Max Secure Spyware Detector - Frequently Asked Questions

Spyware free software spyware removal anti spyware software free spyware check adware spyware remover anti virus download

Frequently Asked Questions


	Registering Spyware Detector		System Requirements for Spyware Detector

	Purchase Enquiries		How to Use Spyware Detector

	Common Questions About Spyware Detector		Common Spyware Problems

	Spyware Removal and Prevention Tutorials		Error with Live Update

Common Spyware Problems:

If you are getting annoying pop-ups with spystrike/spyaxe

Please do Live Update first then Scan/Quarantine. If problem persists then do the following:
Download SmitRem.exe noahdfear from one of these sites to your Desktop.
http://noahdfear.geekstogo.com/click counter/click.php?id=1
http://www.downloads.subratam.org/smitRem.exe

Now start your PC in safe mode, Double-click the smitRem.exe and it will extract the files to a smitRem folder on your Desktop. Run the batch file. Now, Scan/Quarantine with Spyware Detector.

P.S.: Instructions for going to Safe Mode:
Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

If you are getting annoying pop-ups, it could have after visiting Look2Me.

Download and install the free tool http://www.atribune.org/downloads/l2mfix.exe
Please move the L2MeFix Tool to your Desktop and Double Click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. Double Click l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log. Allow it as much time as it needs to run until NotePad opens with a log. Save this log. You will need to post this log back here later when you come back.

NOTE

Then choose close to terminate the application. Then run l2mfix.bat again and this time select option 5 or see the fixautont.html link in the l2mfix folder to solve this error condition. Do not run the fix portion without fixing this first.
Next Double Click l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please also attach this log to your next message.

Now open your browser and come back here and post the above two logs as attachments to your message. Also indicate your current status.

NOTE: Please do not run any other options or files in the l2mfix Folder!

If you are getting problems with spyware Vundo.

Download and install the free tool http://www.atribune.org/downloads/VundoFix.exe for Vundo spyware removal and follow the instructions.

Please download VundoFix.exe to your desktop. Double-click VundoFix.exe to extract the files. This will create a VundoFix folder on your desktop. After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. Once in safe mode open the VundoFix folder and Double Click on KillVundo.bat You will first be presented with a warning.

It should look like this:

VundoFix V2.15 by Atri
By pressing enter you agrees that you are using this at your own risk
Press enter to continue...
At this point press enter one time.
Next you will see:

Type in the file path as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
Here you will place the exact full filename and path of the infected file as shown on the O2 & O20 entries in HJT that have matching DLL filenames. Please be aware you may have more than one O20 line and some may be valid. Only put the infected full filename path here. This can be done by finding the full filename and path at the end of the "O2 - BHO: MSEvents Object" entry in your HJT log.
For example (yours will be different) if you have the below entries in your log:
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\Fonts\badfile.dll
O20 - Winlogon Notify: badfile - C:\WINDOWS\Fonts\badfile.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
Only the first two are actually related to Virtumunde. The igfxsrvc.dll file is a valid dll. Notice that the badfile.dll appears on both the O2 and O20 lines. This is the problem file you need to enter. So for this example, what you would need to enter into the tool before pressing F6 is the below full filename and path:

C:\WINDOWS\Fonts\badfile.dll
Press Enter to continue with the fix.
Next you will see:

Please type in the second file path as instructed by the forum staff
then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):
Here you will need to place the exact file location with the infected filename spelled backwards and ending with.* For example, if the infected file is C:\WINDOWS\Fonts\badfile.dll you would enter C:\WINDOWS\Fonts\elifdab.* so it will remove ALL files of this infection.
Press Enter to continue with the fix.
The fix will run then HijackThis will open, if it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items and click FIX CHECKED:
Here you will remove the O2 & O20 entries in HJT.
Examples of the O2 & O20 are below...
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\Fonts\badfile.dll
O20 - Winlogon Notify: badfile - C:\WINDOWS\Fonts\badfile.dll.
After you have fixed these items, close Hijackthis.
Press enter to exit the program then manually reboot your computer.
Once your machine reboots please attach a fresh HJT log from normal mode.

Every time I run a scan, the same spyware programs are detected even after I delete them.

We are continuously adding new spyware definitions to destroy them. Some spyware are very persistent.
Scan your PC, quarantine the spywares, click on the Recover button, select all and then click on Delete. Restart your PC, Click on Recover button again and delete all the quarantined spywares. Scan again and click on the Export Worm button and mail us the report with reference to this issue. This will help our Research Team to review issues on your PC and add new spyware definitions and you will be able to access new definitions through live update. You can also provide names of toolbars or popup ads that you see on your PC.

This is most likely caused by a spyware program that recreates it self when deleted such as About:Blank or a spyware program that uses processes that cannot be terminated and deleted during the spyware scan.

Three of the most common solutions are listed below:

--------------------------Solution #1------------------------------

The first step is to reboot your computer into “Safe Mode” This will prevent your computer from loading any non essential programs.

To get into safe mode, reboot your computer and continually hit the F8 key while booting up. You will then be taken to a screen where you can choose to start your computer in safe mode. Once booted up, go to the Add/Remove programs in Control Panel and make sure that there are no strange search toolbars or Programs listed. Remove such types of strange softwares from your PC.

Then run the Spyware scan again and delete all spywares found. Then reboot your computer and see if the problem is resolved or not.

--------------------------Solution #2------------------------------

This could be related to a spyware program called CoolWebSearch, this is one of the most difficult spyware programs to catch because the creators update it so often. Fortunately there is a very simple to use removal tool that is specifically for CoolWebsearch.

You can download it here for free.

http://cwshredder.net/bin/CWShredder.exe

--------------------------Solution #3------------------------------

This could be a variant of About:blank which is a very difficult program to defeat and unfortunately cannot be removed by any single spyware removal program.

What makes this particular spyware so troublesome is that it uses what is called a respawning file. When the spyware files are detected and deleted this respawning file automatically regenerates the spyware problem thus reinfecting your system. It is hard to get rid of because this file could be named something as innocent as abcgh.jpg and would not be detected as spyware. Each time it is recreated, it changes the name of the file.

The best step by step explanation I could find is here:

http://www.bleepingcomputer.com/forums/topict4210.html

Please checkout these resources for more information about the solutions listed above:

Dealing With About:Blank

Using Cwshredder to remove CoolWebSearch and Its Variants

Running A Scan In Safe Mode

If this does not resolve your problem or you are experiencing problems with other Spyware programs, please review the other solutions contained on this page.

I cannot get rid of CoolWebSearch, CWSIE, FastSearch, and FastSearchWeb!

These spyware programs are some of the variants of CoolWebSearch, a notoriously difficult spyware program to remove because new variations are constantly being released. Fortunately there is a removal utility designed to specifically detect and remove many of the CoolWebSearch variants. You can download this utility for free at the link below:
http://cwshredder.net/bin/CWShredder.exe

After I run a spyware scan and delete the spyware infections I still get ATDMT.com when I run another scan.

The entry for ATDMT.com is a simple advertising cookie like you might get visiting any web page. It is not harmful nor does it collect personal or sensitive information. The reason it keeps returning is because cookies are used on almost every web site these days to track advertising costs, save login information so you do not need to login every time you access a page, etc.
It’s good to delete them to keep your system from being clogged up but it will not harm your PC.

My desktop keeps changing to an ad/warning that my system I infected with Spyware the file referenced is c:/windows/web/desktop.html:

--------------------------Solution #1------------------------------
Go to Control Panel >> Display >> Desktop >>Customize Desktop >> WEB>

Under the web pages there will be an entry for the page displaying on your desktop. Highlight and delete this and hopefully you will get your desktop back.

If you are able to delete the entry the real test will to reboot your computer and see if the problem returns.

--------------------------Solution #2------------------------------

Reboot your computer in “Safe Mode”. This will prevent your computer from loading any non essential programs.

To get into safe mode, reboot your computer and continually hit the F8 key while booting up. You will then be taken to a screen where you can choose to start your computer in safe mode. Once booted up go to the add/remove programs control panel and make certain there are no strange search tool bars or program listed and remove any that are found.

Also follow the steps in Solution 1 to ensure no strange pages are set to your desktop.

Then run the Spyware scan again and delete all spywares found. Then reboot your computer and see if the problem was resolved or not.