Antispy Spider removal

[Felecha]

Anyone seen anything about Antispy Spider? My neighbor calls me for tech support. She opened an email that she shouldna, and it loaded in this monstrous thing that keeps popping up ads and giving her dire warnings, the usual malware stuff. But it also disabled Task Manager and Regedit. Pretty nifty tricks.

I've seen a few sites but I dont know whether to trust THEM in all cases.

I see there is a reg hack I could do that would set
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System - DisableRegedit=0
which looks like it would re-enable regedit.

I know enough to follow instructions, I am comfortable in the Registry, I just dont have a lot of seat of the pants experience, so a reliable steer would really help

 

[law9933]

A HJT log, you said you know the registry, so check this online analyzer (don't trust everything).
Try do do a removal in Safe Mode?

http://www.hijackthis.de/en

 

[Felecha]

so it looks like this HJT thingie will point to the bad files and registry issues, and I hope that would jive with what I have found on websites about AntispySpider as to files and reg. I can then go to safe mode and clean up.

That sounds like a safe approach, and I know how to do it all, just never had any virus or malware on my own systems which i keep fairly well protected.

Thanks

F

 

[Felecha]

I read something else on another topic that made me wonder - what about a System Restore? She has XP. I have never done a System Restore, never needed to. It seems that if we go back to before she opened the email, if that really does turn back the dial in time, then hey, it's fixed. Is System Restore easy and reliable? I'm sure there's nothing since the attack that she would mind losing

 

[mechBgon]

Originally posted by: Felecha
I read something else on another topic that made me wonder - what about a System Restore? She has XP. I have never done a System Restore, never needed to. It seems that if we go back to before she opened the email, if that really does turn back the dial in time, then hey, it's fixed. Is System Restore easy and reliable? I'm sure there's nothing since the attack that she would mind losing

You could give it a try. It won't take super-long, but it also may not solve the problem either.

Personally, I'd just back up her stuff, verify that I've got everything necessary to reinstall Windows from scratch, then nuke the Windows installation to smithereens with DBAN, reinstall Windows and secure it properly this time, which would also involve showing the owner how to use her Admin account when she needs to, and her non-Admin account when she doesn't.

 

[Medea]

It's a rogue program, and it does affect the Task Manager and regedit.

PM me her HJT log and I'll be happy to take you through the steps. I'm surprised that she hasn't experienced one of the symptoms which is that her IE will randomly open pages to Russian sites.