SpywareNo - I have it too!

Saw a very recent thread from abcguy - I have the same problem.

Adware picked up the spywareno and it keeps coming back. I tried the steps in the read me first sticky thread. I then tried the steps in the spywareno removal thread. When I followed step 8, the only thing that happened was my desktop picture disappeared and my desktop is now blue. I also didnt find any of the items in my hijackthislog so havent deleted anything.

I still can't permanently get rid of the spywareno. what do i do?? please help, i'm pretty clueless about these things.

i attach an adware log and hijackthis log.

thanks

 

Welcome to MajorGeeks.com, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

As I sai in my first post, I did do the README sticky last night. The problem still shows in Adaware when I reboot and run another scan.

I have gone through the README sticky again this morning just to be sure. I could not run the Panda or Bitdefender scans as I have Windows SP2 and I need to install Active X apparently - If you want me to do this then please tell me.

I do have Norton AV 2005 however and a scan shows no threats found. Adaware still finds SPYWARENO.

I'm really annoyed - I dont know much about computers but I have Spybot, Adaware and MS Antispyware and I update and run them twice a week and STILL I get some lowlife infect my PC. I also Immunize with Spybot and regularly run Norton AV (I have Norton Firewall aswell) and CCleaner to keep things clean.

I attach updated Adaware and HJT logs. Please help - I see a couple of other people have this same problem at this moment in time on these boards, so is this a new threat that we cannot get rid of??? I'm pretty worried if it is.

 

Sorry, here are the logs -

 

Yes, you must run the steps below.

 

OK - here are my BitDefender and Panda scan logs. BD ran in safe mode but Panda was run in normal mode as the text was too big in safe mode and it opened in a tiny window which I could not enlarge in order to read properly.

Looks like a few people on these forums have this SPYWARENO problem now , what's going on?

Please let me know what to do next.

Thanks.

 

I should probably point out that at no time have I ever had any problems with my computer - seems like business as usual and everything is running fine, it is just that Adaware keeps saying I have SPYWARENO. This happened right after I updated the definitions last night, then it started detecting SPYWARENO. Perhaps it is a problem with Adaware? A lot of people on these forums are reporting that Adaware is saying they are infected?

Please let me know. Thanks for your help.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

After you complete the above, reboot and run another scan with Ad-Aware and see if it still detects it.

Also be sure you have the current version of Ad-Aware with the current definitions.

 

I'm sorry to say it didn't work.

I did exactly as you said, updated adaware definitions (although no new definitions were available since I updated on friday night) and the SPYWARENO was detected as soon as I ran another scan after reboot.

I attach updated HJT and Adaware logs in case you need them (these were done after I added the fix.reg in your last post)

Please advise what you want me to do - will i ever be able to get rid of this? More people on these forums seem to have this problem now and i'm getting worried.

Many thanks

 

Download and install Registrar Lite

Then run Registrar Lite.

Copy and paste the below into the Address box of registrar lit and hit the Enter key.

HKEY_USERS\S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Then click the Security pull down menu and choose Take Ownership. Click OK in the next window to approve it. Now right click on the registry key and select Delete.

Does this work?

Attach your new Ad-Aware log.

 

Thanks for the quick reply - I'm a bit confused as I managed to download a version that let me take ownership (the authors site has a new version where only the pro version will l et you take ownership) and I did exactly as you requested.

Then about 20 entries appear in the Reglite window all with different alphanumeric names. Do you want me to delet all 20 or so entries that appear or just right click and delete the entry that is in the address box?

thanks

 

Do not delete anything else, only the key the below. After you delete this key, reboot and scan with Ad-Aware again, if it comes back it's a false positive.

HKEY_USERS\S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

 

OK - well, I copied and pasted the entry to the address box, hit enter then ok - then a list of 20 or so entries appears in the box below - none of them have the same number at the end as yours i.e. they all start with:

HKEY_USERS\S-1-5-21-57989841-73586283-725345543-1004\software\microsoft\windows\currentversion\ext\stats\

But none of them end with:

{72267f6a-a6f9-11d0-bc94-00c04fb67863}

So I have not deleted anything.

Not sure if this makes a difference, but I do have Regcleaner and i ran that last night and deleted an entry it said was useless - it was a similar (if not the same) entry as your per your post. Is this why i can no longer find it?

 

Just run Ad-Aware again and see if it picks it up again.

 

I rebooted, ran Adaware again - yes it picked it up again....False positive???

 

If your not having any problems as far as the desktop hijacker and such then yes it's a false positive.

 

No problems so far, so must be a false positive.

Many thanks for all your time and advice!!!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!