Recently, I’ve been finding that SuperAntiSpyware has been doing a great job at removing some very difficult infections. Particularly when I run Superantispyware from ubcd4win and downloading the latest updates before doing a scan.
But as of end of Jan 2009, SuperAntiSpyware hasn’t been able to completely remove MS AntiSpyware 2009.
At least SAS gets the PC into a usable state, but MSAntiSpyware 2009 is still there, as each scan detects the same registry entry.
What makes it difficult, is that MSAntiSpyware 2009 also disables regedit, and also disables the tools -> folder options, within windows explorer.
What this means is: you cannot manually scan the registry to remove traces of MSAntiSpyware2009, and you cannot look into the user temp folder, in order to remove infected files.
So, to get regedit working again, I downloaded and ran the Enable Regedit VBScript by Doug Knox.
At this point, make sure you have already run SuperAntiSpyware, and allowed it to fix as much as it can.
You also MUST be an Administrator user.
I then enabled tools -> folder options, by using regedit to go to:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
and change:
NoFolderOptions = 0 (ie zero)
I then start windows explorer, select tools -> folder options -> view:
- tick: display the contents of system folders
- tick: show hidden files and folders
- untick: hide extensions for known file types
- untick: hide protected operating system files
NB: remember to reverse these settings when you are finished.
Use Windows Explorer to go to:
c:Documents and Settings[your user name]local settingstemp
remove all files in this folder
You probably won’t be able to remove files like perflib_XXX.dat : just skip the files and delete the others.
Now run regedit, and click on “my computer” at the top, then do edit -> find
Do a search for msantispyware, CrucialSoft, antispyware2009, antispyware 2009
Remove any entries you find.
NOTE: some entries will be protected and cannot be removed… to remove them:
- right-click on the folder -> permissions
- check that either your user, administrators, or “everyone” has “full control” of the folder.
- If no users exist, then click add -> enter an “object name” eg your user name, or administrators
- click “check name”, then OK if it finds the correct user.
- repeat the permission changes on all sub-folders, until you can delete the original entry.
Scan again with superantispyware, and restart the PC when asked.
After the restart, scan again with Superantispyware, and you should now have a clean PC.