My cousin's computer is always infected by this type of spyware: pop ups "virus detected" and prompts the user to install the "antivirus" software, which is actually the spyware program.

I tried to clean it via AVG and AdAware, but somehow the problem always comes back.

Now I'm thinking of installing a good freeware firewall program instead of relying on Windows Firewall. Are there any good recommendations?

i used to use sygate.. but it has a slight problem with wireless routers.. it tends to drop wireless packets....

btw.. when you scanned your com did you enter safe mode? also remember to disable system restore.

try to clean it with AVG Anti-Spyware (used to be known as Ewido)... or Spybot S&D. AVG Anti-Spyware is not a freeware but u can use the trial version to remove the 'anti-virus' spyware. .. Spybot is a freeware... both are equally effective. I experienced the similar problem earlier... and I used Ewido to clear the virus off .. then use Spybot to double scan again to make sure it is totally clean... hehehe.. a bit kiasu.. :p

Meanwhile.... if u install some good spyware... it will come with spyware shield.. will act as a 'firewall' to these spyware... Spybot is one of it. The better one will be like Spyware Doctor and Spyware Emergency 2006 (I am currently using Spyware Emergency 2006, and I find it very effective).

Make sure your cousin's computer has all of these

http://www.spybot.com/ (Spyware/ Malware Cleaner)
http://www.lavasoft.com/software/adaware/ (Spyware/ Registry Removal)
http://free.grisoft.com/doc/2/lng/us/tpl/v5 (Free Anti Virus)
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp (Free Firewall)

I heard Windows Defender is also a good firewall, but I haven't tried it personally. AVG Anti-spyware should be good because I trust Grisoft products to deliver. There is another good anti-virus program from Kaspersky Labs, which is very effective, but its got a free trial of just a month http://www.kaspersky.com/trials?chapter=186685140

Hope that helped.

Don't disable system restore 1st!! if possible always perform a rollback..most probably its a spyware or trojan which changes the windows registry to pop up websites. Try System Restore to rollback to an earlier time (before these problems came up).

best way out.....clean format. then once everything is up and running again, set up a point on your system restore.......then once it's all done u can turn the system restore off.

sometimes the anti spy etc....yeah they're good but not 100%. so clean format.....works. a little time consuming but at least you're sure. just make sure u have a partition.....that way u minimise your lost files.

Now I'm thinking of installing a good freeware firewall program instead of relying on Windows Firewall. Are there any good recommendations?
Spywares will still come into your computer even if you have a firewall installed. There are channels opened to allow for internet access and the spywares come in through these legitimate "doors". Hence, you will still need to install the malware scanners and scan your computer regularly, no way out of that.

Best is to avoid sites that offers free downloads.
Like they say, "There's no such thing as a free lunch in this world."
It's a good thing that nowadays computing power is so cheap. :D

u can't clean it in Normal windows session. U hv to boot it to Safe Mode and clean it from there. AVG shud do fine.

Hi everyone. Thanks for all the tips. I'll try to boot in safe mode and scan.

My cousin don't allow me to clean format his PC :P Otherwise I would have done that long time ago heheh ;)

Cheerios, and will keep everyone updated.

xweird,
Talking about spyware really annoying me. Hahaha.. i just recently removed 80+ spyware from my pc. Its tricky to remove manually. I found a damn good Anti Spyware. Its called Spyware Doctor. It will detect 80+ things while other anti spyware detect 1 or 2. Rebooting in Safe mode wont do any good. I tried it and the spyware also gets loaded up in safe mode. I knew a thing about OS/registry, so i could manually remove them in "Repair mode" of Windows XP by using bootable CD.

My advice:
1. Buy pirated (ehem) CD installer for Spyware Doctor ver 4.0
2. If u use XP, make sure u use SP2. (Service Pack 2<-- a lot security issue solved in this).
3. Install a good antivirus software (Norton/AVG etc).
4. Install Windows Defender.
5. Always update the virus/spyware definitions every month.

That should protect ur pc enough.

Of course, formatting everything is a sure bet. But it will take LOONNGG time to reformat and reinstall everything as it was. So i dont recommend it unless the infection is beyond repair.

Sounds like you got hit with Virtumundo.

Go read the following for help uninstalling it.

http://wiki.castlecops.com/Malware_Removal:_Virtumundo