After a bit of a google search I found the below info, can anyone tell me if there is an easier way to get rid of it ?
Before you start the below fix, you MUST disable SpySweeper and Microsoft Anti-Spyware's Real-time Protection to avoid a failed disinfection.
Open Microsoft AntiSpyware.
- Click on Tools | Settings.
- In the left pane, click on Real-time Protection.
- Under Startup Options uncheck:
-- "Enable the microsoft AntiSpyware Security Agents on startup (recommended)".
- Under Real-time spyware threat protection uncheck:
-- "Enable real-time spyware threat protection (recommended)".
- After unchecking these, click on the Save button and close Microsoft AntiSpyware.
- Right click on the microsoft AntiSpyware icon on the taskbar and select Shutdown microsoft AntiSpyware.
Open SpySweeper and click Options | Program Options.
Uncheck "load at windows startup".
Over to the left click "Shields" and uncheck these options:
-- "Home page shield".
-- "Automaticly restore default without notification".
**You'll need to renable the above real-time protections after you get the all clear.
Please check which build version of Ewido you have to make sure it is the latest v3.5. If it isn't please uninstall your present version and follow the download instructions below again. Make sure you do NOT install the 'Guard' function.
If your ewido is up to date, ensure the 'Guard' function is disabled by opening Ewido and clicking on 'Remove Guard' which you'll find under the 'Additional' menu on the 'Status' tab.
Step 1
Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.
Download SmitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.
Place a shortcut to Panda ActiveScan on your desktop.
Download and install the trial version of Ewido Security Suite from here.
Configure the program correctly by following the instructions here and then close the program after updating the reference files. Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions here.
Otherwise, check for updates and download any new reference files before closing the program. We'll use it in Safe Mode later.
Step 2
Next, please reboot your computer in Safe Mode - Very Important !!
Go to Add/Remove Programs and uninstall Spyware Cleaner.
Then run HJT again and checkmark the boxes next to the following:-
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://213.159.117.134/index.php
O4 - HKLM\..\Run: [PSGuard spyware remover] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
Close ALL OPEN WINDOWS/BROWSERS and click "Fix Checked".
Step 3
Open the SmitRem folder and double click the RunThis.bat file to start the tool.
Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.
Step 4
Open Ad-aware and do a full system scan. Remove all it finds.
Step 5
Now open Ewido Security Suite:
Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
Click Save report.
Save the report .txt file to your desktop.
Then close ewido security suite.
Warning: While the scan is in progress, do NOT open any folders or the Windows Control Panel !!
Step 6
Next go to your Control Panel and click Display | Desktop | Customise Desktop | Website and uncheck "Security Info" if present.
Reboot back into Windows and click the Panda ActiveScan shortcut, and do a full system scan.
Make sure the autoclean box is checked.
Save the scan log and post it along with a new HijackThis Log and Ewido Log in your next reply to THIS thread.
Let me know if any problems persist.
Linear Mode
