Anyone else been getting this Spyware on their computer's lately? It's infested two of my computers! So I am just wondering whether it as been effecting anyone else? It might just be me since I forgot to install AntiSpyware and Anti Virus software.......

Yes, this has affected me funny enough

Nope...

I must admit it is a quite well made. You have to install it for you to have any chance of actually removing it.

Erm install a real anti spyware and run it? o.0

Erm install a real anti spyware and run it? o.0

That is what I did but the only way it can be removed by the anti spyware program is by installing it first.

Thats the stupidest thing to do? If you get a virus saying click here to download a program to delete C:/ would you click it? :|

Thats the stupidest thing to do? If you get a virus saying click here to download a program to delete C:/ would you click it? :|

But Spyware isn't a virus and for some odd reason it is classed as Spyware when it is actually a scam. It says that your computer is full of Spyware and the only way to get rid of it is by buying the software. Read up on this bit of Spyware it's self and you'll know what I am talking about.

Removal instructions for AntispywareXP 2009:
1. Download Malwarebytes’ Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
2. Once downloaded, close all programs and Windows on your computer (including this one).
3. Double-click on the icon named mbam-setup.exe to install the application.
4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
5. If an update is found, it will download and install the latest version.
6 Once the program has loaded, select “Perform Quick Scan”, then click Scan.
7. MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
8. When the scan is complete, click OK, then Show Results to view the results.
9. Make sure that everything is checked, and click Remove Selected.
10. MBAM will now delete all of the files and registry keys and add them to the quarantine.
11. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Easy way to remove it.


AntispywareXP 2009 creates the following files:

c:\Program Files\XP_AntiSpyware
c:\Program Files\XP_AntiSpyware\AVEngn.dll
c:\Program Files\XP_AntiSpyware\comp.dat
c:\Program Files\XP_AntiSpyware\htmlayout.dll
c:\Program Files\XP_AntiSpyware\pthreadVC2.dll
c:\Program Files\XP_AntiSpyware\Uninstall.exe
c:\Program Files\XP_AntiSpyware\wscui.cpl
c:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg
c:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
c:\Program Files\XP_AntiSpyware\data
c:\Program Files\XP_AntiSpyware\data\daily.cvd
c:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT
c:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft. VC80.CRT.manifest
c:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dl l
c:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dl l
c:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dl l
c:\Documents and Settings\All Users\Application Data\boveketuz.inf
c:\Documents and Settings\All Users\Application Data\duvuja.lib
c:\Documents and Settings\All Users\Application Data\koqisybi.bat
c:\Documents and Settings\All Users\Application Data\ucozoma.reg
c:\Documents and Settings\All Users\Documents\jyxigifo._sy
c:\Documents and Settings\All Users\Documents\ysix._dl
c:\Documents and Settings\%Username%\Application Data\mepa.com
c:\Documents and Settings\%Username%\Application Data\Microsoft\Internet Explorer\Quick Launch\XP_AntiSpyware.lnk
c:\Documents and Settings\%Username%\Cookies\guwysa.dat
c:\Documents and Settings\%Username%\Cookies\sasu.bat
c:\Documents and Settings\%Username%\Desktop\XP_AntiSpyware.lnk
c:\Documents and Settings\%Username%\Local Settings\Application Data\jyxot.dl
c:\Documents and Settings\%Username%\Local Settings\Application Data\mivekely._sy
c:\Documents and Settings\%Username%\Local Settings\Application Data\pozik.vbs
c:\Documents and Settings\%Username%\Local Settings\Application Data\wosi.vbs
c:\Documents and Settings\%Username%\Start Menu\Programs\XP_AntiSpyware
c:\Documents and Settings\%Username%\Start Menu\Programs\XP_AntiSpyware\Uninstall.lnk
c:\Documents and Settings\%Username%\Start Menu\Programs\XP_AntiSpyware\XP_AntiSpyware.lnk
c:\Program Files\Common Files\gykyr.bat
c:\Program Files\Common Files\ogumy.lib
c:\Program Files\Common Files\uwolykiw.com
c:\WINDOWS\akikuvopa.dll
c:\WINDOWS\lydumyhery.scr
c:\WINDOWS\radimup.lib
c:\WINDOWS\toli.pif
c:\WINDOWS\system32\_scui.cpl
c:\WINDOWS\system32\oxatymy.dl



Grats on having a trojan infected computer!

That's exactly the thing I did but if you look at the screenshot's on the page I got it from you'll find it has to be installed. Just using Spyware removal programs to try and remove it doesn't work until the fake software is installed. It's a bit of scam software and doesn't keylog or anything else like that.

If you read my post it in no way stats you must install the program nor does it state it anywhere else on the website. :)

If you read my post it in no way stats you must install the program nor does it state it anywhere else on the website. :)

I've had this Spyware before TWICE and I think I know how to get rid of it.

Also may I remind you it says


AntispywareXP 2009 creates the following files:

This files are created by the software being installed and also if you actually red what you copy and pasted you would of noticed this


c:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe

^ This is refering to it of been INSTALLED and long with whole list of files. If you knew what you were talking about you'd realise that the files are located in PROGRAM FILES which is where INSTALLED applications are generally kept. When the software is at it's first stage it is just a POP UP in the corner of the screen and has not been placed in PROGRAM FILES just System32.

Then remove the files from system32?

Then remove the files from system32?

I did that numb nuts but it didn't work, it becomes to inter locked with the main files in there and cannot be removed without damage and Spyware programs don't know how to get rid of it. Once the software is installed it removes the popups so then all you need to do is use a Spyware remover to get rid of it.

Remove the system32 files, if their important to the system reinstall them off the disk/get them off the internet...

Remove the files from the registry.

Problem solved.

Just run combofix ...

Fixes it everytime ;)

Remove the system32 files, if their important to the system reinstall them off the disk/get them off the internet...

Remove the files from the registry.

Problem solved.

I might of as well installed Windows again doing that! It's not quite as simple as that, if the file is needed for bootup say and only for that as soon as I restart my computer it will just crash or not load up. No actual method has been discovered to remove it without installing it first anyway.

The best way to do it is to simply install it and use a Spyware remover to get rid of it. End of story.


Just run combofix ...

Fixes it everytime ;)

Even to use that would make no different, you'd have to get rid of it the same way no matter what really, unless you wanted to uninstall Windows which would be stupid.

I might of as well installed Windows again doing that! It's not quite as simple as that, if the file is needed for bootup say and only for that as soon as I restart my computer it will just crash or not load up. No actual method has been discovered to remove it without installing it first anyway.

The best way to do it is to simply install it and use a Spyware remover to get rid of it. End of story.

If you delete the file and it was needed and soon as you deleted it it crashed your system (which wouldnt happen anyways) then you could load the XP recovery and reinstall it...

If the file was of any use i already stated re-install it.

As lycan just said theres one for a start amongst alot of others.

Installing it is just stupid imho.

I might of as well installed Windows again doing that! It's not quite as simple as that, if the file is needed for bootup say and only for that as soon as I restart my computer it will just crash or not load up. No actual method has been discovered to remove it without installing it first anyway.

The best way to do it is to simply install it and use a Spyware remover to get rid of it. End of story.



Even to use that would make no different, you'd have to get rid of it the same way no matter what really, unless you wanted to uninstall Windows which would be stupid.

No.. simply double clicking combofix , agreeing to its terms works... i've removed this virus from several computers... its my job to do so. Combofix followed by a indepth virus scan fixes it.

Although did come across one the other day that used windows scheduled tasks to reinfect a machine

If you delete the file and it was needed and soon as you deleted it it crashed your system (which wouldnt happen anyways) then you could load the XP recovery and reinstall it...

If the file was of any use i already stated re-install it.

As lycan just said theres one for a start amongst alot of others.

Installing it is just stupid imho.

Your just making a simple resolutions complex here. To remove it is to install then use Spyware removers to get rid of it. It's just the obvious and clear way possible.

As lycan just proved it works obviously you didn't do enough research and chose the careless way of installing a malicious program onto your comptuer before deleting it.

'simple resolutions' i wouldn't considering seeing a popup of a spyware program then installing it then installing another anti spyware program to delete the spyware program that you could have done with a legit anti spyware program instead of installing the spyware program in the first please as a simple solution.

Anyways i'm off to bed i'll argue with you tomorrow again to prove you wrong :P

As lycan just proved it works obviously you didn't do enough research and chose the careless way of installing a malicious program onto your comptuer before deleting it.

'simple resolutions' i wouldn't considering seeing a popup of a spyware program then installing it then installing another anti spyware program to delete the spyware program that you could have done with a legit anti spyware program instead of installing the spyware program in the first please as a simple solution.

Anyways i'm off to bed i'll argue with you tomorrow again to prove you wrong :P

No....... I followed the way in which the tutorials had all ready said was safe..... and also if you did your research you'd actually know that is a a scam software but falls under the Spyware. It has no keyloggers or anything under it like that, that could cause personal information to be leaked. I used 3 main Spyware removers in an attempt to remove it without installing it, Malwarebytes’ Anti-Malware, Windows Defender and Ad-Ware, none of them could remove it completely without the software being installed.

I think I am the one proving you wrong. You don't even know what you are talking about, you haven't even had it yourself. All your doing is looking at words on a page.

For it to cause popups theres obviously a file on your system or your on some internet page which causes it to popup, in which case you wouldn't visit the website, as the file is on your system you can delete it easily enough.

The software installs trojans on the computer upon installing it, and ha you proving me wrong, i'll crack the jokes here mate.

Do you know the name of the malware? Like adware.something?

I had something just like that that would display adverts for rogue software. Try http://www.f-secure.com/sw-desc/virtumonde.shtml
It's a free tool from f-secure that scans your pc for this certain virus and removes it if necessary. If that doesn't work, try scanning your pc and seeing what it calls the virus, and google it.

It's Trojan.Virtumonde.

It's one of the latest viruses.

Do NOT install it...

No....... I followed the way in which the tutorials had all ready said was safe..... and also if you did your research you'd actually know that is a a scam software but falls under the Spyware. It has no keyloggers or anything under it like that, that could cause personal information to be leaked. I used 3 main Spyware removers in an attempt to remove it without installing it, Malwarebytes’ Anti-Malware, Windows Defender and Ad-Ware, none of them could remove it completely without the software being installed.

I think I am the one proving you wrong. You don't even know what you are talking about, you haven't even had it yourself. All your doing is looking at words on a page.

Wow.....Scott's just trying to help you and you're being incredibly rude to him. -Rep.

Seeing as I can use Google, it's fairly easy to find ways to remove this from your computer (by the way, these applications are called rouges.)

http://www.google.ca/search?q=+AntiSpywareXP+2009&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Ooh, look! Tons of removal tutorials!

Listen to the people here, they know what they're talking about.

Wow.....Scott's just trying to help you and you're being incredibly rude to him. -Rep.

Seeing as I can use Google, it's fairly easy to find ways to remove this from your computer (by the way, these applications are called rouges.)

http://www.google.ca/search?q=+AntiSpywareXP+2009&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Ooh, look! Tons of removal tutorials!

Listen to the people here, they know what they're talking about.

Yes but I've all ready solved the problem at hand by fixing it the way the tutorials said. The question of this thread was who else has suffered from it, I did not ask for a resolution since I have all ready got rid of it. I am simply saying what I have done.

The -rep you gave me is ilrelevant due to the fact he isn't trying to help me since I have all ready got rid of it. It's like trying to help some climb up a wall when they are all ready at the top of it.

I had it, took ages to look in command thing and look for the running process.

I still have it's remains aswell.

Yes but I've all ready solved the problem at hand by fixing it the way the tutorials said. The question of this thread was who else has suffered from it, I did not ask for a resolution since I have all ready got rid of it. I am simply saying what I have done.

The -rep you gave me is ilrelevant due to the fact he isn't trying to help me since I have all ready got rid of it. It's like trying to help some climb up a wall when they are all ready at the top of it.

Yes, however i was simply stating by INSTALLING THE TROJAN IN THE FIRST PLACE was an idiotic move on your part, and you should have researched more before installing a trojan onto your computer, and instead took the easier steps to remove it before it infected your system more.

Yes, however i was simply stating by INSTALLING THE TROJAN IN THE FIRST PLACE was an idiotic move on your part, and you should have researched more before installing a trojan onto your computer, and instead took the easier steps to remove it before it infected your system more.

Most the tutorials show that the only way to get rid of it is to install it, it has no effect on your computer really apart from the fact it bugs you to sucidal annoyence.


I had it, took ages to look in command thing and look for the running process.

I still have it's remains aswell.
Did you install the software or did you just try and remove it while it was just a the popup stage in the corner?

Yes but I've all ready solved the problem at hand by fixing it the way the tutorials said. The question of this thread was who else has suffered from it, I did not ask for a resolution since I have all ready got rid of it. I am simply saying what I have done.
If you were smart enough not to download viruses/rogues in the first place there wouldn't be a problem at all. Oh, you like how I can bold text too;)


The -rep you gave me is ilrelevant due to the fact he isn't trying to help me since I have all ready got rid of it.
The -reputation I gave you is certainly valid, seeing as I also gave it to you for being rude. By the way, irrelevant has two "r"s.

It's like trying to help some climb up a wall when they are all ready at the top of it.

Gee, great analogy. Since so were so polite to me, I've taken the liberty of properly responding to this thread.


But Spyware isn't a virus and for some odd reason it is classed as Spyware when it is actually a scam. It says that your computer is full of Spyware and the only way to get rid of it is by buying the software. Read up on this bit of Spyware it's self and you'll know what I am talking about.
You clearly have no idea what you're talking about. Firstly, these are called rogues. Secondly not every rogue alerts you of being infested with spyware. Thirdly, why are you capitalizing spyware every time you say it?!


I've had this Spyware before TWICE and I think I know how to get rid of it.
Gee, you're not a smart -alec, what was I thinking. Scott certainly knows more than you do.

This is refering to it of been INSTALLED and long with whole list of files. If you knew what you were talking about you'd realise that the files are located in PROGRAM FILES which is where INSTALLED applications are generally kept. When the software is at it's first stage it is just a POP UP in the corner of the screen and has not been placed in PROGRAM FILES just System32.
If YOU knew what YOU were talking about, then it would be CLEARLY OBVIOUS that there's more than one way of removing this (yes, I can abuse the shift key too!). Let me give you a hint, for future reference, as so you wont start arguments with other people where you're wrong: Google.co.uk.


I did that numb nuts but it didn't work, it becomes to inter locked with the main files in there and cannot be removed without damage and Spyware programs don't know how to get rid of it. Once the software is installed it removes the popups so then all you need to do is use a Spyware remover to get rid of it.
Hey numb nuts!!11 You've read a tutorial and now that makes you an expert on the subject? Pffft...hardly:rolleyes:..


I might of as well installed Windows again doing that! It's not quite as simple as that, if the file is needed for bootup say and only for that as soon as I restart my computer it will just crash or not load up. No actual method has been discovered to remove it without installing it first anyway. Oh bravo, you've come to an incorrect conclusion:eusa_clap. Firstly, show me evidence that you have to install it to remove it? Secondly there's a difference between replacing several files in system32, and reinstalling Windows. Even if these files (and I highly doubt it), instantly upon deletion render a fatal error, have you ever heard of a live disk?


The best way to do it is to simply install it and use a Spyware remover to get rid of it. End of story.

Once again, thinking you're the expert on the suybject. *Surprised face here*



Even to use that would make no different, you'd have to get rid of it the same way no matter what really, unless you wanted to uninstall Windows which would be stupid.
Prove it. you keep saying install first, but I see no prove. Moreover, I just Google'd up on combofix, and saw no instruction to install it prior to attempting to remove it.


Your just making a simple resolutions complex here. To remove it is to install then use Spyware removers to get rid of it. It's just the obvious and clear way possible.
No, that's you. If you'd listen to what Scott's saying, he makes perfect sense.


No....... I followed the way in which the tutorials had all ready said was safe..... and also if you did your research you'd actually know that is a a scam software but falls under the Spyware.you're wrong again. There's more than one removal tutorial...and there you go again...unnecessarily capitalizing spyware.

I think I am the one proving you wrong. You don't even know what you are talking about, you haven't even had it yourself. All your doing is looking at words on a page.

Firstly, you don't know what you're talking about. Secondly you are the one who is going by the words on a page, and thirdly, you're telling Scott, that because he was not careless and contracted a rogue, that he doesn't know what he's doing?


Most the tutorials show that the only way to get rid of it is to install it, it has no effect on your computer really apart from the fact it bugs you to sucidal annoyence.
*suicidal
*annoyance
at least you try:rolleyes:..

I don't think I am that bothered about my grammar and so in just a general chat.

Most the points you just said don't even matter currently or just irrelevant.


If you were smart enough not to download viruses/rogues in the first place there wouldn't be a problem at all. Oh, you like how I can bold text too

The virus is hidden within a video codec which anyone could download.


The -reputation I gave you is certainly valid, seeing as I also gave it to you for being rude. By the way, irrelevant has two "r"s.

Yes but it didn't involve you.


You clearly have no idea what you're talking about. Firstly, these are called rogues. Secondly not every rogue alerts you of being infested with spyware. Thirdly, why are you capitalizing spyware every time you say it?!

I don't really care about grammar on here as by the fact it's hardly something that is going to go down in history :P


If YOU knew what YOU were talking about, then it would be CLEARLY OBVIOUS that there's more than one way of removing this (yes, I can abuse the shift key too!). Let me give you a hint, for future reference, as so you wont start arguments with other people where you're wrong: Google.co.uk.

Wasn't abusing the shift key. Abusing this shift key Is Doing This, I was simply emphasizing my point.


Once again, thinking you're the expert on the suybject. *Surprised face here*

I know I'm not an expert upon the subject but nor is anyone else on this forum probably.


Prove it. you keep saying install first, but I see no prove. Moreover, I just Google'd up on combofix, and saw no instruction to install it prior to attempting to remove it.

I haven't refered to what Combofix does, I've been talking about Windows Defender, Ad-ware and Malwarebytes' Anti-Malware.


you're wrong again. There's more than one removal tutorial...and there you go again...unnecessarily capitalizing spyware.

I know that is why I said tutorials.


Firstly, you don't know what you're talking about. Secondly you are the one who is going by the words on a page, and thirdly, you're telling Scott, that because he was not careless and contracted a rogue, that he doesn't know what he's doing?

I have had it twice and also it is because it is hidden within many different video codecs.


*suicidal
*annoyance
at least you try..

Damn you got me (saracastic) I'm a bad speller, welcome to life.

I am sorry if I did portray myself as rude towards Sc0tteh but I had just been working for 12 hours and I was just getting quite frustrated late at night.

I don't think I am that bothered about my grammar and so in just a general chat. Seeing as you're trying to sound smart, I just thought pointing out your atrocious spelling would help.

Most the points you just said don't even matter currently or just irrelevant.
Glad to see you can now spell irrelevant. Seeing as you've failed to give me satisfactory answers you're in no position to say my questions don't matter.



The virus is hidden within a video codec which anyone could download.

That depends. What was it called, where did you get it?


Yes but it didn't involve you.
Irrelevant.



I don't really care about grammar on here as by the fact it's hardly something that is going to go down in history :P

Since you feel the need to repeat yourself: Seeing as you're trying to sound smart, I just thought pointing out your atrocious spelling would help.



Wasn't abusing the shift key. Abusing this shift key Is Doing This, I was simply emphasizing my point.
In an abusive manner, that makes your text look idiotic.

I know I'm not an expert upon the subject but nor is anyone else on this forum probably.
You clearly think you know more than everyone else.

I haven't refered to what Combofix does, I've been talking about Windows Defender, Ad-ware and Malwarebytes' Anti-Malware.
You also mentioned Combofix, read your own posts :eusa_wall.



I know that is why I said tutorials.

Again, you fail to provide me with a satisfactory responce. Now you're saying every last tutorial on the internet on how to remove this rogue states that you must install it :eusa_wall:eusa_wall.


I have had it twice and also it is because it is hidden within many different video codecs.
If you've had it twice then your downloading source is untrustworthy. If you've used multiple sources then I suggest you learn to determine a safe website to download from, or avoid downloading completely because you cannot be trusted with your own computer.



Damn you got me (saracastic) I'm a bad speller, welcome to life.
Damn, I did catch you....catch you failing at your "I know everything" act.

I am sorry if I did portray myself as rude towards Sc0tteh but I had just been working for 12 hours and I was just getting quite frustrated late at night.
You're still being rude now.

This is just getting silly now. I just not going to reply to this anymore, it's getting to a ridiculous and bizarre stage now :P