Reply to this topicStart new topic
> Getting Rid Of Horrible Spyware...
Hungus
post Sep 12 2007, 10:37 AM
Post #1


GMC:er
*

Group: Members
Posts: 368
Joined: 24-July 07
From: New Zealand
Member No.: 2.380



Hey guys, just wondering if anyone had any good techniques for getting rid of spyware which just doesnt want to die. A few days ago I was stupidly tricked into installing some spyware onto my computer (I dont wanna talk about it, it was 2 in the morning). Basically it disguises itself as IEXPLORER.EXE(x2) in the windows task manage and whenever I tell it to end process it comes back a couple of seconds later as some random letters then turns back to IEXPLORER. I have tryed both lavasoft ad aware and also spy bot search & destroy including the start up scan but it just refuses to die.

Any help with this matter would be greatly appreciated smile.gif


--------------------
IPB Image
Go to the top of the page
 
+Quote Post
Andrew Cockburn
post Sep 12 2007, 10:42 AM
Post #2


Moderation Policy Director
Group Icon

Group: GMC Instructor
Posts: 10.459
Joined: 6-February 07
From: CT, USA
Member No.: 1.167



QUOTE (Hungus @ Sep 12 2007, 05:37 AM) *
Hey guys, just wondering if anyone had any good techniques for getting rid of spyware which just doesnt want to die. A few days ago I was stupidly tricked into installing some spyware onto my computer (I dont wanna talk about it, it was 2 in the morning). Basically it disguises itself as IEXPLORER.EXE(x2) in the windows task manage and whenever I tell it to end process it comes back a couple of seconds later as some random letters then turns back to IEXPLORER. I have tryed both lavasoft ad aware and also spy bot search & destroy including the start up scan but it just refuses to die.

Any help with this matter would be greatly appreciated smile.gif


I had one of these once - if AdAware et al can't fix it, the only solution is to reinstall your entire machine - somehting I do every 6 months or so anyway.


--------------------
Check out my Instructor profile
Live long and prosper ...

My Stuff:

Electric Guitars : Ibanez Jem7v, Line6 Variax 700, Fender Plus Strat with 57/62 Pickups, Line6 Variax 705 Bass
Acoustic Guitars : Taylor 816ce, Martin D-15, Line6 Variax Acoustic 300 Nylon
Effects : Line6 Helix, Keeley Modded Boss DS1, Keeley Modded Boss BD2, Keeley 4 knob compressor, Keeley OxBlood
Amps : Epiphone Valve Jnr & Head, Cockburn A.C.1, Cockburn A.C.2, Blackstar Club 50 Head & 4x12 Cab
Go to the top of the page
 
+Quote Post
Nick325
post Sep 12 2007, 10:47 AM
Post #3


GMC:er
*

Group: Members
Posts: 1.996
Joined: 24-July 07
From: Long Island, NY
Member No.: 2.387



if u have system restore use it if thats what andrew is saying.
Go to the top of the page
 
+Quote Post
Anomaly
post Sep 12 2007, 10:50 AM
Post #4


GMC:er
*

Group: Members
Posts: 80
Joined: 26-April 07
From: Emona
Member No.: 1.694



QUOTE (Andrew Cockburn @ Sep 12 2007, 11:42 AM) *
I had one of these once - if AdAware et al can't fix it, the only solution is to reinstall your entire machine - somehting I do every 6 months or so anyway.


No, don't do that. That can make you organized..

Anyway
http://www.comodo.com/products/free_products.html - lots of stuff, maybe try BOClean
http://www.avast.com/eng/avast-virus-cleaner.html
http://www.superantispyware.com/

Well, these things work for me.

This post has been edited by Anomaly: Sep 12 2007, 10:53 AM


--------------------
Go to the top of the page
 
+Quote Post
Hungus
post Sep 12 2007, 11:00 AM
Post #5


GMC:er
*

Group: Members
Posts: 368
Joined: 24-July 07
From: New Zealand
Member No.: 2.380



Thanks guys... Maybe I will do a reinstall. Thankfully I have my HDD petitioned so I dont really have to worry about losing any of my stuff smile.gif


--------------------
IPB Image
Go to the top of the page
 
+Quote Post
Andrew Cockburn
post Sep 12 2007, 11:07 AM
Post #6


Moderation Policy Director
Group Icon

Group: GMC Instructor
Posts: 10.459
Joined: 6-February 07
From: CT, USA
Member No.: 1.167



QUOTE (Hungus @ Sep 12 2007, 06:00 AM) *
Thanks guys... Maybe I will do a reinstall. Thankfully I have my HDD petitioned so I dont really have to worry about losing any of my stuff smile.gif


Smart smile.gif


--------------------
Check out my Instructor profile
Live long and prosper ...

My Stuff:

Electric Guitars : Ibanez Jem7v, Line6 Variax 700, Fender Plus Strat with 57/62 Pickups, Line6 Variax 705 Bass
Acoustic Guitars : Taylor 816ce, Martin D-15, Line6 Variax Acoustic 300 Nylon
Effects : Line6 Helix, Keeley Modded Boss DS1, Keeley Modded Boss BD2, Keeley 4 knob compressor, Keeley OxBlood
Amps : Epiphone Valve Jnr & Head, Cockburn A.C.1, Cockburn A.C.2, Blackstar Club 50 Head & 4x12 Cab
Go to the top of the page
 
+Quote Post
symon
post Sep 12 2007, 01:27 PM
Post #7


GMC:er
*

Group: Members
Posts: 64
Joined: 2-August 07
From: Australia
Member No.: 2.463



when all else has failed me in the past i have used prevx i swear by it
it has found things spybot and adaware have been unable to
http://info.prevx.com/downloadprevx2.asp
warm regards symon
Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post Sep 12 2007, 04:43 PM
Post #8


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



Hungus sometimes you can only remove trash fully if you do it in safemode with AdAware/spybot.

For all - if you have the luxury of more then one computer use a cheap one for the internet and keep a good - more expensive - one disconnected. You can always transfer files/software updates etc manually between them once you know they are clean. If you can't do this then do like Hungus and partition the drive and regularly back up your critical files to a safe location.

Set a restore point and you can then, as Nick says, potentially restore to a safe point if things go pear shaped. Restore is a must in my opinion, not just for malware/virus problems but also for everytime you install new software. Set a point BEFORE you install. If something goes wrong then you can reinstall a good OS without the stuffed up install getting in the way...

Also AdAware as Andrew and spybot as Hungus say are an essential for any internet connected computer two different spyware scanners are great as none of them are 100% - good additional links to start with from Anomaly and symon. If you are having problems then download and run HIjackThis which will provide a report of activity on your pc.

Cheers,
Tony


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post
Ayen
post Sep 12 2007, 05:08 PM
Post #9


GMC:er
*

Group: Members
Posts: 616
Joined: 25-July 07
From: NY
Member No.: 2.393



I used to have many problems with things like this, and I headed over to Daniweb.com . The guys there are great, if you have any virus problems I highly suggest going to their Viruses, Spyware and other Nasties section and asking for help.


--------------------
IPB Image
Go to the top of the page
 
+Quote Post
Hungus
post Sep 12 2007, 05:19 PM
Post #10


GMC:er
*

Group: Members
Posts: 368
Joined: 24-July 07
From: New Zealand
Member No.: 2.380



The problem isnt actually my anti spyware programs not being able to find them its just neither of them can delete it... it just says it cant do it basically. Is there some way I can delete a program that is currently in use? in the past I have been able to do it by ending its process and then quickly deleting before it can start back up but in this case its running 2 of them...


--------------------
IPB Image
Go to the top of the page
 
+Quote Post
MickeM
post Sep 12 2007, 05:43 PM
Post #11


Born of NWOBHM, Moderation Team Leader
*

Group: Members
Posts: 8.562
Joined: 9-January 07
From: Stockholm, Sweden
Member No.: 1.062



QUOTE (Hungus @ Sep 12 2007, 06:19 PM) *
The problem isnt actually my anti spyware programs not being able to find them its just neither of them can delete it... it just says it cant do it basically. Is there some way I can delete a program that is currently in use? in the past I have been able to do it by ending its process and then quickly deleting before it can start back up but in this case its running 2 of them...

No you can't delete it while it's active. If you can start up the system in safe mode or DOS even and you know the name of the program and which folder it's in just delete it. But sometimes I think these spyware programs have a backup that will reinstall itself if it detects that the main program is gone. Then you have to find all of them. I think it's Symantec that has manual deletion instructions you can follow, if you got the name of the spyware.

This post has been edited by MickeM: Sep 12 2007, 05:46 PM


--------------------
Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post Sep 12 2007, 05:59 PM
Post #12


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



You need to do it in safemode Hungus. If you don't the self-extracting script will activate - that's the problem you have encountered. Even in safemode you need to delete the file AND all the associated self extracting ones. You can usually find what they are and where they are hidden by doing a google on the file name.

AdAware/spybot maybe able to get them cleaned out in safe mode BUT you might have to do it manually.

Cheers,
Tony


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post
mattacuk
post Sep 12 2007, 06:05 PM
Post #13


Lets go fishing!
Group Icon

Group: GMC Senior
Posts: 5.526
Joined: 21-December 06
From: illinois
Member No.: 1.001



Ok heres the deal. Its likely the offending trojan is a running process so you wont be able to just remove it. From experience i would say you are much better of at this point re-installing your system as it *may* have modified system files.

The best industry standard spyware removal i have ever used for business use is "NOADWARE" http://www.noadware.net/ - it really is the best IMO. I would use this from now on smile.gif


--------------------
mysql> SELECT * FROM master_name WHERE ((firstname = 'Paul') AND (lastname = 'Gilbert'));


"The Fundimental Difference between Paul Gilbert and Buckethead is that Paul Explores the Good side of the force, while Buckethead Explores the Dark Side of the Force" :)
Go to the top of the page
 
+Quote Post
Asphyxia Feeling
post Sep 12 2007, 06:45 PM
Post #14


GMC:er
*

Group: Members
Posts: 241
Joined: 19-April 07
From: Palm Springs, CA.
Member No.: 1.620



i downloaded the trail version of SpyHunter, which dectets spyware, but doesn't remove it. the good thing it DOES do is show you were the bad software is in your registry. meaning, you can go to RUN and type REGEDIT and carefully find and delete each malicious bit yourself.


--------------------
What did you learn tonight?
while shouting so loud, you barely joyous, broken thing.
You are a voice that never sings, is what i say.
You are freezing over hell
You are bringing on that end you do so well
and you can only blame yourself, is what is say.
Go to the top of the page
 
+Quote Post
DeepRoots
post Sep 12 2007, 07:13 PM
Post #15


Get to da Chopper!
Group Icon

Group: GMC Senior
Posts: 2.700
Joined: 18-March 07
From: South Wales, UK
Member No.: 1.374



MickeM is right- boot up in safe mode- then you can run your anti-spyware programs which should be able to then delete them- or- if that fails start up in safe mode and manually find and delete the infected file. You can do this by using the spyware prgram that locates it (but cannot as you said delete it) then use the location that the prgram states; find; delete; job done (in a perfect world)

Has worked for me several times.
Go to the top of the page
 
+Quote Post
bad_tel
post Sep 13 2007, 06:02 AM
Post #16


GMC:er
*

Group: Members
Posts: 32
Joined: 9-September 07
From: cheshunt
Member No.: 2.735



m8 if its that bad save what you want on disc and re sore your ps if its xp tape f5 on start up and follow well i think its f 5 im on vista thats f5 man i donno its one of them and your pc will be fast again to wink.gif


--------------------
t.sharpe
Go to the top of the page
 
+Quote Post
Pavel
post Sep 13 2007, 06:44 AM
Post #17


Instructor
*

Group: Passive
Posts: 3.764
Joined: 8-January 07
From: Rijeka, Croatia
Member No.: 1.055



QUOTE (mattacuk @ Sep 12 2007, 07:05 PM) *
The best industry standard spyware removal i have ever used for business use is "NOADWARE" http://www.noadware.net/ - it really is the best IMO. I would use this from now on smile.gif


Thanks for that one! I thought my PC is clean - damn it found a couple of Dangerous and Severe things. smile.gif I used to only use AVG.


--------------------
"It isn't how many years you have been playing, it's how many hours." -- Prashant Aswani

"PRACTICE, PRACTICE, PRACTICE!" -- Michael Angelo Batio

Check out my video lessons and instructor board!

Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post Sep 13 2007, 06:56 AM
Post #18


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



Careful though as spyware checks often report incorrectly. Double/triple check any report and think it through - ie anything odd on your pc downloaded any thing dubious/visited any odd sites that might have infected you? If you are certain you haven't then are you infected or is it a duff report - happens guys quite a bit.

Cheers,
Tony

ps only way perhaps to stay clean - don't visit/download/open/run anything that is remotely 'dubious' from some one you don't trust 100% and so on. Internet - be safe, stay safe. No software replaces YOUR intervention and common sense. I spend a fair bit of time disinfecting my wife's pc as she trusts 'University' messages - most of which is hacked spam rolleyes.gif .

I use AVG and generally it is still one of the better ones IMO


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post
Nick325
post Sep 13 2007, 07:03 AM
Post #19


GMC:er
*

Group: Members
Posts: 1.996
Joined: 24-July 07
From: Long Island, NY
Member No.: 2.387



i scanne my computer with the noadware but it wont remove the items unless i register sad.gif
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Lo-Fi Version Time is now: 28th May 2017 - 01:08 PM