Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro

Funny thing.I deleted 10G of retore points right after I contracted this thing.
Live and learn,once again.So it was pretty mutch manual labor on this one.:cry:
I've got the Take Ownership Of on right-click.Nothing worked.Not even run as admin.
Thank you for your suggestions.I'll look deeper into them shortly.:sleepy:

I think I have this whooped.But,as Confucious says,"We'll See".

First, take a deep breath, calm down. Start the computer in Safe Mode. Find a flash drive and another computer, or if you're confident it's not running in safe mode, download SUPER Antispyware. Secondly, a trojan on a friend's computer once disabled executables for me as well. Right clicking on them and picking "Run as Administrator" allowed me to run them though.

You have plenty of options to deal with this thing. The fact that you're removing it and it's coming back means it's hiding somewhere. You can try rolling back your system with system restore and see if that helps. Otherwise, I'd suggest deleting the restore points because it's usually where viruses like to hide.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Possible Hindsight

Maybe MSE already rid my system of these entries earlier in the game?I do know it-MSE- dealt with this in stages.Don't know exactly what happened,I will do more reseach on this,though.Thanks for timely respons.



How to manually remove Trojan.FakeSpypro



Files associated with Trojan.FakeSpypro infection:


iehelper.dll
Adware_Pro.exe
sysguard.exe
nwdcsysguard.exe
Trojan.FakeSpypro DLL's to remove:

iehelper.dll
Trojan.FakeSpypro processes to kill:

Adware_Pro.exe
sysguard.exe
nwdcsysguard.exe
Remove Trojan.FakeSpypro registry entries:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN sysguard
RUNNING PROGRAMExplorer.EXE
HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN Adware_ProMFCT
HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN system tool
RUNNING PROGRAMsysguard.exe
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser HelperObjects{3A44F370-735B-485f-B212-62007E9E6815}
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN system tool
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser HelperObjects{CFA131B1-3A6E-4c4f-A0CC-4CC9D844B04C}
RUNNING PROGRAM\sysguard.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ system tool
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{CFA131B1-3A6E-4c4f-A0CC-4CC9D844B04C}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser HelperObjects\{3A44F370-735B-485f-B212-62007E9E6815}

Hope this helps... ;)

 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Another Malicious File

This has been with me from the start.I renamed it to see if that would help.Nothing found it.I ran "kfsuiwvtssd" through WE Search,and found "kfsuiwvtssd.boo"(which is what I renamed it-Because it sounded scary):confused:.Scanned it with MSE,OK.Scanned it with MBAM,INFECTED.Removed.

We'll see how this progresses.
 

Attachments

  • Capturez.PNG
    Capturez.PNG
    30.5 KB · Views: 30

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
No recurrence.Everything seems to be running better than ever.Kind of spooky.:huh:
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Just An Afterthought...

Hey,Product FRED,maybe by me deleting all restore points left this trojan no-where to hide?



Funny thing.I deleted 10G of retore points right after I contracted this thing.
Live and learn,once again.So it was pretty mutch manual labor on this one.:cry:
I've got the Take Ownership Of on right-click.Nothing worked.Not even run as admin.
Thank you for your suggestions.I'll look deeper into them shortly.:sleepy:

I think I have this whooped.But,as Confucious says,"We'll See".

First, take a deep breath, calm down. Start the computer in Safe Mode. Find a flash drive and another computer, or if you're confident it's not running in safe mode, download SUPER Antispyware. Secondly, a trojan on a friend's computer once disabled executables for me as well. Right clicking on them and picking "Run as Administrator" allowed me to run them though.

You have plenty of options to deal with this thing. The fact that you're removing it and it's coming back means it's hiding somewhere. You can try rolling back your system with system restore and see if that helps. Otherwise, I'd suggest deleting the restore points because it's usually where viruses like to hide.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Hey,Product FRED,maybe by me deleting all restore points left this trojan no-where to hide?



Funny thing.I deleted 10G of retore points right after I contracted this thing.
Live and learn,once again.So it was pretty mutch manual labor on this one.:cry:
I've got the Take Ownership Of on right-click.Nothing worked.Not even run as admin.
Thank you for your suggestions.I'll look deeper into them shortly.:sleepy:

I think I have this whooped.But,as Confucious says,"We'll See".

First, take a deep breath, calm down. Start the computer in Safe Mode. Find a flash drive and another computer, or if you're confident it's not running in safe mode, download SUPER Antispyware. Secondly, a trojan on a friend's computer once disabled executables for me as well. Right clicking on them and picking "Run as Administrator" allowed me to run them though.

You have plenty of options to deal with this thing. The fact that you're removing it and it's coming back means it's hiding somewhere. You can try rolling back your system with system restore and see if that helps. Otherwise, I'd suggest deleting the restore points because it's usually where viruses like to hide.

That's most likely it. I'm glad I could help.
 

My Computer My Computer

At a glance

Windows 7 Enterprise 64-bitAMD Phenom II X4 3.0GHz8GB G-Skill Ripjaws DDR3 1333PNY GeForce 460 GTX 1GB OC - Enthusiast Edition
OS
Windows 7 Enterprise 64-bit
CPU
AMD Phenom II X4 3.0GHz
Motherboard
ASUS M5A97
Memory
8GB G-Skill Ripjaws DDR3 1333
Graphics Card(s)
PNY GeForce 460 GTX 1GB OC - Enthusiast Edition
Sound Card
VIA High Definition Audio
Monitor(s) Displays
Dell 19"
Screen Resolution
1280x1024
Hard Drives
1TB - Primary
160GB - Secondary
250GB - External backup for important files
PSU
OCZ Fata1ty 700W Modular PSU
Case
ASUS
Keyboard
Microsoft Wireless Keyboard 2000
Mouse
Microsoft Wireless Mouse 2000
Internet Speed
3 Mbps/768 kbps
Hey,Product FRED,maybe by me deleting all restore points left this trojan no-where to hide?

If the only place the files were being found in a scan was System Restore, clearing SR would, of course, remove infected restore points. That said, please note that System Restore is not an endless repository and as new restore points are created, older points are cycled out. Thus, an infected restore point is only a threat if the computer is re stored to that point. However, clearing System Restore should only be done after the computer is clean. Having an infected restore point is better than none should an error be made in the clean-up process.
 

My Computer My Computer

At a glance

Windows 7 & Windows Vista Ultimate
OS
Windows 7 & Windows Vista Ultimate
No Lurkers About...

This thing had roots all over.Registry,AppData,Temp Files......I am new at this,so needless to say I was a bit intimidated at first.

Yeah,I got infected first.Didn't know it.System was running fine.I thought I would do a little maintenance-hadn't done any in a few weeks...Restore was full-Deleted.Ran CCleaner.AV\AM.Auslogics Disk Defrag-with Optimize.Ran Disk Check.ScanNow.Every thing peachy.Restart.


BAM!:mad:You know the rest of the story...........

Thanks for responding.:)





Hey,Product FRED,maybe by me deleting all restore points left this trojan no-where to hide?

If the only place the files were being found in a scan was System Restore, clearing SR would, of course, remove infected restore points. That said, please note that System Restore is not an endless repository and as new restore points are created, older points are cycled out. Thus, an infected restore point is only a threat if the computer is re stored to that point. However, clearing System Restore should only be done after the computer is clean. Having an infected restore point is better than none should an error be made in the clean-up process.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
MSE Finds Infected .Zip

Finally,MSE found this file.All I can say is that it got the jump on MBAM.


As a treat,MSE left me my cool icon and the rest of the folders content-PNG images of said trojan.


BE ONE


Hi,Jaxryley.
:)
Will MBAM remove this if I let it run freely again.Will it find it?I dont have real time protection through MBAM.Is ther a safe way to manipulate this thing to be rid of every thread?
EDIT:MBAM runs since MSE got it quarentined.Just doesn't even find the .zip file pasted on my desktop.I just scanned it-the .zip file- with both MBAM and MSE,neither found it a threat.
Only Bitdefender online scanner found it.

I'LL GET RID OF THIS HOSTAGE TAKING PIECE OF S***!
GAME ON!:sa:



:D


Let me get back to you guys.I dealt with this thing for 5 hours to get my system back.I need a little time.I apreciate your timely response.
Copy and paste taskmgr.exe from the system 32 folder to desktop and rename to Opera.exe. Now Taskmanager will start allowing to kill the rogue's process then get a scan going with Malwarebytes, updated first of course.

Or you can go to Malwarebytes Programs folder and rename mbam.exe to Opera.exe and Malwarebytes should start even if the exe killing rogue's process is active.

You can rename to Firefox.exe as well. In fact renaming most exes to Firefox or Opera should allow them to run with this rogue active.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Wooow, intense! :eek:
Glad you got rid of it.
 

My Computer My Computer

At a glance

Windows xp SP3
OS
Windows xp SP3
Thanks,JayC2.
And welcome to 7 Forums!

It was pretty intense.I guess it could be a lot worse.

Taught me to be more concientious about my browsing,and also how I let others use my laptop.Live and learn.;)


Wooow, intense! :eek:
Glad you got rid of it.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Are you running as admin all the time? If so create a standard user and assign it as admin and downgrade your current user to standard. Use a strong password.
 

My Computer My Computer

At a glance

Windows Seven, UbuntuIntelIntel
Computer Manufacturer/Model Number
Samsung rv520
OS
Windows Seven, Ubuntu
CPU
Intel
Graphics Card(s)
Intel
Hi,bigcitycat.

Thank you and I have since modified user accounts and parental controls.:D


Are you running as admin all the time? If so create a standard user and assign it as admin and downgrade your current user to standard. Use a strong password.
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Moved to Installation And Setup
 
Last edited:

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Sorry,wrong forum:o
 

My Computer My Computer

At a glance

MS Windows 7 Home Premium 64-bitAMD K8/AMD Athlon(tm) Processor TF-20 @1.6G2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15ATI Radeon HD 3200 Graphics (Acer Incorporate...
Computer Manufacturer/Model Number
Acer Aspire 5517-5427 Notebook
OS
MS Windows 7 Home Premium 64-bit
CPU
AMD K8/AMD Athlon(tm) Processor TF-20 @1.6G
Motherboard
Acer Aspire 5517 (Socket S1G1)
Memory
2.0GB Dual-Channel DDR2 @ 319MHz 5-5-5-15
Graphics Card(s)
ATI Radeon HD 3200 Graphics (Acer Incorporated [ALI])
Sound Card
Realtek High Definition Audio
Monitor(s) Displays
Generic PnP Monitor @ 1366x768
Hard Drives
244.20GB Western Digital WDC WD2500BEVT-22A23T0 ATA Device (IDE)
PSU
Stock
Case
Stock
Cooling
Stock
Mouse
Gigaware-Wireless
Internet Speed
HA!
Back
Top