One of my employees has some spyware crap called Cleveriehooker
Spybot deletes and fixes it, but every time you reboot, it reloads.
I immunized it with the latest version of Spybot (version 1.3), but it still comes up.
Anyone know how to get rid of this POS spyware?
Thanks.
Tried Spysweeper?
www.webroot.com
PM me if you want a way to download it free....
search out all references to it in your registry... it probably has an install proram that runs when you start your computer, try using "system information" first and uncheck the box for it, if that doesn't work use a program like "Registrar lite" (lite is the free version and does everything I can think of it wanting to...
Couple ideas.
Go to control panel and use add/remove programs.
or
go to the website for it and find an uninstall program.
or
use windows explorer and find it in the programs section and possibly find an uninstall there or delete the entire folder with all it's components. It may have planted a root in the registry which will only be deleted when an uninstall is done.
these things can be pesky basturds but there are ways to get rid of em.
Manual Removal:
Unregister these DLLs with Regsvr32:
systemroot+\jeired.dll
systemroot+\system32\jeired.dll
systemroot+\system32\tvmbho.dll
systemroot+\system\jeired.dll
systemroot+\system\tvmbho.dll
Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\interface\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}
Remove these files (if present) with Windows Explorer:
systemroot+\jeired.dll
systemroot+\system32\jeired.dll
systemroot+\system32\tvmbho.dll
systemroot+\system\jeired.dll
systemroot+\system\tvmbho.dll
got this info from here:
http://www.pestpatrol.com/PestInfo/c/cleveriehooker.asp
as always, no guarantees, don't blame me if it doesn't work!
Andy
disable system restore!!!!!
then do as Andy says...
System restore is the virus writers best pal...
One of the best ways I know to remove a virus or worm, is to find it location, write down the path....
then boot in DOS and do a DEL on it..
after that you can clean up the registry
just turn off system restore
Ok. It's a real prick that involves a multistep process to get rid of. You'll need these tools:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
http://majorgeeks.com/downloadget.php?id=506&file=9&evp=8dbaff7daca8f4b55bf695220993fc0f
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
Download all of these files first. After you have downloaded them, DO NOT open Internet Explorer.
Run CWShredder and have it fix verything it finds.
Run AdAware. Have it download the latest reference file. Then have it scan your system and remove everything it finds.
Run HiJack this. If it shows any Browser Helper Objects (BHOs), remove them. This may remove some things that you wanted, but you can reinstall them later.
Go to your C: drive and remove the TVMedia folder if it exists. (It may be under Progam Files)
Run msconfig. Have the system boot in Diagnostic Startup mode. Reboot.
As the system reboots, don't allow it to run any programs.
Search your system for loader.exe. Delete this cocksucker.
Run msconfig. Have the system boot in Normal mode. Reboot.
Cross your fingers and pray that you got everything.
Damn Paul, even I understood that.
get a mac.
Here is a great step-by-step way to help safeguard your system.
http://www.spywareinfo.com/articles/hijacked/prevent.php
All of the tools that they list are free for the home user. So, there is no reason why you should not protect your PC.
The people that run spywareinfo.com are the "good guys". I've been hanging out there a lot lately and they've been a great help.
Thanks Paul.
Your step-by-step instructions worked. I had to do it twice. One of the difficulties was deleting the TVMedia folder. When you run HijackThis, you also have to delete the HKLMs that reference the TVMedia folder.
Then you can delete TVMedia.
And yes, it WAS one of my employees that did this. I am smarter than this. Needless to say, he knows I am pissed for wasting 3 hours of my time fixing his mess.
Hey Quarl - off topic - when is your Elise supposed to show up??
Fiid.
Elise's are supposed to hit the dealers next month (demo cars). It was supposed to be last week, but there are several parts holding up production.
I am #23 at my dealer. I've already placed my order for colr, interior, and options, but realistically, it will be the end of the year before I see it. I am hoping October or November.
The disinfection procedure Paul gave me only took about 30 minutes to do, it was the 2 1/2 hours I wasted before that trying to figure out how to remove that... (how did Paul so eloquently put it)... uhh... cocksucker! (Been watching a little too much Deadwood on HBO?)
Thanks again!
At the meat locker?
No. Earlier on at the Gem where Wu was trying to explain to Swearengen what had happened by drawing pictures and using the only English word that he knew.
“Glad I taught you that fuckin' word.” —Swearengen, realizing that "cocksucker" wasn't the best word to teach Wu.
Paul Heery,
Give your self a beer! Your links are just what I have been looking for to rescure my constantly hijacked porn machine, er um I mean computer. Worked like a champ!
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)