Antispyware 2009
Thread Starter
More than just an ATCO
Joined: Jul 1999
Posts: 1,773
Likes: 1
From: Up someone's nose
Antispyware 2009
This thing has infected ny PC and keeps popping up to advise me that I have a security problem. Registry scan and blocking the URL haven't helped.
any ideas - besides buying a MAC
any ideas - besides buying a MAC
More bang for your buck
Joined: Nov 2005
Posts: 3,513
Likes: 1
From: land of the clanger
removing it is the only option I'm afraid.
tools and instructions here: How to remove XP Antispyware 2009 (Uninstall Instructions)
What this programs does:
XP Antispyware 2009 is a rogue anti-spyware program from the same family as XP Antivirus 2008. Just like its predecessor, XP AntiSpyware 2009 is advertised and promoted through the use of fake online anti-malware scanners and malware that displays fake security alerts on your computer. Both the online scanners and the malware state that your computer is infected and that you should download and install XP Antispyware 2009 in order to clean and protect your computer.
If you decide to install XP Antispyware 2009 it will configure itself to run automatically when your computer starts. It will also install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are:
While the program is running, you may also find that your computer starts to become slower. This is because the program is constantly running in the background and using up your computer's resources that other legitimate programs should be using. XP Antispyware will also occasionally display fake security alerts stating that your computer is infected and that you should purchase the program in order to protect yourself. Images of these fake alerts and of the program can be found below.
XP Antispyware 2009 is a rogue anti-spyware program from the same family as XP Antivirus 2008. Just like its predecessor, XP AntiSpyware 2009 is advertised and promoted through the use of fake online anti-malware scanners and malware that displays fake security alerts on your computer. Both the online scanners and the malware state that your computer is infected and that you should download and install XP Antispyware 2009 in order to clean and protect your computer.
If you decide to install XP Antispyware 2009 it will configure itself to run automatically when your computer starts. It will also install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are:
c
Documents and Settings\All Users\Application Data\boveketuz.inf
cDocuments and Settings\All Users\Application Data\duvuja.lib
cDocuments and Settings\All Users\Application Data\koqisybi.bat
cDocuments and Settings\All Users\Application Data\ucozoma.reg
cDocuments and Settings\All Users\Documents\jyxigifo._sy
cDocuments and Settings\All Users\Documents\ysix._dl
%UserProfile%\Application Data\mepa.com
%UserProfile%\Cookies\guwysa.dat
%UserProfile%\Cookies\sasu.bat
%UserProfile%\Local Settings\Application Data\jyxot.dl
%UserProfile%\Local Settings\Application Data\mivekely._sy
%UserProfile%\Local Settings\Application Data\pozik.vbs
%UserProfile%\Local Settings\Application Data\wosi.vbs
cProgram Files\Common Files\gykyr.bat
cProgram Files\Common Files\ogumy.lib
cProgram Files\Common Files\uwolykiw.com
cWINDOWS\akikuvopa.dll
cWINDOWS\lydumyhery.scr
cWINDOWS\radimup.lib
cWINDOWS\toli.pif
cWINDOWS\system32\_scui.cpl
cWINDOWS\system32\oxatymy.dl
Once XP Antispyware is started, it will automatically start scanning your computer and list a variety of infections that cannot be removed unless you first purchase the program. These infections will consist of legitimate files and Registry entries as well as the above fake malware files that XP Antispyware installed. Remember, though, that the above files are not real malware and cannot harm your computer. Documents and Settings\All Users\Application Data\boveketuz.infc
Documents and Settings\All Users\Application Data\duvuja.libc
Documents and Settings\All Users\Application Data\koqisybi.batc
Documents and Settings\All Users\Application Data\ucozoma.regc
Documents and Settings\All Users\Documents\jyxigifo._syc
Documents and Settings\All Users\Documents\ysix._dl%UserProfile%\Application Data\mepa.com
%UserProfile%\Cookies\guwysa.dat
%UserProfile%\Cookies\sasu.bat
%UserProfile%\Local Settings\Application Data\jyxot.dl
%UserProfile%\Local Settings\Application Data\mivekely._sy
%UserProfile%\Local Settings\Application Data\pozik.vbs
%UserProfile%\Local Settings\Application Data\wosi.vbs
c
Program Files\Common Files\gykyr.batc
Program Files\Common Files\ogumy.libc
Program Files\Common Files\uwolykiw.comc
WINDOWS\akikuvopa.dllc
WINDOWS\lydumyhery.scrc
WINDOWS\radimup.libc
WINDOWS\toli.pifc
WINDOWS\system32\_scui.cplc
WINDOWS\system32\oxatymy.dlWhile the program is running, you may also find that your computer starts to become slower. This is because the program is constantly running in the background and using up your computer's resources that other legitimate programs should be using. XP Antispyware will also occasionally display fake security alerts stating that your computer is infected and that you should purchase the program in order to protect yourself. Images of these fake alerts and of the program can be found below.
Beady Eye
Joined: Feb 2001
Posts: 1,495
Likes: 1
From: UK
'nough said
Joined: Sep 2002
Posts: 1,025
Likes: 0
From: Raynes Park
Depends how deep it has penetrated your operating system - at work we tend to rebuild (re-install) the PC from scratch to wipe it out for good.
You may be able to clean it up by running something like Spybot s&d and then a scan with a good anti-virus program (make sure both are updated and then run them both in Windows safe mode). You may have to run them more than once. A registry clean with ccleaner may also help.
But in all honesty a rebuild may be the only lasting option..
You may be able to clean it up by running something like Spybot s&d and then a scan with a good anti-virus program (make sure both are updated and then run them both in Windows safe mode). You may have to run them more than once. A registry clean with ccleaner may also help.
But in all honesty a rebuild may be the only lasting option..
Avoid imitations
Joined: Nov 2000
Aviation Qualifications: ATPL
Posts: 15,113
Likes: 1,087
From: Wandering the FIR and cyberspace often at highly unsociable times
I had this problem. I was advised here to install "SUPERAntiSpyware".
It's a free download and it worked for my computer. I still use it.
It's a free download and it worked for my computer. I still use it.
Thread Starter
More than just an ATCO
Joined: Jul 1999
Posts: 1,773
Likes: 1
From: Up someone's nose
Thanks everyone. I tried BDIONU's links and think I got sidetracked by another rogue when trying to run it.
I eventually got SUPERAntiSpyware to load and run and the problem has gone. 221 suspected infections found.
I thought i was fairly well protected by Avast and CCCleaner and Registry Helper.
Thanks again everybody
I eventually got SUPERAntiSpyware to load and run and the problem has gone. 221 suspected infections found.
I thought i was fairly well protected by Avast and CCCleaner and Registry Helper.
Thanks again everybody
Joined: Dec 2005
Posts: 1,694
Likes: 15
From: Wellington,NZ
MBAM is the other "rock star" with this type of infection. MBAM and SAS reportedly (usually) zap it for good.
'Course, you have to have all applications (Java, Flash player etc) up to date, and not be using IE6, otherwise the vulnerability is still present.
'Course, you have to have all applications (Java, Flash player etc) up to date, and not be using IE6, otherwise the vulnerability is still present.
Cool Mod
Joined: Apr 1998
Posts: 6,189
Likes: 0
From: 18nm N of LGW
I had the problem too. It is VERY invasive - not so much as kiss my **** or by your leave!
It took some getting rid of but apart from the options above I found that it was essential to get at the root - in the registry, control panel and keep doing searches for 'spyware' and kill it.
It people like this who give computing a bad name.
It took some getting rid of but apart from the options above I found that it was essential to get at the root - in the registry, control panel and keep doing searches for 'spyware' and kill it.
It people like this who give computing a bad name.
Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
Thread Starter
More than just an ATCO
Joined: Jul 1999
Posts: 1,773
Likes: 1
From: Up someone's nose
Interesting fact is was that I was trying to update Flash Player when Avast flagged a warning . The problem is that the invasive program actually looks like a Microsoft page.
