SpyAway Trojan and PitBoss

Sunday evening I was infected with the SpyAway Trojan. I have not browsed any unfamiliar websites in months. Some internet research I’ve done suggests that SpyAway is distributed through P2P (peer to peer) sessions such as those conducted through LimeWire. PitBoss is, essentially, a P2P program. I’ve shut down the two PitBoss games I’m hosting so as not to spread the infection to the players.

I am inquiring as to whether any other PitBoss players have encountered this intrusion. I strongly suspect one of the half dozen PitBoss games I’m playing in was the vehicle for my infection.

This thing apparently doesn’t do any real serious damage; its specialty is annoyance to the point that the victim buys the criminal’s software to fix the problem the criminal planted. People who perpetrate these kinds of schemes should have their hands amputated so they can’t use a keyboard. The symptoms are:

Process slow-down
Numerous popups warning you that you are infected with Spyware
Microsoft style warnings from the system tray saying you are infected
Internet cookies are whiped out
Task Manager is disabled
All of the warnings lead the user to an ad for a scanning program called SpyAway, pay to download.

AdAware does not detect it.

SpyBot detects it, but fails to remove it. The Trojan loads at startup and three programs run in memory. SpyBot will suggest you run SpyBot at bootup but the Trojan gets in before SpyBot can nail it.

Any advice? (besides running a firewall).

Format? That is why there is firewall you know... There is an option in hamachi which allow you to disable or enable some unsecured windows connections. I dunno if you checked this box or not but it could be a cause of the problem(you don't need to enable it to play though hamachi...).

Have you tried Windows Defender?

I'd also try a couple different antivirus programs. AVG makes a nice free once. They also have a free Anti-spyware program and a free rootkit detector. Those are available at free.grisoft.com. I would definitely give the rootkit detector a try. What you're experiencing sounds like the malware might have been hidden in that manner.

Another program to try is LavaSoft's Adaware. Their website includes SpyAway in the malware it detects and removes.

There are also manual instructions to remove SpyAway here: http://www.spywareremove.com/removeSpyAway.html

Had intially written about AVG, but I see now that Kingpin beat me to it ... let us know if AVG helps.

dV