• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware removal › Tutorials - HowTo › How to remove AdwarePunisher – rogue anti spyware

How to remove AdwarePunisher – rogue anti spyware

Myantispyware team January 31, 2006     5 Comments    

AdwarePunisher – rogue antispyware (1, 2)
uses flawed, inadequate detection scheme; same app as AdwareBazooka, AdwarePunisher, HitSpy, RemedyAntiSpy, SystemStable, & The SpyGuard.

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: AdwarePunisher

Then using Windows Explorer, delete the following folder: C:\Program Files\AdwarePunisher

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download Killbox and unzip to your desktop.

Next, Download, install, and update the free version of Ewido trojan scanner:

1. When installing, under “Additional Options” uncheck “Install background guard” and “Install scan via context menu”.
2. Run Ewido — When you run it for the first time, you may get a warning “Database could not be found!”. Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display “Update successful”)
5. Exit Ewido. DO NOT scan yet.

If you can`t download Ewido trojan scanner, then please download and run HOSTER.ZIP

unpack the hoster.zip
Press ‘Restore Original Hosts’ and press ‘OK’
Exit Program.

If you do not already have Ad-Aware SE installed, follow these download and setup instructions. Also check for updates.

Again, do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):


R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 – REG:system.ini: Shell=explorer.exe “c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe”
O2 – BHO: winapi32.MyBHO – {B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7} – C:\WINDOWS\System32\winapi32.dll
O4 – HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
O4 – HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 – HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 – HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 – HKLM\..\Run: [Win32.Exploit.A] C:\WINDOWS\system32\exa32.exe

Delete these files: (if can`t remove, then try KillBox)
use your real path to window directory

c:\WINDOWS\loadadv728.exe
c:\WINDOWS\loader138.exe
c:\WINDOWS\SYSTEM32\iasada.dll
c:\WINDOWS\temp.000.exe
c:\WINDOWS\SYSTEM32\intxt.exe
c:\WINDOWS\SYSTEM32\mswinb32.dll
c:\WINDOWS\SYSTEM32\mswinb32.exe
c:\WINDOWS\SYSTEM32\shell386.exe
C:\WINDOWS\System32\winapi32.dll
c:\WINDOWS\is-6QGD9.exe
C:\windows\winsysupd4.exe
C:\windows\winsysban4.exe
c:\windows\myupdates.exe
c:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Next, run Ad-aware and perform a full scan. Remove everything found.

Run Ewido

1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
2. If Ewido finds anything, it will pop up a notification. Please select “clean” and check the boxes “Perform action with all infections” and “Create encrypted backup” before clicking on OK.
3. When the scan finishes, click on “Save Report”. This will create a text file. Make sure you know where to find this file again.

Finally, restart your computer normally.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Malware removal Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

5 Comments

  1. Aaron Gergye
    ― February 2, 2006 - 8:44 pm  Reply

    Removal procedures worked very well, although Hijack This! did not show any of the programs mentioned in the removal procedure. Thanks!

  2. V Gratefull
    ― February 4, 2006 - 2:26 pm  Reply

    Highjack only had 3 of the 9 and could only delete 7 of the 14 files. However it seems to have cured the proble ans I am very grateful to you and your team.

    Many thanks

  3. fix2k
    ― February 5, 2006 - 5:30 am  Reply

    Nice. Got rid of this annoying problem. Thanks a lot!

  4. Jimbo
    ― February 6, 2006 - 2:12 am  Reply

    Thank you for this – spot on – got rid of it.. I think deleting the temp.000.exe file was the fix for me – I had tried a lot of similar things to the above which I found on other sites but none mentioned this particular file and it kept coming back after cleaning….

    Many thanks – very much appreciated…

  5. trinabh
    ― February 10, 2006 - 12:47 pm  Reply

    hey thanks a lot for the solution…it really works…i got rid of the malware as soon as i did what u said..

Leave a Reply Cancel reply




New Guides

Popup Blocker Gold adware
Popup Blocker Gold Chrome extension (Virus removal guide)
Globaldispadvertising.com Click Allow Scam
Globaldispadvertising.com Virus Removal Guide
Tecappcloud.com malicious
Tecappcloud.com pop-up redirect (Virus removal guide)
Mediumhiquality.com I am not a robot Scam
Mediumhiquality.com Virus Removal Guide
Devon Claire Beds 0rder Placed Scam Text
Devon and Claire Beds Scam Text Order Placed Message

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
Malwarebytes won’t install, run or update – How to fix it
Best free malware removal tools
Best Free Malware Removal Tools 2020
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)

Recent Posts

Winamp 5.13 released
Malware Domain List – Updated
First reports of Nyxem damage
ActiveX Blocklist Release 2006-01-30
Winamp Remote Code Execution

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.