adware/spyware - nothing is taking this one out - Microsoft Windows

This is a discussion on adware/spyware - nothing is taking this one out - Microsoft Windows ; I've run spybot, ad-aware, hijackthis, cwshredder and symantec anti-virus and after a reboot the problem returns. It appears to be some sort of program that runs at startup and looks to see if the last set of installed files/executables have ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: adware/spyware - nothing is taking this one out

  1. adware/spyware - nothing is taking this one out

    I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    anti-virus and after a reboot the problem returns. It appears to
    be some sort of program that runs at startup and looks to see
    if the last set of installed files/executables have been found,
    it then inserts a new executable or dll into c:\winnt and the
    whole process starts over again. Anyone have a page that would
    tell me how to dig this out or at least find the start up file
    that is the root of the problem?

    Thanks,
    Don

  2. Re: adware/spyware - nothing is taking this one out

    I do this all the time (it's a service I offer).

    What OS are you using?
    Have you looked at what gets loaded at startup?

    Have you scanned for viruses?

    On 16 Mar 2005 09:42:14 -0800, dshesnicky@yahoo.com (Don S) wrote:

    >I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    >anti-virus and after a reboot the problem returns. It appears to
    >be some sort of program that runs at startup and looks to see
    >if the last set of installed files/executables have been found,
    >it then inserts a new executable or dll into c:\winnt and the
    >whole process starts over again. Anyone have a page that would
    >tell me how to dig this out or at least find the start up file
    >that is the root of the problem?
    >
    >Thanks,
    >Don



    ---
    Remove x's to send.

  3. Re: adware/spyware - nothing is taking this one out


    Don S wrote:

    > I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    > anti-virus and after a reboot the problem returns. It appears to
    > be some sort of program that runs at startup and looks to see
    > if the last set of installed files/executables have been found,
    > it then inserts a new executable or dll into c:\winnt and the
    > whole process starts over again. Anyone have a page that would
    > tell me how to dig this out or at least find the start up file
    > that is the root of the problem?
    >
    > Thanks,
    > Don


    Remembered to temporarily disable System Restore before the
    reboot? This will prevent restoration of the infected file(s)
    after cleaning.


  4. Re: adware/spyware - nothing is taking this one out

    > I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    > anti-virus and after a reboot the problem returns. It appears to
    > be some sort of program that runs at startup and looks to see
    > if the last set of installed files/executables have been found,
    > it then inserts a new executable or dll into c:\winnt and the
    > whole process starts over again. Anyone have a page that would
    > tell me how to dig this out or at least find the start up file
    > that is the root of the problem?


    My page...

    http://www.coreutilities.co.uk

    You're describing *exactly* the problem I was called in to resolve the
    other week for a colleague - the answer was Nortons. It sucks dick.
    I spent 3 hours trying to sort the fecker out, and it was down the
    useless (but fully up to date) Norton Internet (in)Security.

    I used Sysclean by Trend (free), and it found an active virus in memory
    in approx 10 seconds, and another lurking (inactive) on the HD during a
    full scan. Cleaned it up just fine :-)

    Its linked from the bottom of the second link on my page.

    --
    Please add "[newsgroup]" in the subject of any personal replies via email
    --- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

  5. Re: adware/spyware - nothing is taking this one out

    Try do what the Ghostrider told you:
    disable system restore before running
    a virus clean-up program.

    "Don S" skrev i en meddelelse
    news:b9ff9982.0503160942.23a27041@posting.google.c om...
    > I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    > anti-virus and after a reboot the problem returns. It appears to
    > be some sort of program that runs at startup and looks to see
    > if the last set of installed files/executables have been found,
    > it then inserts a new executable or dll into c:\winnt and the
    > whole process starts over again. Anyone have a page that would
    > tell me how to dig this out or at least find the start up file
    > that is the root of the problem?
    >
    > Thanks,
    > Don




  6. Re: adware/spyware - nothing is taking this one out

    > Try do what the Ghostrider told you:
    > disable system restore before running
    > a virus clean-up program.


    I`m no expert on XP (wouldn`t touch it !) but while a virus checker may
    detect a problem in the system restore files, the OP isn`t relying on
    rolling back to a previous config. His problem is *now*.

    If Sysclean finds one i`d suggest going through the full disable / enable
    of system restore though, scanning inbetween.

    PS: to the OP - If you've used HijackThis! did you know www.hijackthis.de
    have a nice little text entry form where you can paste your log to get an
    instant online response to highlight anything "unusual" ? - you have to
    take them with a pinch of salt (told me my virus checker wasn`t installed
    where it expected to find it) but its a good reference point.

    --
    Please add "[newsgroup]" in the subject of any personal replies via email
    --- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

  7. Re: adware/spyware - nothing is taking this one out



    Colin Wilson wrote:
    >>Try do what the Ghostrider told you:
    >>disable system restore before running
    >>a virus clean-up program.

    >
    >
    > I`m no expert on XP (wouldn`t touch it !) but while a virus checker may
    > detect a problem in the system restore files, the OP isn`t relying on
    > rolling back to a previous config. His problem is *now*.


    <>

    Unfortunately, this is what Windows XP (and ME) could do
    with adware, spyware or malware if System Restore remains
    enabled. (And it also reports on the presence of removed
    virus signatures). By disabling System Restore, there is
    no opportunity for it to re-write to the Windows Registry
    and then have it retrieve the removed items. The flip side,
    of course, is bad news should the anti-malware (or anti-
    virus) application does its job badly; the entire system
    could be knackered.


  8. Re: adware/spyware - nothing is taking this one out

    Ghostrider wrote:
    > Unfortunately, this is what Windows XP (and ME) could do
    > with adware, spyware or malware if System Restore remains
    > enabled.


    How, exactly? Things in a restore checkpoint are inert until and unless
    you use system restore to roll back to a restore point, whereupon they
    may be reinstated. Until then, though, they should be harmless.

    --
    http://www.gnu.org/philosophy/right-to-read.html
    Palladium? Trusted Computing? DRM? Microsoft? Sauron.
    "One ring to rule them all, one ring to find them
    One ring to bring them all, and in the darkness bind them."


  9. Re: adware/spyware - nothing is taking this one out

    I had a nasty virus on an XP machine. I owned Norton, but no help
    there. I installed a copy of SpySweeper but that didn't do it either.
    I ended up buying a copy of Trend's PC-cillin anti-virus. Well it did
    the job. I'm not saying that will fix your problem, all I'm saying is
    no two anti-virus utilities are the same. Just because you tried one
    doesn't mean your problem can't be fixed with another. Don't give up,
    I'd 'buy' another, this way you'll get all the latest updates.

    Don S wrote:
    > I've run spybot, ad-aware, hijackthis, cwshredder and symantec
    > anti-virus and after a reboot the problem returns. It appears to
    > be some sort of program that runs at startup and looks to see
    > if the last set of installed files/executables have been found,
    > it then inserts a new executable or dll into c:\winnt and the
    > whole process starts over again. Anyone have a page that would
    > tell me how to dig this out or at least find the start up file
    > that is the root of the problem?
    >
    > Thanks,
    > Don



  10. Re: adware/spyware - nothing is taking this one out

    > I had a nasty virus on an XP machine. I owned Norton, but no help
    > there. I installed a copy of SpySweeper but that didn't do it either.
    > I ended up buying a copy of Trend's PC-cillin anti-virus.


    There`s the free Trend Sysclean AV app I pointed out in my other post.

    --
    Please add "[newsgroup]" in the subject of any personal replies via email
    --- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

  11. Re: adware/spyware - nothing is taking this one out

    My OS is Win2K Pro. I may try more anti-virus software as Symantec
    took a similar problem out last time but not this. I updated the
    database but no luck. Hijackthis finds the problem but not the
    source, after a reboot it's back so it find the effect but not
    the cause.

    Where are the startup locations for Win2K, if I hit them one by
    one I should be able to find where it's started from right?

    Don

    > I had a nasty virus on an XP machine. I owned Norton, but no help
    > there. I installed a copy of SpySweeper but that didn't do it either.
    > I ended up buying a copy of Trend's PC-cillin anti-virus. Well it did
    > the job. I'm not saying that will fix your problem, all I'm saying is
    > no two anti-virus utilities are the same. Just because you tried one
    > doesn't mean your problem can't be fixed with another. Don't give up,
    > I'd 'buy' another, this way you'll get all the latest updates.


  12. Re: adware/spyware - nothing is taking this one out

    > My OS is Win2K Pro. I may try more anti-virus software as Symantec
    > took a similar problem out last time but not this. I updated the
    > database but no luck. Hijackthis finds the problem but not the
    > source, after a reboot it's back so it find the effect but not
    > the cause.
    > Where are the startup locations for Win2K, if I hit them one by
    > one I should be able to find where it's started from right?


    It might be easier and quicker to try the free Sysclean util from Trend.
    I`ve got it linked from the second page on my site, right at the bottom.

    http://www.coreutilities.co.uk

    --
    Please add "[newsgroup]" in the subject of any personal replies via email
    --- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

  13. Re: adware/spyware - nothing is taking this one out

    > It might be easier and quicker to try the free Sysclean util from Trend.
    > I`ve got it linked from the second page on my site, right at the bottom.
    >
    > http://www.coreutilities.co.uk


    This seems like a real hit-and-miss thing, try this, try that, try all the
    anti-virus software out there and then these utilities. I would figure if
    I look for the process that runs at startup I can figure these out in
    the future as well. Are there no standard startup locations?

    Don

  14. Re: adware/spyware - nothing is taking this one out

    > > http://www.coreutilities.co.uk
    > This seems like a real hit-and-miss thing, try this, try that, try all the
    > anti-virus software out there and then these utilities. I would figure if
    > I look for the process that runs at startup I can figure these out in
    > the future as well. Are there no standard startup locations?


    HijackThis will tell you everything that runs on startup

    --
    Please add "[newsgroup]" in the subject of any personal replies via email
    --- My new email address has "ngspamtrap" & @btinternet.com in it ;-) ---

+ Reply to Thread