Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

"System Protect" spyware

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
psieben04
Newbie


Joined: 07 Feb 2009
Last Visit: 07 Feb 2009
Posts: 1

PostPosted: Sat Feb 07, 2009 5:33 pm    Post subject: "System Protect" spyware Reply with quote

Hi,
I am having a problem with this "System Protect" spyware.
It attached itself this afternoon. I downloaded Malawarebytes anti-malware. It detected 3 rogue system protect entries. I deleted all three and re-booted my computer.
The minute it came up, the System Protect ran again.
Need some help

Thanks
Paul
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sat Feb 07, 2009 7:44 pm    Post subject: Reply with quote

Hi Paul,

Welcome to the forum. Please read this post and follow the instructions for posting a HijackThis log.

http://www.spywarewarrior.com/viewtopic.php?t=25477

A helper will review the log and advise you on what to do. Evidently MalwareBytes did not all the infection.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Tarq57
Warrior


Joined: 13 Apr 2007
Last Visit: 09 Apr 2011
Posts: 105
Location: NewZealand

PostPosted: Tue Feb 10, 2009 3:13 pm    Post subject: Reply with quote

This isn't the same System Protect http://www.system-protect.com/ that is produced by Crawler, is it?
(If so, it can be removed using "add/remove programs" via the control panel.)
(And if so, I'd not recommend its use. It can and has prevented a lot of legitimate file modifications, including, in my case, a windows update.)
If not, you can probably pretty much disregard this post.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Tue Feb 10, 2009 6:16 pm    Post subject: Reply with quote

Tarq57,

Maybe that is what the OP is referring to. I was thinking of a rogue app with a similar name.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
battlespyware
Newbie


Joined: 12 Feb 2009
Last Visit: 17 Feb 2009
Posts: 4

PostPosted: Thu Feb 12, 2009 4:23 pm    Post subject: Reply with quote

Hey Paul...

it would be a bummer if it was a new piece of malware. If you are interested I created a video tutorial on how to remove spyware for free.

I used spybot, malwarebytes and ccleaner.

If you have any specific issues removing that software I'd love to hear about it.

Chaz.[/url]
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Sep 2014
Posts: 851
Location: Tyne & Wear, UK

PostPosted: Thu Feb 12, 2009 5:27 pm    Post subject: Reply with quote

.... and you are? (your website claims you've been "on the front lines of the war on spyware & viruses since 2000.", but I've certainly not heard of you or your website)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Thu Feb 12, 2009 6:54 pm    Post subject: Reply with quote

MysteryFCM wrote:
.... and you are? (your website claims you've been "on the front lines of the war on spyware & viruses since 2000.", but I've certainly not heard of you or your website)

I remember seeing the handle 'ihatespyware' for many years. I think I may have seen it going all the way back to the VOP/LS days. However, I don't know him personally nor do I know of any affiliations within the inner community. He is part of the general membership @ ASAP; http://forums.maddoktor2.com/index.php?showuser=6130 Perhaps, this user will care to introduce himself in a manner where folks wont be suspicious of his motives.

As for his site, it appears to be a new and rather stark offering so far. While I take no issue with his site, IMO, user's would be better advised looking for help and info in more substantial, specialized, & accredited offerings.
==============

Registrant:
Charles *******
********
Deerfield Beach, Florida 33442
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: BATTLESPYWARE.COM
Created on: 29-Jan-09
Expires on: 29-Jan-14
Last Updated on: 29-Jan-09

Administrative Contact:
*****, Charles ****@aol.com
**********
Deerfield Beach, Florida 33442
United States
(561) ***-****

Technical Contact:
*****, Charles ****@aol.com
**********
Deerfield Beach, Florida 33442
United States
(561) ***-****

Domain servers in listed order:
NS23.DOMAINCONTROL.COM
NS24.DOMAINCONTROL.COM


Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited

02/12/09 20:13:28 dig battlespyware.com @ NS23.DOMAINCONTROL.COM
Dig battlespyware.com@NS23.DOMAINCONTROL.COM (216.69.185.12) ...
Authoritative Answer
Query for battlespyware.com type=255 class=1
battlespyware.com SOA (Zone of Authority)
Primary NS: ns23.domaincontrol.com
Responsible person: dns@jomax.net
serial:2009012900
refresh:28800s (8 hours)
retry:7200s (2 hours)
expire:604800s (7 days)
minimum-ttl:86400s (24 hours)
battlespyware.com A (Address) 173.9.131.179
battlespyware.com MX (Mail Exchanger) Priority: 0 mail.battlespyware.com
battlespyware.com NS (Nameserver) ns23.domaincontrol.com
battlespyware.com NS (Nameserver) ns24.domaincontrol.com
mail.battlespyware.com CNAME (Canonical Name) mail.t2yd.com

t2yd.com; Tech to Your Door TECH-TO-YOUR-DOOR (NET-173-9-131-176-1)
173.9.131.176 - 173.9.131.183
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Sep 2014
Posts: 851
Location: Tyne & Wear, UK

PostPosted: Thu Feb 12, 2009 7:05 pm    Post subject: Reply with quote

Cheers mikey Smile
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Thu Feb 12, 2009 11:20 pm    Post subject: Reply with quote

It would appear this same user is posting to newsgroup alt.privacy.spyware under the name of chaz.

http://groups.google.com/group/alt.privacy.spyware/browse_thread/thread/5ade329390e09287#

Mikey wrote:
Quote:
As for his site, it appears to be a new and rather stark offering so far. While I take no issue with his site, IMO, user's would be better advised looking for help and info in more substantial, specialized, & accredited offerings.

Indeed.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Fri Feb 13, 2009 3:41 pm    Post subject: Reply with quote

suzi wrote:
It would appear this same user is posting to newsgroup alt.privacy.spyware under the name of chaz.



Well, since it is his first post here and he has yet to return to it, maybe MFCM's instincts were on the right track. Perhaps he is simply pitching his site via forum spam.

If so, that would be a very sad and counter productive venture since his efforts will surely be recognized as such at any prominent site.

Oh well...
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Fri Feb 13, 2009 7:07 pm    Post subject: Reply with quote

It looks like he is making the rounds.

http://www.google.com/search?hl=en&q=battlespyware.com
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Sep 2014
Posts: 851
Location: Tyne & Wear, UK

PostPosted: Fri Feb 13, 2009 11:36 pm    Post subject: Reply with quote

He did the same at the MBAM forums (I had his post removed from that one)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 14 Aug 2014
Posts: 1073
Location: CenTex

PostPosted: Sat Feb 14, 2009 11:07 am    Post subject: Reply with quote

Please don't remove this section of the thread just yet as I have refed it in the ASAP 'Round Table' forum.

Perhaps someone who knows him will be able to explain the errors of his way.
_________________
-

UbuntuStudio...community supported multi-media development optimization.

-
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Sat Feb 14, 2009 6:14 pm    Post subject: Reply with quote

I wasn't planning to remove his post... yet. I am hoping he will return here and we can discuss his video and website. He gives some advice which I think is misleading and potentially dangerous to users.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
battlespyware
Newbie


Joined: 12 Feb 2009
Last Visit: 17 Feb 2009
Posts: 4

PostPosted: Mon Feb 16, 2009 4:27 pm    Post subject: Reply with quote

Hey Suzi, Mikey, Mystery:

Sorry for not responding faster.

I am have been an on-call IT guy in south florida for the past 10 years. Specifically, I deal with Exchange more than any other specific software.

I support end users on a constant basis. This is where I get my exposure to malware, spyware, etc. Over the years I have seen spyware become more and more prevalent.

The intent of my post earlier was to help.

I created [url]battlespyware.com[/url] recently, with the intent on documenting the methods in which I have used to remove spyware.

I recorded a video of how I removed spyware from a computer with the notion of helping someone else. I can only physically fix so many computers in a day. Posting advice on the internet seemed like a good way to help more people.

Yes, I have also posted similar information on other forums. I posted my opinion when it seemed like I had something relevant to contribute.

I use forums when I need help or when I can give it. Isn't that why we are all here?

Sincerely,

Chaz.
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Sep 2014
Posts: 851
Location: Tyne & Wear, UK

PostPosted: Mon Feb 16, 2009 4:36 pm    Post subject: Reply with quote

Thanks for responding.

First and foremost, almost all malware removal forums have rules - the first of which is that you must be a trained helper to give advice concerning the removal of malware. This forum is one of those.

Secondly, the only advice I have seen you post, is to go to your website - this behaviour is normally considered spamming. This is especially true when it is done without the permission of the forum owner and/or when you are new to the forums yourself.

Thirdly, several respected individuals in the malware removal field consider your advice to be both misleading and potentially dangerous.

If you do indeed wish to help, then my first suggestion is to ditch the videos on your website until you have at least been through the malware removal training schools. For information on how to do such, please see the following;

http://spywarewarrior.com/viewtopic.php?t=1892
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
battlespyware
Newbie


Joined: 12 Feb 2009
Last Visit: 17 Feb 2009
Posts: 4

PostPosted: Mon Feb 16, 2009 5:03 pm    Post subject: Reply with quote

Mystery:

Thanks for taking the time to provide that info. I guess I was a bit too quick to post my opinion and I should have read the rules a bit more.

I will take your advice on the "malware removal training schools"

I will not be seeking to become "helper" on this forum.

I will continue to provide help elsewhere.

As for my advice being misleading and potentially dangerous, I agree. And it is easy to accuse anyone of that. Spyware is dangerous. The video was demonstration and the opinion of one person. It is presented and disclaimed as such.

If you want to be more specific as to what you would have done in that particular situation, I invite the discussion.

There is no one size fits all when removing spyware. What works on one computer will not work on all computers. The methods and tools used today are not the same we will be using tomorrow.

Thanks again for the info... and next time I will be more prudent on reading the rules.

Chaz.
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Nov 2014
Posts: 10335
Location: at the beach

PostPosted: Mon Feb 16, 2009 7:27 pm    Post subject: Reply with quote

Hi Chaz,

I'm glad you came back to post. There are two things in your video which are misleading and potentially dangerous, IMO. You say MalwareBytes and Spybot can remove nearly all malware on the internet. That is so far from the truth it scares me that you would say that. Or maybe you said spyware, I'm not sure. Either way, it's not true. If you take a look in our HijackThis logs forum, you can see all the users who've been infected with malware that cannot be removed with any anti-malware program, not even the best AVs on the market. Spyware not is not what it used to be when we were talking about adware like Claria, Zango, even DirectRevenue. We're seeing malware hidden by rootkits, malware that steals passwords, and worse stuff like Virut that infects all PE files, html files, etc. on a PC, worms like Conficker that spread by USB drives and is extremelty difficult to remove. Folks in the community have developed specialized tools to diagnose and remove this stuff because there is no anti-malware app or apps that can remove all of it.

Telling users to look up the entries in a HijackThis log and remove what they think is bad is very dangerous because of the potential to render the PC useless if someone doesn't know that they are doing.

I can appreciate your good intentions to help folks, however. If you want to read some of the HijackThis log threads here and see what the helpers do, it might be educational, and you can see what we deal with on a daily basis.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
battlespyware
Newbie


Joined: 12 Feb 2009
Last Visit: 17 Feb 2009
Posts: 4

PostPosted: Tue Feb 17, 2009 5:50 am    Post subject: Reply with quote

Suzi:

Thanks for your post.

I agree with you completely. I did say "MBAM and SB can remove almost everything you can get infected with on the internet". That is an over generalization which is not accurate. My point was to promote the usage of SD and MBAM as I feel they are relatively safe to use in comparison to your HJT, Combofix, SDfix, etc.

As far as HiJactThis I agree with you also. In the video I disclaim how dangerous it is. I suggest using HJT it to check how good MBAM and SD did. When I removed certain hosts files I specifically said don't remove anything unless you are absolutely sure and suggested any uncertainty to be directed to a forum like this one.

I will go and re-dub that tutorial to make it better. I will be making another tutorial in the near future. I will make sure that I don't state anything misleading and make sure all disclaimers are a bit more pronounced.

I absolutely appreciate the feedback. I was actually hoping for it.

Sincerely,

Chaz.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group