Spy-sweeper

  • Thread starter Thread starter artysan
  • Start date Start date
A

artysan

I am getting frustrated with this Spy-sweeper problem popping up mainly when
I open Hotmail ,is anyone else getting this .How can I get rid of it
--
artysan
 
Read your post,
Ok now lets pretend that you are someone else reading it, someone who
doesn't have a clue what is going on with your spysweeper program, ok,now do
you really think that that person has any clue to just what it is you are
talking about?

Alittle more detail just might get you that answer you are looking for.Or
you might try Webroots support page. Perhaps they have Psychics on their
payroll.
--
Mike Pawlak


"artysan" wrote:

> I am getting frustrated with this Spy-sweeper problem popping up mainly when
> I open Hotmail ,is anyone else getting this .How can I get rid of it
> --
> artysan
 
Hi, Spy-sweeper is on of those programmes which somehow gets onto a computer
and where the offer is for me to buy the tool to get rid of it ,this only
happens when I go onto Hotmail. I have deleted the cookies for Spy-sweeper
and Dr Protector and done a search of the registry with no result .What else
can I do. arty
--
artysan


"MAP" wrote:

> Read your post,
> Ok now lets pretend that you are someone else reading it, someone who
> doesn't have a clue what is going on with your spysweeper program, ok,now do
> you really think that that person has any clue to just what it is you are
> talking about?
>
> Alittle more detail just might get you that answer you are looking for.Or
> you might try Webroots support page. Perhaps they have Psychics on their
> payroll.
> --
> Mike Pawlak
>
>
> "artysan" wrote:
>
> > I am getting frustrated with this Spy-sweeper problem popping up mainly when
> > I open Hotmail ,is anyone else getting this .How can I get rid of it
> > --
> > artysan
 
Please Artysan

Make a screenshot of the pop-up and post it here (or a link to an image
hosting).
Give us, also, the complete URL used when going on Hotmail.

Formally, this is "SPY Sweeper", not "Spy-Sweeper".
Are you sure you are using the good one and not a crapware ?

Are you using the new free Spy Sweeper scanner only witch include a Ask
Jeeves toolbar ?
This is new
http://assiste.forum.free.fr/viewtopic.php?t=19298

What OS ?

What browser ?

ActiveX on or off ?

Wsh on or off ?

Java on or off ?

Nobody can help reading your post. Info needed.

Most important for me - "Dr Protector" ?
Well, I am the author of "La Crapthèque" (a collection and analyses of
pseudo security tools - crapwares)
static site at http://assiste.com.free.fr/p/craptheque/craptheque.html
and
dynamic news on http://assiste.forum.free.fr/viewforum.php?f=115

I never heard of "Dr Protector" or "Doctor Protector" or "DrProtector".
What it is ? A SoftWare ? Please, give me a link to download it. I
Google the world for it and did not find anything (except a female gel
and a CD/DVD 4Oz surface coating).

Be extremely precise in what you write.

Pierre (aka Terdef)
http://assiste.com
ASAP Admin - SWI Ambassador - Malwerbytes Expert




--
Terdef
 
--
http://bl116w.blu116.mail.live.com/...ef5f-e76f-4e07-bb60-2e6af5158ba3&n=1847147498
This is what comes up when I click on the Hotmail button short cut. My
browser is IE7, OS is Windows XP pro,My activeX is on with Block on third
party cookies. Definately spy-sweeper and not SPY Sweeper. Only using
NOD32,Ad-aware ,Spybot and Windows anti-virus .No Jeeves toolbar. Pop up
blocker is on in IE7.
Appears problem has disappeared since I removed cookies for spy-sweeper and
Dr Protector. Tried to make it appear today for screenshot without success.
Thanks for your concern .If it happens again I will send another post.
artysan
artysan


"artysan" wrote:

> I am getting frustrated with this Spy-sweeper problem popping up mainly when
> I open Hotmail ,is anyone else getting this .How can I get rid of it
> --
> artysan
 
'I have just gone into Hotmail again and I have a new item now called
'"Online Guard" .
Nod 32 shows it on a red screen .I have taken a screen shot ,how do I attach
it to this message.artysan
--
artysan


"artysan" wrote:

> I am getting frustrated with this Spy-sweeper problem popping up mainly when
> I open Hotmail ,is anyone else getting this .How can I get rid of it
> --
> artysan
 
artysan wrote:
> I have taken a screen shot ,how do I attach it to this message.

Please don't attach anything. This is a plain-text newsgroup.

Instead, upload the image to a site like http://photobucket.com/ (which
is free) and include a link to it in your next post.
 
<a
href="http://s245.photobucket.com/albums/gg54/artysan/?action=view&current=Nod32707.jpg"
target="_blank"><img
src="http://i245.photobucket.com/albums/gg54/artysan/Nod32707.jpg" border="0"
alt="nod32 707.jpg"></a> This is what NOD32 picked up today

Nothing like your description
--
artysan


"Daave" wrote:

> artysan wrote:
> > I am getting frustrated with this Spy-sweeper problem popping up
> > mainly when I open Hotmail ,is anyone else getting this .How can I
> > get rid of it
>
> Does this look familiar?:
>
> http://bharath-m-narayan.blogspot.com/2007/12/spyware-sweepernet.html
>
>
>
 
artysan wrote:
> <a
> href="http://s245.photobucket.com/albums/gg54/artysan/?action=view&current=Nod32707.jpg"
> target="_blank"><img
> src="http://i245.photobucket.com/albums/gg54/artysan/Nod32707.jpg" border="0"
> alt="nod32 707.jpg"></a> This is what NOD32 picked up today
>
> Nothing like your description

Try one of these Virus Removal Tools:

Avast! One tool for any current virus
http://www.avast.com/eng/avast-virus-cleaner.html

Symantec Virus Removal Tools
http://www.symantec.com/business/security_response/removaltools.jsp

F-Secure Virus Removal Tools
http://www.f-secure.com/download-purchase/tools.shtml

Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools

_Anti-Spyware_

Spybot Search & Destroy
http://spybot.eon.net.au/
http://www.safer-networking.org/
http://spybot.safer-networking.de/
SpyBot S&D guide
http://www.chem.wisc.edu/~network/spybot/

Ad-Aware
http://www.lavasoftusa.com/
http://www.lavasoft.nu/

Spyware Blaster
http://www.wilderssecurity.net/spywareblaster.html
http://www.javacoolsoftware.com/spywareblaster.html
http://www.net-integration.net/tools/spywareblaster.html

CWShredder (CoolWebSearch remover)
http://www.spywareinfo.com/~merijn/cwschronicles.html
http://www.spywareinfo.com/~merijn/files/cwshredder.zip


--
Joe =o)
 
Did a scan with Symantec anti-virus scan.Scanned with Microsoft scanner,Full
scan with Spybot, Full scan with Ad-aware Pro .Nod 32 shows Threat to
probably be variant of Win32/Trojan downloader, Agent,NTA trojan. So how do I
get rid of it please ???
--
artysan


"Elmo" wrote:

> artysan wrote:
> > <a
> > href="http://s245.photobucket.com/albums/gg54/artysan/?action=view&current=Nod32707.jpg"
> > target="_blank"><img
> > src="http://i245.photobucket.com/albums/gg54/artysan/Nod32707.jpg" border="0"
> > alt="nod32 707.jpg"></a> This is what NOD32 picked up today
> >
> > Nothing like your description
>
> Try one of these Virus Removal Tools:
>
> Avast! One tool for any current virus
> http://www.avast.com/eng/avast-virus-cleaner.html
>
> Symantec Virus Removal Tools
> http://www.symantec.com/business/security_response/removaltools.jsp
>
> F-Secure Virus Removal Tools
> http://www.f-secure.com/download-purchase/tools.shtml
>
> Kaspersky Virus Removal Tools
> http://www.kaspersky.com/removaltools
>
> _Anti-Spyware_
>
> Spybot Search & Destroy
> http://spybot.eon.net.au/
> http://www.safer-networking.org/
> http://spybot.safer-networking.de/
> SpyBot S&D guide
> http://www.chem.wisc.edu/~network/spybot/
>
> Ad-Aware
> http://www.lavasoftusa.com/
> http://www.lavasoft.nu/
>
> Spyware Blaster
> http://www.wilderssecurity.net/spywareblaster.html
> http://www.javacoolsoftware.com/spywareblaster.html
> http://www.net-integration.net/tools/spywareblaster.html
>
> CWShredder (CoolWebSearch remover)
> http://www.spywareinfo.com/~merijn/cwschronicles.html
> http://www.spywareinfo.com/~merijn/files/cwshredder.zip
>
>
> --
> Joe =o)
>
 
artysan wrote:
> Did a scan with Symantec anti-virus scan. Scanned with Microsoft scanner, full
> scan with Spybot, full scan with Ad-aware Pro. Nod 32 shows Threat to
> probably be variant of Win32/Trojan downloader, Agent, NTA trojan. So how do I
> get rid of it please???

The malware has probably disabled your a/v software; that's one of the
first things they do.

The utilities mentioned are a one-time fix. With all but the Avast!
version, you have to select the malware by name from the many items
listed on the page.

If it is in fact a new strain of malware, not yet reported, a cure might
not be available yet. You can submit a sample to Symantec and they may
have a fix.

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031615501306

--
Joe =o)
 
Elmo wrote:
> artysan wrote:
>> Did a scan with Symantec anti-virus scan. Scanned with Microsoft
>> scanner, full scan with Spybot, full scan with Ad-aware Pro. Nod 32
>> shows Threat to probably be variant of Win32/Trojan downloader,
>> Agent, NTA trojan. So how do I get rid of it please???
>
> The malware has probably disabled your a/v software; that's one of the
> first things they do.
>
> The utilities mentioned are a one-time fix. With all but the Avast!
> version, you have to select the malware by name from the many items
> listed on the page.
>
> If it is in fact a new strain of malware, not yet reported, a cure
> might
> not be available yet. You can submit a sample to Symantec and they
> may
> have a fix.
>
> http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031615501306

There is very little information currently. This is the best I can find:

http://bharath-m-narayan.blogspot.com/2007/12/scanner-page-is-live-now.html


To OP, I'm not sure if there is a cure yet. You can try SUPERAntiSpyware
Free:

http://www.superantispyware.com/superantispywarefreevspro.html

If no joy, you can try running HijackThis:

http://www.spywareinfo.com/~merijn/programs.php

and posting the log to an appropriate forum, such as:

http://www.bleepingcomputer.com/forums/forum22.html

Here's a helpful tutorial:

http://www.bleepingcomputer.com/tutorials/tutorial42.html
 
Elmo;3036155 Wrote:
> artysan wrote:
> Get rid of dr.protection

Is a variant of SpySheriff

Adware.Fakealert-52 (ClamAV)
Adware.SpySherif.Gen.2 (VirusBuster)
Application/DrProtection (Panda)
Downloader.MisleadApp (Symantec)
FraudTool.SpySheriff.f (Not a Virus) (CAT-QuickHeal)
Generic.Malware (Prevx1)
not-a-virus:.FraudTool.Win32.SpySheriff.f (Ikarus)
not-a-virus:FraudTool.Win32.SpySheriff.f (Kaspersky)
Program:Win32/SpySheriff (Microsoft)
TR/Dldr.Sentry.C (AntiVir)
Troj/DrProt-Gen (Sophos)
Trojan.Dldr.Sentry.C (Webwasher-Gateway)
Win32/Adware.BraveSentry (NOD32v2)
Win32/Oneraw.CI (eTrust-Vet)
Win-Trojan/Spyshield.51200 (AhnLab-V3)

Delete this HKCU run value
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
drprotection

In Safe Mode, delete these dll if exist
%program_files%\drprotection\drprotection3.dll
%program_files%\drprotection\drprotection1.dll
%program_files%\drprotection\drprotection0.dll

Delete these keys if exist
HKEY_CURRENT_USER\software\drprotection
HKEY_CURRENT_USER\software\drprotection automaticstartup
HKEY_CURRENT_USER\software\drprotection enablescheduledscan
HKEY_CURRENT_USER\software\drprotection hscheduledscan
HKEY_CURRENT_USER\software\drprotection mscheduledscan
HKEY_CURRENT_USER\software\drprotection previous
HKEY_CURRENT_USER\software\drprotection previousmark
HKEY_CURRENT_USER\software\drprotection uninstall
HKEY_CURRENT_USER\software\drprotection\scan
HKEY_CURRENT_USER\software\drprotection\scan automaticdeletion
HKEY_CURRENT_USER\software\drprotection\system security
HKEY_CURRENT_USER\software\drprotection\updates
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
drprotection
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection
displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection
displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection
helplink
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection
uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\drprotection
urlinfoabout
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
drprotection

Delet these files if exist
drprotection.exe
drprotectionsetup.exe
%desktopdirectory%\drprotection.lnk
%program_files%\drprotection\drprotection.exe
%program_files%\drprotection\drprotection.lic
%program_files%\drprotection\drprotection0.dll
%program_files%\drprotection\drprotection0.dp
%program_files%\drprotection\drprotection1.dll
%program_files%\drprotection\drprotection1.dp
%program_files%\drprotection\drprotection3.dll
%program_files%\drprotection\uninstall.exe
%programs%\drprotection\drprotection.lnk
%programs%\drprotection\uninstall.lnk
%program_files%\drprotection\drprotection3.dll
%program_files%\drprotection\drprotection1.dll
%program_files%\drprotection\drprotection0.dll
%program_files%\drprotection\drprotection.exe
drprotectionsetup.exe
%program_files%\drprotection\uninstall.exe


Delete these dir if exist
%program_files%\drprotection
%programs%\drprotection

Verify if there is anything left in the registry (make a search for
"drprotection")

ActiveX technologie : De-activate ActiveX

Sorry for my poor english and for all my links in French

Browser : Download Firefox and install
http://assiste.com.free.fr/p/logitheque/firefox.html

Download NoScript from Symantec and disable WSH
http://assiste.com.free.fr/p/logitheque/noscript.html

Restore points
Disable (to erase all) then enable.

Reboot

Definitively block IE in your Firewall

Surf under Firefox with Noscript and AdBlock Plus
Look at my how to for NoScript (and block <IFRAME>...)
The problem of crapwares will not appears any more
http://tinyurl.com/22gpyf
http://assiste.com.free.fr/p/logitheque/adblock_plus.html

Run CCleaner (Crap Cleaner) Freeware
Only download the light version (without Yahoo! toolbar)
http://tinyurl.com/3bva8u

Run RogueRemover (Freeware)
http://assiste.com.free.fr/p/logitheque/rogueremover.html
The free version erase more than 300 rogue security software

Have a deep AV scan under Firefox (only a java scanner - not an ActiveX
: Trend Java Scanner - http://housecall.trendmicro.com/ )

Good Luck

I have found what I was looking for - Dr.Protection




--
Terdef
 
Back
Top