Rogue.Antispy - from a newbie.

[nosmiley]

I have used the free Malwarebytes program for years, but never had the need to ask a question. ( or maybe not smart enough to )

The program keeps finding something it lists as Rogue.Antispy and recommends removal.

It will find it again 30 minutes later on a new scan.

Let me provide as best as I can the information:

Rogue.Antispy

Category- Registry key

Item HKLM\software\HT

Going to the location:

It is located on a separate line and not related to , but below : HomePage.HomePage.1

Malware bytes locates it in : htafile

> CLSID

>DEFAULT ICON

>shell

open

command

If I open vendor information, I get sent to " Buy the latest edition of Malwarebytes. Clicking on any of the items below "htafile" doesn't give me anyting I know anything about. It gives a new letter or two on the right hand side of the page.

I'm concerned because the computer doesn't always open the home page ( yahoo ) smoothly. Sometimes it blinks a few times. When I search for ordinary things ( not porn) I frequently get " cannot open this page" Running the diagnostic, doesn't find anything. Going to the alternates windows suggests, finds nothing either.

If I need to change a setting, please advise. The Rogue.Antispy seems to have no problem getting into the computer whenever it chooses.

Give simple directions please. Yeah, I'm a simpleton.

Thank you.

Windows 7, all updates

[Maurice Naggar]

Hello nosmiley.

You had posted into the wrong area. I have moved your topic here in the Malware removal forum.

Do as much as you can of the following

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

I also would like a copy of the last MBAM scan log

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from MBAM.

Use separate replies as needed if logs do not fit into one reply box.

[nosmiley]

Hello Maurice;

Thanks for the information.

I was following your directions and have a new problem. My version of Windows is 32 bit. The download is in 64 bit. The system won't allow it to be installed. I looked around briefly, but didn't see a download that definitely said 32 bit.

I have a license for the 64 bit, and installed it when windows 7 first came out. I had many problems with various compatibilies, due in par t to what seemed like software not being designed for it. I never got to the newer, faster etc experience, so I uninstalled it and went back to 32 bit. At that time the 32 bit on this machine worked much better.

Please advise.

[nosmiley]

I'm speaking of Randoms Systems Information Tool

[Maurice Naggar]

Use this >> link for RSIT <<

[nosmiley]

Hello Maurice;

Thank you for the new link.

Today I went to Filehippo, and let their program look at my computer for needed updates. It listed Adobe Shockwave Flashplayer, CCleaner, Foxit Reader , Java , and Realplayer as needing downloads. I removed my old programs one at a time with Revo Uninstaller, and installed the update after each program was removed. Restarted the computer after installing the above programs.

Next I got an update from Malwarebytes, and ran the full scan. It found no Rogue.Antispy. Nothing else harmful either.

Would anything be accomplished by continuing with our search ? I didn't expect my downloads from File Hippo would correct this, because from what I was able to see, there was no direct connection to these programs.

If you want me to continue, say the word.

I really appreciate your timely emails, and genuine offer of good help.

Best regards.

[Maurice Naggar]

Do a online scan at ESET, and after that, go back and do the steps from the RSIT run and those below, and post all logs for review.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
    

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/u...ine-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log + the RSIT logs + Checkup.txt from Security Check tool

Edited May 14, 2012 by Maurice Naggar

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!