Remove-Malware.com

Tag Archives | spyware doctor

TheSpyBot – Rogue Anti-Malware

I came across TheSpyBot while working in Webster, MO. It was pretty obvious to me that this was Rogue Anti-Malware, however my client had it confused with Spybot Search and Destroy…no doubt this is what the malware author’s intensions were.

TheSpyBot loads at startup and starts doing its fake scan. After only a few seconds it’s prompting us to purchase the program…not! TheSpyBot is fake anti-malware and should never be purchased. If this was loaded on your computer without your knowledge then you have a virtumonde infection that needs to be treated.

My client opted to remove his AVG install and go with Spyware Doctor with Antivirus. Spyware Doctor with Antivirus removed the malware, and then I used ComboFix to remove some security settings that had been set by the malware (like disabled desktop and task manager).

Worst Worm…

Ugggg…I just got my first USB stick worm and let me tell you….it SUCKED!!! This worm created or infected autorun.exe on my usb flash drive. Once you insert the USB stick into a PC it drops the files below into the following folders:

C:\windows\system32\ftp32.dll

C:\windows\system32\drivers\spools.exe (boy is that little .exe annoying)

C:\Documents and Settings\user\ctfmon.exe

Once these files are in place ANY exe takes about 5 minutes to execute because spools.exe runs at 100% cpu. If new media is inserted into the pc (like another flash drive) it will immediately become infected.

The PC I was working on had Avast 4.8. Avast 4.8 cleaned ctfmon constantly, but left spools.exe and ftp32.dll intact. I turned to my favorite…Spyware Doctor with AntiVirus to clean the entire infection (and my $30 usb stick which I just bought).

I suppose you could also clean this infection with a bootable antivirus disc, but I was too lazy