security
    Replies:
    18
    Views:
    974
    Jim Watt
    Nov 14, 2007
  5. dfinc
    Replies:
    1
    Views:
    899
    Kayman
    Jan 23, 2009
Loading...

Share This Page