Hey guys! I was wondering if anyone could help me out. My friends machine has a new form of spyware/adware on it. Dealing with it is beggining to disturb me. What's happening is that there's an icon down by the clock that says CRITICAL ERROR! Then if you click it, it takes you to http://virusbuster.com .... So I've ran Spybot Search and Destroy, Adaware SE, AVG Free, Hijack This!, pretty much what I'd usually run. S&D tells me that it can't fix it because the program starts itself when the machine boots, so immedietly i was like REGISTRY! .. So i get the HKEY addy that S&D spits out and I believe the program is masking itself or something in the registry??? I'm not sure... most spyware problems don't go this far. I googled for it, and apprently it's pretty new... one forum said that it opens up it's own port, so I figure restart in safe mode with no networking and look for it. But I don't know at this point. Anyone with some helpful info, I would really appreciate it! Thanks!

I've seen that on a couple clients machines. It even runs in safe mode. I can't remember specifically how it does it. I think it uses either shared task scheduler or runs as a explorer policy setting. After i nuked the damn thing i figured out you could just go to add/remove programs and uninstall VirusBlaster.

[edit]

Actually i think it was called VirusBurster...

No no no.. you are all ****ing retarded... Okay download this program SmitfraudFix.... Run it in safe mode... Then Scan with adaware youll find a Trojan. Delete the registry entries with it and you're done.

Smitfraud won't help. It will come back unless you are very careful and block all the clsids for it in IE.

What a *****.......... lol well I'll be over there in a week and I'll try all the suggestions I get. So anyone else have any idea?

I'll tell him to try and uninstall it striker, if that works... Thanks a bundle man!

striker you're a joke.. And you're wrong... Its installed by a trojan.

I know this for a fact that uninstalling it will not work.

striker you're a joke.. And you're wrong... Its installed by a trojan.

I know this for a fact that uninstalling it will not work.


Hey come back to the chatroom, we're all naked and lubed up waiting for you!

And I wholeheartedly agree with whatever Hooded guy says, thinks, or does.

thank you

How can I get rid of "VirusBurster"?

Your best defense to remove VirusBurster, or any other spyware, is to quickly detect and delete VirusBurster processes, registry keys, DLL files, and other hazardous VirusBurster files from your computer. Click here to manually uninstall VirusBurster using "Add/Remove Programs" in your PC.


You may also have to uninstall something called Video Codecs or adult video codecs, i cant remember which, but its in add/remove.

hooded: There is no need to flame people, tommyfullington will post back (i hope) and tell us what worked.

Hey guys! I was wondering if anyone could help me out. My friends machine has a new form of spyware/adware on it. Dealing with it is beggining to disturb me. What's happening is that there's an icon down by the clock that says CRITICAL ERROR! Then if you click it, it takes you to http://virusbuster.com .... So I've ran Spybot Search and Destroy, Adaware SE, AVG Free, Hijack This!, pretty much what I'd usually run. S&D tells me that it can't fix it because the program starts itself when the machine boots, so immedietly i was like REGISTRY! .. So i get the HKEY addy that S&D spits out and I believe the program is masking itself or something in the registry??? I'm not sure... most spyware problems don't go this far. I googled for it, and apprently it's pretty new... one forum said that it opens up it's own port, so I figure restart in safe mode with no networking and look for it. But I don't know at this point. Anyone with some helpful info, I would really appreciate it! Thanks!

have u tried trojanx, google it

stop being a tool hooded, go find somewhere else to flame. Everyone is just trying to help. And if you think your 2 sentence paragraph is going to help him you may want to be a little more detailed in the future. what reg keys, links to articles, etc...