Thanks Spybot

[mtchllro]

IE would not load any pages or Motzilla only AOL would work !
I couldn't load avg antivirus or load Spybot (but teatimer was running).
My solution was to rename spybots exe (I just placed a 1 before the .exe) which then let spybot load but it wouldn't update (no IE connection) so after a manual update I scanned found a trojan (Win32.TDSS.rtk)after removing and re renaming Spybot all is well.
Thanks Spybot :wav::wav:

 

[spybotsandra]

Hello,

We are glad that Spybot-S&D has helped you with your problems.

Best regards
Sandra
Team Spybot

 

[nulos]

Wow i have exactly the same symptom as Mtchllro.
Spybot.exe didnt run so I rename it to Spibot.exe and it runs. After I manual update Spybot I scan computer and found Win32.TDSS.rtk. After removal, I can acces back to internet and autoupdate spybot.
The only problem is Win32.TDSS.rtk always come back. I cant remove it permanently. I need to scan my computer at each start up and even if I dont reboot my computer, the trojan come back like 10 hours later.
So I'm wondering how u remove Win32.TDSS.rtk for good?

Thx

 

[md usa spybot fan]

nulos:

What version of Spybot - Search & Destroy are you running (Spybot » Help » About)?

If you are not running Spybot 1.6.0.30 or above, consider upgrading. The downloads are located here:

• Mirror selection - The home of Spybot-S&D!
  http://www.spybot.info/en/mirrors/index.html

If you are running Spybot 1.6.0.30 or above, there are two things that you can try to get rid of the things that Spybot-S&D is having difficulty removing:

1. Try to run it the next time you reboot.
   • Go into Spybot > Mode > Advanced mode > Settings > Settings > look for "System start" (located half way down the page).
   • Check the option: "Run program once at next system startup".
   • Reboot the system.
2. Run it in Safe mode.
   • Reboot your system in Safe mode and run Spybot-S&D.

If Spybot still fails to correct the problem, consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the HijackThis log produced from the above instructions.

 

[Toadstoolfood]

Not able to download

If you are not running Spybot 1.6.0.30 or above, consider upgrading.

Fan,

I have a similar problem, and as mentioned above, I cannot connect to Safer Networking at all on the affected PC. IE is redirected as well as the SB update. I thought I would be slick and sneaker net the install package over, but 1.6 will not install without connecting over the Internet. I was forced to use 1.4 and manually update it. I am still scanning, and hoping it will resolve the problem.

 

[md usa spybot fan]

Toadstoolfood:

In order to install and update Spybot on a system on a system that is not connected to the internet, you will need to download two files and transfer them to the non-internet connected system.

1. spybotsd160.exe
   • Located here:
     • Mirror selection - The home of Spybot-S&D!
       http://www.spybot.info/en/mirrors/index.html
2. spybotsd_includes.exe
   • Located here:
     • Downloads - The home of Spybot-S&D!
       http://www.spybot.info/en/download/index.html
     • the item is:
       • Detection updates© 2008-12-03 - product description
         md5: DF4B885F90CCBC2B3BDBD8A237DD459F
         
         This updates the detection rules. Only needed if you do not want to use the update function integrated into Spybot-S&D.

To install Spybot and update:

• After downloading and transferring the two (2) programs (spybotsd160.exe and spybotsd_includes.exe) to the non-internet connected system:
  • Execute the installation program spybotsd160.exe.
  • When you get to the "Select Components" screen during the installation, uncheck "Download updates immediately" (see Download updates immediately.jpg).
  • After the installation completes execute spybotsd_includes.exe to update Spybot's detection rules.

 

[Toadstoolfood]

1.6 working – redirects still persist

Thanks Fan,

I see now that it was operator headspace that was preventing the installation of 1.6 on the affected PC. The virus is targeting virus protection files and websites, apparently using a list of named targets. I did have to rename the EXE’s, as Mtchllro did, in order to run setup and the app. While I have eliminated most of the symptoms, virus protection web sites are still redirected and the apps are not allowed to run without renaming them. The only solution I have found on the net is to format and reload the OS.

Toad

 

[drragostea]

The only solution I have found on the net is to format and reload the OS.

Toad

You know there is still time to purge the malware, instead of doing a reformat and starting from scratch. You can always feel free to start your own thread to request for help in the Malware Removal Forum to have a specialist to take a look at your machine and help you clean out the malware. It's free. If you want the instructions, it is provided above in md usa spybot fan's post.