How to remove spyware from the computer

I too am in the Land of Hurt.  My problems began innocently when my sound card wouldn't output to my headphones.  I did a System Restore to the earliest date available, but nothing changed.  Then I noticed that my optical drive would not auto launch when I stuck a CD in it.  None of my CyberLink programs open.  Weird things happened while browsing, such as "Skype Click to Call crashed" even though I didn't have Skype active, and "Shockwave crashed," too.  Then I saw a JavaScript window stating that Microsoft Antivirus 2013 detected a process requiring a scan, but since there's no Microsoft Antivirus I didn't click on "OK." That probably was a ransomware trying to take my PC hostage.  I have Kaspersky PURE 2.0, Malwarebytes, and SuperAntiSpyware, and I ran full system scans with the last two in Safe Mode (Kaspersky PURE won't scan in Safe Mode).  Nothing other than some tracking cookies were found.  I tried downloading HijackThis, but it has given me the error message that it's been denied access.  I'm dubious of downloading Prevx and UnHackMe as it invites AV conflicts.  I need to figure out how to make HijackThis to work with Windows 8 Pro.  I so want to avoid reinstalling of Windows 8 Pro because I would have to beg numerous software publishers for permission to redownload my many programs.  I have 55 games in Steam.  Restoring my PC after wiping it clean would take two full weekends.

I too am in the Land of Hurt.  My problems began innocently when my sound card wouldn't output to my headphones.  I did a System Restore to the earliest date available, but nothing changed.  Then I noticed that my optical drive would not auto launch when I stuck a CD in it.  None of my CyberLink programs open.  Weird things happened while browsing, such as "Skype Click to Call crashed" even though I didn't have Skype active, and "Shockwave crashed," too.  Then I saw a JavaScript window stating that Microsoft Antivirus 2013 detected a process requiring a scan, but since there's no Microsoft Antivirus I didn't click on "OK." That probably was a ransomware trying to take my PC hostage.  I have Kaspersky PURE 2.0, Malwarebytes, and SuperAntiSpyware, and I ran full system scans with the last two in Safe Mode (Kaspersky PURE won't scan in Safe Mode).  Nothing other than some tracking cookies were found.  I tried downloading HijackThis, but it has given me the error message that it's been denied access.  I'm dubious of downloading Prevx and UnHackMe as it invites AV conflicts.  I need to figure out how to make HijackThis to work with Windows 8 Pro.  I so want to avoid reinstalling of Windows 8 Pro because I would have to beg numerous software publishers for permission to redownload my many programs.  I have 55 games in Steam.  Restoring my PC after wiping it clean would take two full weekends.    

I'm not much of a gamer, which makes me somewhat unfamiliar with the way games in Steam operate; however I have spent many hours restoring computers to as close to factory settings as I can get while keeping the customer happy. Most of the time I find it advantageous to just reformat the drive, then use dban or a similar program to make sure the pests have been eradicated. If you are actively playing games in steam then you obviously have a decent Internet connection, which would allow for quick replacement  of most of your software. I only would suggest this as an "end of the rope" type solution but then again I am only so familiar with gaming software. My few experiences trying to remove problematic games using Steam were problematic themselves. It seems I kept being directed to their website where I was to look for the uninstall software that I never found.

This brings me to two hypotheses:  1.)   If I have had to wipe several drives to remove a problematic game or two from Steam, and you have 55 games installed/running etc, I would think that you would have many of your system resources tied up which could easily cause other background (and many of them useless) processes to fail on you due to direct "competition" for those processes or their dependent ones. 2.) Since it was such an advent trying to uninstall the games I've come across in Steam, it appeared to me that they keep fairly accurate tabs on who is playing what and where.That seems to indicated that they shouldn't bat an eye if something as simple as a change in UUID was briefly present.  I could of course be entirely mistaken.

My own approach would be to determine exactly what it would take to get the appropriate permissions/accounts set up with Steam if you were to do the following: use a program like Clonezilla/Filezilla to clone the directory where your game programs and other "delicate" softwares are stored to an external drive. Then use a program like Dban or similar to make sure that your (initial) drive is clean, while taking care to either back up your MBR or just leave it out of the format/Dban. I realize that this sounds like a fairly labor intensive process, but after my own experiences with many of the antivirus/malware programs listed on the forum I can safely say that what I suggested would take a third of the time. Some scanners will even wait for a cue from the user to as what to do with a "threat" for a manner of minutes and then seemingly leave it as it was and expect you to read the twenty page log and figure it out.

If it is the case that this approach would not be too problematic for your gaming access, reinstall your operating system only after running a rootkit scanner to check out your chipset/cmos/mbr.  For this I'd recommend burning two of the most useful ISO's Ive come across which are System Rescue disk and Hirem's boot cd. Yet another is Boot Repair Disk. All have many utilities that you can run from a live cd, without installing. Pay special attention to the "run tools in dos mode" on the SR disk as it will prove useful in many circumstances.

After the reinstall, and after you have adequately determined that the cloned portion of your drive is virus free (which scanning only that portion can save you hours, if not days vs. scanning a large HDD with multiple products) simply file transfer the contents of your external drive to the relevant directory. You will want to do this with Admin privileges if not via the command line.

Keep in mind that I say all of this while still harboring the hunch that your many games' backround processes are probably a majority of the problem. Open your task manager and see whats running on a regular basis. And make a point to run a msconfig once in awhile to see what has snuck into your startup folder. Its pretty safe to say that if its not Microsoft only, it doesn't need to run at startup; with few exceptions.

 I will discredit myself a little further by admitting that I have little experience with windows 8. I usually wait until a new OS has been on the market for a year or so before switching... Call me paranoid but at least I'll be lessanoid.  :-)

I was able to isolate the file named application data that you described with the directions provided. Thank you. Howeve rbefore today I had been reading articles all over the net regarding the multiple and complex symptoms that my computer was showing. I suspected that I had acquired multiple forms of Trojan and other malware and had my suspicions confirmed when yesterday I was finally "allowed" to retrieve software downloaded to another computer (running a different OS ironically) and transfer it from that one to my infected PC. When I ran the first malware application I found and removed three types of trojans and a different critical virus type. After the next two applications turned up even more malware/spyware I ran the initial one again; which in turn found more of the little demons.

Eventually I tried my system restore again but received the same "try again after restart" message, as well as the Access denied message when I try to remove applications. I came across your article today and successfully isolated the files as you instructed. I was not able to access the internet and therefore ran MRT and Kaspersky. However, when I right clicked on run as in safe mode it would not let me proceed. It WOULD let me proceed with my profile even though i am the only user and have ADMIN privileges.

Everything went according to your description except a few things including downloading "SAVE"   What is it and where do I find it? I web searched it and could not find a trace of a program.  I finally just manually deleted the files but I noticed one of them that I renamed had changed directories entirely after my initial discovery and reboot. This thing seems to have a life of its own. I hope to find out that my files are all not actually corrupted and gone but after changing permissions and unchecking all the hide folder boxes in Windows, I hate to admit it but my next adventure may be an entire Windows reinstall.

Sincere Thanks,

Nathan (hour 134 since first symptom noticed)

Hi,

If you need to check for malware here are my recommendations - these will allow you to do

a thorough check and removal without ending up with a load of spyware programs running

resident which can cause as many issues as the malware and maybe harder to detect as the

cause.

No one program can be relied upon to detect and remove all malware. Added that often easy

to detect malware is often accompanied by a much harder to detect and remove payload. So

its better to be overly thorough now than to pay the high price later. Check with these to an

extreme overkill point and then run the cleanup only when you are very sure the system is clean.

These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run 

them in regular Windows when you can.

TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN

it will show any infections in the report after running - if it will not run change the name from

tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not

check with the other methods below.

http://support.kaspersky.com/viruses/solutions?qid=208280684

Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.

(If Rootkits run UnHackMe)

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Malwarebytes - free

http://www.malwarebytes.org/

SuperAntiSpyware Portable Scanner - Free

http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

Run the Microsoft Malicious Removal Tool

Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.

You should be getting this tool and its updates via Windows Updates - if needed you can

download it here.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

(Then run MRT as above.)

Microsoft Malicious Removal Tool - 32 bit

http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Microsoft Malicious Removal Tool - 64 bit

http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

also install Prevx to be sure it is all gone.

Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN

Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other

security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back

here or use Google to see how to remove. 

http://www.prevx.com/   <-- information

http://info.prevx.com/downloadcsi.asp?prevx=Y  <-- download

PCmag - Prevx - Editor's Choice

http://www.pcmag.com/article2/0,2817,2346862,00.asp

Try the trial version of Hitman Pro :

Hitman Pro is a second opinion scanner, designed to rescue your computer from malware

(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security

measures you have taken (such as anti virus software, firewalls, etc.).

http://www.surfright.nl/en/hitmanpro

---

If needed here are some online free scanners to help

http://www.eset.com/onlinescan/

New Vista and Windows 7 version

http://onecare.live.com/site/en-us/center/whatsnew.htm

Original version

http://onecare.live.com/site/en-us/default.htm

http://www.kaspersky.com/virusscanner

Other Free online scans

http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1

---

After removing any malware :

Also do these to cleanup general corruption and repair/replace damaged/missingsystem files.

Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN

Enter this at the prompt - sfc /scannow

How to Repair Windows 7 System Files with System File Checker

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program

generates in Windows Vista cbs.log

http://support.microsoft.com/kb/928228

Also run CheckDisk so we can rule out corruption as much as possible.

How to Run Disk Check in Windows 7

http://www.sevenforums.com/tutorials/433-disk-check.html

---

If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)

http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/

======================================

If needed AFTER you are sure the machine is clean of all malware.

How to Do a Repair Install to Fix Windows 7

http://www.sevenforums.com/tutorials/3413-repair-install.html

Hope this helps.