I found a real nasty piece of spyware on my neighbors PC the other day.
Antivir and windows defender found (and removed) some trivial infection, but didn’t notice that xpsys.exe (found using hijackthis) kept coming back (even after I removed it using hijackthis). This is the first time I’ve seen windows defender not detect some spyware… strike one against defender.
The malware would display a red triangle in the taskbar.
And, it kept popping up messages about the PC being infected (and asking me to download “spyware remover” by clicking on ok).
Even after closing this window, IE would then try to open one of the following websites:
- and probably a host of others, if I could be bothered to test it for a few hours…
So, a careful scan of the web found the following useful website: castlecops
The main help was downloading and running the following file in safe mode: SDFix
After it ran, everything was back to normal.