OT: CleverieHooker - spyware crap, How to remove??? Options

[Qarl]

One of my employees has some spyware crap called Cleveriehooker

Spybot deletes and fixes it, but every time you reboot, it reloads.

I immunized it with the latest version of Spybot (version 1.3), but it still comes up.

Anyone know how to get rid of this POS spyware?

Thanks.

[Joe Bob]

Tried Spysweeper?

www.webroot.com

PM me if you want a way to download it free....

[tat2dphreak]

search out all references to it in your registry... it probably has an install proram that runs when you start your computer, try using "system information" first and uncheck the box for it, if that doesn't work use a program like "Registrar lite" (lite is the free version and does everything I can think of it wanting to...

[p914]

Couple ideas.
Go to control panel and use add/remove programs.
or
go to the website for it and find an uninstall program.
or
use windows explorer and find it in the programs section and possibly find an uninstall there or delete the entire folder with all it's components. It may have planted a root in the registry which will only be deleted when an uninstall is done.

these things can be pesky basturds but there are ways to get rid of em.

[SirAndy]

Manual Removal:

Unregister these DLLs with Regsvr32:
systemroot+\jeired.dll
systemroot+\system32\jeired.dll
systemroot+\system32\tvmbho.dll
systemroot+\system\jeired.dll
systemroot+\system\tvmbho.dll

Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\interface\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_CLASSES_ROOT\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\clsid\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\classes\typelib\{707e6f76-9ffb-4920-a976-ea101271bc25}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{707e6f76-9ffb-4920-a976-ea101271bc25}

Remove these files (if present) with Windows Explorer:
systemroot+\jeired.dll
systemroot+\system32\jeired.dll
systemroot+\system32\tvmbho.dll
systemroot+\system\jeired.dll
systemroot+\system\tvmbho.dll


got this info from here:
http://www.pestpatrol.com/PestInfo/c/cleve...veriehooker.asp

as always, no guarantees, don't blame me if it doesn't work! (IMG:style_emoticons/default/wink.gif)
Andy

[TimT]

disable system restore!!!!!

then do as Andy says...

System restore is the virus writers best pal...

One of the best ways I know to remove a virus or worm, is to find it location, write down the path....

then boot in DOS and do a DEL on it..

after that you can clean up the registry

just turn off system restore

[Part Pricer]

Ok. It's a real prick that involves a multistep process to get rid of. You'll need these tools:

CWShredder

AdAware 6 Build 181

HijackThis


Download all of these files first. After you have downloaded them, DO NOT open Internet Explorer.

Run CWShredder and have it fix verything it finds.

Run AdAware. Have it download the latest reference file. Then have it scan your system and remove everything it finds.

Run HiJack this. If it shows any Browser Helper Objects (BHOs), remove them. This may remove some things that you wanted, but you can reinstall them later.

Go to your C: drive and remove the TVMedia folder if it exists. (It may be under Progam Files)

Run msconfig. Have the system boot in Diagnostic Startup mode. Reboot.

As the system reboots, don't allow it to run any programs.

Search your system for loader.exe. Delete this cocksucker.

Run msconfig. Have the system boot in Normal mode. Reboot.

Cross your fingers and pray that you got everything.

[TheCabinetmaker]

Damn Paul, even I understood that. (IMG:style_emoticons/default/wacko.gif)

[nebreitling]

get a mac. (IMG:style_emoticons/default/wink.gif)

[Part Pricer]

Here is a great step-by-step way to help safeguard your system.

Prevent Browser Hijacking

All of the tools that they list are free for the home user. So, there is no reason why you should not protect your PC.

The people that run spywareinfo.com are the "good guys". I've been hanging out there a lot lately and they've been a great help.

[lagunero]

get a mac. (IMG:style_emoticons/default/wink.gif)

(IMG:style_emoticons/default/laugh.gif) (IMG:style_emoticons/default/laugh.gif)

[thesey914]

One of my employees .......

yeah right... (IMG:style_emoticons/default/wink.gif) (IMG:style_emoticons/default/biggrin.gif)

[Qarl]

Thanks Paul.

Your step-by-step instructions worked. I had to do it twice. One of the difficulties was deleting the TVMedia folder. When you run HijackThis, you also have to delete the HKLMs that reference the TVMedia folder.

Then you can delete TVMedia.

And yes, it WAS one of my employees that did this. I am smarter than this. Needless to say, he knows I am pissed for wasting 3 hours of my time fixing his mess.

[Part Pricer]

you also have to delete the HKLMs that reference the TVMedia folder.

...wasting 3 hours of my time fixing his mess.

Sorry about that. I knew there was something I forgot.

Three hours to fix it is actually not too bad for your first time. With all of the rebooting and other nonsense that is involved to get rid of this crap, it normally takes at least two hours.

Get a Mac? No thanks. They are less prone to infection. But, you've never been to hell until you have to fix an infected Mac.

[fiid]

get a mac. (IMG:style_emoticons/default/wink.gif)

I was just going to say exactly that! I switched a couple of months ago and haven't looked back. The only thing I don't have on the mac is very much in the way of CAD, but I don't use it much anywany - so I'm not crying.

(IMG:style_emoticons/default/smilie_pokal.gif)

l8r,

Fiid.

[fiid]

Hey Quarl - off topic - when is your Elise supposed to show up??

Fiid.

[Qarl]

Elise's are supposed to hit the dealers next month (demo cars). It was supposed to be last week, but there are several parts holding up production.

I am #23 at my dealer. I've already placed my order for colr, interior, and options, but realistically, it will be the end of the year before I see it. I am hoping October or November.

The disinfection procedure Paul gave me only took about 30 minutes to do, it was the 2 1/2 hours I wasted before that trying to figure out how to remove that... (how did Paul so eloquently put it)... uhh... cocksucker! (Been watching a little too much Deadwood on HBO?)

Thanks again!

[Part Pricer]

Been watching a little too much Deadwood on HBO?

Deadwood has quickly become my favorite show. Last week's conversation between Swearengen and Wu was one of the funniest things I've seen on TV in a long time. (IMG:style_emoticons/default/laugh.gif)

[Qarl]

At the meat locker?

[Part Pricer]

No. Earlier on at the Gem where Wu was trying to explain to Swearengen what had happened by drawing pictures and using the only English word that he knew.

“Glad I taught you that fuckin' word.” —Swearengen, realizing that "cocksucker" wasn't the best word to teach Wu.