Finds spyware and hangs - how to stop & remove?

  • Thread starter Thread starter Robert
  • Start date Start date
R

Robert

Running MS AntiSpyware, finding lots but haning up on
Trojan.Startup.NameShifter.BX, causing it to loop continuously. How do I
stop the scan and removed the ones found so far including this final and
fatal one?

Robert
 
Hello Robert

Steps to take if you have spyware that is not removed by
Microsoft Windows AntiSpyware (beta)
1) Open up AntiSpyware
2) Click Tools at the top
3) Click "Submit a Suspected Spyware Report"
4) Fill out the form with as much detail so we can analyze
quickly

By doing these steps before trying something new, you make
the product better.

Generally, in a case where the item is identified, but not
properly removed, the next steps are:

1) update both Microsoft Antispyware and your antivirus
application.
2) restart in safe mode by pressing the F8 function key
before the first Windows screen appears at startup.
3) do full deep scans with Microsoft Antispyware. Repeat
scanning until a complete scan comes through clean. Ditto
with the antivirus.

This isn't guaranteed, but it works for a great many items
that at first appear not to be cleaned in normal mode.

Empty your IE cache and your other temporary file folders,
eg: c:\temp, c:\windows\temp or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp
folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for
mysterious *.exe files or *.dll files in those folders.
http://www.mvps.org/winhelp2002/delcache.htm

Open Internet Explorer
Select Tools > Internet Options
In the Temporary Internet Files section, click the Delete
Files button
Check Delete all offline content, and then click OK


Go to IE Tools, Internet Options, Temporary Internet Files
{Settings Button}, View Objects, Downloaded Program Files.
Check for unrecognised objects there.

If you are running SP2, open IE--->Tools--->Manage Add-
ons, and uncheck any BHO's that you don't recognize.
A BHO disabler such as BHO Cop, BHO Demon or BHOCaptor
(non XP SP2 users only)
http://www.pcmag.com/article2/0,4149,270,00.asp
http://www.definitivesolutions.com/bhodemon.htm
http://www.webattack.com/get/bho.shtml

Run
Anti-Trojan scanner (Not all antivirus can detect malware!
Use any or bºth):

a-squared http://www.emsisoft.com/en/software/free/

ewido security suite http://www.ewido.net/en/ or
http://www.ewido.net/en/download/ Free malware scan.

Report back your results.

Good luck

Engel
20050727 4:18
 
I ran AntiSpyware multiple times in Safe mode and it removed almost all. It
cannnot permanently remove Trojan.Startup.NameShifter.usofnwr however,
and I cannot submit a report to Microsoft for some reason. I also ran the
ewido.net and the a-squared emsisoft.com malware removers, plus emptied
all the temp folders as advised. (interestingly, downloading and running the
a-squared software let in a flood of adware, so I reset the internet security
options to default-high).

Any ideas on removinng the re-generating trojan?

Many thanks for your help,

Robert
 
Back
Top