View Full Version : Thanks Spybot
mtchllro
2008-11-23, 22:30
:eek:
IE would not load any pages or Motzilla only AOL would work !
I couldn't load avg antivirus or load Spybot (but teatimer was running).
My solution was to rename spybots exe (I just placed a 1 before the .exe) which then let spybot load but it wouldn't update (no IE connection) so after a manual update I scanned found a trojan (Win32.TDSS.rtk)after removing and re renaming Spybot all is well.
Thanks Spybot :wav::wav:
spybotsandra
2008-11-24, 17:32
Hello,
We are glad that Spybot-S&D has helped you with your problems.
Best regards
Sandra
Team Spybot
Wow i have exactly the same symptom as Mtchllro.
Spybot.exe didnt run so I rename it to Spibot.exe and it runs. After I manual update Spybot I scan computer and found Win32.TDSS.rtk. After removal, I can acces back to internet and autoupdate spybot.
The only problem is Win32.TDSS.rtk always come back. I cant remove it permanently. I need to scan my computer at each start up and even if I dont reboot my computer, the trojan come back like 10 hours later.
So I'm wondering how u remove Win32.TDSS.rtk for good?
Thx
md usa spybot fan
2008-11-30, 07:56
nulos:
What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?
If you are not running Spybot 1.6.0.30 or above, consider upgrading. The downloads are located here:
Mirror selection - The home of Spybot-S&D!
http://www.spybot.info/en/mirrors/index.html
If you are running Spybot 1.6.0.30 or above, there are two things that you can try to get rid of the things that Spybot-S&D is having difficulty removing:
Try to run it the next time you reboot.
Go into Spybot > Mode > Advanced mode > Settings > Settings > look for "System start" (located half way down the page).
Check the option: "Run program once at next system startup".
Reboot the system.
Run it in Safe mode.
Reboot your system in Safe mode and run Spybot-S&D.
If Spybot still fails to correct the problem, consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.
If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from the above instructions.
Toadstoolfood
2008-12-07, 08:59
If you are not running Spybot 1.6.0.30 or above, consider upgrading.
Fan,
I have a similar problem, and as mentioned above, I cannot connect to Safer Networking at all on the affected PC. IE is redirected as well as the SB update. I thought I would be slick and sneaker net the install package over, but 1.6 will not install without connecting over the Internet. I was forced to use 1.4 and manually update it. I am still scanning, and hoping it will resolve the problem.
md usa spybot fan
2008-12-07, 14:56
Toadstoolfood:
In order to install and update Spybot on a system on a system that is not connected to the internet, you will need to download two files and transfer them to the non-internet connected system.
spybotsd160.exe
Located here:
Mirror selection - The home of Spybot-S&D!
http://www.spybot.info/en/mirrors/index.html
spybotsd_includes.exe
Located here:
Downloads - The home of Spybot-S&D!
http://www.spybot.info/en/download/index.html
the item is:
Detection updates© 2008-12-03 - product description
md5: DF4B885F90CCBC2B3BDBD8A237DD459F
This updates the detection rules. Only needed if you do not want to use the update function integrated into Spybot-S&D.
To install Spybot and update:
After downloading and transferring the two (2) programs (spybotsd160.exe (http://www.spybotupdates.com/files/ spybotsd160.exe) and spybotsd_includes.exe (http://www.spybotupdates.com/updates/files/spybotsd_includes.exe)) to the non-internet connected system:
Execute the installation program spybotsd160.exe.
When you get to the "Select Components" screen during the installation, uncheck "Download updates immediately" (see Download updates immediately.jpg (http://forums.spybot.info/attachment.php?attachmentid=2531&d=1221148689)).
After the installation completes execute spybotsd_includes.exe to update Spybot's detection rules.
Toadstoolfood
2008-12-08, 07:10
Thanks Fan,
:oops: I see now that it was operator headspace that was preventing the installation of 1.6 on the affected PC. The virus is targeting virus protection files and websites, apparently using a list of named targets. I did have to rename the EXE’s, as Mtchllro did, in order to run setup and the app. While I have eliminated most of the symptoms, virus protection web sites are still redirected and the apps are not allowed to run without renaming them. The only solution I have found on the net is to format and reload the OS.
Toad
drragostea
2008-12-09, 01:21
The only solution I have found on the net is to format and reload the OS.
Toad
You know there is still time to purge the malware, instead of doing a reformat and starting from scratch. You can always feel free to start your own thread to request for help in the Malware Removal Forum to have a specialist to take a look at your machine and help you clean out the malware. It's free. If you want the instructions, it is provided above in md usa spybot fan's post.