DOS expert?

[jll]

Hi,
I'm using XP Home. I'm having a problem getting rid of an Adware/Spy. It's
path is C:\windows\system32\sstqo.dll. It has buried itself in Explorer.exe
and Winlogon. exe. When I try to "kill" it, I get a BSOD and when I reboot,
there it is. I can't delete it because "it's in use". Adaware and Spybot
don't see it. MS Spy and A2 scans find it but don't remove it even tho they
say they do. I'm thinking I need to a Deltree in DOS. Can someone advise me
as to how to go about doing it.
Thanks,
jll
addy is fake

 

[Manny Borges]

Hello, this is just a generic answer off the cuff.

1st, no, deltree is not what you want, that would kill directories and all
thier sub items.

If the file is in use you may need to do some grueling steps to get rid of
it.

I would try rebooting in safe mode first and trying to remove it. Google=>
reboot in safe mode

If that doesn't work use your recovery console to do it command line. Google
=> starting xp recovery console

Even if you delete the file it may have some hidden registry entries.
Without knowing the exact spyware infection I can't give you any specifics,
but : Google => remove "name of spyware"


--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master

The pen is mightier than the sword, and considerably easier to write with.
-- Marty Feldman

 

[Malke]

Hi,
I'm using XP Home. I'm having a problem getting rid of an Adware/Spy.
It's path is C:\windows\system32\sstqo.dll. It has buried itself in
Explorer.exe and Winlogon. exe. When I try to "kill" it, I get a BSOD
and when I reboot, there it is. I can't delete it because "it's in
use". Adaware and Spybot don't see it. MS Spy and A2 scans find it but
don't remove it even tho they say they do. I'm thinking I need to a
Deltree in DOS. Can someone advise me as to how to go about doing it.
Thanks,
jll
addy is fake

You've got Vundo or one of its cousins. There is no DOS in XP and the
command line isn't going to help you anyway. You should run HijackThis
and post your log to one of these forums (not in the newsgroup,
please):

http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 -
another tutorial
http://aumha.net/viewforum.php?f=30
http://castlecops.com/forum67.html
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

You will need expert guidance to get rid of this pest and you'll get it
from forum helpers. Make sure you read the posting FAQ for whatever
forum you choose.

Malke

 

[jll]

Yes, Thanks to both of you. I tried several sites listed in Google. Some
were almost as bad as Vundo!! But I eventually got to the "Tom Coyote" forum
where he described a solution complete with a download tied to Highjack
This. I followed his instructions and after several runs at it in safe mode,
the sucker is gone. It had tagged itself to Winlogon. exe and Explorer.exe
and was a bugger. I don't know where I picked it up and I'm still concerned
about that. But all is well now. Thanks again. jll