Darksma spyware removal

also the last couple of days when My Ca Spyware runs it picks up
Client Man and Banbot. It says Banbot is a trojan. I delete them but they come back.

Have a look at:

New Preliminary Removal Instructions

It will remove all these nasties

Hey sorry I have been very busy

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  • C:\Program Files\zeropop.exe
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Virusscan.org will not get past step 2. It just sits there.says analyzing file.
I did the RIES. when I did that I downloaded the add on zero pop. do I need to delete it? My PC seems to be working good. The last couple days the trojan spyware has not showed up in my spyware scanner. I do appreciate all the help.
Thanks

try this one

http://www.kaspersky.com/scanforvirus

IE 7 has Popup Blocker anyway
I say remove it

Ok I found info on it

http://www.siteadvisor.com/sites/0pop.com/downloads/14313983/

It is a legit app can you post a fresh hijackthis log to make sure you are good to go

Here is my HJ log

Found all this, that can be ticked and removed:

I thought you were removing zeropop ?

Also that Main Start page (RR) was How to use Reset Internet Explorer Settings (RIES) run fully?

There may be other issues too!

You have fully run MalwareBytes, and then selecting remove all found issues, once completed?

there is nothing wrong anymore the log looks clean why are you removing items like

BitDefender
roadrunner homepage

and others that are not infected all we have to do is a clean up which I will post as soon as I can

I knew that, the bitdefender and homepage stuff
Just wanted it clean

Mind you, there are more there: PokerStarsUpdate.exe

PokerStarsUpdate.exe is not an infection I believe it can easily get infected if you do not use it remove it using hijackthis with the entry below

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

================================

Uninstall ComboFix

• Click Start then Run
• Now Type Combofix /u in the runbox
• Make sure there's a space between Combofix & /u
• Then hit Enter

The above procedure will Delete the following:

• ComboFix & it's associated files & folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide system/hidden files, if required.
• Set a new, clean Restore Point.

------------------------------------------------------------------

OTCleanit! by Oldtimer

• Download OTCleanIt
• Click the CleanUp! button.
  (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

=======================================

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

=================================

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

xxdanielxx

Thanks for all your help. one last question. when I ran my anti spam today I had a banbot spyware found again. it says its a trojan. do you think it is coming off of some site I go to or is it still hiding in my computer somewhere? I had it several days ago.but not in the last couple of days until today.
I use pokerstars atleast once a week. I don't know what kim means about the REIS. I reset it like she said.

REIS is just reseting internet explorer to default run dss from below and attach the results.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

here are the logs

right click on hijackthis and look at the location it is installed go to that location and rename hijackthis to bobo then copy and past a shortcut to your desktop then run and post a fresh hijackthis log

renamed the file heres the log

Hi dlee337,

DSS renames Hijackthis anyways - but the problem doesn't show in the Hijackthis portion anyways.

Run HJT and click on Open the Misc Tools section.

* Click the Open ADS Spy... button.
* Uncheck "Quick scan (Windows base folder only)"
* Click the Scan button to the left of the Save log... button.
* When the scan has completed, click the Save log... button.
* When the "Save ADS Spy log..." window open, click the Save button.
* The log will be displayed in a Notepad window and when you close it, it will be saved by default to your Desktop.
* Copy and paste the contents of the file adsspy.txt into your next reply.

ok here is the log.

I am not seeing anything left - does it still detect the file every time your restart?