[acsputnik]

Hi everyone, heres the setup of this problem:

Caught some typical spyware the other day on another machine. A little icon appears in the system tray that warns of spyware, malware, etc in a balloon and that I should click there and download their program to get rid of it. Riiiiiight. Right or left clicking the flashing icon opens up IE and heads to viruslabs2009.com. A scan with Yahoo! Anti-spyware yielded 4 reg keys associated with the spyware,which I promptly deleted. A scan with Avast! Antivirus yielded a couple more pieces of garbage to remove. But the icon was still there. Task Manager showed 2 processes running that seemed too fishy ietbm.exe and ietbmm.exe and that could not be terminated as they would reactivate instantly. A search for them using windows' search quickly led me to the location of the processes. I rebooted in safe mode, and deleted them from the HDD. Reboot in normal more and scan with Yahoo! Anti-Spyware and Avast! and they both come up clean. The processes are no longer there in the Task Manager. But the icon and balloon is still there!!!! I'm out of ideas on how to remove it. I even tried and removed all previous restore points thinking it might be hiding in there.

Please help

-A.C.Sputnik

[techie4fun]

To begin, Yahoo AntiSpyware won't provide any help for the really BAD spyware. I would recommend running SuperAntispyware and back with what the program finds. If you get that far, we'll continue.

[coastie65]

Hi and welcome to the forum. Don't feel like the lone wolf as I just recently had my own little episode with that stuff, including a trojan or two. In addition to what techie has suggested, I am going to give you a link to another free site. You should download, install and run this. www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html . I am going move this thread to a more appropriate category, so it been seen by more people, including our resident security expert. coastie65

[SpiritWind]

Hi :



You are describing the "classic" symptoms of what the malware-fighting "community"

calls a "Rogue" program and the TOP Choice for combating this is the program

recommended by "coastie", namely the FREE "Malwarebytes' Anti-Malware" ; though you

will end up at the Site "coastie" quoted, it is Best to start at the program's website,

namely www.malwarebytes.org/mbam.php because it has a better Description of

the program . Best to use the "Anti-Malware" program in tandem with malwarebytes.org's

Other program, namely their FREE "Rogue Remover", available at

[http://www.malwarebytes.org/rogueremover.php] . IF these 2 programs plus the use of

"SUPERAntiSpyware" do NOT resolve your problems, especially those 2 "exe"s, you

should Post a request for help at [http://aumha.net], which is staffed by several

Volunteer "Microsoft Most Valuable Professionals" .

[acsputnik]

Thank you all so much for your help. I was able to find the malware in question using Malwarebytes' Anti-Malware and remove, that and 23 other registery entrys that were infected which nothing else picked up as even suspicious. Thanks for showing me this great program.



-Sputnik

[coastie65]

Hi, It's our pleasure and glad we could help. Just keep an eye on things to make sure nothing else crops up and do an occasional scan. coastie