How to remove Win32.BackDoor-DNM, Spyware.ISpynow, win32.zafi.b, Win32.Netsky.Q, Trojan.Zlob.G (Fake Security Center Alert)

Do you have pop-ups or your computer infected with trojan or spyware ? Learn how to ask us for help, click here!

How to remove Win32.BackDoor-DNM, Spyware.ISpynow, win32.zafi.b, Win32.Netsky.Q, Trojan.Zlob.G (Fake Security Center Alert)

If you are seeing a Security Center Alert that is stating that Windows Firewall has blocked activity of harmful software (Spyware.ISpynow, win32.zafi.b, Win32.Netsky.Q, Trojan.Zlob.G, Win32.BackDoor-DNM), then you have become infected with a trojan that uses this Security Center Alert to trick you into purchasing Perfect Defender 2009 or another rogue antispyware program. Once running, this trojan will display a fake security center alerts that tells you:

Security Center Alert
To help protect your computer, Windows Firewall has blocked activity of harmful software.
Do you want to block this suspicious software?
Name: Spyware.ISpynow
Risk Level: High
Description: iSpynow is a Spyware program that records keystrokes and takes screen shots of the computer, stealing personal financial information.

Security center alert
To help protect your computer, Windows firewall has blocked some features of this program.
Do you want to block this suspicious software?
Name: win32.zafi.b
Risk Level: High

Security Center Alert
To help protect your computer, Windows Firewall has blocked
some features of this program.

Do you want to block this suspicious software?
Name: Win32.BackDoor-DNM
Risk Level: High
Description: DNM is a worm trojan program that records keystrokes and takes screen shots of the computer, stealing personal financial information.

If you are clicking on the enable protection button, then opens up a site asking you to download rogue antispyware program (Perfect Defender 2009) or another rogue antispyware software.

Symptoms in a HijackThis Log.

O4 – HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 – HKCU\..\Run: [winhpdrv] “C:\Documents and Settings\User\Application Data\Google\[RANDOM_NAME].exe”
O4 – HKCU\..\Run: [HPseti] “C:\Documents and Settings\User\Application Data\Google\[RANDOM_NAME].exe”
O4 – HKCU\..\Run: [windpipe] “C:\Documents and Settings\User\Application Data\Google\[RANDOM_NAME].exe” 2
O4 – HKCU\..\Run: [WinDNN] “C:\Documents and Settings\User\Application Data\Google\[RANDOM_NAME].exe” 2
Note: where [RANDOM_NAME] is a runhh6110411.exe, ijdkq13324484.exe, xtgoj6119471.exe, fhexj6825097.exe, klnxv19819115.exe …

Use the following instructions to remove Spyware.ISpynow (fake Security Center Alert).

Right click the My computer icon. If you are using the non classic Start menu, then right click My computer on your Start button menu.
Click Properties.
Click Hardware Tab.
Click Device Manager.
In the top menu, click View and click Show Hidden Drivers.
Scroll down to non Plug and Play drivers.
Click + at left.
In the list of drivers right click TDSSserv.sys. If you cant find the driver, then skip the step and go to “Please download OTmoveIt3″ step.
Click Disable.
Click YES for confirm.
Close all windows and reboot your computer.
Please download OTM by OldTimer from here.
Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SVCHOST.EXE"=- "winhpdrv"=- "HPseti"=- "HPsetm"=- "nah_Shell"=- "windpipe"=- "WinDNN"=- "wclock"=- "realtecg"=- "ckcixg"=- "realtehs"=- "realtekg"=- "realtecs"=- "realtechs"=- "realtecss"=- "realtecks"=- "realteks"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "realteczs"=- "winclock"=- "realteks"=- "realtekc"=
:files %WinDir%\system32\drivers\svchost.exe %UserProfile%\nah_eere.exe %APPDATA%\Google\ijdkq13324484.exe %APPDATA%\Roaming\Google\dvvm.exe %APPDATA%\Roaming\Google\mscclock.exe %APPDATA%\Roaming\Google\vxpclock.exe %APPDATA%\Roaming\Google\msvclock.exe %APPDATA%\Google\xtgoj6119471.exe %APPDATA%\Google\teuaa1726165.exe %APPDATA%\Google\runhh6110411.exe %APPDATA%\Google\fhexj6825097.exe %APPDATA%\Google\klnxv19819115.exe %APPDATA%\Google\yfijv17721328.exe %APPDATA%\Google\xpsdg6420222.exe %APPDATA%\Google\kpldpl.dll %APPDATA%\Google\vgwsn871850.exe %APPDATA%\Google\djvlg2072387.exe %APPDATA%\Google\fbabj220320.exe %APPDATA%\google\torsi2225487.exe %APPDATA%\google\lptspcp.dll %APPDATA%\ckcixg.exe %APPDATA%\google\ocboo1892823.exe %APPDATA%\google\sysspc.dll %APPDATA%\google\phtrc345015.exe %APPDATA%\google\pfysw721318.exe %APPDATA%\google\jxzub5410451.exe %APPDATA%\google\tjwuh601471.exe %APPDATA%\google\sqean9524272.exe %APPDATA%\google\mcscrlp32.dll %APPDATA%\google\jbzey222486.exe %APPDATA%\Gmail\rygwz7313434.exe %APPDATA%\google\runhh6110411.exe
Click the red Moveit! button.
When the tool is finished, it will produce a report for you.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select “Perform Quick Scan”, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

Share and Enjoy:

November 30, 2008 on 9:28 am | In Trojan, Tutorials - HowTo | 100 Comments |

100 Comments »

RSS feed for comments on this post. TrackBack URI

I am following the download instructions to have this removed but it will not allow me to connect to the internet.

Comment by Gina — November 30, 2008 #
Thank you so much! This worked.
MC

Comment by Michael — December 1, 2008 #
Man your a life saver thank you so much

Comment by Bryan — December 1, 2008 #
Thank you, thank you, thank you! It worked perfectly.

Comment by Raj — December 1, 2008 #
Yes, I was pulling my hair out until I can across your webpage. This info/technique saved me big time. Shoot me an email and I will make a paypal donation to you. Again, big big thanks

Comment by ryan — December 2, 2008 #
I tried using the avenger but after I copy and paste the script you posted it gives me an error saying

Error: Invalid script. A valid script must begin with a command directive. Aborting execution!

Comment by Ben — December 3, 2008 #
Ben, script is ok. Just checked it.
Try type the text of the script manually into the Input script box.

Comment by Patrik — December 3, 2008 #
You ROCK Dude! This worked like a charm! MANY Thanks!

Comment by Larry — December 3, 2008 #
Fantastic solution. One detail, though – the name of the files in %UserProfile%\Application Data\Google\ were different for me, and there was a DLL added there as well. But I loaded the files into the Avenger script and all went well. Oddly, McAfee didn’t detect this trojan when I scanned memory and files, but its on-access scanner detected the TDSS files when MBAM scanned them.

Muchas Gracias!!!

Comment by Sam — December 3, 2008 #
I’m still getting the same error

Comment by Ben — December 3, 2008 #
Ben, please read these instructions.

Comment by Patrik — December 3, 2008 #
Worked great! Thanks for your help.

Comment by Jana — December 3, 2008 #
I am trying to get rid of the spyware.ISpynow fake alert, but when I go into my non plug and play drivers the TDSSserv.sys is not listed!!! What next?
all scans come up empty…help
Thanks Scott

Comment by Scott — December 3, 2008 #
Scott, probably you infected with a new version of fake security alert trojan. Please follow these instructions.

Comment by Patrik — December 3, 2008 #
Thanks for trying to help patrick…I tried to create an acct at Myantispyware but it will not send me the email to authenicate my acct…another dead end…sigh..maybe you guys can send methe email so I can open my acct?

Comment by Scott — December 3, 2008 #
Hello again…i need the email sent to me so I can open my acct with you guys …
thanks

Comment by Scott — December 3, 2008 #
Amazing thank you so much

Comment by Mitch — December 3, 2008 #
Scott, try another email address.

Comment by Patrik — December 3, 2008 #
These instructions did not work for me. When I run Avenger with that script, it says it can’t find the files. Malwarebytes is also not picking anything up, but I still get the Spyware.ISpynow popup and it’s preventing practically everything on my computer from working.

SpyHunter was able to successfully find the file where Malwarebytes failed, but requires registration to remove it and I can’t open the internet to do it nor do I really want to pay 29.95 to get this ridiculous malware removed. Any help would be appreciated.

Aaron

Comment by Aaron — December 3, 2008 #
Malwarebytes gave me the following error about 10 times throughout the full scan: Error Code 731 (0,9)

It’s still coming back with 0 infections.

Comment by Aaron — December 3, 2008 #
A visiting friend got this on my computer trying to watch videos. Followed the instructions and it worked. I noticed the avenger program wasn’t successful in efforts to …

Comment by Bruce — December 3, 2008 #
Well it didn’t work after all: I thought it was fine, so I reloaded Firefox and it still pops up and won’t let me keep Firefox running. Guess I’ll run a full scan with your software to see if it removes it.. or should I rerun the job above , again??

Comment by Bruce — December 3, 2008 #
Aaron and Bruce, please follow these instructions.

Comment by Patrik — December 3, 2008 #
I followed the instructions but I get errors like this:
Error: file ‘c:\WINDOWS\system32\drivers\scvhost.exe’ not found! after rebooting from running avenger. I started a malwarebytes scan before coming across this site and it deleted some files. would this affect the process?

Comment by Gine — December 4, 2008 #
Gine,

Error: file ‘c:\WINDOWS\system32\drivers\scvhost.exe’ not found!

Its not problem.
If you are still having problems with your computer, then read and follow these instructions.

Comment by Patrik — December 4, 2008 #
I found the last file item on my system last night and changed the avenger prgram to cover that one listed %UserProfile%\Application Data\Google\xtgoj6119471.exe which seems to have solved it for now…thanks for this site..

Comment by Bruce — December 4, 2008 #
Hi,
I am also infected with spyware.iSpynow.As per ur instruction when i rightclick Mycomputer>Hardware>Devicemanager>View…Show hidden devices…but i couldnt find TDSSserv.sys.This malware is disabling realtime protection of my Bit Defender Internet security..When i go my computer and tries to open it shows only c drive and message pop up to use sharing folder,you need to sign in window live messenger..then if i click ok then it shows all drives and folders.btw i am using Acer Aspire 5100 notebook..please help..

Comment by Hunter — December 4, 2008 #
Hunter, please follow these instructions. Myantispyware team will help you.

Comment by Patrik — December 4, 2008 #
Thanks for speedy reply Prateek..i tried to register..but i havent recevied confirmation email on my email…so i couldnt login
Help Please

Comment by Hunter — December 4, 2008 #
Hunter, email with login information was sent. But if you have not received the email, please register again using another email, use gmail.com for example.

Comment by Patrik — December 4, 2008 #
I also have this same problem
Unfortunately, it is hard for me to follow the directions because my computer’s language is in korean.

I cannot find the ‘Hardware Tab’ and neither the ‘Device Manager’
Is there any other way I can find either of those?

Please help.
Or at least descriptions on how the two things look?

Comment by Alice — December 4, 2008 #
This infection was a total pain. I checked several forums before I found this and everyone was saying reformat. I’m glad I found this.
2 things, per the instructions, when you run Moveit and paste the code into the box, there are a couple of different options. I used the …

Comment by Dana — December 5, 2008 #
Think my last post got cut off. Continuing:
…couple of different options. I used the Move It button, which after about 10 seconds the program stopped responding. The trojan appears to be gone, but I wanted to be sure this wasn’t anythign to worry about, or it’s the norm for MoveIt to behave like that.
Thanks.

Comment by Dana — December 5, 2008 #
Alica, i don`t know korean language. But you can use the way for removing trojan TDSServ.

Comment by Patrik — December 5, 2008 #
Dana, i can checkup youp PC. Read and follow these steps.

Comment by Patrik — December 5, 2008 #
I have very similar problem but instaed of Spyware.ISpynow it says Sinowal.Trojan. Will the same procedure work for me?

Comment by Natasha — December 5, 2008 #
Excellent post, it worked perfectly, even without the TDSServ.sys being in the device manager.

Do the rest of the instructions, and it works. Thanks again, very very well done.

Comment by JJ — December 5, 2008 #
Thanks for your reply, Patrik.
However, does ‘removing trojan TDSServ’ has got to do with Spyware.Ispynow?

Comment by Alice — December 5, 2008 #
After removing TDSServ trojan, complete the remaining steps of current instruction.

Comment by Patrik — December 5, 2008 #
Natasha, please read and follow these steps.

Comment by Patrik — December 5, 2008 #
Even though I couldn\’t find TDSSserv.sys on my system I was able to eliminate this virus from my system using the remainder of the instructions. Thanks!

Comment by Dan — December 6, 2008 #
This worked! I tried other suggestions but none of them worked. Thanks so much.

Comment by Curt — December 7, 2008 #
You are the King! This issue has been such a pain, but these steps resolved the problem. Thanks!

Comment by Kevin — December 8, 2008 #
attempting to remove fake security center alert. There is no TDSSserv.sys. apparent. There is however serial with ! surrounded by yellow. What is the significance if that icon? Should that be disabled?
Thanks

Comment by Barry Myers — December 8, 2008 #
There is however serial with ! surrounded by yellow.

These are devices which work with errors and have been disabled.
Myers, please read and follow these steps.

Comment by Patrik — December 8, 2008 #
Thank you so much. Normally I would not have spent so much time with so infected a computer I had, but it was my dad’s and I took it as a challenge. Thanks so much. Never used OTmoveIt3 before. Lifesave for sure.

Comment by Tim Mann — December 10, 2008 #
Worked perfectly…Thanks so much!!!

Comment by Dick — December 11, 2008 #
When I right-click the My Computer icon, there’s no “hardware tab”, I’ve never seen tabs when right-clicking icons so don’t know what that means. Also can’t download fixes on that computer since virus shuts down browsers. Help?

Comment by Lacy — December 12, 2008 #
Lacy, right click the My computer icon, click Properties and after that click Hardware Tab.

Comment by Patrik — December 13, 2008 #
got rid of my xtgoj6119471.exe problem!!! I tried every antivirus program under the sun combined, and it still didn’t do the job of what you instructed. The OTMoveIt program didn’t work for me so well, but the Malwarebytes software did what AVG, McAfee, Spybot S&D, Avira, and AdAware could not. Thank you masked stranger.

Frank.

Comment by Frank Sinatra — December 14, 2008 #
Is sinowal.trojan the security alert for the defender site? Also, what do you think of F-secure online scanner, will it remove this trojan?

Comment by Stacey — December 14, 2008 #
Stacey, probably yes, but there is no 100% of a guarantee. Please read and follow these steps.

Comment by Patrik — December 15, 2008 #
THANKS ! I had been going nuts trying to figure out what was wrong with my computer, and just how to fix it! I was just getting ready to reformat (had made my backups) ,when I found this post. Thanks to you I do not have to do this ! You just made this old man very happy! Hope you have a Merry Christmas and God bless ! tnshadows

Comment by tnshadows — December 17, 2008 #
Thank you, thank you, thank you, worked great. I bought some other spyware remover that did not work but this free Malwarebytes anti-malware solved my problem with the system security bug

Comment by Joe — December 27, 2008 #
Thanks this solution worked great and no more annoying warnings geat solution

Comment by Avion — December 29, 2008 #
I tried the above and it didn’t work so I downloaded Highjackthis and did what you said and posted it on the website you have been telling people to go to.

Comment by Cory — January 7, 2009 #
didnt find the TDSSserv.sys driver but still worked like a charm. mil gracias compa

Comment by robie — January 17, 2009 #
OTMoveIt3 continues to lock up no me. I can get about 8 lines into the results and it quits running.
Any ideas?

Comment by Ian — January 20, 2009 #
Sorry for my last post. I read further and will attach a HiJack log on the other page. Thanks in advance.

Comment by Ian — January 20, 2009 #
Thanks so much! This worked perfectly.

Comment by Andy — January 21, 2009 #
THANK YOU! that stupid pop-up was driving me crazy!!!!

Comment by Marie — January 21, 2009 #
I ran hijack this and don’t know what to delete. Should I delete the 020 messages..Winlogon?

Comment by Cindy — January 29, 2009 #
Cindy, please read and follow these steps. I will help you.

Comment by Patrik — January 29, 2009 #
I apparently have that message that Windows Firewall has blocked some features of this program.

Do I want to block this suspicious software?

Name: Win32.Zafi.B

Yes, it only gave me the choice to Enable Protection, BUT, I did not do that.

First I ran a FULL Scan of my Norton Virus/spyware Internet Security 2008 and removed all my tracking cookies and it said I had no viruses or spyware.

Then I went to look up on the internet this specific problem and found your site here.

I have NOT Enabled Protection so I’m figuring by what you’ve said on this site I have not been tricked into purchasing the Perfect Defender 2009. But, how do I stop this message from coming up again, or do I need to worry about it, or how do I stop this message from happening.

Do I still have to try to remove it? Will it still be collecting info from my computer if I have not been tricked into purchasing the Perfect Defender 2009?

Reading through your removal coding has me seriously lost as I am not that savvy with computers.

Can you help?

Thanks in advance!

Comment by shari — January 30, 2009 #
shari, if these instructions above do not help you, then follow these steps.

Comment by Patrik — January 30, 2009 #
Help.

After clicking “show hidden devices”, I do not have a driver called TDSSserv.sys.

What do I do?

On another note, I tried manually altering the registry, and I fear I may have done something wrong. Spyware Doctor had found a problem with the key called Punnet, or Pundet so I removed it. Is it possible I did something harmful? The computer will no longer boot properly and I am forced to use safe mode.

Please advise.

Comment by dan — January 31, 2009 #
Dan, probably a few system files are damaged. Please follow these steps. I will check your computer configuration.

Comment by Patrik — February 1, 2009 #
Many thanks!

I had bought the PC Tools Spyware Doctor but it did not remove this infection.

After looking at this page I downloaded the Malwarebytes’ Anti-Malware for free and it cleared the problem automatically.

Comment by Stephen — February 1, 2009 #
Hi, I’m trying to follow the steps, but my computer keeps on shutting down before I can finish. Is this part of the virus? I’ve already posted my hijackthis log; it was run while I was in safe mode. Thanks in advance for your help.

Comment by joe — February 1, 2009 #
I had this happen to me yesterday and found it very frustrating anyhow it was pretty simple to fix after finding the right info

Removal (For XP, the directories may be different for other OS’s, so you might have to do some digging if you’re not on XP)

1. Go to C:\Documents and Settings\Application Data\Google

2. In there you should see two files, one an .exe and the other a .dll. The actual filenames are randomly generated I believe
(mine were called ocboo1892823.exe and sysspc.dll, for example). Depending on whether you have any genuine Google apps such as Google Earth or Google Toolbar installed you might also have a couple of sub-directories in there as well, but you can ignore those. We’re concentrating on those two rogue .exe and .dll files.

3. Since the process is currently runnning on your machine, Windows probably won’t let you delete the files, so you need to write down the names (you’ll need this in a minute as well) reboot in Safe Mode (or Safe Mode Command Prompt if you’re paranoid like me , navigate to the aforementioned folder and delete those two files, the .exe and the .dll. Quit safe mode and reboot into normal Windows again. ( to start in safe mode restart computer and keep pressing f8)

4. Go to Start> Run> regedit to open the Registry Editor. In the Registry Editor, go to Edit > Find and search for the filename of the malicious .exe file you just deleted (this is why you just wrote them down). You can safely delete any registry key that refers to it. Don’t forget to press F3 to keep searching after you delete each instance, until you get the message

Comment by eldon — February 2, 2009 #
I used both malwarebytes and highjack this programs and now i got no sound and wen i shut down my pc i get the blue screen can anybody help me

Comment by aleron — February 6, 2009 #
The original instructions didn’t work for me but deleting the file from Application Data/google did the trick. Many thanks to eldon.

Comment by alex — February 6, 2009 #
aleron, please follow these steps.

Comment by Patrik — February 6, 2009 #
Hi i cant find TDSSserv.sys in my list of non plug and play drivers.. it doesnt appear to be there?

Comment by chris — February 9, 2009 #
Chris skip the step. Go to “Please download OTmoveIt3…”

Comment by Patrik — February 9, 2009 #
This has worked perfectly! Thank you.

Comment by Krösi — February 10, 2009 #
I can not find the device manager.

Comment by andee — February 10, 2009 #
yea try this it really works!!

Comment by Isra — February 11, 2009 #
I have got problem with the sound devide, it said:
“Any device sound was find”
My report of hijackthis
…

Sorry for the double post.

Comment by Ivan — February 11, 2009 #
Thank you very much !! Worked Great

Comment by Richard — February 11, 2009 #
Ivan, please follow these steps.

Comment by Patrik — February 12, 2009 #
patrik, stfu up. yea lets go through countless steps of joining a forum, installing programs and spending hours, maybe days following instructions that the majority of todays stupid computer users will find too difficult. after all if you can’t punch some random keys and click your mouse two times, it’s too hard for them.

took less than 2 mins to use eldon’s solution to clear the problem. someone who isn’t technically apt will need longer but that is the bottom line of what you do to remove this as of feb ’09. don’t forget your malwarebytes scan afterward.

Comment by pleasefollowtheseinstructionss — February 12, 2009 #
Sorry…but Help! I’m not good with hardware/technical aspect. I have this same problem! Win32.Zafi.B!! Browsed peoples questions and answers here…I can’t seem to follow through, can someone help me?
(I’m kinda dumb with computers >_<)

Thank you for your time!

Comment by Andrew — February 25, 2009 #
Andrew, please follow these steps.

Comment by Patrik — February 25, 2009 #
Thankyou very much Eldon!! Your instructions worked great.

Many thanks!!!

Comment by Chris — February 27, 2009 #
I got this trojan and when done properly it is very simple to remove. Start up in safe-mode (to do this reboot and tap f8 repeatedly). Then click on start, click my computer, click c:, at the top of the page in the c: bar type C:\documents and settings\application data\google.
Hit enter. Now delete: sxkzw965566 and, or kzjna1562565 and .dll files. Done

Comment by Brad — May 4, 2009 #
I did everything you said, except when it came to the Malwarebytes Anti Malware installation. I downloaded Mbam-setup.exe, but when I try opening it, nothing happens! The installation doesn’t open or anything. I tried double clicking on it, which did nothing. I left clicked, then clicked run, I even went to task manager and clicked on ‘New task’ to open it! And yet, still nothing happens! And the task bar balloons and alerts are still there! Please help me!

Comment by John — July 23, 2009 #
John, looks like your computer also infected with trojan that blocks Malwarebytes` Anti-malware. Ask for help at our forum.

Comment by Patrik — July 24, 2009 #
Everything worked until installed malware bytes anti malware after i installed it i double clicked it to run but it never launched, i keep doing it and doint it, still no run, ive tried reinstalling but still no run, some one please help me.

Comment by Alyson — August 10, 2009 #
Alyson, looks like your computer infected with a new version of the malware. Try to run MalwareBytes in the Safe mode or ask for help at Spyware removal forum.

Comment by Patrik — August 12, 2009 #
Thanks a lot , it worked.

Comment by raj — October 26, 2009 #
Worked like a charm, thanks!

Comment by HelpedMe — November 8, 2009 #
Awesome! Thanks so much! Worked perfect!

Comment by Bob — December 2, 2009 #
Thank you for posting this! You are a lifesaver.

Comment by Sarah — December 8, 2009 #
The free version of the Malwarebytes software (http://www.malwarebytes.org/) as suggested a few times above totally worked for me. Did a full system scan and it found/stopped the fake Security Center Alerts and it found and removed 9 other malicious things (software, registry entries, etc.). So I suggest the Malwarebytes route because it’s much safer for newbies in that it doesn’t require ANY technical knowledge or reg edits or anything. And NO, I am in no way affiliated with Malwarebytes. I’m just glad it got rid of the problem and then some. I guess it didn’t win a CNet award for nothing.

Comment by kevin — December 15, 2009 #
Many thanks!! Worked for me.
JB

Comment by JB — December 19, 2009 #
WOW! Thank you so much this worked perfect! I did have to scan twice the first time my computer shut itself down. Your are the greatest thanks for the help!

Comment by Heather — December 31, 2009 #
thank you so much… it really helped me a lot and totally worked!!!!

Comment by bened — January 16, 2010 #
I have the exact same problems except my laptop is not letting me click on anything. I could not even get online with my infected laptop much less download the HIjack file. So i downloaded it off my noninfected computer and tried to install it on my laptop, it would not even launch. Same goes for the malwarebyte. System restore also does not work. I have also tried this in safe mode which also did not let me double click the icon to launch the programs. I appreciate any help. thanks

Comment by Linh — January 23, 2010 #
Linh, ask for help in our Spyware removal forum.

Comment by Patrik — January 24, 2010 #