Friend has some sorta spyware...Can I get some assistance removing it?

First off, he got it off facebook somehow. =/

It's called something like "Protection Tool", and it blocks literally, EVERYTHING from executing...I've tried the portable, randomly named edition of SuperAntiSpyware to. I'm getting ready to try thebootable version of SpyBot S&D

It is bootable, so I believe it will work...Is there anything I can do if it doesn't other than formatting it?

 

Windows Defender supposedly works on it as well, but do it in safe mode as was recommended.

 

He doesn't have it installed, so if it requires installing, it's a no-go. =/

He's running XP, which I rarely use, even in a VM, so I looked in control panel, didn't find it...Does XP have it?

 

If any of that other stuff doesn't work, then here's something to try as a last resort:

From what I've read, this thing also screws with router settings so you might want to check and see if that was redirected as well. Your friend seems to have caught a fun one.

 

Just walked all the way back down there and tried it using CTRL+ALT+DEL...I already tried opening task manager by right-clicking the taskbar, and that didn't work...So I tried this, and it didn't work either..
Should I tell him to boot it into safe mode to attempt that?

Also, it did redirect his router, it takes him to a page where it tries to get him to purchase it. -.- Quite fun if you ask me...

 

Is this it

http://www.bleepingcomputer.com/virus-removal/protectingtool

LOL


And read up on something called "RKill",as that will stand you in good stead for the future

LOL

 

The screen shot is awfully similar, but just not it...

 

It probably disabled it in the registry if you can't open it.

http://www.megaupload.com/?d=4820P31Y

^Try this version of malwarebytes. This one requires no installation so that shouldn't be an issue.

Do this stuff in safe mode as well if you're not already.

 

This is an example of rogue shit

http://www.bleepingcomputer.com/virus-removal/remove-avg-antivirus-2011

Notice that things may have to get renamed if the rogue shit blocks them from running eg MBAM and RKill.

 

Will have him try that tomorrow, to late tonight. >.>

The portable edition of SuperAntiSpyware was randomly named upon clicking the download link, yet it wouldn't let it start. =/

 

I only stepped in because depending which malware is involved,a different approach could be needed.

http://www.bleepingcomputer.com/forums/topic308364.html *see post no.3*


And Ryan,why are you mentioning "SAS"-I dont see anyone advising you to use that.Am I wasting my time trying to help you,have you
bothered viewing the links(by one of the top security sites) so that you know what to do if you cant access safe mode,or cannot run MBAM

 

You are not wasting your time, I have thoroughly read each link you've posted.

 

Well

1.It should now be fixed then
2.You now know as much as me in that respect

LOL

 

It would be if I had been over there since I posted this topic, but alas, he's not home today. >.>