Getting Rid Of Horrible Spyware... |
|
|
|
|
Sep 12 2007, 10:42 AM
|
|
QUOTE (Hungus @ Sep 12 2007, 05:37 AM)  Hey guys, just wondering if anyone had any good techniques for getting rid of spyware which just doesnt want to die. A few days ago I was stupidly tricked into installing some spyware onto my computer (I dont wanna talk about it, it was 2 in the morning). Basically it disguises itself as IEXPLORER.EXE(x2) in the windows task manage and whenever I tell it to end process it comes back a couple of seconds later as some random letters then turns back to IEXPLORER. I have tryed both lavasoft ad aware and also spy bot search & destroy including the start up scan but it just refuses to die. Any help with this matter would be greatly appreciated  I had one of these once - if AdAware et al can't fix it, the only solution is to reinstall your entire machine - somehting I do every 6 months or so anyway. -------------------- Check out my Instructor profile
Live long and prosper ... My Stuff: Electric Guitars : Ibanez Jem7v, Line6 Variax 700, Fender Plus Strat with 57/62 Pickups, Line6 Variax 705 Bass Acoustic Guitars : Taylor 816ce, Martin D-15, Line6 Variax Acoustic 300 Nylon Effects : Line6 Helix, Keeley Modded Boss DS1, Keeley Modded Boss BD2, Keeley 4 knob compressor, Keeley OxBlood Amps : Epiphone Valve Jnr & Head, Cockburn A.C.1, Cockburn A.C.2, Blackstar Club 50 Head & 4x12 Cab |
 |
 
|
|
|
|
|
|
Sep 12 2007, 10:47 AM
|
|
if u have system restore use it if thats what andrew is saying.
|
|
|
|
|
|
|
|
|
Sep 12 2007, 10:50 AM
|
|
QUOTE (Andrew Cockburn @ Sep 12 2007, 11:42 AM) I had one of these once - if AdAware et al can't fix it, the only solution is to reinstall your entire machine - somehting I do every 6 months or so anyway. No, don't do that. That can make you organized.. Anyway http://www.comodo.com/products/free_products.html - lots of stuff, maybe try BOClean http://www.avast.com/eng/avast-virus-cleaner.html http://www.superantispyware.com/ Well, these things work for me. This post has been edited by Anomaly: Sep 12 2007, 10:53 AM |
|
|
|
|
|
|
|
|
Sep 12 2007, 11:00 AM
|
|
Thanks guys... Maybe I will do a reinstall. Thankfully I have my HDD petitioned so I dont really have to worry about losing any of my stuff
-------------------- .gif) |
|
|
|
|
|
|
|
|
|
Sep 12 2007, 11:07 AM
|
|
QUOTE (Hungus @ Sep 12 2007, 06:00 AM) Thanks guys... Maybe I will do a reinstall. Thankfully I have my HDD petitioned so I dont really have to worry about losing any of my stuff Smart
-------------------- Check out my Instructor profile
Live long and prosper ... My Stuff: Electric Guitars : Ibanez Jem7v, Line6 Variax 700, Fender Plus Strat with 57/62 Pickups, Line6 Variax 705 Bass Acoustic Guitars : Taylor 816ce, Martin D-15, Line6 Variax Acoustic 300 Nylon Effects : Line6 Helix, Keeley Modded Boss DS1, Keeley Modded Boss BD2, Keeley 4 knob compressor, Keeley OxBlood Amps : Epiphone Valve Jnr & Head, Cockburn A.C.1, Cockburn A.C.2, Blackstar Club 50 Head & 4x12 Cab |
|
|
|
|
|
|
|
|
Sep 12 2007, 01:27 PM
|
|
when all else has failed me in the past i have used prevx i swear by it
it has found things spybot and adaware have been unable to http://info.prevx.com/downloadprevx2.asp warm regards symon |
|
|
|
|
|
|
|
|
Sep 12 2007, 04:43 PM
|
|
Hungus sometimes you can only remove trash fully if you do it in safemode with AdAware/spybot.
For all - if you have the luxury of more then one computer use a cheap one for the internet and keep a good - more expensive - one disconnected. You can always transfer files/software updates etc manually between them once you know they are clean. If you can't do this then do like Hungus and partition the drive and regularly back up your critical files to a safe location. Set a restore point and you can then, as Nick says, potentially restore to a safe point if things go pear shaped. Restore is a must in my opinion, not just for malware/virus problems but also for everytime you install new software. Set a point BEFORE you install. If something goes wrong then you can reinstall a good OS without the stuffed up install getting in the way... Also AdAware as Andrew and spybot as Hungus say are an essential for any internet connected computer two different spyware scanners are great as none of them are 100% - good additional links to start with from Anomaly and symon. If you are having problems then download and run HIjackThis which will provide a report of activity on your pc. Cheers, Tony -------------------- Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com
Be friends on facebook with us here. We use professional, mastering grade hardware in our mastering studo. Our hardware includes: Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo. |
|
|
|
|
|
|
|
|
Sep 12 2007, 05:43 PM
|
|
QUOTE (Hungus @ Sep 12 2007, 06:19 PM) The problem isnt actually my anti spyware programs not being able to find them its just neither of them can delete it... it just says it cant do it basically. Is there some way I can delete a program that is currently in use? in the past I have been able to do it by ending its process and then quickly deleting before it can start back up but in this case its running 2 of them... No you can't delete it while it's active. If you can start up the system in safe mode or DOS even and you know the name of the program and which folder it's in just delete it. But sometimes I think these spyware programs have a backup that will reinstall itself if it detects that the main program is gone. Then you have to find all of them. I think it's Symantec that has manual deletion instructions you can follow, if you got the name of the spyware. This post has been edited by MickeM: Sep 12 2007, 05:46 PM -------------------- My bands homepage
All time favourites: B. Streisand - Woman in Love, M. Hopkin - Those were the days, L. Richie - Hello |
|
|
|
|
|
|
|
|
|
Sep 12 2007, 05:59 PM
|
|
You need to do it in safemode Hungus. If you don't the self-extracting script will activate - that's the problem you have encountered. Even in safemode you need to delete the file AND all the associated self extracting ones. You can usually find what they are and where they are hidden by doing a google on the file name.
AdAware/spybot maybe able to get them cleaned out in safe mode BUT you might have to do it manually. Cheers, Tony -------------------- Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com
Be friends on facebook with us here. We use professional, mastering grade hardware in our mastering studo. Our hardware includes: Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo. |
|
|
|
|
|
|
|
|
Sep 12 2007, 06:05 PM
|
|
Ok heres the deal. Its likely the offending trojan is a running process so you wont be able to just remove it. From experience i would say you are much better of at this point re-installing your system as it *may* have modified system files.
The best industry standard spyware removal i have ever used for business use is "NOADWARE" http://www.noadware.net/ - it really is the best IMO. I would use this from now on
-------------------- mysql> SELECT * FROM master_name WHERE ((firstname = 'Paul') AND (lastname = 'Gilbert'));
"The Fundimental Difference between Paul Gilbert and Buckethead is that Paul Explores the Good side of the force, while Buckethead Explores the Dark Side of the Force" :) |
|
|
|
|
|
|
|
|
Sep 13 2007, 06:44 AM
|
|
QUOTE (mattacuk @ Sep 12 2007, 07:05 PM) The best industry standard spyware removal i have ever used for business use is "NOADWARE" http://www.noadware.net/ - it really is the best IMO. I would use this from now on Thanks for that one! I thought my PC is clean - damn it found a couple of Dangerous and Severe things. I used to only use AVG.
-------------------- "It isn't how many years you have been playing, it's how many hours." -- Prashant Aswani "PRACTICE, PRACTICE, PRACTICE!" -- Michael Angelo Batio Check out my video lessons and instructor board! |
|
|
|
|
|
|
|
|
|
Sep 13 2007, 06:56 AM
|
|
Careful though as spyware checks often report incorrectly. Double/triple check any report and think it through - ie anything odd on your pc downloaded any thing dubious/visited any odd sites that might have infected you? If you are certain you haven't then are you infected or is it a duff report - happens guys quite a bit.
Cheers, Tony ps only way perhaps to stay clean - don't visit/download/open/run anything that is remotely 'dubious' from some one you don't trust 100% and so on. Internet - be safe, stay safe. No software replaces YOUR intervention and common sense. I spend a fair bit of time disinfecting my wife's pc as she trusts 'University' messages - most of which is hacked spam  .I use AVG and generally it is still one of the better ones IMO -------------------- Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com
Be friends on facebook with us here. We use professional, mastering grade hardware in our mastering studo. Our hardware includes: Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo. |
|
|
|
|
|
|
|
|
|
Sep 13 2007, 07:03 AM
|
|
i scanne my computer with the noadware but it wont remove the items unless i register
|
|
|
|
|
 
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
