Ducktoes Spyware Blog

Ms. Ducktoes now has eat her words, and take back what she said about Grisoft’s free AVG 8 in her last blog. AVG has proved to be a real trooper (a State Trooper even or an RCMP Mountie!) against the criminal and fraudulent Ad Agent BN.

This week the malware has been extremely difficutl to get rid of. Ad Agent BN has been one of the worst.

Ad Agent BN was on a client’s computer, along with several other related Trojans. The client, a friendly twenty-something young man named Matt, had somehow gotten this rogue anti-spyware on his computer. At first the rogue program ran fake warning pop-ups on his desktop saying the computer had spyware. But much worse it then locked up the Matt’s Control Panel, Start menu, and Windows Explorer. Also Run and Search were not accessible.

Matt, a student, needed to turn in his assignments. They were not backed up. The computer was going down fast along with Matt’s marks. I took out the hard drive of his computer and connected it to another computer and ran Spy Sweeper, Avira, and Avast! on the mounted disk. They found several viruses and trojan horses. I also ran regedit by mounting the hive of the harddrive and deleted some infected keys. However when I reconnected the hard drive to Matt’s computer, the spyware and viruses were still there. And they were active!!

Ms. Ducktoes, now in a tizzy about Matt’s marks, not to mention his photos and music, had to do something more. Ducktoes to the rescue!

This is what worked. You can do it too:

1. Boot into Safe Mode with Networking. To do this: Restart the computer. Tap the the F8 key several times while the computer boots up. When you get to the screen with several booting options select Safe Mode with Networking.

2. After Windows starts, then download PC Tools Spyware Doctor, purchase, update it, and run the scan.

3. Restart the computer, let it boot into regular mode several times, restart it after each scan as Spyware Doctor recommends.

4. Boot back into Safe Mode with Networking. Download AVG free. Download AVG 8 free for home users.

5. AVG doesn’t update in Safe Mode. So restart the computer into regular mode. Update AVG. Now run Spyware Doctor. While Spyware Doctor is running the Avg Shields will kick into effect and remove the processes. Using the two programs together will get rid of the Ad Agent BN.

I know that the programs during install tell you that it’s not good to have two anti-viruses running at the same time but it worked!!

So I’m now using free AVG 8 again for all my clients.

Let me know–click the Comments link below– if this works for you.

Today I’m removing (from an Acer laptop) a trojan called Win32.Renos. It causes false alerts on the desktop purporting to be from Windows. If you click on the alert, the trojan then downloads a rogue anti-spyware called Win SpyControl, AntiSpy Kit, and Virus Ranger.

The alert looks like this or some other warning:

This is a photo of the alert that Win32 Renos causes to pop-up on your desktop.

The rogue anti-spyware seems to be associated with the Zlob download trojan too and a web address http://www.safestarts.com/test/?c=440785. (Warning, don’t go to that site!!)

I removed it using Spy bot and Spyware Doctor.

Here’s what Microsoft says about this spyware. Microsoft associates Win32.renos with SpySheriff group of rogue anti-spyware products.

Whichever rogue anti-spyware Win32.renos is linked to, they all do the same thing. They attempt to get you to download and pay for bogus anti-spyware that is really spyware itself. This is fraud. It also infests your computer with lots of dangerous spyware.

Ducktoes to the rescue!! Please leave a comment if you have more to add about this problem or any questions.

This is a photo of the alert that Win32 Renos causes to pop-up on your desktop.

I’m excited!! I’ve been reading the article on Spyware in Wikipedia. It’s excellent. If you want in depth knowledge about what malware is and does, read it.

The photo on the page shows a browser overloaded with toolbars. If you have unwanted toolbars on your browser window then that is one indication you have spyware. See here how to get rid of it.
Or if you live in Calgary, Ducktoes can help.

A new rogue anti-spyware has just crested over the cyber-horizon. By rogue anti-spyware, I mean a program that is supposed to get rid of spyware, but is actually spyware and malware itself. SunshineSpy is this decidedly unsunshiny program.

SunshineSpy gives you fake infection warnings and dire security alerts and uses rootkits to hide its dastardly and fraudulent doings from legitimate anti-spyware programs. It preys on the newbie and untrained computer user.

It is surprisingly easy to get rid of, however. Just go to your green start button on the bottom left of your computer screen. From there go to Control Panel and then to: Add and Remove Programs. From the list of programs that will eventually appear find SunshineSpy, and click the button to remove it. Restart your computer.

All anti-spyware is not equal. Many do not remove spyware reliably. Some show false positives and push their products in a high pressure way. A few actually come bundled with spyware or malware. The Spyware Warrior Website has a list of rogue, suspect anti-spyware and websites. Check it out before you purchase and download any anti-spyware.

There are some excellent anti-spyware programs that are free for home users. See other postings in this blog. If you want help, Ducktoes will provide the anti-spyware for your computer(s). We make on-site visits to Calgary area homes and businesses. Call (403)287-0105 or e-mail me.