Printable Version of Topic
Click here to view this topic in its original format
GMC Forum _ CHILL OUT _ Getting Rid Of Horrible Spyware...
Posted by: Hungus Sep 12 2007, 10:37 AM
Hey guys, just wondering if anyone had any good techniques for getting rid of spyware which just doesnt want to die. A few days ago I was stupidly tricked into installing some spyware onto my computer (I dont wanna talk about it, it was 2 in the morning). Basically it disguises itself as IEXPLORER.EXE(x2) in the windows task manage and whenever I tell it to end process it comes back a couple of seconds later as some random letters then turns back to IEXPLORER. I have tryed both lavasoft ad aware and also spy bot search & destroy including the start up scan but it just refuses to die.
Any help with this matter would be greatly appreciated 
Posted by: Andrew Cockburn Sep 12 2007, 10:42 AM
Any help with this matter would be greatly appreciated
I had one of these once - if AdAware et al can't fix it, the only solution is to reinstall your entire machine - somehting I do every 6 months or so anyway.
Posted by: Nick325 Sep 12 2007, 10:47 AM
if u have system restore use it if thats what andrew is saying.
Posted by: Anomaly Sep 12 2007, 10:50 AM
No, don't do that. That can make you organized..
Anyway
http://www.comodo.com/products/free_products.html - lots of stuff, maybe try BOClean
http://www.avast.com/eng/avast-virus-cleaner.html
http://www.superantispyware.com/
Well, these things work for me.
Posted by: Hungus Sep 12 2007, 11:00 AM
Thanks guys... Maybe I will do a reinstall. Thankfully I have my HDD petitioned so I dont really have to worry about losing any of my stuff
Posted by: Andrew Cockburn Sep 12 2007, 11:07 AM
Smart
Posted by: symon Sep 12 2007, 01:27 PM
when all else has failed me in the past i have used prevx i swear by it
it has found things spybot and adaware have been unable to
http://info.prevx.com/downloadprevx2.asp
warm regards symon
Posted by: tonymiro Sep 12 2007, 04:43 PM
Hungus sometimes you can only remove trash fully if you do it in safemode with AdAware/spybot.
For all - if you have the luxury of more then one computer use a cheap one for the internet and keep a good - more expensive - one disconnected. You can always transfer files/software updates etc manually between them once you know they are clean. If you can't do this then do like Hungus and partition the drive and regularly back up your critical files to a safe location.
Set a restore point and you can then, as Nick says, potentially restore to a safe point if things go pear shaped. Restore is a must in my opinion, not just for malware/virus problems but also for everytime you install new software. Set a point BEFORE you install. If something goes wrong then you can reinstall a good OS without the stuffed up install getting in the way...
Also AdAware as Andrew and spybot as Hungus say are an essential for any internet connected computer two different spyware scanners are great as none of them are 100% - good additional links to start with from Anomaly and symon. If you are having problems then download and run HIjackThis which will provide a report of activity on your pc.
Cheers,
Tony
Posted by: Ayen Sep 12 2007, 05:08 PM
I used to have many problems with things like this, and I headed over to Daniweb.com . The guys there are great, if you have any virus problems I highly suggest going to their Viruses, Spyware and other Nasties section and asking for help.
Posted by: Hungus Sep 12 2007, 05:19 PM
The problem isnt actually my anti spyware programs not being able to find them its just neither of them can delete it... it just says it cant do it basically. Is there some way I can delete a program that is currently in use? in the past I have been able to do it by ending its process and then quickly deleting before it can start back up but in this case its running 2 of them...
Posted by: MickeM Sep 12 2007, 05:43 PM
No you can't delete it while it's active. If you can start up the system in safe mode or DOS even and you know the name of the program and which folder it's in just delete it. But sometimes I think these spyware programs have a backup that will reinstall itself if it detects that the main program is gone. Then you have to find all of them. I think it's Symantec that has manual deletion instructions you can follow, if you got the name of the spyware.
Posted by: tonymiro Sep 12 2007, 05:59 PM
You need to do it in safemode Hungus. If you don't the self-extracting script will activate - that's the problem you have encountered. Even in safemode you need to delete the file AND all the associated self extracting ones. You can usually find what they are and where they are hidden by doing a google on the file name.
AdAware/spybot maybe able to get them cleaned out in safe mode BUT you might have to do it manually.
Cheers,
Tony
Posted by: mattacuk Sep 12 2007, 06:05 PM
Ok heres the deal. Its likely the offending trojan is a running process so you wont be able to just remove it. From experience i would say you are much better of at this point re-installing your system as it *may* have modified system files.
The best industry standard spyware removal i have ever used for business use is "NOADWARE" http://www.noadware.net/ - it really is the best IMO. I would use this from now on
Posted by: Asphyxia Feeling Sep 12 2007, 06:45 PM
i downloaded the trail version of SpyHunter, which dectets spyware, but doesn't remove it. the good thing it DOES do is show you were the bad software is in your registry. meaning, you can go to RUN and type REGEDIT and carefully find and delete each malicious bit yourself.
Posted by: DeepRoots Sep 12 2007, 07:13 PM
MickeM is right- boot up in safe mode- then you can run your anti-spyware programs which should be able to then delete them- or- if that fails start up in safe mode and manually find and delete the infected file. You can do this by using the spyware prgram that locates it (but cannot as you said delete it) then use the location that the prgram states; find; delete; job done (in a perfect world)
Has worked for me several times.
Posted by: bad_tel Sep 13 2007, 06:02 AM
m8 if its that bad save what you want on disc and re sore your ps if its xp tape f5 on start up and follow well i think its f 5 im on vista thats f5 man i donno its one of them and your pc will be fast again to 
Posted by: Pavel Sep 13 2007, 06:44 AM
Thanks for that one! I thought my PC is clean - damn it found a couple of Dangerous and Severe things.
I used to only use AVG.
Posted by: tonymiro Sep 13 2007, 06:56 AM
Careful though as spyware checks often report incorrectly. Double/triple check any report and think it through - ie anything odd on your pc downloaded any thing dubious/visited any odd sites that might have infected you? If you are certain you haven't then are you infected or is it a duff report - happens guys quite a bit.
Cheers,
Tony
ps only way perhaps to stay clean - don't visit/download/open/run anything that is remotely 'dubious' from some one you don't trust 100% and so on. Internet - be safe, stay safe. No software replaces YOUR intervention and common sense. I spend a fair bit of time disinfecting my wife's pc as she trusts 'University' messages - most of which is hacked spam 
.
I use AVG and generally it is still one of the better ones IMO
Posted by: Nick325 Sep 13 2007, 07:03 AM
i scanne my computer with the noadware but it wont remove the items unless i register 
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)