I dont know where else to go with this problem, I hope you can help. As of earlier today I got a warning from Windows Xp Security Center asking if I wanted to block a suspicious malware called Spyware.ISpynow. I also noted that Windows Firewall had been deactivated automatically. Shortly after, firefox closed down and my computer restarted, but freezing shortly after loading desktop.
I rebooted and selected “use last setting known to work” and go access to my desktop without my computer freezing up. When I opened Firefox I was directed to a homepage stating “insecure connection, threat of virus attack” with two options, one to continue unsecured in which I would get to google (my start page) and the other would direct me to website for perfect defender 2009 which seemed too suspicious to me. I instead scheduled a boot scan with avast and rebooted. It identified 4 files inside windows which I deleted and resumed windows, however, I still get what I suspect are false pop-ups about Spyware.ISpynow and both firefox and explorer terminates seemingly random after a mere few pages, initially, still advising me that Im navigating with an insecure connection.
Googling Spyware.ISpynow or Perfect defender 2009 brings up quite a few forums with people describing the exact same problems, but no solutions. Please help!
Ok so I installed DrWeb CureIT and ran a complete scan. It didn’t find anything.
Then I ran SUPERantispyware which found a few things, however, anytime something would pop up Avast detected it and I chose to delete it, since it said I could not move it to chest when another program was using it.
But it did not solve the problems.
I still get a fake popup every 15 minutes saying windows security center has found Spyware.ISpynow and my firefox and explorer still post a warning linking directly to Perfect Defender 2009 (obviously a fake site as well; www.defender-review.com) and if I try to navigate to anywhere else the browser shuts down without notice. When my computer starts it either freezes or all my programs like messenger, skype, CLI, and even hydravision for my ATI graphics die with the notice that they make illegal actions.
That wasn’t the XP Security Center (as far as I’m aware it doesn’t have this functionality, but I’ve only been using it for over four years), but some form of fake alert and the act of clicking the button to block is what infects you.
Yes I know it was/is fake, which I why I terminate it whenever it pops up. At the moment I’m running another full scan with DrWeb and I downloaded avast anti root kit and spybot search and destroy ready to deploy when the scan is complete.
I found a lot of posts on the web similar to what I’m experiencing all seem to originate from yesterday 28th.
The avast anti-rootkit is an integral part of avast and runs as part of the boot-time scan or an on-demand scans with a sensitivity of Standard or Thorough.
If you have XP, vista32bit or Win2k, you can enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
Personal / Perfect Defender is suggested as a solution by the fake pop-up. Removing the files in Application Data seems to have resolved the issues for me.
Note: I didn’t actually install Personal/Perfect Defender. This helped me remove the trojan that was prompting to install them with the fake Windows Firewall pop-up.
I tried a ton of programs half of which were able to find the infection, however, the programs would get terminated shortly after.
If you have the same problem with programs getting shut down, here is the source of the problem:
run6110411.exe
Go do C:\documents and settings<user>\application data - there can be more than just this one file hidden in one of the folders, I found the main file stated above in my google folder. It is undeleteable, so use Malwarebytes Anti-Malware’s FileASSASSIN and problem solved. No more popups, no more system or program crashes.
My only problem at the moment is, that avast antirootkit finds something in my registry during search, but then crashes before anything is logged.
hey guys i just recieved this a couple of days ago as well… i tried to download malwarebytes to get rid of it, but this stupid thing won’t even let me on my browser long enough to download it. What can I do?? By the way I use AVG free and it hasn’t found anything…
ok this is what i did, i put the malwarebytes setup program on a flash drive, put that on my laptop and tried it from there… halfway into it shows up a pop-up that says “malwarebytes anti-malware has encountered a problem and need to close, we are sorry for the inconvenience.” same thing i get when i try to use my browser, both firefox and internet explorer… it wont let me get any further. then when i click on the malwarebytes desktop icon it says “The database could not be located. Would you like to download an updated copy?” i click yes and it tries to start up but the same thing keeps happening…
alright nvm guys, got it. For guys that had the same problem as me. Download MalwareBytes setup program from another computer onto a flashdrive, restart your computer in safe mode and install it. “Perform a Quick Scan” in safe mode. Then restart in normal mode, open up MalwareBytes, update to the newest version under the “Update” tab, and “Perform a Full Scan”. It took my computer about 1 hour and 15 minutes and didn’t find the bad files until the very last second, so stick it through! After you’ve removed the files restart your computer and you should be golden.
When I put the malwarebytes setup program on a thumb drive and tried to run it, it wouldn’t run.
I had to change the name of the startup program from something other than the default mbam-setup.exe
Even then the installer hangs in the Finishing phase. This is because after installing, the installer is trying to run C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe and the spyware is stopping that.
I rebooted (again in safe mode) to get rid of the hung mbam.exe, then went into C:\Program Files\Malwarebytes’ Anti-Malware and renamed mbam.exe
Only then could I run it. It is still running now, so we will see if it fixes this new more clever version.
