Spyware Warrior

[psieben04]

Hi,
I am having a problem with this "System Protect" spyware.
It attached itself this afternoon. I downloaded Malawarebytes anti-malware. It detected 3 rogue system protect entries. I deleted all three and re-booted my computer.
The minute it came up, the System Protect ran again.
Need some help

Thanks
Paul

[suzi]

Hi Paul,

Welcome to the forum. Please read this post and follow the instructions for posting a HijackThis log.

http://www.spywarewarrior.com/viewtopic.php?t=25477

A helper will review the log and advise you on what to do. Evidently MalwareBytes did not all the infection.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[Tarq57]

This isn't the same System Protect http://www.system-protect.com/ that is produced by Crawler, is it?
(If so, it can be removed using "add/remove programs" via the control panel.)
(And if so, I'd not recommend its use. It can and has prevented a lot of legitimate file modifications, including, in my case, a windows update.)
If not, you can probably pretty much disregard this post.

[suzi]

Tarq57,

Maybe that is what the OP is referring to. I was thinking of a rogue app with a similar name.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[battlespyware]

Hey Paul...

it would be a bummer if it was a new piece of malware. If you are interested I created a video tutorial on how to remove spyware for free.

I used spybot, malwarebytes and ccleaner.

If you have any specific issues removing that software I'd love to hear about it.

Chaz.[/url]

[MysteryFCM]

.... and you are? (your website claims you've been "on the front lines of the war on spyware & viruses since 2000.", but I've certainly not heard of you or your website)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[mikey]

[MysteryFCM]

Cheers mikey
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[suzi]

It would appear this same user is posting to newsgroup alt.privacy.spyware under the name of chaz.

http://groups.google.com/group/alt.privacy.spyware/browse_thread/thread/5ade329390e09287#

Mikey wrote:

[mikey]

[suzi]

It looks like he is making the rounds.

http://www.google.com/search?hl=en&q=battlespyware.com
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[MysteryFCM]

He did the same at the MBAM forums (I had his post removed from that one)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[mikey]

Please don't remove this section of the thread just yet as I have refed it in the ASAP 'Round Table' forum.

Perhaps someone who knows him will be able to explain the errors of his way.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE

Spyware/Adware is NOT freeware, it costs all of us dearly.

Mikey's Stuff

Fiddler and friends...essential web diagnostic, forensic, & development tools.
-

[suzi]

I wasn't planning to remove his post... yet. I am hoping he will return here and we can discuss his video and website. He gives some advice which I think is misleading and potentially dangerous to users.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[battlespyware]

Hey Suzi, Mikey, Mystery:

Sorry for not responding faster.

I am have been an on-call IT guy in south florida for the past 10 years. Specifically, I deal with Exchange more than any other specific software.

I support end users on a constant basis. This is where I get my exposure to malware, spyware, etc. Over the years I have seen spyware become more and more prevalent.

The intent of my post earlier was to help.

I created [url]battlespyware.com[/url] recently, with the intent on documenting the methods in which I have used to remove spyware.

I recorded a video of how I removed spyware from a computer with the notion of helping someone else. I can only physically fix so many computers in a day. Posting advice on the internet seemed like a good way to help more people.

Yes, I have also posted similar information on other forums. I posted my opinion when it seemed like I had something relevant to contribute.

I use forums when I need help or when I can give it. Isn't that why we are all here?

Sincerely,

Chaz.

[MysteryFCM]

Thanks for responding.

First and foremost, almost all malware removal forums have rules - the first of which is that you must be a trained helper to give advice concerning the removal of malware. This forum is one of those.

Secondly, the only advice I have seen you post, is to go to your website - this behaviour is normally considered spamming. This is especially true when it is done without the permission of the forum owner and/or when you are new to the forums yourself.

Thirdly, several respected individuals in the malware removal field consider your advice to be both misleading and potentially dangerous.

If you do indeed wish to help, then my first suggestion is to ditch the videos on your website until you have at least been through the malware removal training schools. For information on how to do such, please see the following;

http://spywarewarrior.com/viewtopic.php?t=1892
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

[battlespyware]

Mystery:

Thanks for taking the time to provide that info. I guess I was a bit too quick to post my opinion and I should have read the rules a bit more.

I will take your advice on the "malware removal training schools"

I will not be seeking to become "helper" on this forum.

I will continue to provide help elsewhere.

As for my advice being misleading and potentially dangerous, I agree. And it is easy to accuse anyone of that. Spyware is dangerous. The video was demonstration and the opinion of one person. It is presented and disclaimed as such.

If you want to be more specific as to what you would have done in that particular situation, I invite the discussion.

There is no one size fits all when removing spyware. What works on one computer will not work on all computers. The methods and tools used today are not the same we will be using tomorrow.

Thanks again for the info... and next time I will be more prudent on reading the rules.

Chaz.

[suzi]

Hi Chaz,

I'm glad you came back to post. There are two things in your video which are misleading and potentially dangerous, IMO. You say MalwareBytes and Spybot can remove nearly all malware on the internet. That is so far from the truth it scares me that you would say that. Or maybe you said spyware, I'm not sure. Either way, it's not true. If you take a look in our HijackThis logs forum, you can see all the users who've been infected with malware that cannot be removed with any anti-malware program, not even the best AVs on the market. Spyware not is not what it used to be when we were talking about adware like Claria, Zango, even DirectRevenue. We're seeing malware hidden by rootkits, malware that steals passwords, and worse stuff like Virut that infects all PE files, html files, etc. on a PC, worms like Conficker that spread by USB drives and is extremelty difficult to remove. Folks in the community have developed specialized tools to diagnose and remove this stuff because there is no anti-malware app or apps that can remove all of it.

Telling users to look up the entries in a HijackThis log and remove what they think is bad is very dangerous because of the potential to render the PC useless if someone doesn't know that they are doing.

I can appreciate your good intentions to help folks, however. If you want to read some of the HijackThis log threads here and see what the helpers do, it might be educational, and you can see what we deal with on a daily basis.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

[battlespyware]

Suzi:

Thanks for your post.

I agree with you completely. I did say "MBAM and SB can remove almost everything you can get infected with on the internet". That is an over generalization which is not accurate. My point was to promote the usage of SD and MBAM as I feel they are relatively safe to use in comparison to your HJT, Combofix, SDfix, etc.

As far as HiJactThis I agree with you also. In the video I disclaim how dangerous it is. I suggest using HJT it to check how good MBAM and SD did. When I removed certain hosts files I specifically said don't remove anything unless you are absolutely sure and suggested any uncertainty to be directed to a forum like this one.

I will go and re-dub that tutorial to make it better. I will be making another tutorial in the near future. I will make sure that I don't state anything misleading and make sure all disclaimers are a bit more pronounced.

I absolutely appreciate the feedback. I was actually hoping for it.

Sincerely,

Chaz.