I don’t know how, but the so-called ‘Antispyware Master’ program has infected my computer. It is a bugger - taking over my desktop, slowing things down, forcing me to run programs through Task Manager. Not fun.
I’ve searched and found a lot of sites which provide instructions on manual removal of Antispyware Master. Frankly, I don’t have the confidence to carry out the recommended processes (which includes changing the registry). Are there any free automatic removal programs for this plague?
Ad-Aware 2008 has long been a proven tool. There is a free version you can download (linked) but unfortunately it is not persistent (i.e. it is not running all the time). You need the Plus or Pro version for that – but it’s worth it if spyware is a big problem for you.
I’ve had a look at the instructions here and whipped up the following, which should work on Vista. You’ll need to run this in safe mode.
DISCLAIMER: I’ve not tried it.
@echo on
rem copy and paste this into notepad and save this as c:\ RemoveASM.cmd
rem remember to do File | Save As, then change the Save As Type to All files
rem Kill tasks
Taskkill /f asm.exe
Taskkill /f /fi "imagename eq antispywaremaster*.exe"
rem Unregister and remove DLLs
cd\
md asmremove.dir
cd asmremove.dir
for /f %%f in ('dir /s /b *antispywaremaster*.dll') do move %%f \.
for %%f in (*.dll) do regsvr32 /u %%f
del *.dll
cd ..
rd asmremove.dir
rem Delete registry keys
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareMaster_is1 /va /f
reg delete HKLM\SOFTWARE\AntiSpywareMaster /va /f
reg delete HKLM\SOFTWARE\AntiSpywareDeluxe /va /f
reg delete HKLM\SOFTWARE\microsoft\windows\currentversion\run\"antispywaremaster" /va /f
reg delete HKLM\SOFTWARE\microsoft\software\antispywarematerdownloader /va /f
rem Delete App
del /f /s "c:\program files\AntiSpywareMaster"
rem end of file
Bah! I’ve spotted two typos: an extra backslash in the move line - it should be . not . at the end that last reg delete line is missing an S - it should be
@echo on
rem copy and paste this into notepad and save this as c:\ RemoveASM.cmd
rem remember to do File | Save As, then change the Save As Type to All files
rem Kill tasks
Taskkill /f asm.exe
Taskkill /f /fi "imagename eq antispywaremaster*.exe"
rem Unregister and remove DLLs
cd\
md asmremove.dir
cd asmremove.dir
for /f %%f in ('dir /s /b *antispywaremaster*.dll') do move %%f .
for %%f in (*.dll) do regsvr32 /u %%f
del *.dll
cd ..
rd asmremove.dir
rem Delete registry keys
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiSpywareMaster_is1 /va /f
reg delete HKLM\SOFTWARE\AntiSpywareMaster /va /f
reg delete HKLM\SOFTWARE\AntiSpywareDeluxe /va /f
reg delete HKLM\SOFTWARE\microsoft\windows\currentversion\run\"antispywaremaster" /va /f
reg delete HKLM\SOFTWARE\microsoft\software\antispywaremasterdownloader /va /f
rem Delete App
del /f /s "c:\program files\AntiSpywareMaster"
rem end of file
IMO AdAware is near useless. Not bad as such and better than nothing but not very good protection (perhaps the pay versions work better…I do not know).
The main issue is AdAware and SpyBot became ubiquitous thanks in large part to being free. I have run across spyware that specifically and actively evaded AdAware. I have seen other spyware that AdAware seems to kill but comes right back.
In short, invest in a decent anti-spyware program. There are several to be had (research first to be sure they are legit and not one of the many counterfeit anti-spyware programs…or stick with a known brand like Norton or McAfee or Kaspersky).
Many thanks, indeed. I truly appreciate your help and effort. Alas, the damn spyware has totally disabled notepad as far as I can tell. One way I might be able to get at, and use, notepad is by running it via Task Manager. To do that, though, I need to know where notepad is kept, i.e. what folder etc. Then, I should be able to access it through Task Manager. Any ideas? In any case, thanks!
By the way, I do have AdAware and Norton. Both seem impotent with respect to Antispyware Master.
As an aside, considering the functional damage it does, this Antispyware Master seems way too malicious and actively damaging for simple spyware. It behaves much more like a virus. A nasty one.
I forgot to check: that batch file assumes you’re running Vista. If you’re running XP, the Taskkill command may not work, and it may be regsvr rather than regsvr32.
I would disagree. Ad-Aware and Spybot both are essential antispyware tools (the only thing more useful is Hijackthis, but that’s not for the average user). Ad-Aware updates to make reflect changes in spyware; things designed to evade it today will be found when the software is updated.
Neither Ad-Aware are designed to be protection tools, anyway. They are cleaning tools. If you want protection, use Spyware Blaster or Advanced WindowsCare.
In addition, I’ve never found McAfee or Symantic be particularly good at preventing or cleaning spyware. Better than nothing, but spyware protection is an afterthought for them and I’ve never seen them ever suggested by anyone who deals with spyware issues regularly.
You’ll have to manually kill the processes yourself (delete those two lines with taskkill) before running the program, and make the regsvr change I noted, but otherwise it should work just fine. Again, I’ve not been infected, so I haven’t been able to test it.
If you’re feeling paranoid, put a rem in front of both *del .dll and rd asmremove lines. This will make the lines remarks so it won’t delete the dodgy dll files, just in case they’re not dodgy.
Just to cover my backside: I make no warranties whatsoever.
I would agree - my Mom has Norton 360 installed and that did not prevent something similar (and won’t clean it, either). But, Symantec will be happy to collect a $99.99 fee to help her manually remove it since she is a registered user.
I think that AntiSpyware Master is one of the bullcrap “antispyware” programs that you are promted to download and install if you get infected by a Vundo trojan variant (hence, you may have that as well). It looks to be hard to get rid of…I’m going to try manually cleaning her computer this week.
Check for an old Sun Java run-time installed on the machine somewhere. Delete it or update it. The Vundo virus, which you almost certainly have, takes advantage a security flaw in old versions of Java – all that you need to do to get infected is have a Java-plugin in your browser using one of these old versions of Java, and visit the wrong web site.
But the same is becoming true of the non-free ones, too – various bad programs specifically try to evade Norton & McAfee, for example. The evildoers will try that on any program that becomes common enough to guard against them. That’s why there are so many more of these malware programs for Windows than for Apple or Linux.
Turns out that not only was I infected with Antispyware Master but, as you surmised, that the Vundo virus had piggy-backed in on it. This became clear after getting some professional help (a nice, but pricey, we-make-housecalls, computer support enterprise called ‘24 Hour Geeks’).
And, also just like you predicted, it was a bugger to remove. Even the tech support guy who had come to my place was unable to get rid of it. Ultimately, he used AVG and was successful (more about AVG in a moment). As I understand it, the Vundo virus (or maybe it’s a trojan), buries itself in your boot sector and suppresses all attempts to kill it. So everytime we thought it was gone, and did a reboot, there it was staring at us again! Very frustrating.
Of course, my wonderful Norton “security” program stood idly by assuring me that all was well and I need not worry since there were no viruses or related villains on my machine!! What a load of horseshit. When we ran AVG, not only did it find and kill both the Antispyware Master and the Vundo, but it also detected (and killed) another 23 infections! Again, this after Norton had been so reassuring.
AVG seems wonderful. It’s 99% automatic and automated, easy to use, has a very nice interface, is totally FREE, checks out links on the current webpage for viruses (i.e. viruses you wouldn’t have known about until after you clicked by which time it would be too late) and gives you automatic update notification, … It’s already identified and killed a virus that was on a site I visited. Anyone using Norton should give it a look. Don’t be like me and learn the hard way.
I wonder if that’s the same thing that tried to download itself on my machine last week? I was searching for something innocuous and clicked a link on google when I started getting popups telling my computer was infected and prompting me to click to download and antispyware program. Instead I tried to close the boxes at the x in the corner but they kept popping up faster than I could click so I ctrl-alt-del’d and brought up task manager and shut down firefox. About the same time LiveOneCare kicked in and quarantined it. I ran a deep scan to make sure it didn’t install anything.
This is treading on IMHO territory, but what do you guys think of Trendmicro’s PCcillin? I had a free year with my Dell a while back and it seemed pretty nice.
As of now, I’m using AVG free and Windows Defender. I’m not sure if that’s enough protection.