Wyrdwad
| Giant red RazeSpyware ad replaced my desktop!!
I'm kinda panicky right now... I've had Norton Antivirus running pretty much since I bought this computer, and it's constantly monitoring things... I have it set to maximum security settings, and all that junk... and for the last few months, it's been fine.
But I must've gone to the wrong website, or something, 'cause totally out of the blue, while I was adjusting my Norton settings actually, I suddenly got a little popup on the bottom right corner of my screen that said "Downloading RazeSpyware", and my desktop suddenly changed to a bright red flashing ad for purchasing RazeSpyware for $49.95, running an InstallShield Wizard for the software and everything (which I, of course, cancelled immediately). And whenever I opened up any folders, it would add a new search bar to them, and give me popup windows in broken English for purchasing spyware detectors, etc. etc. etc.
I ran Norton again, but it found NOTHING... so I decided to download Spybot S&D and Ad-Aware SE. I ran Spybot first, and it found a nice chunk of spyware on my computer... cleared it all and rebooted, but to no avail. So I ran Ad-Aware, and it found a total of 24 things on my PC. Cleared and rebooted again, and now, my desktop is solid grey, changing to white whenever I position my mouse over an icon. Norton, Spybot, and Ad-Aware all find absolutely nothing.
So... what do I do? I'm not at all familiar with internet security and such, and was NEVER expecting something to attack me THIS DRASTICALLY, especially with Norton running 24 hours a day (which, to the best of my knowledge, seemed to do pretty much everything!).
Are there any better programs out there that I might be able to use? Anything at all that I can run to purge whatever the hell I got from this computer, and keep it from ever coming back? I've got a CRAPLOAD of stuff on here, and finally got this computer configured the way I want it... I REALLY don't want to have to reinstall everything from scratch.
Any and all help would be appreciated. And be kind -- I know I'm a complete noob here, and you all DEFINITELY know a LOT more than I do. But hey, we all gotta start somewhere... and this is definitely an eye-opener for me.
-Tom |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State | Follow these steps first: »Security »I think my computer is infected or hijacked. What should I do? |
|
Wyrdwad
| To my knowledge (i.e. unless they popped up as a result of other sites I visited), I haven't been to any.
And thanks for the link, BTW... I'm going to make a project of that tomorrow.
-Tom |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:  
| reply to Wyrdwad
Although this is the first I've ever heard of RazeSpyware, it actually looks like a legitimate product. Google shows it listed at many of the usual download portals, such as ZD Net. That's not to say that the ad you clicked might not have been bogus.
I guarantee you that Norton A-V will NOT protect you against many run of the mill spyware and adware programs. We use Norton corporate version at work and it doesn't stop the spyware - for that we're slowing it down using Spy Sweeper and the free Microsoft Anti-Spyware program.
--
then think again! |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
1 edit | reply to Wyrdwad
Interesting about RazeSpyware though is that it is included in the Suspect/Rogue list at spywarewarrior.
»www.spywarewarrior.com/rogue_ant···ware.htm
From their site this is interesting too:
"For software, which is sold for credit cards, our payout period is very short: you get the earned money every 2 weeks. The conditions of our partnership program guarantee you 20 dollars from each sale - it is one of the highest commission rates for partnership programs involved in software sales. And we pay ourselves for chargebacks and refunds!" (Bold Mine) » www.razespyware.com/webmasters.html
And yes, it is offered on sites like download.com (I thought they cleaned up their act.) |
|
Paulesso
@pacbell.n
| reply to 2kmaro
The people have replace my desktop as well, they take over the active desktop, I haven't found a way to remove it yet but if you search on ZDNet they are not there but they have Spoofed the ZDnet site with zdnet.com.com, as com as the domain, if you search for it on google. |
|
max2k1
Hibernating In Texas
join:2001-06-01
Austin, TX
1 edit | said by Paulesso:
The people have replace my desktop as well, they take over the active desktop, I haven't found a way to remove it yet but if you search on ZDNet they are not there but they have Spoofed the ZDnet site with zdnet.com.com, as com as the domain, if you search for it on google.
Don't worry --- com.com is a valid site and its owned by CNET which owns ZDNET too.
I think zdnet.com.com redirects to www.zdnet.com
That's NOT a spoofed site. |
|
bbearchs
join:2002-12-29
Clarksville, TN
| reply to Wyrdwad
before starting this you need to know the path to winnt and winnt\system32 directories. I am not sure if XP uses winnt or windows.
To remove this shutdown computer and boot to safe mode command prompt. Once you have made it to a dos prompt it will help if you know dos commands type in cd\ to change to the root directory. Type in cd winnt (this is the directory for 2000). You need to search the directory for files that were add on the date the red screen appeared. To do this type dir /t/p
This command will fill one screen and pause (press enter to continue). The file I found in here was desktop.html. To delete this file type del desktop.html. Next move into winnt\system32 directory (type cd system32 and press enter).
There are two files to delete in this directory (svcnt32.exe and zybigui.dll) To verify the date on these files type dir svcnt32.dll /t (do the same for the other one then delete both files. You may want to search all of system32 directory for other files added at the same time dir /t/p (there are many many files in this directory). Once you are finish type exit and press enter. Then press alt-ctrl-delete and select shutdown. After the system reboots you still have more work to do. Click start-settings-controlpanel Click display on the web tab deselect showweb content and you should be back to normal. |
|
PhoenixAZ
Joshua
Premium
join:2004-01-04
Phoenix, AZ
1 edit | reply to Wyrdwad
Have you tried running Adaware, Spybot, and norton while in safemode?
Do you have firewalls, do you do Windows Updates, do you run AntiVirus software updates, do you set Internet Explorer's security to a higher amount (or use firefox?)? |
|
pcdebb
I see you
Premium
join:2000-12-03
Tampa, FL
clubs: | reply to Wyrdwad
please keep in mind, this thread started 2005-5-15 and last response to it was 2005-05-18 
--
babbling |
|
hmeyn
join:2005-10-15
Marysville, KS
| reply to bbearchs
Okay listen to me for a moment
The Razespyware bug can be deleted very easily
First Search for warnhp.html yes it's a internet window
Find the File and then delete it then search for razespyware.exe in the registry or other wise if you go to the registry you get there by opening the start menu and clicking on run then type in regedit this will open the registry. go to edit then to find type in razespyware.exe it will find the file and all you have to do is click on the three items in the folder all that have the same extention as the file itself has.
To get the window off of your screen just drag your cusor up to the little gray line that appears on the top of your screen click and drag the window down there will be a close button like you would see in a normal window close it then go back to the top because there will be another window after you get your cursor to the top a drop down bar will appear also with the same set up just close the window and that should be the end of this problem if you have anymore problems go to download.com and download spybot search and destroy it's a freeware so you don't have to pay for it. this should find any other spy ware you may have if this doesn't do it for you then you can also download Spyware Nuker this should also be found there if you have any other trouble just add a reply to the forum... and I'll come to you rescue... |
|
suzi
Premium
join:2004-05-01
| reply to Wyrdwad
Razespyware is indeed a rogue application, and a very nasty one at that. It is distributed through security exploits and it hijacks users' desktops. It's similar to PSGuard. Just because an app listed at download.com, cnet or zdnet, does not mean it's a decent app, unfortunately. I'll be contacting them about this one.
Some info about it here:
»netrn.net/spywareblog/archives/2···r-rogue/
On the rogue anti-spyware page, Eric Howes wrote:
quote:
RazeSpyware
Domains: razespyware.com, razespyware.net, spywaredollars.com
aggressive, deceptive advertising (1, 2); reported hijacks (1, 2, 3, 4, 5); false positives work as goad to purchase; poor scan reporting - Note: other domains associated w/ RazeSpyware include: scanthenet.com, spyware-spyware.org [A: 3-31-05 / U: 9-10-05]
The numbers 1,2,3,4 are links to hijacking reports & HijackThis logs where people are complaining about it and needing help to get rid of it.
»www.spywarewarrior.com/rogue_ant···products
--
aka Suzi, Spyware Warrior
Microsoft MVP Windows Security 2005
Sunbelt Software Consultant |
|
GadgetsRme
Premium
join:2002-01-30
Canon City, CO
| reply to Wyrdwad
hmeyn and suzi, you might want to look and notice that this thread is 5 months old. hmeyn welcome to Broadband reports, since this is your first day. You have come to a good place to learn and interact with others. Please take the time to familarize yourself with the posting rules of the forums and read the thread carefully before replying
--
Gadgets |
|
suzi
Premium
join:2004-05-01
| I didn't realize the thread was so old until I had already replied. It probably comes up in a Google search when people search for that app, and they reply without looking at the date of the first post. Do mods ever lock threads here?
--
aka Suzi, Spyware Warrior
Microsoft MVP Windows Security 2005
Sunbelt Software Consultant |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | No never lock they are nice, mods here, they just retire them
Cudni |
|
Keizer
I'M Your Huckleberry
Premium,MVM
join:2003-01-20
| reply to Wyrdwad
Old thread or not, I was glad it came back to the front page here in security. I tried installing RazeSpyware on a test machine, to check it out, but it would freeze half way through the install. I even gave it internet access like it wanted during the install. It may have just been the way that the garbage installs, and had I left it alone, it would have continued. Or, it may have been one of my other security apps blocking what it needed from the mothership.
Keizer |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to Wyrdwad
This may be an old thread but there is probably a reason. It is currently the biggest inbound topic over all the forums so this program has mutated or something else has gone wrong and new feedback may be needed.
Unlocked. |
|
Anonimos
@195.54.x.x | RazeSpyware is a bluff. Delete it easily by going to control-panel - display - settings -display prperties. Uncheck the Security box and then delete it. The red window then disappears for good |
|
BriannaM
@wustl.edu | Thank you soooo much! I've been trying to get rid of this damn red screen all night! |
|
Mackelack
join:2005-11-21
|  reply to hmeyn
Hi hmeyn.
It sounds like you know what you are talking about. But i have one problem: I cant drag the window down with my cursor. I see the little green line at the top of my (red) screen, but it just doesn´t work. I´ve tried hundred times. 
I´m done with the first part you described about deleting thoose files and theres nothing left there.
The red screen seems to be the only thing left for me.
Help....Plz |
|
