Spyware, Viruses, & Security forum

General discussion

SpyShield - Unwanted - How to RID

I ran Spybot and results were "Spy Shield" cannot be fixed or removed. Advised me to restart because it still may be in memory. I did that..and still cannot remove.

It appears this came from Adware...

I checked Adware and in doing some research it appears this may not be harmful but that it is a bundling of ads which I want to remove naturally.

These are 4 Registry Keys...on of them below..

..User Settings HKEY-USERS\S-1-5-18/software\tbon


I run Ad-Aware, Spybot Search & Destroy, AVG, and Zone Alarm ..XP Windows on Gateway.

Thanks so much


Discussion is locked
You are posting a reply to: SpyShield - Unwanted - How to RID
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: SpyShield - Unwanted - How to RID
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Spy shield

In reply to: SpyShield - Unwanted - How to RID

Check this LINKout and you will see two of them.

Spy shield and Spy-shield

You said there are 4 registry keys.

Click here HERE to see what i found.Again note the difference as noted above.


Collapse -
You could also run

In reply to: SpyShield - Unwanted - How to RID

Collapse -
Morning Roddy

In reply to: You could also run

What do you think of THIS


Collapse -
It's probably different Tom

In reply to: Morning Roddy

I will check into it later today if I can find the time.

Collapse -
(NT) (NT) Thats good enough for me

In reply to: It's probably different Tom

Collapse -
They are both programs Tom but

In reply to: (NT) Thats good enough for me

I think they are different. The one from ZDNET is from Post Media, whereas the one with the adware that McAfee is talking about is from Best Offers. One has a hyphen in the name, one doesn't. The versions numbers are different also. If the original poster is reading this, you might want to check your add/remove programs and see if there is anything in there named spyshield or bestoffers though which would also affect the removal.

Collapse -

In reply to: They are both programs Tom but

There is nothing in add/remove programs -- this was the first area I checked.

You are correct that this is an adware program.

Any other suggestions? I'm going out of my mind!


Collapse -
Did you see my other post

In reply to: Programs..

with directions for scanning in safe mode?

Collapse -
Other post...

In reply to: Did you see my other post

Yes, thanks... I am still new at Windows XP believe it or not, I just installed a couple of months ago.

I will try the safe mode first...and go from there...with the other suggestion.

I'm sure I will be back with good news - hopefully.

Collapse -
(NT) (NT) OK, Good luck.

In reply to: Other post...

Collapse -
McAfee has a write up........

In reply to: Other post...

This is not a virus or a trojan. It is a direct-marketing software bundle that employs adware (such as Adware-BestOffers ) to generate contextual pop-up advertisements while browsing the web.

Have a look here
if you can find the files

Collapse -
(NT) (NT) I provided that in my 1st post :)

In reply to: McAfee has a write up........

Collapse -
(NT) (NT) Oops,,, sorry Tom.. ...mea culpa ;)

In reply to: (NT) I provided that in my 1st post :)

Collapse -
Another Suggestion

In reply to: SpyShield - Unwanted - How to RID

As Roddy mentioned, try running your Spybot and Ad-aware in safemode. If that does not work, give Ewido a try:
1. Download Ewido security suite from http://download.ewido.net/ewido-setup.exe
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to ''Install background guard (required for automatic updates)'' and ''Install scan via context menu''. Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big ''E'' icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.

Once the updates are installed do the following:

Please reboot into Safe Mode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

When your computer is booted into Safe Mode, then continue.

6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK.
10. When the scan is complete, click ''Save Report''.
Your scan results will be saved in a textfile. You may need to refer to this later.

If Ewido ''crashes'' or ''hangs'' during the scan, try scanning again by doing this:

1. Scan one sector of the system at a time by using the ''Custom Scan'' feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on ''Start Scan''. When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick ''Scan in NTFS Alternate Data Streams''. Then repeat the steps above for performing a Custom Scan.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days that is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under ''Your Security Status''.

If none of these steps resolve your problem, you might want to post a HijackThis log on one of the sites that handles them.

Collapse -
I have tried everything....

In reply to: Another Suggestion

Bawawawawaaa. Sad

I have tried EVERYTHING...except for Ewido...you suggested.

I have tried the Safe Mode, running Spy Bot and Ad-Aware. AND I even talked with MS and ran Windows Live Security Center....I even ran Housecall: Before I could delete anything, the results left my screen. ??

After the tests are run on SpyBot...the message says cannot delete because in memory. Does this mean it is in my startup mode? I did manage to get 2 of the folders out of 4 deleted.

Again, this is SpyShield. What is happening is that NOW this program is gathering other stuff...like HitBox, etc.

I just do not know what to do.

I forgot how to run HiJackThis. Can anyone assist me before I kill myself... Sad


Collapse -

In reply to: I have tried everything....

Heres a LINK that explains everything.



Collapse -
Gerri.. This should help..

In reply to: I have tried everything....

Collapse -
There's Still Hope

In reply to: I have tried everything....

Take it easy. There's hope!

Do try Ewido.
If that does not help, click http://ralphcaddell.com/Uploads/HjThis.exe to download a self extractable version of hijackthis. Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

Launch HijackThis to do a ''Scan and Save Log''. Register and post your log at any one of these:
- http://www.castlecopscops.com/
- http://forums.spywareinfo.com/
- http://www.bleepingcomputer.com/forums/index.php
- http://forums.subratam.org/
- http://www.geekstogo.com/forum/index.php
- http://spywarewarrior.com/index.php

Collapse -
Will try them ALL

In reply to: I have tried everything....

You guys are SO great. I'm taking all the suggestions and working on them....probably not tonight. I'm so tired..

I will be up bright and early tomorrow working on this and I'm sure I'll have more questions. Can you stand it? Happy


Collapse -
You're Welcome, Gerri :)

In reply to: Will try them ALL

Feel free to ask questions. Always glad to help. Happy
Gerri, the self-extractable HijackThis that I posted might be the easiest for you.

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Best Black Friday Deals

CNET editors are busy culling the list and highlighting what we think are the best deals out there this holiday season.