RE: Removing "PCtuneup" spyware?

From: AndyManchesta (AndyManchesta_at_discussions.microsoft.com)
Date: 08/23/05


Date: Tue, 23 Aug 2005 14:33:17 -0700


Hi There

Im not aware of anything called pctuneup from better internet except the
uninstaller program mypctuneup which can be downloaded from them to remove
ABI products. The uninstaller program will not show in Add/Remove as far as I
know but the message you posted sounds like the part that comes with Aurora

ABI Network a division of direct revenue will appear with Aurora but you
will know this is present because you get pop-ups everytime you use the net.

Its a great time to have Aurora because there is now some very easy fixes
for this, The main part is the Epolvy trojan which replaces the rest if they
get deleted which has proved a stalling point for many removers. The old
method was to use Nailfix, Ewido & Ccleaner in safe mode but Lavasoft have
made things alot easier now

Download Ad-aware SE and then

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?

Then update it and close Adaware

Next download the new VX2 cleaner

http://updates.ls-servers.com/vx2cleaner.zip

Save the file where you can find it easily then Extract the files and copy
them (Left click and cover the files and then right click and copy) then open
Lavasoft's Ad-Aware "Plugins" folder and paste them into there(Right click
and paste).

(C:\Program Files\Lavasoft\Ad-Aware SE\Plugins)

Run Ad-Aware and click the Add-ons button in the main window.Select VX2
Cleaner from the list.

Click the "Run Tool" button in the lower right corner of the window.Click
"OK" when asked if you want to execute this tool.It will say VX2 variant
found then press clean.Next it will say to reboot and run a smart scan with
Adaware.

It does miss a couple of traces which I will list below but it kills the
Nail infection and makes it look so easy.

Delete these if found:

C:\WINDOWS\ffsnvqmgpiy.exe
C:\WINDOWS\rramcx.exe

Then you can clear the Temp Internet files and the contents of the prefetch
folder to remove the final traces if you wish:

goto start menu and run and type %temp% delete the contents of this folder
or at least the files that are not in use then start and run and type
prefetch and delete the contents of this folder and its finished !

If this is pctuneup you are having problems with its new to me to have a
uninstaller that you cannot uninstall, Ive checked this remover in detail and
I cannot find anything malicious with it except it doesnt work very well and
leaves what they descibe as a marker on the system. The issue is the adware
itself it transmits everything you do to them including username and computer
registration number, How much space is free and used, What programs you have
installed and the paths to each file, What version of windows and browser you
use, every page you visit and entries typed in search engines etc... so they
are keylogging in a way but they get away with it because they say its all
done through EULA's. Ive got some packet sniffing logs where its being
bundled with dsr,elite,qoologic etc.. where it clearly states its all done by
silent installs with no Eula's shown so they make up the rules as they go and
it doesnt appear anyone can stop them.

Use Adaware's cleaner as it works great if its Aurora it also does well on
Ceres which are the two main infectants coming from ABI if you have problems
let us know and we can go the Hijack This method and see exactly what you are
infected with

Good luck

AndyManchesta

"trs80" wrote:

> I have installed on my PC win2000 spyware called PCTuneup. It actually
> shows up in the Settings/Uninstall. But when using the uninstall function
> is sends me to a website with content shown below where it asked you to
> install more software to remove PCtuneup. Idont want to take the risk of
> installing more software from them to uninstall this.
>
> Is there a way to remove it from the PC?
>
> -----------------------------------------------
>
> ABI Network a division of direct revenue
>
> The ABI Network contextual advertising software is installed on this
> machine because you have received software free of charge through an ABI
> distributor. To support your free software and to help keep the product
> free, please do not uninstall the ABI Network software. It is not
> "spyware," does not collect any personal information about you, and is not
> malicious. If you do choose to uninstall the ABI Network software, it can be
> safely and completely removed by going to www.mypctuneup.com to get the
> uninstall tool.
>
> EULA
>
>
>