Antispyware 2009
More than just an ATCO
Thread Starter
Join Date: Jul 1999
Location: Up someone's nose
Age: 75
Posts: 1,768
Likes: 0
Received 0 Likes
on
0 Posts
Antispyware 2009
This thing has infected ny PC and keeps popping up to advise me that I have a security problem. Registry scan and blocking the URL haven't helped.
any ideas - besides buying a MAC
any ideas - besides buying a MAC
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
removing it is the only option I'm afraid.
tools and instructions here: How to remove XP Antispyware 2009 (Uninstall Instructions)
What this programs does:
XP Antispyware 2009 is a rogue anti-spyware program from the same family as XP Antivirus 2008. Just like its predecessor, XP AntiSpyware 2009 is advertised and promoted through the use of fake online anti-malware scanners and malware that displays fake security alerts on your computer. Both the online scanners and the malware state that your computer is infected and that you should download and install XP Antispyware 2009 in order to clean and protect your computer.
If you decide to install XP Antispyware 2009 it will configure itself to run automatically when your computer starts. It will also install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are:
While the program is running, you may also find that your computer starts to become slower. This is because the program is constantly running in the background and using up your computer's resources that other legitimate programs should be using. XP Antispyware will also occasionally display fake security alerts stating that your computer is infected and that you should purchase the program in order to protect yourself. Images of these fake alerts and of the program can be found below.
XP Antispyware 2009 is a rogue anti-spyware program from the same family as XP Antivirus 2008. Just like its predecessor, XP AntiSpyware 2009 is advertised and promoted through the use of fake online anti-malware scanners and malware that displays fake security alerts on your computer. Both the online scanners and the malware state that your computer is infected and that you should download and install XP Antispyware 2009 in order to clean and protect your computer.
If you decide to install XP Antispyware 2009 it will configure itself to run automatically when your computer starts. It will also install a variety of files on your computer that act as fake malware so that the program will find them while scanning. These files are:
c
Documents and Settings\All Users\Application Data\boveketuz.inf
cDocuments and Settings\All Users\Application Data\duvuja.lib
cDocuments and Settings\All Users\Application Data\koqisybi.bat
cDocuments and Settings\All Users\Application Data\ucozoma.reg
cDocuments and Settings\All Users\Documents\jyxigifo._sy
cDocuments and Settings\All Users\Documents\ysix._dl
%UserProfile%\Application Data\mepa.com
%UserProfile%\Cookies\guwysa.dat
%UserProfile%\Cookies\sasu.bat
%UserProfile%\Local Settings\Application Data\jyxot.dl
%UserProfile%\Local Settings\Application Data\mivekely._sy
%UserProfile%\Local Settings\Application Data\pozik.vbs
%UserProfile%\Local Settings\Application Data\wosi.vbs
cProgram Files\Common Files\gykyr.bat
cProgram Files\Common Files\ogumy.lib
cProgram Files\Common Files\uwolykiw.com
cWINDOWS\akikuvopa.dll
cWINDOWS\lydumyhery.scr
cWINDOWS\radimup.lib
cWINDOWS\toli.pif
cWINDOWS\system32\_scui.cpl
cWINDOWS\system32\oxatymy.dl
Once XP Antispyware is started, it will automatically start scanning your computer and list a variety of infections that cannot be removed unless you first purchase the program. These infections will consist of legitimate files and Registry entries as well as the above fake malware files that XP Antispyware installed. Remember, though, that the above files are not real malware and cannot harm your computer. Documents and Settings\All Users\Application Data\boveketuz.infc
Documents and Settings\All Users\Application Data\duvuja.libc
Documents and Settings\All Users\Application Data\koqisybi.batc
Documents and Settings\All Users\Application Data\ucozoma.regc
Documents and Settings\All Users\Documents\jyxigifo._syc
Documents and Settings\All Users\Documents\ysix._dl%UserProfile%\Application Data\mepa.com
%UserProfile%\Cookies\guwysa.dat
%UserProfile%\Cookies\sasu.bat
%UserProfile%\Local Settings\Application Data\jyxot.dl
%UserProfile%\Local Settings\Application Data\mivekely._sy
%UserProfile%\Local Settings\Application Data\pozik.vbs
%UserProfile%\Local Settings\Application Data\wosi.vbs
c
Program Files\Common Files\gykyr.batc
Program Files\Common Files\ogumy.libc
Program Files\Common Files\uwolykiw.comc
WINDOWS\akikuvopa.dllc
WINDOWS\lydumyhery.scrc
WINDOWS\radimup.libc
WINDOWS\toli.pifc
WINDOWS\system32\_scui.cplc
WINDOWS\system32\oxatymy.dlWhile the program is running, you may also find that your computer starts to become slower. This is because the program is constantly running in the background and using up your computer's resources that other legitimate programs should be using. XP Antispyware will also occasionally display fake security alerts stating that your computer is infected and that you should purchase the program in order to protect yourself. Images of these fake alerts and of the program can be found below.
Beady Eye
Join Date: Feb 2001
Location: UK
Posts: 1,495
Likes: 0
Received 0 Likes
on
0 Posts
'nough said
Join Date: Sep 2002
Location: Raynes Park
Age: 58
Posts: 1,025
Likes: 0
Received 0 Likes
on
0 Posts
Depends how deep it has penetrated your operating system - at work we tend to rebuild (re-install) the PC from scratch to wipe it out for good.
You may be able to clean it up by running something like Spybot s&d and then a scan with a good anti-virus program (make sure both are updated and then run them both in Windows safe mode). You may have to run them more than once. A registry clean with ccleaner may also help.
But in all honesty a rebuild may be the only lasting option..
You may be able to clean it up by running something like Spybot s&d and then a scan with a good anti-virus program (make sure both are updated and then run them both in Windows safe mode). You may have to run them more than once. A registry clean with ccleaner may also help.
But in all honesty a rebuild may be the only lasting option..
Avoid imitations
Join Date: Nov 2000
Location: Wandering the FIR and cyberspace often at highly unsociable times
Posts: 14,573
Received 422 Likes
on
222 Posts
I had this problem. I was advised here to install "SUPERAntiSpyware".
It's a free download and it worked for my computer. I still use it.
It's a free download and it worked for my computer. I still use it.
More than just an ATCO
Thread Starter
Join Date: Jul 1999
Location: Up someone's nose
Age: 75
Posts: 1,768
Likes: 0
Received 0 Likes
on
0 Posts
Thanks everyone. I tried BDIONU's links and think I got sidetracked by another rogue when trying to run it.
I eventually got SUPERAntiSpyware to load and run and the problem has gone. 221 suspected infections found.
I thought i was fairly well protected by Avast and CCCleaner and Registry Helper.
Thanks again everybody
I eventually got SUPERAntiSpyware to load and run and the problem has gone. 221 suspected infections found.
I thought i was fairly well protected by Avast and CCCleaner and Registry Helper.
Thanks again everybody
MBAM is the other "rock star" with this type of infection. MBAM and SAS reportedly (usually) zap it for good.
'Course, you have to have all applications (Java, Flash player etc) up to date, and not be using IE6, otherwise the vulnerability is still present.
'Course, you have to have all applications (Java, Flash player etc) up to date, and not be using IE6, otherwise the vulnerability is still present.
Cool Mod
Join Date: Apr 1998
Location: 18nm N of LGW
Posts: 6,185
Likes: 0
Received 0 Likes
on
0 Posts
I had the problem too. It is VERY invasive - not so much as kiss my **** or by your leave!
It took some getting rid of but apart from the options above I found that it was essential to get at the root - in the registry, control panel and keep doing searches for 'spyware' and kill it.
It people like this who give computing a bad name.
It took some getting rid of but apart from the options above I found that it was essential to get at the root - in the registry, control panel and keep doing searches for 'spyware' and kill it.
It people like this who give computing a bad name.
I had a similar problem with IE antivirus. Company trading as Billingware. Just started helping themselves to my credit card at the rate of 3 or 4 times a month at £10-£40 a time. I managed to kill the infection and they stopped charging me saying a full refund would be made......they lied.
Now they refuse to answer my emails...... Buyer Beware of BILLINGWARE!!!
Now they refuse to answer my emails...... Buyer Beware of BILLINGWARE!!!
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
More than just an ATCO
Thread Starter
Join Date: Jul 1999
Location: Up someone's nose
Age: 75
Posts: 1,768
Likes: 0
Received 0 Likes
on
0 Posts
Interesting fact is was that I was trying to update Flash Player when Avast flagged a warning . The problem is that the invasive program actually looks like a Microsoft page.
Keef
Interestingly Amex informed me that they have had loads of complaints about this company but then said that it is between me and them, not Amex!!!!!
I am still in dialogue with them so here's hoping.
HJ
Interestingly Amex informed me that they have had loads of complaints about this company but then said that it is between me and them, not Amex!!!!!
I am still in dialogue with them so here's hoping.
HJ
