Eddie Famous
Andouille
  
   
      
    
Since: 11.12.01
From: Catlin IL
Since last post: 22 days
Last activity: 1 hour
|  #1 Posted on 22.2.10 2001.16 | Instant Rating: 5.57 |
Went to my stepdaughter and son-in-law's this last weekend, and between sightseeing I took a shot at his laptop, which had been barely functioning on the net for quite awhile.
It would not allow me to update the Ad-Aware program that was on the laptop, nor would it allow me to even go to the websites to download Spybot or SuperAntiSpyware. Using search engines was almost completely useless, as it would be redirected to all sorts of odd sites. Obviously something was severely wrong.
I was able to use a perfectly good desktop alongside the laptop to do some searching for problems on the net. I used the Google Chrome browser on the laptop, as it seemed to be least affected of the three browsers on the system, and downloaded the Eusing registry cleaner and What's Running successfully. After using those programs, I found a bunch of results for the always wonderful FastBrowserSearch.
This had been infected onto the laptop via the Tattoo-like Facebook programs, and had brought along a couple of friends. I had to edit the registry of Windows, and go through the Firefox browser with a fine tooth comb to find many of the tentacles of this monster, and still couldn't get any anti-spyware programs to work. Something else was wrong.
This is where luck helped a lot. I found an old download of SuperAntiSpyware deep in the system, but it wouldn't run normally, and it wouldn't update. Desperate, I opened the program folder and kept trying ANY executable file hoping something would take. Finally, one random one did, running the bare-bones basic scan with an interesting result.
It found a few garden-variety things, but the one that really stood out was the rogue program AntiSpyware 2009. BINGO! SAS removed that entry, and I was able to search and delete a couple other spots it had grown into.
Now, I was able to download and update, and I cleaned that sucker out as thoroughly as possible. I also downloaded the AVG program and ran that also.
However, FastBrowserSearch kept showing up, and I couldn't delete the file folder, even when I switched Administrators. It (Vista) kept saying I needed permission to get rid of it. So I went back and edited the registry again and re-installed Firefox.
When I left their place, the machine was running pretty normally, though there was still a FastBrowserSearch box in the upper right of the Firefox screen, and the file was still there. I declare the job about 95% successful, not bad for a non-tech.
They had gotten the laptop secondhand from a frequent LimeWire and Facebook user, and that person had never used anti-spy protection.
Anyone had luck removing FBS?
As of 2/28/05: 101 pounds since December 7, 2004
OFFICIAL THREE-MONTH COUNT: 112 pounds on March 9, 2005
OFFICIAL SIX-MONTH COUNT: 142 pounds on June 8, 2005
OFFICIAL ONE YEAR COUNT: 187 pounds on December 7, 2005
As of 2/27/06: 202 pounds "I've lost a heavyweight"
As of 7/31/06: 224 pounds
As of 12/7/08 (four years out): Still 210 pounds down!
Now announcing for NBWA Championship Wrestling!
*2008 NBWA Personality of the Year*
| Promote this thread! |           | thecubsfan
Scrapple
Moderator
Since: 10.12.01
From: Aurora, IL
Since last post: 2 days
Last activity: 1 day
| #2 Posted on 22.2.10 2231.07 | Instant Rating: 10.00 | I've not yet run into this one, though I think I did see the AntiSpyware 2009 a while back.
This post on Spybot has detailed file/registry removal instructions. Looks like it calls itself Search Guard or Search Guard Assist in some places.
thecubsfan.com - luchablog | wmatistic
Andouille
Since: 2.2.04
From: Austin, TX
Since last post: 2 days
Last activity: 1 hour
| AIM: |  |
| | |
| #3 Posted on 23.2.10 0705.59 | Instant Rating: 3.08 | | Malwarebytes does a great job of cleaning off AntiSpyware and HiJackThis is very helpful for the other. In the future you can just rename the executable of the scanner program you want to use and it'll run. AntiSpyware blocks by the file name so changing one letter bypasses it. |
| | | |
