TechSpot

Darksma spyware removal

By dlee337
Jul 25, 2008
  1. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I knew that, the bitdefender and homepage stuff
    Just wanted it clean

    Mind you, there are more there: PokerStarsUpdate.exe
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    PokerStarsUpdate.exe is not an infection I believe it can easily get infected if you do not use it remove it using hijackthis with the entry below

    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

    ================================

    Uninstall ComboFix

    • Click Start then Run
    • Now Type Combofix /u in the runbox
    • Make sure there's a space between Combofix & /u
    • Then hit Enter

    The above procedure will Delete the following:
    • ComboFix & it's associated files & folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide system/hidden files, if required.
    • Set a new, clean Restore Point.

    ------------------------------------------------------------------

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

    =======================================

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    =================================

    The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
    1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
    2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
    3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
    4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
    5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
    7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
    xxdanielxx
     
  3. dlee337

    dlee337 TS Rookie Topic Starter Posts: 28

    Thanks for all your help. one last question. when I ran my anti spam today I had a banbot spyware found again. it says its a trojan. do you think it is coming off of some site I go to or is it still hiding in my computer somewhere? I had it several days ago.but not in the last couple of days until today.
    I use pokerstars atleast once a week. I don't know what kim means about the REIS. I reset it like she said.
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    REIS is just reseting internet explorer to default run dss from below and attach the results.

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
     
  5. dlee337

    dlee337 TS Rookie Topic Starter Posts: 28

    here are the logs
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    right click on hijackthis and look at the location it is installed go to that location and rename hijackthis to bobo then copy and past a shortcut to your desktop then run and post a fresh hijackthis log
     
  7. dlee337

    dlee337 TS Rookie Topic Starter Posts: 28

    renamed the file heres the log
     
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Hi dlee337,

    DSS renames Hijackthis anyways - but the problem doesn't show in the Hijackthis portion anyways.

    Run HJT and click on Open the Misc Tools section.

    * Click the Open ADS Spy... button.
    * Uncheck "Quick scan (Windows base folder only)"
    * Click the Scan button to the left of the Save log... button.
    * When the scan has completed, click the Save log... button.
    * When the "Save ADS Spy log..." window open, click the Save button.
    * The log will be displayed in a Notepad window and when you close it, it will be saved by default to your Desktop.
    * Copy and paste the contents of the file adsspy.txt into your next reply.
     
  9. dlee337

    dlee337 TS Rookie Topic Starter Posts: 28

    ok here is the log.
     
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    I am not seeing anything left - does it still detect the file every time your restart?
     
  11. dlee337

    dlee337 TS Rookie Topic Starter Posts: 28

    Hey havn't seen it in last couple of days. must have picked it up on a website cause i will see it then want for a couple days. but my pc seems to be working properly. Thanks for everyones help;
     
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.