spysheriff removal

[Lisa Simpson]

SAS does not even see/show the infection . . .

"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1167273411.630905.68450@48g2000cwx.googlegrou ps.com...
>
> Lisa Simpson wrote:
> > I would if I could, but I cannot get the offending files to reveal
> > themselves no matter what I do; all I get to see is the fact that
> > secure32.html keeps being set as the default IE page. HJT sees it &
allows
> > me to "fix" it, but a rescan immediately after doing so shows it right
back.
> > Doing everything in safe mode as administrator brings brief relief, but
as
> > soon as you reboot it's right back. A real bugger, this. I think I'll
just
> > reformat/reload . . .
> >
> > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
> > >
> > > Lisa Simpson wrote:
> > > > Anybody got a sure fire way to remove this pest? I've tried
hijackthis,
> > > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> > deletion
> > > > from the registry, and it just keeps coming back
> > >
> > > Submit me a diagnostic using the link below from the infected machine
> > > and I will see why we didn't remove it - I don't know of any variants
> > > we don't currently remove, and if this is one, I will update our
> > > definitions right away.
> > > http://www.superantispyware.com/diag....html?id=nicks
> > >
> > > I would also be careful about using any "batch files" that just delete
> > > the files without signature verification and/or quarantining.
> > >
> > > Nick Skrepetos
> > > SUPERAntiSpyware.com
> > > http://www.superantispyware.com
> > >
>
> Lisa - just run the diagnostic on the infected machine - it will show
> all
>

[Lisa Simpson]

Yep, seems to be the solution du jour . . .

"Leythos" <void@nowhere.lan> wrote in message
news:45932e4d$0$8912$4c368faf@roadrunner.com...
> In article <4593294e$0$8915$4c368faf@roadrunner.com>, none@none.com
> says...
> > I would if I could, but I cannot get the offending files to reveal
> > themselves no matter what I do; all I get to see is the fact that
> > secure32.html keeps being set as the default IE page. HJT sees it &
allows
> > me to "fix" it, but a rescan immediately after doing so shows it right
back.
> > Doing everything in safe mode as administrator brings brief relief, but
as
> > soon as you reboot it's right back. A real bugger, this. I think I'll
just
> > reformat/reload . .
>
> If you follow the directions provided by Nick or David, ignoring the
> crap posted by butts, and you can't resolve the problem, then a
> wipe/reinstall is a very good option/method.
>
> While removal of malware is possible, it's not a 100% science, it's a
> reactionary thing - meaning that someone/some company has to detect and
> then react to get it removed.
>
> In a secure environment, you never "remove" the malware, you
> wipe/reinstall from a know uncompromised source.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me

[Lisa Simpson]

SAS did not show the infection; AVG shows it but does not remove it; HJT
shows it & "removes" it but it comes right back; the new Ewido from the
people @ AVG shows it but does not remove it; the (relatively) expensive
xoft shows it but does not remove it; noahdfear does not remove it; smitrem
& smitfraud does not remove it; trojan remover shows it but does not remove
it; etc etc etc. The IE default page still keeps getting set to
secure32.html . . .

"---Fitz---" <---Fitz---@INVALID.COM> wrote in message
news:45936820$0$18109$4c368faf@roadrunner.com...
> Lisa,
>
> No need to format yet. Try Nick's suggestion first about submitting a log
> file.
>
> Never follow pcbutts advice.
>
> ---Fitz---
>
> "Lisa Simpson" <none@none.com> wrote in message
> news:4593294e$0$8915$4c368faf@roadrunner.com...
> |I would if I could, but I cannot get the offending files to reveal
> | themselves no matter what I do; all I get to see is the fact that
> | secure32.html keeps being set as the default IE page. HJT sees it &
> allows
> | me to "fix" it, but a rescan immediately after doing so shows it right
> back.
> | Doing everything in safe mode as administrator brings brief relief, but
as
> | soon as you reboot it's right back. A real bugger, this. I think I'll
> just
> | reformat/reload . . .
> |
> | "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> | news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
> | >
> | > Lisa Simpson wrote:
> | > > Anybody got a sure fire way to remove this pest? I've tried
> hijackthis,
> | > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> | deletion
> | > > from the registry, and it just keeps coming back
> | >
> | > Submit me a diagnostic using the link below from the infected machine
> | > and I will see why we didn't remove it - I don't know of any variants
> | > we don't currently remove, and if this is one, I will update our
> | > definitions right away.
> | > http://www.superantispyware.com/diag....html?id=nicks
> | >
> | > I would also be careful about using any "batch files" that just delete
> | > the files without signature verification and/or quarantining.
> | >
> | > Nick Skrepetos
> | > SUPERAntiSpyware.com
> | > http://www.superantispyware.com
> | >
> |
> |
>
>

[Lisa Simpson]

Good idea if SAS even saw the infection, but alas it does not . . .

"Charani" <me@privacy.invalid> wrote in message
news:45938aec$0$97231$892e7fe2@authen.yellow.readf reenews.net...
> On Wed, 27 Dec 2006 21:12:17 -0500, Lisa Simpson wrote:
>
> > ok, will give it a try & post results . . .
>
> If you use any of the pirated downloads that Butts claims are his,
> you'll likely end up with a useless PC and you'll have to do a
> reformat and reinstall.
>
> *Never* use any programs or utilities from any site but the
> originator's - and PCButts is *not* the originator of any of the
> programs he suggests, despite his claims to the contrary.
>
> Follow Nick's advice as he will be able to sort out the problem since
> he is the originator of SUPERAntiSpyware.

[pcbutts1]

Use Spyerase please. Then you can come back here and let everyone know how
it worked. You will also see how a bunch of liars they are. First read this
page http://www.pcbutts1.com/downloads then download
spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip


Let me know how it works. Send feedback here
http://pcbutts1-therealtruth.blogspot.com/


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker,David H. Lipman, Max M Wachtell III aka
What's in a Name?,Fitz,Rhonda Lea Kirk,Meat Plow, F Kwatu F, George Orwell



"Lisa Simpson" <none@none.com> wrote in message
news:4593ca33$0$17188$4c368faf@roadrunner.com...
> SAS did not show the infection; AVG shows it but does not remove it; HJT
> shows it & "removes" it but it comes right back; the new Ewido from the
> people @ AVG shows it but does not remove it; the (relatively) expensive
> xoft shows it but does not remove it; noahdfear does not remove it;
> smitrem
> & smitfraud does not remove it; trojan remover shows it but does not
> remove
> it; etc etc etc. The IE default page still keeps getting set to
> secure32.html . . .
>
> "---Fitz---" <---Fitz---@INVALID.COM> wrote in message
> news:45936820$0$18109$4c368faf@roadrunner.com...
>> Lisa,
>>
>> No need to format yet. Try Nick's suggestion first about submitting a
>> log
>> file.
>>
>> Never follow pcbutts advice.
>>
>> ---Fitz---
>>
>> "Lisa Simpson" <none@none.com> wrote in message
>> news:4593294e$0$8915$4c368faf@roadrunner.com...
>> |I would if I could, but I cannot get the offending files to reveal
>> | themselves no matter what I do; all I get to see is the fact that
>> | secure32.html keeps being set as the default IE page. HJT sees it &
>> allows
>> | me to "fix" it, but a rescan immediately after doing so shows it right
>> back.
>> | Doing everything in safe mode as administrator brings brief relief, but
> as
>> | soon as you reboot it's right back. A real bugger, this. I think I'll
>> just
>> | reformat/reload . . .
>> |
>> | "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
>> | news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
>> | >
>> | > Lisa Simpson wrote:
>> | > > Anybody got a sure fire way to remove this pest? I've tried
>> hijackthis,
>> | > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
>> | deletion
>> | > > from the registry, and it just keeps coming back
>> | >
>> | > Submit me a diagnostic using the link below from the infected machine
>> | > and I will see why we didn't remove it - I don't know of any variants
>> | > we don't currently remove, and if this is one, I will update our
>> | > definitions right away.
>> | > http://www.superantispyware.com/diag....html?id=nicks
>> | >
>> | > I would also be careful about using any "batch files" that just
>> delete
>> | > the files without signature verification and/or quarantining.
>> | >
>> | > Nick Skrepetos
>> | > SUPERAntiSpyware.com
>> | > http://www.superantispyware.com
>> | >
>> |
>> |
>>
>>
>
>

[Daemon]

Lisa

This seems to be a new infection doing the rounds at the moment. Look in
your HJT log for this entry:

O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe

If it's there, that will be the re-infector. Get a sample of it to Nick for
his definitions. In the meantime, if you start a topic at Geeks to Go called
FAO: Daemon, with a HJT log posted, I'll clean your system.

http://www.geekstogo.com/forum/Malwa..._Here-f37.html


"Lisa Simpson" <none@none.com> wrote in message
news:4593294e$0$8915$4c368faf@roadrunner.com...
>I would if I could, but I cannot get the offending files to reveal
> themselves no matter what I do; all I get to see is the fact that
> secure32.html keeps being set as the default IE page. HJT sees it &
> allows
> me to "fix" it, but a rescan immediately after doing so shows it right
> back.
> Doing everything in safe mode as administrator brings brief relief, but as
> soon as you reboot it's right back. A real bugger, this. I think I'll
> just
> reformat/reload . . .
>
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
>>
>> Lisa Simpson wrote:
>> > Anybody got a sure fire way to remove this pest? I've tried
>> > hijackthis,
>> > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> deletion
>> > from the registry, and it just keeps coming back
>>
>> Submit me a diagnostic using the link below from the infected machine
>> and I will see why we didn't remove it - I don't know of any variants
>> we don't currently remove, and if this is one, I will update our
>> definitions right away.
>> http://www.superantispyware.com/diag....html?id=nicks
>>
>> I would also be careful about using any "batch files" that just delete
>> the files without signature verification and/or quarantining.
>>
>> Nick Skrepetos
>> SUPERAntiSpyware.com
>> http://www.superantispyware.com
>>
>
>
>

[Nick Skrepetos]

Lisa Simpson wrote:
> Good idea if SAS even saw the infection, but alas it does not . . .
>
> "Charani" <me@privacy.invalid> wrote in message
> news:45938aec$0$97231$892e7fe2@authen.yellow.readf reenews.net...
> > On Wed, 27 Dec 2006 21:12:17 -0500, Lisa Simpson wrote:
> >
> > > ok, will give it a try & post results . . .
> >
> > If you use any of the pirated downloads that Butts claims are his,
> > you'll likely end up with a useless PC and you'll have to do a
> > reformat and reinstall.
> >
> > *Never* use any programs or utilities from any site but the
> > originator's - and PCButts is *not* the originator of any of the
> > programs he suggests, despite his claims to the contrary.
> >
> > Follow Nick's advice as he will be able to sort out the problem since
> > he is the originator of SUPERAntiSpyware.

I am confused here - I have provided a diagnostic link so that I can
see what we are "missing" to update our definitions to remove this
infection, but you have not clicked the link to run the diagnostic. Are
you really interested in removing the infection? If so, and you want
my/SAS assistance, please run the diagnostic below:
http://www.superantispyware.com/diag....html?id=nicks

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[Nick Skrepetos]

Lisa Simpson wrote:
> SAS does not even see/show the infection . . .
>
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167273411.630905.68450@48g2000cwx.googlegrou ps.com...
> >
> > Lisa Simpson wrote:
> > > I would if I could, but I cannot get the offending files to reveal
> > > themselves no matter what I do; all I get to see is the fact that
> > > secure32.html keeps being set as the default IE page. HJT sees it &
> allows
> > > me to "fix" it, but a rescan immediately after doing so shows it right
> back.
> > > Doing everything in safe mode as administrator brings brief relief, but
> as
> > > soon as you reboot it's right back. A real bugger, this. I think I'll
> just
> > > reformat/reload . . .
> > >
> > > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > > news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
> > > >
> > > > Lisa Simpson wrote:
> > > > > Anybody got a sure fire way to remove this pest? I've tried
> hijackthis,
> > > > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> > > deletion
> > > > > from the registry, and it just keeps coming back
> > > >
> > > > Submit me a diagnostic using the link below from the infected machine
> > > > and I will see why we didn't remove it - I don't know of any variants
> > > > we don't currently remove, and if this is one, I will update our
> > > > definitions right away.
> > > > http://www.superantispyware.com/diag....html?id=nicks
> > > >
> > > > I would also be careful about using any "batch files" that just delete
> > > > the files without signature verification and/or quarantining.
> > > >
> > > > Nick Skrepetos
> > > > SUPERAntiSpyware.com
> > > > http://www.superantispyware.com
> > > >
> >
> > Lisa - just run the diagnostic on the infected machine - it will show
> > all
> >

Lisa - this is why I want you to run the diagnostic from the INFECTED
machine - I can update our definitions to detect and remove what we
apparently did not catch on your system:

http://www.superantispyware.com/diag....html?id=nicks

The diagnostic let's me "see" what is running and what we missed.......

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[Lisa Simpson]

Am currently in the process of reformatting/reloading the machine, I just
can't afford to put any more time into this; I've already lost 18 hours
trying different fixes. If I run across this problem again I will try the
other 2 remedies suggested further down this thread & see if that does
anything then, but I gotta get this machine up as it's a business machine .
.. .

"Lisa Simpson" <none@none.com> wrote in message
news:4593c8e8$0$17151$4c368faf@roadrunner.com...
> SAS does not even see/show the infection . . .
>
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> news:1167273411.630905.68450@48g2000cwx.googlegrou ps.com...
> >
> > Lisa Simpson wrote:
> > > I would if I could, but I cannot get the offending files to reveal
> > > themselves no matter what I do; all I get to see is the fact that
> > > secure32.html keeps being set as the default IE page. HJT sees it &
> allows
> > > me to "fix" it, but a rescan immediately after doing so shows it right
> back.
> > > Doing everything in safe mode as administrator brings brief relief,
but
> as
> > > soon as you reboot it's right back. A real bugger, this. I think
I'll
> just
> > > reformat/reload . . .
> > >
> > > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > > news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
> > > >
> > > > Lisa Simpson wrote:
> > > > > Anybody got a sure fire way to remove this pest? I've tried
> hijackthis,
> > > > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> > > deletion
> > > > > from the registry, and it just keeps coming back
> > > >
> > > > Submit me a diagnostic using the link below from the infected
machine
> > > > and I will see why we didn't remove it - I don't know of any
variants
> > > > we don't currently remove, and if this is one, I will update our
> > > > definitions right away.
> > > > http://www.superantispyware.com/diag....html?id=nicks
> > > >
> > > > I would also be careful about using any "batch files" that just
delete
> > > > the files without signature verification and/or quarantining.
> > > >
> > > > Nick Skrepetos
> > > > SUPERAntiSpyware.com
> > > > http://www.superantispyware.com
> > > >
> >
> > Lisa - just run the diagnostic on the infected machine - it will show
> > all
> >
>
>

[Nick Skrepetos]

Lisa Simpson wrote:
> Am currently in the process of reformatting/reloading the machine, I just
> can't afford to put any more time into this; I've already lost 18 hours
> trying different fixes. If I run across this problem again I will try the
> other 2 remedies suggested further down this thread & see if that does
> anything then, but I gotta get this machine up as it's a business machine .
> . .
>
> "Lisa Simpson" <none@none.com> wrote in message
> news:4593c8e8$0$17151$4c368faf@roadrunner.com...
> > SAS does not even see/show the infection . . .
> >
> > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > news:1167273411.630905.68450@48g2000cwx.googlegrou ps.com...
> > >
> > > Lisa Simpson wrote:
> > > > I would if I could, but I cannot get the offending files to reveal
> > > > themselves no matter what I do; all I get to see is the fact that
> > > > secure32.html keeps being set as the default IE page. HJT sees it &
> > allows
> > > > me to "fix" it, but a rescan immediately after doing so shows it right
> > back.
> > > > Doing everything in safe mode as administrator brings brief relief,
> but
> > as
> > > > soon as you reboot it's right back. A real bugger, this. I think
> I'll
> > just
> > > > reformat/reload . . .
> > > >
> > > > "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
> > > > news:1167240221.916142.284960@i12g2000cwa.googlegr oups.com...
> > > > >
> > > > > Lisa Simpson wrote:
> > > > > > Anybody got a sure fire way to remove this pest? I've tried
> > hijackthis,
> > > > > > ewido, superantispyware, panda antivirus, xoftspy, avg, & manual
> > > > deletion
> > > > > > from the registry, and it just keeps coming back
> > > > >
> > > > > Submit me a diagnostic using the link below from the infected
> machine
> > > > > and I will see why we didn't remove it - I don't know of any
> variants
> > > > > we don't currently remove, and if this is one, I will update our
> > > > > definitions right away.
> > > > > http://www.superantispyware.com/diag....html?id=nicks
> > > > >
> > > > > I would also be careful about using any "batch files" that just
> delete
> > > > > the files without signature verification and/or quarantining.
> > > > >
> > > > > Nick Skrepetos
> > > > > SUPERAntiSpyware.com
> > > > > http://www.superantispyware.com
> > > > >
> > >
> > > Lisa - just run the diagnostic on the infected machine - it will show
> > > all
> > >
> >
> >

The diagnostic takes all of 2 minutes to run and would help many other
users by identifying what was not detected by many programs.....too
late I guess.