I have been getting a rash of computers infected with either belt or susp. I have only found about a dozen different ways of removing it, and none of them quite work. Anyone know of anything good out there that can do it for me?


miq

http://securityresponse.symantec.com/avcenter/tools.list.html is a good link to bookmark for starters.

http://securityresponse.symantec.com/avcenter/venc/data/adware.binet.html has the registry keys listed that need to be removed. Maybe someone else here can help you create a batch that you can run to remove those keys from the registry.

Thats where I got 1 of the removal instructions. The only thing I see wrong with it is that half of those registry locations don't exist (which may be a good thing too).

Hmm. Haven't seen this one yet. However, since Symantec classifies it as Adware rather than a virus, I would try Ad Aware or SpyBot.

Belt.exe and Susp.exe is part of the Transponder Better Internet Gang




As of Dec 10, 2003, I now have a sample of every known transponder from the first one that appeared in 1999 (IEHelper.dll) to the two newest ones that are now being seen on the Internet which are Belt.exe and Susp.exe.

Although many think both are trojans or viruses, they are in fact programs that work in conjunction with the Bi.dll for management of the popup advertising that is foisted by offeroptimizer.com (http://www.offeroptimizer.com/) which is registered to Alan Murray.
NOTE: Ad-Aware 6.181 with current Reference file detects all 3 objects



http://webhelper.netfirms.com/transponders/belt_susp.html

You also can try Highjack this. It will bring up additional things to clean that Ad aware and Spybot skip, but it also will disable your WinZip and Adobe Acrobat if your not careful with it.

http://www.spywareinfo.com/~merijn/downloads.html