adware and SP2

[Guest]

My laptop is infected with a lot of adware that either Adaware or Norton
AntiVirus (NAV) 2004 cannot remove. NAV 2004 identifies the adware but cannot
delete them. There are manual instructions for removing the Adware at NAV's
website. I want to upgrade to SP2 for the added security but I don't know if
I should cleanup the adware first. Your thoughts and comments are desperately
needed.

Thanks,
Tom

 

[Guest]

You could try Spybot. Handy tool actually, by going to
http://shinobiresources.com/Downloads/spybot/spybotsd13.exe and then you'll
want
http://www.spybotupdates.com/updates/files/spybotsd_includes.exe as well.

 

[Guest]

Clean up the spyware first. You don't want added problems when installing
SP2. Try booting into SAFE MODE to run Ad Aware and remove the spyware in
SAFE MODE. You may have better success.

 

[Doug Main]

Clean up the spyware first. You don't want added problems when installing
SP2. Try booting into SAFE MODE to run Ad Aware and remove the spyware in
SAFE MODE. You may have better success.

:

Elsewhere in this NG are instructions for a free clean up. It takes
some time, but it works. It involves several different programs, run in
safe mode with System Restore turned off. Panda, Housecall, Spybot S/D,
Adaware, CWShredder should do it.

This was posted by D. Lipman. Copy it and save it in a file somewhere
for future reference.

+++
First, don't listen to those that say reinstall the OS. That's way too
draconian and is NOT
needed at this time.

Second, there are anti virus News Groups specifically for this type of
discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Finally, Please perform the following.

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt285.zip

Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM .



2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your
platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave






| My anti-virus has found 68 different variations of this trojan most of
them
| satrting with downloader.agent. Most of these infected files are exes.
I ran
| the computer in safe mode and used ad-aware, spy-bot, anti-virus software,
| cwshredder and god knows what else to no avail. These infections are still
| remaining on my computer. Please help me in what to do to rid these.
I'm at
| of my tether and am genuinely seeking somebody's help.
|
| Thank you.
|
|



+++

 

[CWatters]

My laptop is infected with a lot of adware that either Adaware or Norton
AntiVirus (NAV) 2004 cannot remove. NAV 2004 identifies the adware but cannot
delete them. There are manual instructions for removing the Adware at NAV's
website. I want to upgrade to SP2 for the added security but I don't know if
I should cleanup the adware first. Your thoughts and comments are desperately
needed.

If you find a Spybot S&D removes the adware but it comes back after a
reboot. Try this....

Start -> Run -> type "msconfig" without the quote marks and press enter.
A new window will open.
Look at the start tab and see what processes are running.

My wifes PC had over 60 suspect processes on the startup menu. The problem
is working out which ones you can delete. Try using google to search for
them or this web site.

http://www.sysinfo.org/startuplist.php

I found I had to remove ALL the suspect ones at the same time or they all
came right back. It seems some of theses pests repair themselves and
download their friends.

Look out for these buggers which might be associated with the adware
"Roings" and "webhancer"

C:\WINDOWS\ssqvjt.exe
C:\WINDOWS\mdjsqjy.exe
C:\WINDOWS\odrynrc.exe
C:\WINDOWS\anikvz.exe
C:\WINDOWS\nanvorwgh.exe
C:\WINDOWS\dgrzked.exe
C:\WINDOWS\ygrww.exe
C:\WINDOWS\vatlvmlo.exe
C:\WINDOWS\fleffz.exe
C:\WINDOWS\uyxhizb.exe
C:\WINDOWS\pmiabsxs.exe
C:\WINDOWS\mjcedbh.exe
C:\WINDOWS\lmudhpr.exe
C:\WINDOWS\ouvchaefo.exe
C:\WINDOWS\hrafu.exe
C:\WINDOWS\limj.exe
C:\WINDOWS\tsphdyx.exe

 

[Guest]

Thanks, I'll try your suggestions. I wouln't reinstall the OS. That's the
same as rebuilding your house to fix a plumming probem.

Tom

 

[Guest]

I ran the Trend Sysclean Package on my Windows ME desk top PC with the
following results. The XP lap top belongs to my daughter. I wanted to run
Sysclean on my PC, it is also infected, first just in case.

Sysclean and the latest signature files were installed into a new directory
on the :C drive. The restore option was turned off and the system was started
in safe mode. I selected the 'scan' option from the application screen and
the process started with the following message 'Scanning memory and system
settings'. The option to automatically clean or delete detected files was
selected. I stopped the process after 3 1/2 hours without receiving any
responses. The following processes were running when I entered ctrl-alt-del:
Trend Micro Sysclean Package
Trend Micro cleanup
Explorer
Sysclean
TSC
I'm contacting TrendMicro support about this. Any additional insight you can
give would be appreciated. Especially the Explorer and TSC processes. I
wasn't expected them in safe mode.

Thanks,
Tom