Spyware detector, cant remove!!

[Bigfatgoalie]

Howard, I am of course, not one to question your suggestion but the folder in the avenger scritp:

C:\Program Files\common files\system,

contains loads of other files other than "MS15DAE2.dll"

It has some other sub folders "ado", "Mapi", "msadc" and "ole DB". It also has some more dll files such as "directdb.dll", "wab32res.dll" and "wab32.dll".

all the sub folders mentioned above also contain dll and other system files.

All in all 99 files are in this 'system' folder

In addition the creation date on the folder is the same as all my other core system folders such as "program files" and "windows" (i.e. indicating that 'C:\Program Files\common files\system,' has been there since i first got my cpu).

A quick check on processlibrary.com tells me some of these dll files are needed!? (e.g. for microsoft outlook address book etc)

Are you deffinatly sure I can delete this folder?? (assuming your avenger script wll do this?)

 

[howard_hopkinso]

Do not try and delete any other files in that folder. My Avenger script file is designed to only delete the MS15DAE2.dll file and nothing more. Please redownload the Avenger script again as I forgot to add the filename, now fixed.

Regards Howard

 

[Bigfatgoalie]

Ok, i have run the script and attached the output.

On reboot counterspy gave me the following message which Im not sure about? dont know if its related???:

"A startup program requires approval

An attempt is being made to add a program to your startup registry. Startup programs are loaded automatically when Windows boots up.

Name: c:\psvebwjw.bat

Advice: Since it is not known if this is spyware you should analyze it before deciding to allow it."

Is this to be expected?

Oh and i also deleted the "systemtray SD" on the HJT log.

Cheers

 

[howard_hopkinso]

I can find no info for the psvebwjw.bat file. Therefore, it could very well be bad.

Please do the following.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file c:\psvebwjw.bat
* Click Open
* Please let me know the results.

I also want you to run a a couple of scans for rootkits.

Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

Run the programme and click the click "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
* Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

Download and run the Blacklight programme. Follow all the instructions carefully.

Let me know the results please.

Regards Howard

This thread is for the use of Bigfatgoalie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Bigfatgoalie]

Howard,

I blocked the .bat file and now I cant find it, when I go to the website for the virusscan I cant find 'c:\psvebwjw.bat' (presumablly because I blocked it via Counterspy).

I can see no folder/file that stores blocked counterspy files.

Should I skip this step and press on with the rest of your instructions??

 

[howard_hopkinso]

Yes, skip that for now. Man, you sure are having some strange problems.

Regards Howard

This thread is for the use of Bigfatgoalie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Bigfatgoalie]

Howard.

Breakthrough i think.

It seems since i deleted the file per your last Avenger script "MS15DAE2.dll" that things are looking better!

I am no longer getting the 'Application, memory reference errors' at all!

I have just installed windows update (per earlier post couldnt previously do that)

So it looks like that file was the problem all along for that particular issue of mine!

Spyware detector has gone and my hjt log is clean, AVG antispyware is no longer picking up the MS15DAE2 folder, we deleted that earlier.

So hopefully things are looking better! Im keeping my fingers crossed!!

I will return in the morning to follow those other 2 steps with Antirootkit and Blacklight plus to run a full system and antispyware scan (they usually take 1.5 hours or so each).

Thanks again for all your help, most greatly appreciated.

Cheers

 

[howard_hopkinso]

That`s great news mate. I look forward to your rootkit scan results later.

Regards Howard

This thread is for the use of Bigfatgoalie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Bigfatgoalie]

Hi Howard.

Have run the antiroot kit (AVG) and the Blacklight and both found nothing! Cpu still free of the reference memory errors, looks like (fingers crossed) that things are ok at the moment!!

Not sure about 'c:\psvebwjw.bat', i havnt seen it since and it hasnt flashed up on counterspy again so hopefully that isnt a problem either. I'll have to keep an eye out for that!

I did notice that before we got destracted with C:\Program Files\15DAE254 and the whole avenger script you suggested I run the Ccleaner program, I hav not done that as yet, do you suggest I should go ahead and do that now?? ( i did run it as part of the preliminary removal for spyware and virus a while ago but I guess it cant hurt to run it again!?)

After doing that should I do one more HJT and AVG antispyware and post those just to make sure they are finally ok!?

I will also run a full antivirus check to make suer that picks up nothing!

Hopefully the end is in sight!

Thanks again for all your help

Cheers.

 

[howard_hopkinso]

By all means run the ccleaner programme again, it can`t hurt. In fact you can run the Clceaner programme whenever you want, it just clears out crap from your system.

If you want to post fresh HJT and AVG Antispyware logs, please feel free.

Regards Howard

This thread is for the use of Bigfatgoalie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Bigfatgoalie]

Hi again Howard,

ran some more scans:

Adaware, AVG, Spybot and AVG antispyware all found absolutely nothing which is great and I have attached (hopefully) one final HJT log which I would be real grateful if you could give your final seal of approval to!

One final thing, when I shut down my cpu the box comes up saying "ending program" for 'explorer.exe', it comes up everytime and I have to click 'end now' because the automatic ending process finishes but then says not responding so please click end now.

While I dont think this is virus related (it does happen in safe mode as well) I just wondered if you had any ideas on why this may be, or should I post this in another part of the forum (Windows O/S maybe?)

Thanks again for all your help,

Cheers

 

[howard_hopkinso]

Your HJT log is clean.

It`s possible that your explorer.exe file is damaged in some way.

Click satrt/run and type sfc /scannow into the runbox and press the enter key. Windows will check for any missing or damaged OS files and replace them as necessary. You will need to have your Windows cd handy.

If that doesn`t help, try running a Windows repair as per this thread HERE. If that still doesn`t help, then open a new thread in our Windows OS forum.

Regards Howard

This thread is for the use of Bigfatgoalie only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Bigfatgoalie]

Hi Howard,

I ran the SFC/Scannow but it found nothing, which is a relief, still not sure about the problem though!

I cant do the other task (reinstall windows) as I dont have my XP disk, the shop i got my PC from wanted to charge an extra £90 for that so I declined, which I guess is always a risk!

But anyway I have posted a new thread in the OS section of the foum and just wanted to really thank you for your help over the last couple of weeks. You have totally turned my PC around and i am forever grateful, you have been here to talk me through the stages and posted a reply almost instantly what ever day and (literally) what ever the time of night and I seriously appreciate it!

Thanks again,

Cheers.

 

[manu]

Spyware Detector

Hello,

Perhaps the uninstall file has been erroroneously removed by some software. You should reinstall the product after you downlaod from www.spywaredetector.biz/spywaredetector.exe and then uninstall from start>programs>spywaredetector>uninstall.

Regards,
Manu

 

[raybay]

Or just use the free KillDisk