SPYWARE STOP TROJAN


Hi fellas!

I’m writing you on behalf of friend who got infected with serveral viruses and trojans. With the aid of Avast, Malwarebytes, Sybot and Superanitspyware she was able to get rid of all but one…the Spywarestop trojan which had tricked her into opening it by saying her version of Windows was bogus. What I need to know is what we can use to get rid of this accursed beast!! I guess when she clicked yes, it rooted itself, and so far has been able to resist our attempts to get it out. Is there a separate tool at Avast we can download…or perhaps a root remover somewhere else. You guys have always come through in the past, so you’re our last resort, otherwise she’ll just have to re-format. Get back to me as soon as you can!! Thanks!! :slight_smile:

Read the instructions, download and burn (maybe from another computer), finally use one of this rescue CD’s:

  1. Dr. Web
  2. Avira
  3. BitDefender
  4. Kaspersky
  5. F-Secure

Hi SCORPIONINBLUE,

Here are manual removal instructions:
Name: Adware.Win32.SpywareStop

Risklevel: Elevated Risk

Company: wXw.SpywareStop.com - hXtp://spywarestop.com/

Description:

SpywareStop is a rogue security program that shows false Warning messages. It also shows misleading scan Results. It can also install through Trojan exploits.

Characteristics:

* It shows false Warning messages.
* It also shows misleading scan Results.
* It can also install through Trojan exploits.

Installation: Installed through EXE

Process: SpywareStop.exe

Manual removal of SpywareStopSpywareStopSpywareStopSpywareStopSpywareStop

Before we get started, you should backup your system and your registry,
so it’ll be easy to restore your computer if anything goes wrong.

Stop SpywareSTOP processes:
setupxv.exe
spywarestop.exe
%program_files%\spywarestop\spywarestop.exe
setupxv.exe
%program_files%\spywarestop\spywarestop.exe

Unregister SpywareSTOP registry keys:
HKEY_CLASSES_ROOT\clsid{024d4c40-c8ce-11db-9704-005056c00008}\shell
HKEY_CLASSES_ROOT\clsid{024d4c40-c8ce-11db-9704-005056c00008}\shell\open
HKEY_CLASSES_ROOT\clsid{024d4c40-c8ce-11db-9704-005056c00008}\shellfolder wantsforparsing
HKEY_CLASSES_ROOT\installer\features\61e7a2d54a50eb74080135dc9f000624 antispywareapplication
HKEY_CLASSES_ROOT\installer\upgradecodes\bea599b1035018a4b9799f959298064d 61e7a2d54a50eb74080135dc9f000624
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\documents and settings\all users\start menu\programs\spywarestop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\spywarestop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\windows\installer{5d2a7e16-05a4-47be-8010-53cdf9006042}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\upgradecodes\bea599b1035018a4b9799f959298064d 61e7a2d54a50eb74080135dc9f000624
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} authorizedcdfprefix
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} comments
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} contact
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} helptelephone
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} readme
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall{5d2a7e16-05a4-47be-8010-53cdf9006042} size

Delete SpywareSTOP files:
%common_desktopdirectory%\spywarestop.lnk
%common_programs%\spywarestop\spywarestop on the web.lnk
%common_programs%\spywarestop\spywarestop.lnk
%program_files%\spywarestop\database.ref
%program_files%\spywarestop\spywarestop.url
%program_files%\spywarestop\vistacptasks.xml

Unregister SpywareSTOP DLLs:
%program_files%\spywarestop\spycleaner.dll
%program_files%\spywarestop\difxapi.dll
%program_files%\spywarestop\zlib.dll
%program_files%\spywarestop\tcl.dll

Delete Used folders:
%program_files%\spywarestop\
* C:\Documents and Settings\All Users\Start Menu\Programs\SpywareStop
* C:\Program Files\SpywareStop
* C:\Program Files\SpywareStop\FilterDrv
* C:\Documents and Settings[USER]\Application Data\SpywareStop
* C:\Documents and Settings[USER]\Application Data\SpywareStop\Log
* C:\Documents and Settings[USER]\Application Data\SpywareStop\Settings

Delete Used files:

* C:\Program Files\SpywareStop\Launcher.exe
  [808176 Bytes] Application
* C:\Program Files\SpywareStop\Difxapi.dll
  [319456 Bytes] Application Extension
* C:\Program Files\SpywareStop\DataBase.ref
  [2064116 Bytes] REF File
* C:\Documents and Settings\All Users\Desktop\SpywareStop.lnk
  [1854 Bytes] Shortcut
* C:\Program Files\SpywareStop\vistaCPtasks.xml
  [676 Bytes] XML Document
* C:\Program Files\SpywareStop\SpywareStop.url
  [54 Bytes] Internet Shortcut
* C:\Documents and Settings\All Users\Start Menu\Programs\SpywareStop\SpywareStop.lnk
  [1854 Bytes] Shortcut
* C:\Documents and Settings\All Users\Start Menu\Programs\SpywareStop\SpywareStop on the Web.lnk
  [1854 Bytes] Shortcut
* C:\Program Files\SpywareStop\FilterDrv\SpywareStop.x86.sys
  [19696 Bytes] System file
* C:\Program Files\SpywareStop\FilterDrv\SpywareStop.inf
  [3429 Bytes] Setup Information
* C:\Program Files\SpywareStop\FilterDrv\SpywareStop.cat
  [8355 Bytes] Security Catalog
* C:\Program Files\SpywareStop\FilterDrv\SpywareStop.amd64.sys
  [25072 Bytes] System file
* C:\Program Files\SpywareStop\FilterDrv\SpywareBot.inf
  [3398 Bytes] Setup Information
* C:\Program Files\SpywareStop\FilterDrv\SpywareBot.cat
  [8347 Bytes] Security Catalog
* C:\Program Files\SpywareStop\zlib.dll
  [161008 Bytes] Application Extension
* C:\Program Files\SpywareStop\TCL.dll
  [165104 Bytes] Application Extension
* C:\Program Files\SpywareStop\SpywareStop.exe
  [6792432 Bytes] Application
* C:\Program Files\SpywareStop\SpyCleaner.dll
  [550128 Bytes] Application Extension

polonus