Hi guys, Ok there is a new spyware going around, and if your infected it is extremly difficult to remove, to date there is no spyware program able to remove it, as it contains tracer files that Rename if they are being removed. Symptoms are: Home page is set to a "Blank" url, which basically looks like a search engine with lots of different text links, it will keep setting this as your home page no matter how many times you change it A little box constantly pops up telling you that you are infected with Spyware, and a link that states removal, however just takes you to a search engine on spyware removal programs This spyware is also a Http Web Hijacker, it picks up on certain sites and text, and takes you to a completly different page If you are infected, I know how to remove it (took lots of research) and I will be glad to help all those who are infected (better alternative to a Format) Either post here, or email me, and I will get to you on an Individual basis, it has to be individual as the file is self naming, so it is different in every computer. Hope I can help some of you fight these bastards :x :x
just run "hijack this" available from spywareinfo.comblade, its been around for ages, get with it, i do this for a job, its not that hard run hijack this, and stop the program that has the random charactersthen run kaspersky avp anti virus toolkit and it will remove it.ps if blade tries charging you to fix it...LOL
links inside http://www.kaspersky.com/trials for avp, which will remove ithttp://www.spywareinfo.com/~merijn/downloads.htmlfor hijack thiswith this virus like add it does the following, creates a random character file that repopulates itself, its embedded deep within the registry.what happens is this too, the virus replaces the "blank" file inside your winroot/system32 folder and wvery time you go to about:blank the blank html (with hidden script) executes, repopulating itself. its a bastard but if you get the software from those links you will be fine another great tool is cwshredder, also available from http://www.spywareinfo.com/~merijn/downloads.htmlcheers Jimmy
Nope sorry chicken That wont fix this one, this is a new spin off hybrid of the CWS applications, there is currently one method, and one method only of removing this new variant.And lol no im not charging But those programs you posted are good for removing the old style replicators and the standard CWS services
Been stopping... ...some good ones lately. Today I got W32.Randex.gen through an IRC port. I reckon software developers and specifically those in the commercial antivirus/firewall field are writing malicious code to keep themselves in cream buns.
Your probably right This new spyware is able to infiltrate the highest of internet security setting, but then again where to point the finger, Windows is about as secure from hackers/spyware, as a bucket full of holes is as good at holding water x( :N(
I have it too! It is really annoying sometimes sites that I KNOW work, get hijacked and I have to keep put the address down several times before it lets me go to the site.Our computer needs formatting at some time soon anyway, but I wanna know how to avoid getting these ever again.
Easy Fix.... Go to ToolsClick on Internet OptionsClick on securityClick on the internet zoneClick reset to defaut And you wont be suspectable to Hijack attemptsAnthonyKeep ing
blade, my method works 100% dont tell me i dont know what im doing, this is my area, i know how to fix it, im right Hijack this, then get rid of the random file name exe and anything else you find thats sus,then run KAV, will fix it
Thats better Yes that program should be able to remove the offender, but it is a special program, currently no standard spyware removal tool will get it
