Winspywarepro

[Violent]

Alright long story short, I have been infected with Winspywarepro which is a virus that doesn't allow me to do anything unless I boot in safe mode. Does anyone know how to get rid of the whole thing? There are registry screw ups that it altered so I can't use taskmanager or get into my control panel. (Control panel is hidden in the start menu along with some other programs and task manager shows an error saying 'Administrator has disabled task manager' but I didn't). Please help.

Note: This virus slows down the computer extremly and right now Im on my dads laptop. I can barely load anything.

Edited July 11, 2008 by Violent

[roadgeek9]

Try this: http://siri.urz.free.fr/Fix/SmitfraudFix.exe. Smitfraudfix is used to fix some of the rouge anti-spyware programs.

[Impact]

If you have system restore, then you could try that. Have you tried installing a simple antivirus software like clamwin and scanning and seeing if it can fix it? Other than that, I would say backup and reinstall would be your last option.

[redvamp128]

What operating System. Have you tried spybot search and destroy.

[roadgeek9]

What operating System. Have you tried spybot search and destroy.

Spybot wouldn't be able to pick up a rouge antispyware program. The rouge program would try to stop it in its tracks.

[redvamp128]

Here is a list of commands to get to things from the run command

http://vlaurie.com/computers2/Articles/control.htm

At the run type

control.exe

to get the control panel

Try these fixes to regain control

Kelly XP Site

http://www.kellys-korner-xp.com/xp_tweaks.htm

To regain control panel lockout...

http://www.kellys-korner-xp.com/regs_edits...tionrestore.reg

Task manager

http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg

You could also try to regain the task manager using this site.

http://windowsxp.mvps.org/Taskmanager_error.htm

Edited July 12, 2008 by redvamp128

[redvamp128]

I also found this topic on Geeks to Go site

http://www.geekstogo.com/forum/Winspyware-...07-t171420.html

[Violent]

I tryed installing Superantispywarepro but I get an error saying: The system administrator has set policies to prevent this installation.

Where can I edit that?

[redvamp128]

If it will let you into it- at the run type gpedit.msc. (if on XP pro) don't think it will work on XP home- I think it is in all versions of Vista.

If it won't then merge this registry and it should let you in.

http://www.kellys-korner-xp.com/regs_edits/mmc.reg

[sava700]

Follow these steps:

Turn off system restore

Check add/remove programs for Winspywarepro listed and uninstall or check the directory for a uninstaller.

Go into msconfig and kill whatever you don't need to startup and run including stuff you don't know what is OFF in the startup tab

Download/update Superantispyware Free version

Download/Update Avast Free antivirus...register it free and lasts 16months

Download/update Spybot S&D

Download CCleaner latest version and select all boxes and clean.

Navigate to your Local folder(hidden) under your Documents folder and delete all Temp/temp internet files

Ok, now boot into safe mode...

Set avast to do a boot scan upon next reboot and set it to remove anything automatically that it finds!!!

Close avast and open superantispyware.... start a Full scan and remove whatever it finds and most likely it will ask to reboot..do it.

Upon this reboot avast will kick in and clean whatever is left over and that it finds.

Once backin to windows open and run spybot, remove whatever it finds then run CCleaner once more and reboot again.

Last download Hijackthis scan and remove all the things that says filemissing and stuff that looks bad...if your unsure post the log here and someone will help you.

That should do it as these steps have worked for me many times in the past year. Good Luck!

[roadgeek9]

Or you could try Smitfraudfix.

[zerologic]

Or just get SuperAntiSpyware Free and take all the hard work out of the job.

[redvamp128]

Or just get SuperAntiSpyware Free and take all the hard work out of the job.

Violent has previously tried that and he said this.

I tryed installing Superantispywarepro but I get an error saying: The system administrator has set policies to prevent this installation.

Where can I edit that?

[Violent]

If it will let you into it- at the run type gpedit.msc. (if on XP pro) don't think it will work on XP home- I think it is in all versions of Vista.

If it won't then merge this registry and it should let you in.

http://www.kellys-korner-xp.com/regs_edits/mmc.reg

I have home so it won't work.

Follow these steps:

Turn off system restore

Check add/remove programs for Winspywarepro listed and uninstall or check the directory for a uninstaller.

Go into msconfig and kill whatever you don't need to startup and run including stuff you don't know what is OFF in the startup tab

Download/update Superantispyware Free version

Download/Update Avast Free antivirus...register it free and lasts 16months

Download/update Spybot S&D

Download CCleaner latest version and select all boxes and clean.

Navigate to your Local folder(hidden) under your Documents folder and delete all Temp/temp internet files

Ok, now boot into safe mode...

Set avast to do a boot scan upon next reboot and set it to remove anything automatically that it finds!!!

Close avast and open superantispyware.... start a Full scan and remove whatever it finds and most likely it will ask to reboot..do it.

Upon this reboot avast will kick in and clean whatever is left over and that it finds.

Once backin to windows open and run spybot, remove whatever it finds then run CCleaner once more and reboot again.

Last download Hijackthis scan and remove all the things that says filemissing and stuff that looks bad...if your unsure post the log here and someone will help you.

That should do it as these steps have worked for me many times in the past year. Good Luck!

I can only access the internet in safe mode, if I try to in regular mode it freezes/slows incredibly. I can't even run regedit in the run thing because 'the admin has disabled it'.

[redvamp128]

Try this

http://www.dougknox.com/xp/utils/xp_emerutils.htm

run that and it should create backup copies of the files that are locked out- then you can run them- They will list as .bat files but windows will bypass the block

it probably has a block on .msc and .exe files but probably no block on .bat ....

That should restore regedit

because it will create a backup copy that will list it as regedit.bat

but should run

if that does not work

then try this registry fix

http://www.kellys-korner-xp.com/regs_edits...mcmdrestore.vbs

[Gangsta]

Boot into a Linux liveCD, mount the drive as read-only. Copy data (as in, documents and stuff you want to keep) to an external drive for backup. Reboot, with XP install CD in drive. Reinstall. Reinstall applications. Be more careful in the future. Voila.

[Violent]

Try this

http://www.dougknox.com/xp/utils/xp_emerutils.htm

run that and it should create backup copies of the files that are locked out- then you can run them- They will list as .bat files but windows will bypass the block

it probably has a block on .msc and .exe files but probably no block on .bat ....

That should restore regedit

because it will create a backup copy that will list it as regedit.bat

but should run

if that does not work

then try this registry fix

http://www.kellys-korner-xp.com/regs_edits...mcmdrestore.vbs

I tryed both (in safe mode) and they didn't work. The first thing with the copies downloaded and I tryed to run the exe file but I just clicked and it did nothing. The second one ran and said finished but did nothing.

Boot into a Linux liveCD, mount the drive as read-only. Copy data (as in, documents and stuff you want to keep) to an external drive for backup. Reboot, with XP install CD in drive. Reinstall. Reinstall applications. Be more careful in the future. Voila.

Not sure what that means.

I CANNOT access internet in normal mode only in safe mode.

[roadgeek9]

Not sure what that means.

I CANNOT access internet in normal mode only on in safe mode.

Here is a Linux Live CD

http://fedoraproject.org/en/get-fedora

Just click on "i686 Live CD" under "Direct Download" under "Fedora Desktop Live Media."

[Violent]

I can already access the files I'd need to backup in safe mode, but with all these links I CANNNOT ACCESS THEM UNLESS IN SAFE MODE and apparently if I do stuff in safe mode it doesn't work normal mode.

[zerologic]

Violent has previously tried that and he said this.

I tryed installing Superantispywarepro but I get an error saying: The system administrator has set policies to prevent this installation.

Where can I edit that?

Sorry missed that. ;)

Next I'd try the Avira Rescue CD - the link is in my signature. Does a great job.

[random_n]

Dial-a-fix should be able to lift the restrictions put in place. Also, "Safe Mode with Networking" should allow you to use the Internet while in safe mode.

[sava700]

I have home so it won't work.

I can only access the internet in safe mode, if I try to in regular mode it freezes/slows incredibly. I can't even run regedit in the run thing because 'the admin has disabled it'.

Well what you do is get into safe mode and then msconfig and kill stuff from starting up... run ccleaner from within safemode to and then get back into regular mode just to follow what I said.

Its obvious you have things starting up thats killing you in normal mode that you need to terminate.

You may also consider just backing up certain files to keep while your able to and then reinstall the OS, cause at this point it would appear you may have more issues than what your describing.

[redvamp128]

I think you have to run both in normal- not in Safe mode-

[redvamp128]

You could also try

Hijack THis

http://www.download.com/Trend-Micro-Hijack...3.html?hhTest=1

So that we know what processes are running

[Violent]

I just found out after removing stuff I found in the registry in safe mode that had to do with winspywareprotect that they came back.