What is spyfader? I tryed to log off of windows, and i had all of the programs closed out, but it kept saying ending program...spyfader.

probably sysfader? thats the one that commonly causes problems at shutdown. as google hasnt heard of spyfader, well go with that for now.
sysfader is a normal program, but poor scripts in other programs will make it hang. theres a ton of completely different things that can do it, but start with antivirus scans and a spyware scan.
online scans: www.trendmicro.com www.trojanscan.com
download, install, update, then run http://security.kolla.de

thanks for replying - I ran adware today and it picked up a ton of stuff - programs, folders .... I also ran Norton and emptied all cookies and temp internet files. The problem at this point -- I can't even turn the computor on. It is getting no power from the power supply which is why I think it is the motherboard. Thanks again

SpyFader Exists Alright. SysFader is one thing and SpyFader is another thing. It is a virus/trojan and a psyprogram that appears process window just when the computer starts if ur watching the process window and then it disappears fast and leaves only 3 cookies as a trace of its existance which is called something with SPYfader. What I cant figure out is how to delete it. Does anyone know how to kill it???

YES! this is real!!! I recently got this stupid trojan/virus Yesterday because I noticed my computer was acting REALLY slow. I have a decent amount of ram and when I tried to open a folder on my desktop, my computer reacts very slowly, in fact, if I have the task manager out, the actual program name comes up "SpyFader" for about 3 seconds and then goes away. In my folder if i try clicking anything the computer just freezes and I have to restart my computer by holding the switch. But if I do anything else (ie. go online, open games) it seems to work fine. PLEASE!! Help me remove this stupid virus. I downloaded the latest definitions for my Norton AntiVirus, Webroot SpySweeper, and Ad-Aware....none of them found it. Any is appreciated.

re; SPYFADER ; it has really made a mess of windows xp home SP2 any one find anything out on this
i have searched and posted to diffrent groups any help will be greatly appreciated

Please post your HijackThis (http://www.aumha.org/freeware/freeware.php#hjt) Logfile for better assesment of your problem.

I realize that this is an old thread but I also have this "Spyfader" showing up on my computer. It is really messing with my system. Has anyone figured out how to delete it yet? In case it helps I am listing my latest Highjackthis logfile.

Logfile of HijackThis v1.99.1
Scan saved at 9:52:18 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\BHOZapper\BHOZapper.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Sprint Virtual Assistant\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Jerry\Desktop\WinZip\8.0\winzip32.exe
C:\DOCUME~1\Jerry\LOCALS~1\Temp\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: BHOZapper Toolbar - {0A029144-6E5A-4F7E-A3B8-0B7F3F729049} - C:\Program Files\BHOZapper\BHOZapper Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [BHOZapper] C:\Program Files\BHOZapper\BHOZapper.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.snapfiles.com
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094524592390
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I found spyfader on my computer forty eight hours ago. What someone suggested to me was to look behind my computer to what was attached. The only think I had added was a mouse April 9, 2005. I had not associated mouth performance with all my computer problems but when having trouble shutting down and had task manager running saw spyfader pop up for a second.


When I bought mouse it came with what I believed was USB extension cord. When I removed that performance improved drastically. I can find no documentation but believe it to be a keystroke tracker. I am horrified and now must change passwords everywhere. Look behind your computerrs and see if you have some type of extension device.

SS

You believe your USB extension cord is a keylogger?! Why would a professional hardware manufacturer include a (hardware) keylogger with their product? It would ruin their reputation forever, it just doesn't make any sense at all. Your USB extension cord is just that; an USB extension cord.

Not to mention that if you really would've been running a keylogger for the past 8 months, non of your passwords would be working right now.

Agree it does not make sense.

The only positive info I found said to look behind my machine which I did and found a device I thought was a USB extension. Without it on machine machine is oh so much more responsive.

I don't know what spyfader is, how I got it for sure, and more important how to get rid of it. I can not make it appear at will on my task manange at will but did see it again this morning so removing device did not stop it running.

Has anyone successfully removed it?


Shannon

Had the exact same problem (with sysfader); its why I even came to this site in the first place. Reinstall McAfee VirusScan. It would also be good to run chkdisk.

extension cords of many types can cause problems, but they have nothing whatsoever to do with software installed on your computer. when someone tells you something patently ridiculous, you should try to confirm it with a reputable source.

unless something has changed drastically in the last year, sysfader is harmless in and of itself. but it appearing can be a symptom of malware presence.

extension cords of many types can cause problems, but they have nothing whatsoever to do with software installed on your computer. when someone tells you something patently ridiculous, you should try to confirm it with a reputable source.
Agreed, it should be confirmed via a reliable source, however, there is virtually no information available on Spyfader so it may or may not be connected to the extension cord.

As for your blanket statement that it is "patently ridiculous", I'm afraid you are wrong about that. Hardware keyloggers come in many guises, one of which is an extension lead. Other versions include keyboards and small plug-in devices.

Here are a couple of examples:
http://www.spycop.com/keyloggerremoval.htm
http://www.keyghost.com/

Every one of the hardware keyloggers I've seen in this thread can not be read out without having physical access to the device, which would mean someone in your direct environment would have to have sold it to you, or put it in there themselves, or they wouldn't even be able to gain something out of it.

I highly doubt any computer store would sell someone a device like that without even mentioning what it does. They're pretty expensive too, so the chance of buying one by accident is almost non-existant.

Every one of the hardware keyloggers I've seen in this thread can not be read out without having physical access to the device, which would mean someone in your direct environment would have to have sold it to you, or put it in there themselves, or they wouldn't even be able to gain something out of it.

I highly doubt any computer store would sell someone a device like that without even mentioning what it does. They're pretty expensive too, so the chance of buying one by accident is almost non-existant.
Always a possibility the device was sold by accident. Extremely remote, I agree, but a possibility.

It does seem that it has to be the case a hardware keylogger needs to be installed by someone with physical access. One thought that occurred to me was some sort of adapted software based on the existing technology.

yes, i do think its patently ridiculous that someone would have a hardware keylogger on his home computer without his knowledge. why? because they arent sold next to the usb extension cords, or anywhere else in a standard electronic/computer store. they are specialty devices that need to be obtained deliberately and installed deliberately. you dont end up with one accidentally attached to your computer any more than you would accidentally end up with an itanium server as your personal computer.

mice from circuit city (user purchased it, remember?)do not come with hardware keyloggers, nor do such keyloggers install malware 6 months after being installed. to wit, the extension cord that is 6 months old would not be remotely related to a software issue that is 2 days old.

I am at a loss regarding what SpyFader is and how it got on my machine. I have seen SpyFader flash on task manager since removing device so device may be totally unrelated to SpyFader problem. I could see how it might affect my mouse (since attached there) but not my keyboard (of course I am clueless regarding working of the inside of my machine. My machine has been unresponsive for a long time and device has been on machine for a long time.

As redwench says extension cords can cause problems and this one definately was.

If anyone finds any info on SpyFader I would love to hear.


Shannon

Sysfader problems on shutdown are the result of the poorly writen McAfee VirusScan. Its probably trying to scan the A drive when there isn't one. And sysfader has nothing to do with the presence of malware. I have had this problem before; there was no malware and I had to reinstall.

Sysfader problems on shutdown are the result of the poorly writen McAfee VirusScan.
Sysfader is a process belonging to an Nvidia graphics device.

Yes, you are correct, but it is McAfee that causes sysfader to do that.

Spyfader spotted. 2/27/06

Registry scans and file scans negative. Malware scans and Virus scans (Norton) negative.

I'm starting ti suspect a rootkit...

The Executable IS called Spyfader, that much I was able to grab.