TrustNinja Antispyware - I know its fake but how do I get rid of it?

So I cant find anything online about this piece of "software." Its on one of my user's computer and I cant get rid of it. Ive tried lavasoft's adaware, malware bytes antimalware, and spybot. I am currently trying to get rid of it using bit defender.

Any ideas?

spyware

commradepolski

Posted 2009-08-25T00:07:51.540

Reputation: 369

Answers

I was able to finally remove it using smitfraudfix. Great little tool.

commradepolski

Posted 2009-08-25T00:07:51.540

Reputation: 369

+1 for returning and letting us know how you removed it. – The How-To Geek – 2009-08-25T04:43:13.597

Some of the latest spyware install as rootkits and can be quite a challenge to remove completely. They can usually be discovered in the \windows\system32\drivers directory as DLLs and SYS files. From there you can use a combination of WhatsRunning, Killbox, Autoruns, etc to try to surgically remove it yourself. Failing that, grab a clean copy of Combofix and let it go to town. Like Smitfraudfix, it's a great little tool and once that all techs should have on a write-protected USB stick.

user8095

Posted 2009-08-25T00:07:51.540

Reputation: 575

Never heard of it.

Personally, if this was me, I would download Process Explorer and Auto Runs.

Boot in to safe mode and use your usual tools you listed above, I am a fan of spybot - never used Malware bytes but I have heard good things.... I am assuming that your initial scan found items but the virus "regrouped"! or basically was impervious and renamed / restarted itself. If it was never found in the first place, skip to the next step.

Go in to safe mode and launch Process Explorer, make sure there is nothing running that you don't know what it is, hover over services (such as lsass.exe, svchost.exe e.t.c.) and make sure that they are not hiding services that you do not recognise / part of windows. If they do, pause the service (killing can launch another process if it has been detected to stop, where as pausing stops it in it's tracks)

Then run auto runs and go through each tab and basically kill everything that you think is suspicious.

This will not delete the virus, but it has great success in stopping it from being run.

William Hilsum

Posted 2009-08-25T00:07:51.540

Reputation: 111 572

You can also try Sunbelt CounterSpy.

Scott Dorman

Posted 2009-08-25T00:07:51.540

Reputation: 201