Can't get rid of spyware

OldXPuser

New Member
Messages
24
Location
Southeast, Iowa
Hello all,
I hope I have this posted in the right spot. My problem is I have at least 2 maybe 3 different spyware that I can't get rid of, and it causes problems for me. one of them is called Win32.Downloader.gen (SearchProtect), the other is called iCrossRider and both shows up on my scans and when I go to delete them they keep coming back. I have even went on google and did the how to remove manualy method. Went to the places down in the registery and every time I delete the files out they come back...and the last 3rd one I think I have isn't showing up in my scans but it shows up in my start up programs which I have it disabled of course but its showing there and its called WebCake Desktop.

I have tried everything to get rid of these nasty little critters but they refuse to go away. The only thing left to do is a full reinstall of windows 8 and i don't want to have to resort to that if I don't have to.

Any ideas on how to get rid of these nasty critters?

oh and by the way, I use the default program on win8 (window defender) and the free version of malware bites. was thinking up upgrading the malware bits to full version but if the free version cant get rid of them i didn't want to pay the full price if it's not going to work
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
If any of the virus checkers, or mwalware programs cannot remove these nasty little buggers, then you only have one choice (that I can figure out anyway) is to do a clean reinstall. . .sorry, and good luck. . .:thumbsup:
 

My Computer

System One

  • OS
    Win 8, (VM win7, XP, Vista)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion p1423w
    CPU
    Intel Core i5 3330 Ivy Bridge
    Motherboard
    Foxconn - 2ADA Ivy Brige
    Memory
    16 GB 1066MHz DDR3
    Graphics Card(s)
    ATI Radeon HD 5450
    Sound Card
    HD Realteck (Onboard)
    Monitor(s) Displays
    Mitsubishi LED TV/Montior HD, Dell 23 HD, Hanspree 25" HD
    Screen Resolution
    Mit. 1980-1080, Dell 2048-115, Hanspree 1920-10802
    Hard Drives
    1 SanDisk 240Gig SSD, 2 Samsung 512Gig SSDs
    Case
    Tower
    Cooling
    Original (Fans)
    Keyboard
    Microsoft Keyboard 2000
    Mouse
    Microsoft Optical Mouse 5000
    Internet Speed
    1.3 (350 to 1024 if lucky)
    Browser
    Firefox 19.1
    Antivirus
    MSE-Defender
Try Spybot Search and Destroy free version before you give up hope... :geek:
 

My Computers

System One System Two

  • OS
    17074 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP dv7 3173nr
    CPU
    M520
    Memory
    5GB
    Screen Resolution
    1600x900
    Internet Speed
    120Mb/s
  • PC2
    HP A12 R7 17074
yea thats what I thought to but I was hoping maybe someone here could save me from that. XP I know how to reset but this win8 im not sure about. ugh :(
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
I tried spybot S&D and it cant remove them either. does the scan, find them, says has to restart to remove em. I restart and have to go through a 2nd scan then when thats all done with guess what..their still there. cant get rid of them no matter what i do :(
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
Guess I better start looking around for instructions on how to reinstall win 8. never done it before but xp I did 2 or 3 times in the ten yrs I owned that system, it was easy after the first time. I guess 8 will be ok once I get over that 1st time.

[so dreads having to do this]:cry:
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
did you try running malwarebytes in safe mode?
 

My Computers

System One System Two

  • OS
    17074 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    HP dv7 3173nr
    CPU
    M520
    Memory
    5GB
    Screen Resolution
    1600x900
    Internet Speed
    120Mb/s
  • PC2
    HP A12 R7 17074
did you try running malwarebytes in safe mode?

no never thought of that and i looked up 2 of them on line and the 3rd one I just now looked up and its a nasty one. the Win32.Downloader.gen is going to take 6 different programs to get rid of if it can be taken off. I was thinking as much as that would cost id be better off just resetting win8 lol but i'll try your idea

this is what i found on that nasty trojan
Remove Win32.downloader.gen virus (Removal Guide)
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
I think the paid version of Malwarebytes has a couple more removal tools that aren't available in the free version. I would be kind of surprised if Malwarebytes could not remove your problem files especially if you really push it. It might damage your OS in the process but everything removed is backed up and if you are considering reinstalling your OS then what the heck.

Also, if you google "Malwarebytes Coupons" you can find some discount codes that really work. I purchased Malwarebytes Pro latest version Lifetime Lisence for $19.95 and you don't have to look out for sneaky add-ons with the download and install. I can live with that. It also has real-time protection if you choose to use it.

Just a Thought

This Link Might Help As Well

https://forums.malwarebytes.org/index.php?showtopic=129180
 

My Computer

System One

  • OS
    windows 8.1 64, LT -Windows 10 Home 64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP 500-075 Desktop + HP 15-f018dx Laptop
    CPU
    Intel Core i5 3470 Ivy Bridge 3.2 GHz Quad Core/ LT - i3-4030U 1.9 GHz
    Motherboard
    Foxcon Joshua-H61-uATX
    Memory
    8 GB/ LT - 6GB
    Graphics Card(s)
    Intel Graphics Media Accelerator HD (DX10.1)
    Sound Card
    Integrated IDT 92HD73E
    Hard Drives
    1T HDD, 16G Sandisk Cache Drive, 2T Seagate 3.0 External
    Keyboard
    Wireless
    Mouse
    Wireless
    Browser
    IE11
    Antivirus
    Norton 360
    Other Info
    CyberPower UPS, Macrium Backup, Revo Pro, Malwarebytes Premium
Avast AV has a boot time scan.
That might help:

screenshot_5.png
 

My Computer

System One

  • OS
    Windows 8.1.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Gateway
    CPU
    AMD K140 Cores 2 Threads 2 Name AMD K140 Package Socket FT1 BGA Technology 40nm
    Motherboard
    Manufacturer Gateway Model SX2110G (P0)
    Memory
    Type DDR3 Size 8192 MBytes DRAM Frequency 532.3 MHz
    Graphics Card(s)
    ATI AMD Radeon HD 7310 Graphics
    Sound Card
    AMD High Definition Audio Device Realtek High Definition Audio USB Audio Device
    Monitor(s) Displays
    Name 1950W on AMD Radeon HD 7310 Graphics Current Resolution 1366x768 pixels Work Resolution 1366x76
    Screen Resolution
    Current Resolution 1366x768 pixels Work Resolution 1366x768 pixels
    Hard Drives
    AMD K140
    Cores 2
    Threads 2
    Name AMD K140
    Package Socket FT1 BGA
    Technology 40nm
    Specification AMD E1-1200 APU with Radeon HD Graphics
    Family F
    Extended Family 14
    Model 2
    Extended Model 2
    Stepping 0
    Revision ON-C0
    Instruction
    Browser
    Opera 24.0
    Antivirus
    Avast Internet Security
I tried the scans under safe mode and got rid of the webcake desktop and the Win32.Downloader.gen. Malwarebytes didn't even detect the iCrossRider but the spybot S&D did but couldnt get rid of it. I thought I read somewhere where S&D isn't fully compatible with win8 anyway. I'm wondering if I could go in under safe mode and manually remove it?

Anyway 2 down and 1 to go , so im making progress :)
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
I think the paid version of Malwarebytes has a couple more removal tools that aren't available in the free version. I would be kind of surprised if Malwarebytes could not remove your problem files especially if you really push it. It might damage your OS in the process but everything removed is backed up and if you are considering reinstalling your OS then what the heck.

Also, if you google "Malwarebytes Coupons" you can find some discount codes that really work. I purchased Malwarebytes Pro latest version Lifetime Lisence for $19.95 and you don't have to look out for sneaky add-ons with the download and install. I can live with that. It also has real-time protection if you choose to use it.

Just a Thought

This Link Might Help As Well

https://forums.malwarebytes.org/index.php?showtopic=129180

Thanks gator, I might check it out :)
 

My Computer

System One

  • OS
    windows 8 64 bit
    System Manufacturer/Model
    Dell
    CPU
    Intel Core i5-3330 3.00GHz
    Memory
    8GB
    Monitor(s) Displays
    Dell ST23
    Browser
    Firefox
In the link you provided in post #8, it advised you to run TDSSKiller. Did you run this program? If not, you should do so.

TDSSKiller Download

Before running TDSSKiller, click on "Change Parameters" & check the box marked "Detect TDLFS file system."

As part of its self defense mechanism, Win32.downloader.gen will install a rootkit on the infected computer.

Pretending itself to be a legitimate website, Search.crossrider.com actually contains rootkit and Trojans which can automatically record your online behaviors in order to steal personal information and confidential data such as bank account information, credit card information, social security number. These confidential information then be
transferred to remote server.

A rootkit creates a hidden boot partition which will run before Windows can initialize. Therefore it is hard to remove since every time you boot to the OS, it is already running. It generally does not show up on disk management & can only be seen with a Boot Partition Manager, such as GParted.

Also, since this infection is capable of transmitting personal data, such as listed above, it would be wise to change all your passwords (on a clean PC), then contact your bank and advise them to keep an eye on your accounts.

After you have run TDSSKiller, d/l & run AdwCleaner.

AdwCleaner Download

In the case of the PC being compromised by a rootkit, the safest recourse is to do a clean install as some rootkits cause irreparable damage to the OS files. If you choose this path, be sure to format the entire HDD as some rootkits have been known to survive a clean install when the drive is not wiped clean
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
No format. Killdisk instead. Only then can it be guaranteed "clean".

It's the best way to go. Anything else, like trying to repair Windows, is an extreme compromise to security/stability/reliability.
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
Never tried killdisk, but it looks interesting. I usually use DBAN.
 

My Computer

System One

  • OS
    Win 7 32, Win 7 64 Pro, Win 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    It's a Dell, Dude.
    CPU
    Intel Caffinated Core Duo
    Motherboard
    Father is bored too.
    Memory
    4 GB
    Graphics Card(s)
    NVidia something-or-another
    Monitor(s) Displays
    24" HD TV/Monitor/Alternative Dimensional Viewing Portal
    Screen Resolution
    Fuzzy after a couple drinks
    Hard Drives
    2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
    Case
    Don't get on my case....man
    Cooling
    Scotch on the rocks on the weekends..
    Keyboard
    Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
    Mouse
    currently being stalked by the cat...
    Internet Speed
    Never fast enough...
    Browser
    Defeated by Mario...wait...OH...BRowser...
    Antivirus
    Various
Not very familiar with that (I've seen it mentioned here or there over years), but it has the work "Nuke" in it. I can dig it. Thumbs up.

One major caveat perhaps: "No guarantee that data is removed"
 

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
Always run any scan tool from a "safe mode with networking" option to get the best results. MalwareBytes has worked for me about 90% of the time.
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports

My Computer

System One

  • OS
    Windows 8.1.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Gateway
    CPU
    AMD K140 Cores 2 Threads 2 Name AMD K140 Package Socket FT1 BGA Technology 40nm
    Motherboard
    Manufacturer Gateway Model SX2110G (P0)
    Memory
    Type DDR3 Size 8192 MBytes DRAM Frequency 532.3 MHz
    Graphics Card(s)
    ATI AMD Radeon HD 7310 Graphics
    Sound Card
    AMD High Definition Audio Device Realtek High Definition Audio USB Audio Device
    Monitor(s) Displays
    Name 1950W on AMD Radeon HD 7310 Graphics Current Resolution 1366x768 pixels Work Resolution 1366x76
    Screen Resolution
    Current Resolution 1366x768 pixels Work Resolution 1366x768 pixels
    Hard Drives
    AMD K140
    Cores 2
    Threads 2
    Name AMD K140
    Package Socket FT1 BGA
    Technology 40nm
    Specification AMD E1-1200 APU with Radeon HD Graphics
    Family F
    Extended Family 14
    Model 2
    Extended Model 2
    Stepping 0
    Revision ON-C0
    Instruction
    Browser
    Opera 24.0
    Antivirus
    Avast Internet Security
I had a major spyware infection dynamo something. I refused to pay what something that was supposed to be free wanted to activate the service. I deleted every registry key pointing towards the spyware, then I open 8.1 in safe mode. This works only if you know where the offending software is installed. I scrolled to the directory and I was able to delete every file and directory manually. I then checked the registry and it came up clean. There is a way to streamline the process. Open it in safe mode and search the registry there. A manual tape worm search is a must, keep using the name of the spyware application in each search until it comes up empty. It is possible to wreck an other wise good install of windows by deleting blindly in the registry.

It is like the spyware was never on my system now. I will NEVER pay for spyware removal software now that I can kill the spyware myself.
 

My Computer

System One

  • OS
    windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Gateway
    Antivirus
    norton
Back
Top