Spyware, Viruses, & Security forum

General discussion

SpyShield - Unwanted - How to RID

by gerri / March 21, 2006 8:12 PM PST

I ran Spybot and results were "Spy Shield" cannot be fixed or removed. Advised me to restart because it still may be in memory. I did that..and still cannot remove.

It appears this came from Adware...

I checked Adware and in doing some research it appears this may not be harmful but that it is a bundling of ads which I want to remove naturally.

These are 4 Registry Keys...on of them below..

..User Settings HKEY-USERS\S-1-5-18/software\tbon


I run Ad-Aware, Spybot Search & Destroy, AVG, and Zone Alarm ..XP Windows on Gateway.

Thanks so much


Discussion is locked
You are posting a reply to: SpyShield - Unwanted - How to RID
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: SpyShield - Unwanted - How to RID
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Spy shield
by tomron / March 21, 2006 8:55 PM PST

Check this LINKout and you will see two of them.

Spy shield and Spy-shield

You said there are 4 registry keys.

Click here HERE to see what i found.Again note the difference as noted above.


Collapse -
You could also run
by roddy32 / March 21, 2006 9:02 PM PST
Collapse -
Morning Roddy
by tomron / March 21, 2006 9:35 PM PST
In reply to: You could also run

What do you think of THIS


Collapse -
It's probably different Tom
by roddy32 / March 21, 2006 9:58 PM PST
In reply to: Morning Roddy

I will check into it later today if I can find the time.

Collapse -
(NT) (NT) Thats good enough for me
by tomron / March 21, 2006 10:00 PM PST
Collapse -
They are both programs Tom but
by roddy32 / March 21, 2006 10:44 PM PST

I think they are different. The one from ZDNET is from Post Media, whereas the one with the adware that McAfee is talking about is from Best Offers. One has a hyphen in the name, one doesn't. The versions numbers are different also. If the original poster is reading this, you might want to check your add/remove programs and see if there is anything in there named spyshield or bestoffers though which would also affect the removal.

Collapse -
by gerri / March 22, 2006 12:52 AM PST

There is nothing in add/remove programs -- this was the first area I checked.

You are correct that this is an adware program.

Any other suggestions? I'm going out of my mind!


Collapse -
Did you see my other post
by roddy32 / March 22, 2006 1:00 AM PST
In reply to: Programs..

with directions for scanning in safe mode?

Collapse -
Other post...
by gerri / March 22, 2006 1:11 AM PST

Yes, thanks... I am still new at Windows XP believe it or not, I just installed a couple of months ago.

I will try the safe mode first...and go from there...with the other suggestion.

I'm sure I will be back with good news - hopefully.

Collapse -
(NT) (NT) OK, Good luck.
by roddy32 / March 22, 2006 1:17 AM PST
In reply to: Other post...
Collapse -
McAfee has a write up........
by Marianna Schmudlach / March 22, 2006 2:24 AM PST
In reply to: Other post...

This is not a virus or a trojan. It is a direct-marketing software bundle that employs adware (such as Adware-BestOffers ) to generate contextual pop-up advertisements while browsing the web.

Have a look here
if you can find the files

Collapse -
(NT) (NT) I provided that in my 1st post :)
by tomron / March 22, 2006 4:46 AM PST
Collapse -
(NT) (NT) Oops,,, sorry Tom.. ...mea culpa ;)
by Marianna Schmudlach / March 22, 2006 4:48 AM PST
Collapse -
Another Suggestion
by Bugbatter / March 22, 2006 12:54 AM PST

As Roddy mentioned, try running your Spybot and Ad-aware in safemode. If that does not work, give Ewido a try:
1. Download Ewido security suite from http://download.ewido.net/ewido-setup.exe
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to ''Install background guard (required for automatic updates)'' and ''Install scan via context menu''. Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big ''E'' icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.

Once the updates are installed do the following:

Please reboot into Safe Mode:
Turn on the computer.
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

When your computer is booted into Safe Mode, then continue.

6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK.
10. When the scan is complete, click ''Save Report''.
Your scan results will be saved in a textfile. You may need to refer to this later.

If Ewido ''crashes'' or ''hangs'' during the scan, try scanning again by doing this:

1. Scan one sector of the system at a time by using the ''Custom Scan'' feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on ''Start Scan''. When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.
2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick ''Scan in NTFS Alternate Data Streams''. Then repeat the steps above for performing a Custom Scan.

Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days that is why we are not installing the guard so it will not interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under ''Your Security Status''.

If none of these steps resolve your problem, you might want to post a HijackThis log on one of the sites that handles them.

Collapse -
I have tried everything....
by gerri / March 22, 2006 8:52 AM PST
In reply to: Another Suggestion

Bawawawawaaa. Sad

I have tried EVERYTHING...except for Ewido...you suggested.

I have tried the Safe Mode, running Spy Bot and Ad-Aware. AND I even talked with MS and ran Windows Live Security Center....I even ran Housecall: Before I could delete anything, the results left my screen. ??

After the tests are run on SpyBot...the message says cannot delete because in memory. Does this mean it is in my startup mode? I did manage to get 2 of the folders out of 4 deleted.

Again, this is SpyShield. What is happening is that NOW this program is gathering other stuff...like HitBox, etc.

I just do not know what to do.

I forgot how to run HiJackThis. Can anyone assist me before I kill myself... Sad


Collapse -
by tomron / March 22, 2006 8:58 AM PST

Heres a LINK that explains everything.



Collapse -
Gerri.. This should help..
by Carol~ Moderator / March 22, 2006 9:00 AM PST
Collapse -
There's Still Hope
by Bugbatter / March 22, 2006 9:07 AM PST

Take it easy. There's hope!

Do try Ewido.
If that does not help, click http://ralphcaddell.com/Uploads/HjThis.exe to download a self extractable version of hijackthis. Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

Launch HijackThis to do a ''Scan and Save Log''. Register and post your log at any one of these:
- http://www.castlecopscops.com/
- http://forums.spywareinfo.com/
- http://www.bleepingcomputer.com/forums/index.php
- http://forums.subratam.org/
- http://www.geekstogo.com/forum/index.php
- http://spywarewarrior.com/index.php

Collapse -
Will try them ALL
by gerri / March 22, 2006 9:31 AM PST

You guys are SO great. I'm taking all the suggestions and working on them....probably not tonight. I'm so tired..

I will be up bright and early tomorrow working on this and I'm sure I'll have more questions. Can you stand it? Happy


Collapse -
You're Welcome, Gerri :)
by Bugbatter / March 22, 2006 9:37 AM PST
In reply to: Will try them ALL

Feel free to ask questions. Always glad to help. Happy
Gerri, the self-extractable HijackThis that I posted might be the easiest for you.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?