One common spyware technique uses multiple processes that frequently
check for each other. When you kill/remove one the other reinstalls
it. Some even use semi-random process names.
Spybot S&D includes two features that might prove useful (if you are
not already using them): Inoculate and Teatimer.
I agree with the suggestions made by Mike555 and 3 P. I would probably
do a little research first but as you already have Spybot, Ad-aware and
MS AntiSpyware installed, you could jump straight to Safe Mode. (Note,
I did NOT search for specific information on the two items you
mentioned. The steps I suggest are generally applicable, however.)
If you are using WinXP, you many have to turn off System Restore,
remove the spyware, and then turn System Restore back on.
1. Boot in Safe Mode (F8) and run Spybot, Ad-aware, and MS AntiSpyware.
2. Reboot. (Or even reboot into Safe Mode after running each one of the
above.)
3. Run System Spyware Interrogator (
www.spywaredata.com) and follow
instructions as appropriate.
4. Reboot.
5. Run HijackThis, submit log to Help2Go Detective (
www.help2go.com),
and follow instructions as appropriate.
6. Reboot.
7. Check anti-virus vendor sites for specific removal tools for those
specific blights. McAfee, Symantec, Panda, Trend Micro, and Kaspersky
(at least) have numerous anti-spyware removal tools. Also check
anti-spyware vendor and help sites for specific removal instructions
(e.g.,
www.pestpatrol.com or
www.webroot.com or
www.sunbelt.com) or
tools.
8. Run Panda ActiveScan, Trend Micro Housecall, and/or Kaspersky (beta
disk scanner) on-line web scan. IIRC, all three search for spyware.
CA owns PestPatrol so the eTrust on-line scanner also may remove
spyware.
You also might try using ClamWin (its anti-spyware capabilities have
greatly improved this year) and/or ewido security suite (also greatly
improved). a-squared by EMSI,Swat-It, Bazooka Scanner, and X-Cleaner
are also possibilities although I haven't found them to be very useful.
SpySubtract MD by Intermute and Trend Micro or Spy Audit by Webroot
are only scanners but the scan results and web sites may provide manual
removal instructions.
-----
ClamWin
http://www.clamwin.org
eTrust by CA (AV Disk Scan & Cure)
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
ewido Security Suite
http://www.ewido.net
Kaspersky (BETA AV Disk Scan - maybe removal)
http://www.kaspersky.com/downloads/kws/kavwebscan.html
Panda ActiveScan (AV Disk Scan & Cure)
http://www.pandasoftware.com/activescan/com/default.asp
Spy Audit by Webroot (Spy Sweeper based) (Spyware Scan)
http://www.webroot.com/services/spyaudit_03.htm
SpySubtract MD by Intermute and Trend Micro (Spyware Scan & CWShredder)
http://www.intermute.com/spysubtract/free_spyware_scan.html
Trend Micro Housecall (AV Disk Scan & Cure)
http://housecall.trendmicro.com/
-----
9. As a last resort, reboot, run HijackThis, and submit the log to one
of the suggested sites.
Good luck,
BillR
