[Jonathan_S47]

A piece of spyware that almost impossible to get rid of, and my brother got it in his laptop. We have tired everything from a fix from symnatic to removing it manually in safemode. It still comes back. In safe mode it completely disappears but returns when we boot normally. Has any one here ever been successful in removing this without a format?

[Holmes]

Try Microsoft antispyware: www.microsoft.com/spyware
If that doesn't work take a look at www.spywarewarrior.com

[Liberator]

Try it manually.   Using regedit, delete all the keys that mention this.  Clear out the Temp folder, all the tempory internet folders, as well as delete whatever program installed it in the first place.

[Jonathan_S47]

Got it. When the system shuts down the spyware hides its self. I just hit power and booted to safe mode again.

Edit:   spoke too soon. It’s back.

[Liberator]

Find out who uses it and sue 'em for illegal tracking and...stuff.

[WMCoolmon]

Have you tried Spybot S&D and Adaware?

[Taristin]

Probably something that gets reinstalled on startup. What kind of proggies is he running that launch atomagically?

[Jonathan_S47]

My brothers tried that before they put me to work in it. They got rid of it, but when the computer was restarted it came back. Two chat programs come up right away. Yahoo and MSN.

[Windrunner]

As someone said use the microsoft antispyware. Their program will detect the IST spyware if they use the same antispyware database in their program as the company that they bought the software from.

or you can use www.avast.com antivirus(freeware)  it also detects the  IST spy.

[phatosealpha]

Sounds like a job for hijackthis.  It should at least give you a big lead on how and what it's doing.

[Jonathan_S47]

Sadly we already know what it’s doing. Ad popups….. mostly porn

[mikhael]

Spybot Search and Destroy, Adaware SE, Mike Lin's StartupCPL, and SysInternals PSTools and Process Explorer are just the tools for taking care of spyware.

Try looking to see if you have any BHOs that might be reinstalling the spyware when you run your browser. Also look to see if anything has replaced the normal session initialization binary in the registry.

[phatosealpha]

Originally posted by Jonathan_S47
Sadly we already know what it’s doing. Ad popups….. mostly porn

Not exactly what I meant.  Hijackthis is a very powerful tool that will allow you to see all programs loaded by windows at startup through the registry or whatever, as well as any installed BHOs.  That really sounds like a combo of something snuck into your startup somehow to constantly reinstall itself and a pain in the ass BHO that makes it do all that stuff.

Hijackthis will show you everything, and let you remove even stubbon suckers like that.  Just be careful, since HJT shows everything, including neccessary bits.

[Bobboau]

Hijackthis

the omega of spyware removal

only for those who know what they are doing!

[Jonathan_S47]

I should download it for my home system then.  

Anyway, Microsoft antispyware did the trick. It hasn’t reappeared yet and hopefully never will. Thanks for the help!