HPE Community
Internet Products
1753478 Members
6019 Online
108794 Solutions
New Discussion юеВ

Getting rid of Spyware - Trojan VBS/Psyme

 
Abancay
New Member

тАО02-12-2007 10:50 PM

тАО02-12-2007 10:50 PM

Getting rid of Spyware - Trojan VBS/Psyme

I've scanned my machine countless times with various spyware catchers and antivirus programs but my McAfee tells me I have Trojan VBS/Psyme everytime I startup.

I think I have a similar issue to the one in the following post

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=602732&admit=-682735245+1171365936348+28353475

I therefore thought I would download the recommended programs.

However when I went to unzip HijackThis, I was told by my McAfee that it was infected with a worm and therefore deleted.

Any help in cleaning my system would be greatly appreciated.
0 Kudos
6 REPLIES 6
Jon Finley
Honored Contributor

тАО02-13-2007 06:03 AM

тАО02-13-2007 06:03 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

Try downloading and installing SpySweeper.

http://www.spysweeper.org

If you can download the program from another system, do that, then do the install to the infected system in safe mode (if you do safe mode with network, spysweeper will update all of it's definition prior to the scan).

Jon
"Do or do not. There is no try!" - Yoda
0 Kudos
Abancay
New Member

тАО02-13-2007 06:39 AM

тАО02-13-2007 06:39 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

Thanks for getting back to me

I have already tried SpySweeper on the recommendation of someone else.

I've ran it in Safemode and normal mode, and I'm $30 lighter, but still have the Trojan / Spyware.

0 Kudos
Pat Flanagan
Honored Contributor

тАО02-14-2007 06:33 AM

тАО02-14-2007 06:33 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

McAfee ought to be able to get rid of it (but may not be able to - see below).

For McAfee, see the Removal tab here, and if you're running either XP or ME, be sure to read the link on that page "Additional Windows ME/XP removal considerations".

http://vil.nai.com/vil/content/v_100749.htm

Failing that, you need to know that the various anti-virus/anti-spyware vendors name the viruses they discover themselves. There is no universal naming standard. So while McAfee named it VBS/Psyme, it probably has several other names among the anti-virus/anti-spyware vendors.

Sometimes anti-spyware software will be unable to detect some spyware or if it can detect it, be unable to remove it permanently, because it's installed components that will reinstall it when you've initially removed it, usually when you reboot.

I use Spybot Search & Destroy (which can be downloaded free if you choose not to make a voluntary donation). There are a lot of imitator sites for it that just download more spyware, so if you decide to try it, get it here:

http://www.safer-networking.org/

Read the tutorials, configure and update it, and you can try it.

If it doesn't work, then brief background for the following suggestion: The worst piece of spyware I've ever had to deal with was on a friend's computer. It was Trojan.Vundo (Symantec name). Spybot detected but could not remove it. Norton could detect it but could not remove it. It kept reinstalling itself and killing the machine whenever the owner tried to use the internet. It had a component ddaya.dll that I could not prevent from running at startup no matter what I did. It would just ignore config changes and run anyway.

I spent about 12 hours total on it until I finally found a user-written removal tool at this excellent anti-spyware site, which got rid of it in about 30 seconds:

http://www.castlecops.com/

My suggestion is to google the name "Trojan VBS/Psyme" and try to pick up all the name variations assigned to this pest by the various vendors, then go searching in the forums at CastleCops for removal instructions/tools.

Pat
0 Kudos
Ian Posner
Occasional Advisor

тАО02-27-2007 03:05 AM

тАО02-27-2007 03:05 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

There are some trojans that are very difficult to delete as they spawn secondary processes that open each other should either process be killed. The only way around this is to delete the file on boot before anything else is loaded. If you know the file containing the trojan, then sysinternals.com do a program MoveFile which allows you to specify files to delete on boot.
0 Kudos
Ron Kinner
Honored Contributor

тАО02-27-2007 06:54 AM

тАО02-27-2007 06:54 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

Download hijackthis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

SAVE it to your desktop as Abancay.exe.

Then run it and OK the warning, select the Scan and Log option then post the log here when done.

Ron

0 Kudos
Barry K.
Valued Contributor

тАО03-01-2007 03:26 AM

тАО03-01-2007 03:26 AM

Re: Getting rid of Spyware - Trojan VBS/Psyme

you should try 'spycatcher', it's free and works really well on removing hard to kill items.
www.tenebril.com/, It's worked wonders for me in the past, and did I mention, it's Free.

Barry
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.