How to remove AntiSpywareBox.com - Technibble
Technibble
Shares

How to remove AntiSpywareBox.com

  • 06/15/2006
Shares

AntiSpywareBox is a new trojan/virus that has been infecting users PCs which is a variant of the trojans AntiSpyLab and SpyFalcon which we have written about in the past. There are many posts on other forums with users asking how to remove AntiSpywareBox with little success. On our own forums we have found a method that works, here are the removal instructions for AntiSpywareBox.com

Similar to its cousin trojans, AntiSpywareBox will hijack your home page with about:blank and show the following picture:

antispywarebox

And pop up fake security alerts:

Windows Security Center Fake Security Popups


AntiSpywareBox Removal Instructions:

  • First you will need to print out these instructions as you will be required to close all windows in order to do the fix.
  • Now, download HijackThis.zip and save it to your desktop. Once it has downloaded, double click on it which will extract it. Do not run the actual program yet as it must be done in safe mode.
  • Next, download SmitFraudFix.zip and save it to your desktop. Once it has downloaded, double click on it which will extract it. Do not run the actual program yet as it must be also done in safe mode.
  • Load into Windows Safe mode by restarting the computer and just before the Windows XP screen comes up, press F8 and choose safemode.

Once in Safemode:

Warning: Hijack This allows you to edit critical parts of your computers operating system. Deleting the wrong entries can cripple your PC. If you dont know what you are doing call a professional. We accept no responsibility if you screw up these steps.
  • Open the location where you unzipped HijackThis and run the Hijack This.exe file. Once you have Hijack This! open press the “Scan” Button.
  • It will show you a list of files on your computer, search for the following lines and tick the boxes that are to the left of these lines (and only the lines these are on, nothing else):

    O2 – BHO: adobepnl.ADOBE_PANEL – {5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} – C:\WINDOWS\system32\adobepnl.dll

    O4 – HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

    O4 – HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

  • Once the boxes to the left of these lines have been ticked, click the button down the bottom labled “Fix Checked”.
  • It will come up with a box saying “Fix 3 selected items? This will permanently delete and/or repair what you selected, unless you make a backup”. Press Yes and then OK on the next box.
  • Goto Start > Run and type in “C:\WINDOWS\system32\” (without the quotes) and in this folder find the following files and delete them; dont worry if some of them dont exist and be careful not to double click on them:

    – adobepnl.dll
    – runsrv32.exe
    – susp.exe

  • Close all open windows and open the SmitFraudFix folder which is on your desktop and double click the SmitFraudFix.cmd file which will start the removal process. This whole cleanup process can take a few hours depending on your computer so please be patient.
  • You will see a blue screen with white text with a series of options, Press number 2 on your keyboard and press Enter key which will choose the “Clean (Safe mode recommended)” Option.
  • The program will go though a series of processes to clean your computer including the disappearance of your desktop icons for a split second. One it is finished it will open up the Disk Cleanup program. This will clean up all Temporary Internet Files, Temp folders and other files which may have been left over by the infection. When it is finished it should close automatically.
  • When Disk Cleanup is complete you will be given the option “Do you want to clean the registry? Y or N”. Press the Y button on your keyboard and press the Enter Key
  • When the registry cleanup is finished you will get a red screen which will say “Computer will reboot now, Close all Applications”. Press Spacebar and let it restart the computer. Once rebooted you will be shown a log file with a list of all the files that were removed. Close this.
  • Delete the following directories:
    C:\Program Files\TitanShield Antispyware
    C:\Documents and Settings\[Current User]\Local Settings\Application Data\TitanShield
  • You should now have succesfully removed the AntiSpywareBox Infection. Because of the frequently changing nature of this trojan please let us know via the comments link below about your successes of using these instructions, or if they dont work let us know what happened and we will try to help you out.

How did I get infected with AntiSpywareBox.com?

The antispywarebox infection comes from a rogue antispyware program called “Titan Shield” which can be acquired at ProtectMyPC.net.

Warning: This is a self help guide. Technibble and its owners can not be held responsible for the problems that may occur by using this information.

Related Posts

14 May, 2021

How to Make Your RMM Tool Productive and Increase Revenue for Your Business
24 Jun, 2016

Technical Overview of Popular Software Data Recovery Procedures
04 Apr, 2016

How to Avoid Selling Parts and Still Make Money
>