Removing same spyware everyday?

[Joel]

I noticed that the same spyware is detected and removed
every day. Where is it coming from? It seems to me that
removing spyware is not enough, what is needed is a way
to discover hoe it is entering the system and preventing
it.

Any ideas?

 

[Andre Da Costa]

Restart in safe mode, open Microsoft AntiSpyware, choose Scan Options > Full
System Scan (check boxes below) > click "Run Scan Now". If the spyware still
reappear, disable System Restore first, right click My Computer, Properties

System Restore (tab) ,check "Turn Off System Restore" then restart the

computer in safe mode.

Restart in safe mode instructions:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Bill Sanderson]

Cognitive dissonance, I think.

Something is lying to you.

In this case, I suspect it is your spyware removal apps (including Microsoft
Antispyware) that are reporting too optimistically on their efforts. Follow
Andre's advice and see if the safe mode scan and remove really gets the job
done.

In general, when I see this symptom, it appears to me that cleaning isn't
working, rather than that there is some outside source that is successfully
bombarding the machine with new infections.

 

[Guest]

-----Original Message-----
I noticed that the same spyware is detected and removed
every day. Where is it coming from? It seems to me that
removing spyware is not enough, what is needed is a way
to discover hoe it is entering the system and preventing
it.

Any ideas?
.
delete your cookis

 

[Alan]

Make certain that your prefetch folder
(c:\windows\prefetch) doesn't contain files with
filenames pertaining to the spyware you are getting
infected with. If you find some, shred them using a
freware, not shareware, file shredder. You can download
one from download.com. Once these files are gone, they
shouldn't come back, as long as you keep Real-time
Protection turned on.

I think the reason it didn't detect the infection is that
the spyware left behind some code in the prefetch folder,
and Real-time Protection protects from attacks from the
outside, not from within. The prefetch folder contains
files that allow a program to startup faster. However,
many spyware/malware writers use this folder to insert
code that they attach to IE or some other web browser,
and when you launch the browser, you get re-infected.
The same thing happened to me, until I ran a search of my
hard drive, found files containing the names of the
spyware programs, then I shredded them, and haven't seen
them since. Also, if you aren't running a firewall, it's
a good idea to run one, as this might stop these programs
from getting onto your system in the first place.

Alan

 

[Henry Molvar]

-----Original Message-----
I noticed that the same spyware is detected and removed
every day. Where is it coming from? It seems to me that
removing spyware is not enough, what is needed is a way
to discover hoe it is entering the system and preventing
it.

Any ideas?
.

Joel: I don't have any ideas because I am afflicted with
the same problem. So I installed the MS Antispyware
yesterday and THOUGHT I had found the answer to our
question. Lo & behold, NvCpl, which I had been trying to
get off my startup for many months and which MSA took care
of yesterday, was "automatically" allowed today by MSA!!
You just can't win.

 

[Bill Sanderson]

nvcpl is the control panel for your Nvidia display adapter.

Microsoft Antispyware is not designed to be used to arbitrarily remove
software that a PC owner decides is unwanted. You can remove this control
panel through its own settings, or, I believe, by uninstalling it--not sure.

--

 

[MsOsWin]

I noticed that the same spyware is detected and removed
every day. Where is it coming from? It seems to me that
removing spyware is not enough, what is needed is a way
to discover hoe it is entering the system and preventing
it.

Any ideas?

have you tried other crap eradicators? ad-aware? spybot s&d?

i know spybot may offer to remove leftover debris during startup. likely
other anti-crap apps can do this too.