Need some help

[JimiP]

Hello all,

Alright I'll just right down to it. Last night I encountered a spyware program called SpyCrush. Now, there has been several pages on this program and how to remove it from your system but I simply cannot get it off. There is no traces of the program in the Windows Registry and it does not allow me to delete it's folder in my Program Files.

SpyCrush is a rogue spyware program that simply annoys the HELL out of you with balloon messages from the system tray. It also tries to disguise itself as a Windows-ish firewall/spyware program to make you think it's legit. It's system tray icon is the Blue/Red shield with the X or the ? on it. It also has a second icon which is the System Alert icon.

I have tried almost everything I can do to remove this garbage but with no luck. Please send me some advice.

-JimiP

 

[NikolaeVarius]

http://www.wiki-security.com/wiki/Parasite/SpyCrush

 

[JimiP]

I appreciate the link but I've already been to that page and tried the SpyHunter software. Unfortunately, it only scans your system for spyware which it did find. However, I cannot remove spyware from my PC with that program unless I purchase the full version.

Also, I tried manually removing SpyCrush to no avail. I cannot locate any of the specified files, DDL's and exe's on my PC. I am absolutely lost in this.

 

[mechBgon]

One quick thing to try is System Restore. I have a test system that I ran a Zlob trojan on (Video ActiveX Object, a fake video codec that's really a Trojan) and it has SpyCrush as a result, so I'll test an alternate removal method in the meanwhile.

 

[mechBgon]

BTW, SpyHunter was on the Rogue anti-spyware programs bad list. Despite being de-listed at the moment... yeah. Definitely do NOT spend a cent on it. Especially not to "fix" problem files that may not actually exist. :frown:

My suggested plan of attack if System Restore doesn't help:

1) install CCleaner and run it.

2) install SpyBot Search & Destroy and update it.

3) install SUPERAntispyware and update it.

4) in your antivirus program, go through all the settings panels for real-time and on-demand scanning. Max out all the options such as heuristics, optional types of detections (adware/spyware/etc). Now update your virus definitions and run a full scan.

5) next, reboot the system if the antivirus said to, then run scans with Spybot S&D and then SUPERAntispyware.

6) run the Secunia online checkup to check your system for exploitable vulnerabilities in stuff you might not think of, like Acrobat Reader, QuickTime, WinAmp, and so forth. Fix that stuff.

7) read through this suggestion list for better security. This type of stuff is definitely preventible.


If you have no antivirus, or problems persist, or you just feel like trying something else, uninstall your present antivirus and try free Kaspersky. It killed the majority of the SpyCrush stuff, as well as the Zlob that dragged in SpyCrush and the fake alerts in the first place. I emailed them some files that escaped detection so far, so they may have them on the definitions in a few hours, but SUPERAntispyware already picks them up, so the routine above will probably get you fixed up.

 

[JimiP]

Thank you for the links mechBgon. I've downloaded and installed CCleaner, SpyBot Search & Destroy, SUPERAntispyware and updated them.

I've gotten rid of unused files (CCleaner) and I've run two full system scans, one with SpybotS&D and one with SUPERAS. It found all my problematic files and it seems to have gotten rid of them, however, when I boot up, I still get the fake "Microsoft-ish" red & blue shield that came with the spyware. Since I can't find the specific file to get rid of that directly, is it safe to just "Always Hide" it? In the system tray preferences it says that the icon has no name. Odd...

I'll be trying Secunia next. Also I was wanting to know... Which AV solution do you guys prefer? Norton's, AVG or this Kapersky?

 

[Schadenfroh]

Originally posted by: JimiP
Which AV solution do you guys prefer? Norton's, AVG or this Kapersky?

Kaspersky offers one of the highest detection rates of any antivirus solution, it also gets updated every hour, which means it has the quickest new threat response time in the industry, combine that with a minimal impact on system resources and you have one of the best (and arguably the best) antivirus solution on the market.

reference:
AntiVirus Detection Rate Thread

 

[John]

Originally posted by: JimiP
I've gotten rid of unused files (CCleaner) and I've run two full system scans, one with SpybotS&D and one with SUPERAS. It found all my problematic files and it seems to have gotten rid of them, however, when I boot up, I still get the fake "Microsoft-ish" red & blue shield that came with the spyware. Since I can't find the specific file to get rid of that directly, is it safe to just "Always Hide" it? In the system tray preferences it says that the icon has no name. Odd...

You need to use specialty tools. Download my rogueremoval kit, install Rogue Remover and update it, then reboot to safe mode and run these 4 tools:

1) smitfraudfix
2) roguefix
3) rogue remover
4) vundofix

*ignore the rest of the tools for now*

Congrats! Your fake security alert will no longer be an issue. 😀

 

[mechBgon]

Originally posted by: JimiP
Which AV solution do you guys prefer? Norton's, AVG or this Kapersky?

I prefer Kaspersky for pretty much the reasons Schadenfroh listed. High detection rates, delivered in time to protect you. But I'm not giving up my non-Admin user account! 😀

 

[JimiP]

@mechBgon - Thank you SO much for providing the links to the programs, they definitely helped me get rid of all the junk!

@John - And thank you SO much for providing that Rogue Remover kit, it seems to have worked flawlessly!

I appreciate it guys,
-JimiP