SpywareQuake ... same old crap, new name.

Discussion in 'Is this Spyware?' started by muckshifter, Mar 31, 2006.

  1. muckshifter

    muckshifter

    Joined:
    Feb 21, 2006
    Messages:
    68
    Likes Received:
    0
    Location:
    In a Hovel


    :rolleyes:
     
    muckshifter, Mar 31, 2006
    #1
    1. Advertisements

  2. muckshifter

    muckshifter

    Joined:
    Feb 21, 2006
    Messages:
    68
    Likes Received:
    0
    Location:
    In a Hovel
    This is getting worse ... Ad-Aware is the boy for the job, but ...

    ... you want to check Safe Boot and select Minimal (Alternate Shell)

    [​IMG]

    This will start you in Safe Mode with Command Prompt where you can do:

    cd \program files\lavasoft\ad-aware se personal

    (or use wildcards like \program files\lavasoft\ad*)

    Then type ad-aware to launch the application. You can do similar things with spybotsd and antivir antivirus (type avcenter.exe) which is simple enough to run in Safe Mode with Command Prompt.

    That said, while you should be able to get rid of spyware quake/falcon/whatever, until you find the root cause (downloader trojan), it and other things may keep coming back. In my case, I had missed part of a Zlob trojan variant. I had taken the PC home and went to bring it back last night and as soon as the kid launched his messenger/messenger plus crap, Antivir started to detect parts of Zlob again. It was a merry chase finding the hidden process.

    P.S. You can launch c:\windows\pchealth\helpctr\binaries\msconfigedit boot.ini/safeboot:minimal<alternate shell> from the boot command line. (it's not in your path) from Safe Mode Command Prompt to uncheck the setting to boot normally, or you go to the root of C and type and remove
     
    muckshifter, Apr 4, 2006
    #2
    1. Advertisements

  3. muckshifter

    tschrock

    Joined:
    Apr 28, 2006
    Messages:
    2
    Likes Received:
    0
    New Spyware Quake Variant (again...)

    http://www.schrockinnovations.com/removespywarequake.php[/URL]I worked against a new variant of the Spywarequake infection today. It seems that there are two more files that the infection now drops on your hard drive.

    I have posted the technical details here.
    http://www.schrockinnovations.com/removespywarequake.php

    The two additional files are:

    dfrgsrv.exe
    mssearchnet.exe

    Thanks again for the help guys!
     
    tschrock, Apr 28, 2006
    #3
  4. muckshifter

    tschrock

    Joined:
    Apr 28, 2006
    Messages:
    2
    Likes Received:
    0
    Another new name for SpyFalcon

    Add another name to the list of spyware that is jacking up peoples computers... Fresh from the makers of SpyFalcon, SpySheriff, and SpywareQuake comes Brave Sentry. This is the same old game with a new face... It offers a free scan, then when you install it it detects a bunch of false positives. If you try to remove it it won't go away until you pay. Anyone who has installed this on their system, I would suggest you Remove it ASAP!

    http://www.schrockinnovations.com/removebravesentry.php
     
    tschrock, Aug 16, 2006
    #4
  5. muckshifter

    muckshifter

    Joined:
    Feb 21, 2006
    Messages:
    68
    Likes Received:
    0
    Location:
    In a Hovel
    Thanks ... :thumb:
     
    muckshifter, Aug 16, 2006
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.