Spyware.Ispynow

1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

try deleting cookies, files and history on ie then scan your pc using your computer security and reboot…it might help…

perfect resolution !!! thanks

I even downloaded the perfect defender 2009 and the malware removed that also.

precise security thanks again

My computer won’t let me go to the Malwarebyes’ Anti-Malware sit?

Yeah, Alex. That’s part of the virus…it redirects all attempts to visit anit-virus/anit-spyware/etc sites to some other website or crashes your browser.

Yeah, I’m having the same problem with the “Spyware.ISpyNow”. However, everytime I try to visit a website to get the software I need, it crashes my browser. What should I do?

[...] Spyware.ISpynow is back with possibly an enhanced feature giving antivirus and security programs a hard time to detect and clean infected computers. [...]

I was unable to install malware outside of safemode, so I went under my account on safemode, installed it to the desktop then rebooted under regular mode. I then tried to run the program but it would not open. Can I run it in safe mode and have the same results?

Yes, it works just the same if you run it under safe mode.

if you are having problems getting to malwarebytes antimalware (MBAM) you can use the regedit to try and remove spyware.ispynow files and perfect defender 2009 files.

to open regedit go to start, then run and type in “regedit”.
this will bring up the remote registry editor.
hit ctrl+f to find items.
search for “Perfect Defender 2009″ or “iSpyNOW”; this should find hits.
Delete any registries or values that you run into associated with these.
If you still cannot browse to MBAMs site, try finding some of these files on your computer:
c:\Program Files\Perfect Defender 2009
c:\Program Files\Perfect Defender 2009\dbbase.div
c:\Program Files\Perfect Defender 2009\pd.dll
c:\Program Files\Perfect Defender 2009\pdfndr.exe
c:\Program Files\Perfect Defender 2009\pdmonitor.exe
c:\Program Files\Perfect Defender 2009\UnInstall.exe
c:\Documents and Settings\All Users\Start Menu\Perfect Defender 2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009\Perfect Defender 2009.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Perfect Defender 2009\Uninstall Perfect Defender 2009.lnk

those are associate with PD2009.

iSpyNOW has files in these locations:

* %UserProfile%\Start Menu\Programs\iSpyNOW\Help Documentation.lnk
* %UserProfile%\Start Menu\Programs\iSpyNOW\iSpyNOW Tray Companion.lnk
* %UserProfile%\Start Menu\Programs\iSpyNOW\License Agreement.lnk
* %UserProfile%\Start Menu\Programs\iSpyNOW\Readme.lnk
* %UserProfile%\Start Menu\Programs\iSpyNOW\Remove iSpyNOW.lnk
* %UserProfile%\Start Menu\Programs\iSpyNOW\Visit the Official iSpyNOW Website.lnk
* %ProgramFiles%\ISN\header.gif
* %ProgramFiles%\ISN\isnhelp.htm
* %ProgramFiles%\ISN\isn_builder.exe
* %ProgramFiles%\ISN\license.txt
* %ProgramFiles%\ISN\Readme.txt
* %ProgramFiles%\ISN\uninstal.log
* %ProgramFiles%\ISN\Visit the Official iSpyNOW Website.url
* %Windir%\isntrayopt.dat
* %Windir%\softmod32.exe

hope this helps.

i have ispynow on my other computer but when i try to enable protection it freezes it up. What should i do? or how do i get rid of it?

I have attempted to download Malwarebytes, but it also seems to be locked up as I cannot launch it. Any ideas as I would desparately like to get rid of these issues!

I had the problem of my browser crashing too, what I did was I scaned with spyware doc. (installed pre-infection) then iwas able to download and use malware. Also I couldn’t upate spyware doc. until after the first scan. Hopefully it all works tho currently scanning my comp. with malware and spyware doc. now.

is there a way to get rid of it without having spyware doc. or any other spyware removel program…..because i don’t have any.

It is now crashing the Regedit so I can’t get in there to delete these files manually either. It won’t let me open any browser or any program right now. I used Avenger to try to delete the files you had listed and it didn’t find any of them (I copied and pasted the locations). Any other solutions? It’s not even being detected by Malwarebytes, which I have. When I run Malwarebytes it shows 0 infections even though I am clearly infected as nothing on my computer is working at all.

i downloaded the perfect defender well…b/c i honestly didn’t know what it was since when i clicked the link that was supposed to offer me ‘protection’ i just ended up downloading a trojan. anyways, i got the malwarebytes anti-malware and had it scan my computer. when it finished, i restarted my computer, but i still got this windows security pop up telling me that my computer was at high risk b/c of the spyware that was still supposedly on my computer. i can’t tell if i still have it on my computer, or if this pop up is legit b/c it was the same one that led me to that link. any advice? i’m still a little worried that i have it on my computer. :(

Crashknot. I am having same problem. I can’t access the internet to get spyware removal software. Anyone have any ideas?

Same problem as christina.

I ran malwarebytes and it found one file in my system that it deleted.

then rebooted and opened up my browser and It crashed to desktop.

I was also able to delete the file containing perfect defender 2009 and all of its contents.

but I still get prompts to “protect” my computer and every time I open the browser, it sends me to their homepage asking me if I want to continue without protection or get perfect defender 2009.

Ive tried everything I know but nothing seems to work.

Im beginning to think that maybe theres something bigger than just the Zlob Trojan at work.

The above information under Category states, “Spyware.ISpyNow is a spyware program that monitor computer activities such as files opened, network traffic, and logs keystrokes. Spyware.Ispynow sends gathered information to remote attacker via email or ftp transmission.”

Is the current SPyware.Ispynow security warning really a Keylogger?

I have McAffe Virus Detection. While it did not prevent or detect the spyware, the people at McAffe were able to remove the spyware program from my PC (for a fee). For me, it was worth it. That is one way to get rid of it.

I had this problem last night i tryed everything. the first thing that help was to disable a driver under divice manager also the virus likes to hide in app data under the first for files you can detect them by looking at the time they were created they will all have the same time.and be exe files with one being a dll. if you look on the net at differnt blogs the files are listed also the name of the driver is listed too sorry i can’t remember exactly had i know it was as bad as it is i wound have wrote it down.

Jeff, the file names in my App folder werer:
learn32.dll
rehh.exe
vigrs.exe
Ina.exe
comm3.exe
fsh1.exe
xtgoj6119471.exe
(all these files had the same date)

and

fwlmsk.dll which seemes to be created by one the xtgoj6119471.exe file

For what it is worth, once I was clean I checked what web site in my browser history had a date stamp that matched the creating date of the malware files. It was a Google Reader site.

I have been fighting this same problem since yesterday and have had no luck. I tried deleting history and all files, I downloaded Malwarebytes and Adaware and ran them both twice (with updates) and I have run McAfee scan several times. I still get that “Security Center Alert” referencing spyware.ispynow and I can’t get a browser window to stay open. I am still fighting it but I think that it may have come from a gadget I tried to add to my google desktop. I didn’t think of it until I read the post by Jay, but I haven’t loaded anything onto this computer in a while and the google desktop gadget is the only new thing I’ve tried. I am going to try and uninstall that whole thing and will report back what I find out.

jcs1377 - did you locate the exe file in the Application folder?

Dis you download the Malwarebytes sortware from a Non-infected computer?

OK, so here is what I found out. I initially uninstalled my Google desktop because I suspected that was the source of the problem (I had downloaded a gadget that wasn’t produced by google themselves. Should have known better…) I then ran MBAM again, after updating it, and it finally did find 2 infected files. Things are starting to look good. After rebooting a few times, I can open a browser and it goes where it should. I did download MBAM to a non-infected computer and then trasferred the setup file via a thumb drive. I did the same thing with Adaware and spybot. I am running a secondary spybot scan now. I will report back my results after the secondary scan. But so far so good.
I never did look for or find the exe file that really caused the problem. Honestly, I am a novice at this type of work so I am simply praying at this point.

I have completed my secondary spybot scan and have found no more problems. I think I am clean now. My browsers seem to be working properly and I am no longer getting that fake popup regarding the Security Center Alert.
The scan I did this morning with the updated MBAM did show two files that it didn’t pick up yesterday and they both referenced the following:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winhpdrv (Trojan.FakeAlert)
C:\Documents and Settings \XXXXusernameXXXX\Application Data\Google\xtgoj6119471.exe (Trojan.FakeAlert)

I am pretty sure I got the bad file from downloading a Picasa based gadget for my google desktop.

I hope this helps you all.

i just got some protection to load on my computer it’s called Perfect Defender 2009 by safesoft. should i trust it and download or buy it??

I thought that was part of the original trojan. I think that may mess you up even more.

Same problem, folks, except mine is named kjzna1562565.exe, located in C:\Documents and Settings\xxxxusernamexxxx\Application Data\Google. Currently working on locating/deleting all aspects of the trojan.

Changed extension name from kjzna….exe to kjzna….old, rebooted, deleted the cursed file, and ran RegCure to clean up the mess left behind. Am now back online with the formerly infected pc (thank goodness I live in a two computer household!). Suspect this one will be around for awhile, and that it will be changing rapidly to trick spyware. I have good anti-virus/anti-spyware programs running, and none of them stopped this or helped fix it. Fixed this the old-fashioned way: detective work and excellent tips from good friends like you! Best bet is to avoid Google Desktop!!!

how do you change kjzna to kjzna old? i have disabled it in startup but want to get rid of it totally please help

Like Mike stated (12:30), the Trojan file kjzna is found in that location.

In the registry you will find two entries: HKEY_CURRENT_USER > SOFTWARE> microsoft> windows> current version > run

there you will find registry items “zlob” and “kjzna”
delete those two entries and dissable kjzna in ms config.

Even though I have deleted what I believe are all remnents of this virus, I still have it listed as an active process item in msconfig, though it is not running

Im trying to delete google and it won’t let me. This safesoft perfect defender keeps popping up! i don’t know much about computers! can someone please help me out!

How do I uninstalled my Google desktop? i’m not to computer savy..
this thing is worrying me!

after calling my dad who is a computer wiz i found the fastest and easiest way I too had this problem. Found the most simple way..
1. go to your start menu
2. go to accessories
3. then to system tools
4. then to system resore
5. go to a date from before this program started popping up.
6. click next.

it will re-boot your computer and put to the settings from before you ran into this probelm!

I hope this helps:))