I have some sort of malware that has hijacked browser search engine and loads random advertiser links. I can download spybot from one of the download sites, but when the installation program attempts to contact the server, it is blocked. I downloaded from another download site and the same thing happened. I can't even surf to the forum.spybot.info site with any browser, though safari is otherwise unaffected. My guess is that Spybot can take care of whatever malware is in the system but how do I get it installed?

hello,

try to install Spybot S&D with an renamed installer, it is possible that the malware blocks a software by name. For instance rename the Spybot S&D installer exe to something like 123.scr.

If that does not work we will need to shut down the component of the malware which is responsible for blocking the installation of Spybot S&D, to do that we require a Spybot S&D report file to see which malicious processes are running.
Please download the Runalyzer (http://www.safer-networking.org/en/runalyzer/index.html)
and create a log file with it and email it to detections-at-spybot.info (replace -at- with @) with a reference to this thread.
Just in case you could also download the Rootalyzer (http://forums.spybot.info/downloads.php?id=8) and create a Rootalyzer log file so we can see if there are malicious rootkits.

Posted both logs to detections.

Is there a way to install the program that doesn't require internet access. Whatever the worm or trojan is, it is redirecting links to random advertisers. The links don't have to be from search engines.

Spybot does not require access to the Internet during installation. As long you untick the option to "Download Updates Immediately" during installation.

If you cannot execute the Spybot installer, rename the .exe installation file.
If you cannot execute Spybot itself (not installer) rename the desktop icon.

That worked. But now the program won't run. The resident program is in the system tray but when I try to run S&D it jus hangs. I tried rebooting and inactivated another antivirus program. It's as if someone targeted S&D as the program to defeat.

If you cannot execute the Spybot installer, rename the .exe installation file.
If you cannot execute Spybot itself (not installer) rename the desktop icon.
The malware component might be disabling Spybot. Rename the desktop icon.

If you run Spybot-SD, update it and fire it up.

Usually malware blocks the .exe file itself, therefore please try to run Spybot using the randomly named .scr-file located in the Spybot - Search & Destroy program folder. As this file has the attributes to be a hidden system file, you have to set your folder option to display those files. The file size of the .scr should be about 4777kb.

Alright, the program starts but will not update. Somehow, the worm is still blocking access to the spybot websites. Is there another way to get the update?

The manual updates are also available at softpedia.com (http://www.softpedia.com/get/Others/Signatures-Updates/Spybot-Search-and-Destroy-Detection-Update.shtml)

Finally found the worm using an alternative spyware remover, and then I could download the update and run Spybot, which after a few iterations of scan and reboot, declared the system clean. I would really like to know how it blocked access to all the Spybot sites.

I am having the exact same problems, and have only been able to access the Safer Networking site via another computer. I do believe this should recieve some attention, and if you could explain exactly what steps you took to remove this pos? Very, very frustrating.

Update:

I:
- Downloaded the newest version from the site on a different computer, and transfered it through our network to my computer.
- Booted mine up in safe mode.
- Used the screensaver randomly named file and got spybot up and running.
- Started a scan, and it came up with Smitfraud-C and a Win32 agent. Scanned, says they're fixed, so I immunize etc.
- Update
- Scan again
- 'You need to use the integrated update tool' etc. I fully updated it, won't find another thing and I've used the exe to update, still won't work.
- Then I reboot out of safe mode and run it again, still won't let me update. Says 'Error in recieving update info' or something very similar to that.

Please and thank you.

I finally bought StopZilla, which found enough of the trojan downloader that I was able to access the Spybot sites and get the download. Also the update for Spybot, if you can get the program installed, is available at Softpedia, though I didn't need to try that method. After removing the initial trojan, you reneed to rescan after disabling your network card, otherwise it will redownload virus every time it connects to the internet. I alternated scanning with Stopzilla, OneCare, and Spybot, and immunized with Spybot. I am pretty sure Spybot is the best, since the virus seems designed to specifically block it. However, I think I am always going to keep two spyblockers of some type or another to cover the bases.

You can always seek assistance in the Malware Removal Forums.

Do you have any other anti-malware programs?

I seem to be squeaky clean now. I downloaded Smitfraudfix and Combofix from my other computer, and transfered it to this computer via the network. Apparently this trojan also blocks both of those programs, but when I was in safe mode and was able to boot up spybot with the hidden randomly named screensaver file, it killed the trojan so that I could run combofix and that fixed it. Thanks :D

Hi there,

Glad things worked out for you and just an fyi to members. :)

Combo Fix is not a general purpose cleaning tool and should not be used unless requested by a forum helper, while receiving guidance during the cleanup of an infected computer.

Best regards.