Results 1 to 12 of 12
  1. #1
    New Lounger
    Join Date
    Sep 2008
    Location
    newcastle-under-lyme, Staffordshire, England
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Excuse me if I get things wrong, I'm a real novice and this is the first time I've tried to post a question. I have some sort of virus (antispywarebot?) spybot calls it, that once spybot has supposedly dealt with it turns up with: startup monitor says antispywarebot has registered the executable etc to run in system startup. I am unable to say no and it won't go away. I am experiencing fake antispyware attacks regularly telling me to download a scan to cure infection. I have run Norton, spybot S and D, and Adaware but can't get rid. Help!

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Welcome to the Lounge!

    AntiSpywareBot is a fake security program, its sole purpose it to try to get you to shell out money.

    Recently, Malwarebytes Anti-Malware has gained a good reputation in removing fake security programs.

    Note: if you have Norton Anti-Virus, I recommend turning off Norton LiveProtect temporarily while running a scan with MalwareBytes Ant--Malware. Don't forget to turn it [s]off[/s] ON immediately afterwards!

    If you prefer to remove it manually, see for example Remove AntispywareBot, removal instructions.

  3. #3
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts
    [quote name='HansV' post='763840' date='06-Mar-2009 06:13']Note: if you have Norton Anti-Virus, I recommend turning off Norton LiveProtect temporarily while running a scan with MalwareBytes Ant--Malware.
    Don't forget to turn it off immediately afterwards![/quote]I'm pretty sure HansV meant to turn it ON immediately afterwards
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    [quote name='rgrosz' post='764055' date='07-Mar-2009 16:21']I'm pretty sure HansV meant to turn it ON immediately afterwards[/quote]
    Oops, of course!
    I'll correct my reply, thanks!

  5. #5
    New Lounger
    Join Date
    Sep 2008
    Location
    newcastle-under-lyme, Staffordshire, England
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='HansV' post='764061' date='07-Mar-2009 16:38']Oops, of course!
    I'll correct my reply, thanks![/quote]
    Thank you Hans for your welcome. Everytime I try and draft a full reply to your suggestions; how I got on etc. this page disappears and I have to start again. I have to give up now. I'm going to try a clean install. The virus seems to thwart everything I try. Even maybe replying to you, or am I going nuts

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    [quote name='sparkle' post='764245' date='09-Mar-2009 00:18']Thank you Hans for your welcome. Everytime I try and draft a full reply to your suggestions; how I got on etc. this page disappears and I have to start again. I have to give up now. I'm going to try a clean install. The virus seems to thwart everything I try. Even maybe replying to you, or am I going nuts[/quote]
    You managed to post that reply!

    If you have a backup of your documents, and if you can reinstall the applications you use, a clean start might be a good idea.

    Make sure to install a good anti-virus/anti-spyware program immediately, and keep it up-to-date.

  7. #7
    New Lounger
    Join Date
    Sep 2008
    Location
    newcastle-under-lyme, Staffordshire, England
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='HansV' post='764246' date='09-Mar-2009 00:24']You managed to post that reply!

    If you have a backup of your documents, and if you can reinstall the applications you use, a clean start might be a good idea.

    Make sure to install a good anti-virus/anti-spyware program immediately, and keep it up-to-date.[/quote]
    \Hans, A new day renewed vigour. I downloaded and ran malwarebytes many times. It finds malware including antispywarebot and incidently "windows security centre is switched off" ( I didn't do it, how might I switch it back on?). As soon as I ask m\bytes to remove antispywarebot, startup monitor tells me that it has registered the executable etc. to run at system startup. It won't let me say no just clicks back on to the screen.
    I downloaded Mlin startup control panel and tried to remove antispywarebot from Hkey it didn't like my trying and came back every time I deleted it or disabled it.
    I tried some of the manual removal procedures but because of my lack of knowledge and inexperience I got bogged down and gave up. I did use Task manager and by referring to a list of the top 25 malicious wot nots on pcpitstop I removed JUSHED.exe and USERINIT.exe but it would not let me remove CSRSS.exe or SMSS.exe maybe I shouldn't have removed any of them but I was getting desperate for a result.

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    [quote name='sparkle' post='764325' date='09-Mar-2009 12:03'][/quote]
    JUSHED.exe, USERINIT.exe, CSRSS.exe and SMSS.exe are unlikely to be malware - the first is the Java update scheduler, and the other three are part of Windows.

    If you have no luck with MalwareBytes or with manual removal procedures, I'd start with a clean slate.

  9. #9
    New Lounger
    Join Date
    Sep 2008
    Location
    newcastle-under-lyme, Staffordshire, England
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hello Hans,

    I just thought I should say thank you for your help and say that I haven't attempted the clean install yet as things have settled down. I am no longer told that I'm infected and even though malwarebytes tells me every time that antispywarebot is there and that it has got rid of it when instructed to do so, it's there next time I scan. I said that I'm a real novice but this little episode has made me a little more familiar with the computer and a little more confident with navigating within it. I hope removing JUSHED.EXE and USERINIT.EXE didn't do any harm. Thanks again

  10. #10
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Deleting JUSCHED.EXE means that you won't be notified of Java updates but you can always use the Java control panel to look for updates.

    I think Windows will have restored USEINIT.EXE automatically by now.

  11. #11
    5 Star Lounger ibe98765's Avatar
    Join Date
    Aug 2001
    Location
    Bay Area, California, USA
    Posts
    966
    Thanks
    19
    Thanked 4 Times in 4 Posts
    [quote name='HansV' post='767610' date='26-Mar-2009 08:05']Deleting JUSCHED.EXE means that you won't be notified of Java updates but you can always use the Java control panel to look for updates.[/quote]

    I always delete that file myself. I subscribe to the FileHippo RSS feed which always lists a new Java release when it becomes available.

  12. #12
    5 Star Lounger PaulB's Avatar
    Join Date
    May 2002
    Location
    Ottawa, Ontario
    Posts
    765
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='ibe98765' post='767919' date='28-Mar-2009 00:38']I always delete that file myself. I subscribe to the FileHippo RSS feed which always lists a new Java release when it becomes available.[/quote]

    In addition to this site, the Secunia Online Software Inspector (OSI) or the much more thorough Secunia Personal Software Inspector (PSI) is also a good resource to have at hand.
    Regards,
    PaulB

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •