adware virus question

[Jim]

Norton has come up with 6 nasty little adware critters
which it can't delete.
I have turned things off, re- downloaded and re-loaded,
and jumped thru just about all of their hoops.
The funny thing is, (and I've run into this before) the
folder "local settings" doesn't seem to exist and when I
run a search for the files, they don't seem to exist
either.
Here are the culprits
c:\documents and settings\jim\localsettings\bi.cab
(this instance happens twice)

The other 4 have the same tree and are;
bi.dll
biprep.exe
lycos_ss.exe
sbinstall.exe

How do I delete something Norton can't and my computer
can't find.
I am running XP Pro.
Jim

 

[XPUSER]

Norton has come up with 6 nasty little adware critters
which it can't delete.
I have turned things off, re- downloaded and re-loaded,
and jumped thru just about all of their hoops.
The funny thing is, (and I've run into this before) the
folder "local settings" doesn't seem to exist and when I
run a search for the files, they don't seem to exist
either.
Here are the culprits
c:\documents and settings\jim\localsettings\bi.cab
(this instance happens twice)

The other 4 have the same tree and are;
bi.dll
biprep.exe
lycos_ss.exe
sbinstall.exe

How do I delete something Norton can't and my computer
can't find.
I am running XP Pro.
Jim

===========================================================
I suggest booting to Safe Mode and see if your Norton Anti Virus
will operate there and scan and see if it can then delete the suspect files.

http://support.microsoft.com/default.aspx?scid=kb;en-us;315222&Product=winxp

Alternatively or in addition I would download Ad-Aware 6.0 Build 181
and update it and then boot to Safe Mode and scan with it and remove
any "New Objects" (spywares) that it finds.

http://www.lavasoft.de/ms/index.htm

The above link is from this Microsoft Knowledge Base article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;827315

You could also search for those files in Safe Mode -
When you open up Search from the Start menu,
click on "All files and folders"
Then at the Tool Bar of Search Results click on
"Tools" > "Folder Options" > "View tab"
In the Advanced Options window, set it to:
"Show hidden files and folders"
Uncheck "Hide extensions for known file types"
Uncheck "Hide protected operating system files (Recommended)
Say yes to doing this when you get a warning -
Click "Apply" and then "OK" at the bottom -

Make sure the "Look In" box is set correctly after you
type in the file names -

Click on "More Advanced Options"

Make sure the top 3 boxes are checked but not the bottom 2 -

Click on Search

If you find them, then see if you can delete them.

You probably will want to reset the
"Tools" > "Folder Options" > "View tab"
Advanced Options window settings back to the
more restrictive settings as you found them.
Myself, I like to see what file extensions I am dealing
with at all times so you may want to leave that one unchecked.

======================================================

 

[Jim Terry]

-----Original Message-----
"Jim" <[email protected]> wrote in

message news:[email protected]...

==
I suggest booting to Safe Mode and see if your Norton Anti Virus
will operate there and scan and see if it can then delete the suspect files.

http://support.microsoft.com/default.aspx?scid=kb;en- us;315222&Product=winxp

Alternatively or in addition I would download Ad-Aware 6.0 Build 181
and update it and then boot to Safe Mode and scan with it and remove
any "New Objects" (spywares) that it finds.

http://www.lavasoft.de/ms/index.htm

The above link is from this Microsoft Knowledge Base article:
us;827315

You could also search for those files in Safe Mode -
When you open up Search from the Start menu,
click on "All files and folders"
Then at the Tool Bar of Search Results click on
"Tools" > "Folder Options" > "View tab"
In the Advanced Options window, set it to:
"Show hidden files and folders"
Uncheck "Hide extensions for known file types"
Uncheck "Hide protected operating system files (Recommended)
Say yes to doing this when you get a warning -
Click "Apply" and then "OK" at the bottom -

Make sure the "Look In" box is set correctly after you
type in the file names -

Click on "More Advanced Options"

Make sure the top 3 boxes are checked but not the bottom 2 -

Click on Search

If you find them, then see if you can delete them.

You probably will want to reset the
"Tools" > "Folder Options" > "View tab"
Advanced Options window settings back to the
more restrictive settings as you found them.
Myself, I like to see what file extensions I am dealing
with at all times so you may want to leave that one unchecked.

======================================================

I had been using Ad Aware 5 something but the upgrade to
6 was helpful.
That got rid of all the little nasties except

lycos_ss.exe
sbinstall.exe

Ad-Aware can't seem to find them and Norton can't delete
them......even in Safe Mode.

Is there anyway I can locate them and delete them
manually???

 

[XPUSER]

message news:[email protected]...
I had been using Ad Aware 5 something but the upgrade to
6 was helpful.
That got rid of all the little nasties except

lycos_ss.exe
sbinstall.exe

Ad-Aware can't seem to find them and Norton can't delete
them......even in Safe Mode.

Is there anyway I can locate them and delete them
manually???

============================================
Did you make sure to UPDATE the new Ad-Aware 6.181 first?

I suggest doing this then also:

Boot to Safe Mode:

Control Panel | Internet Options | General tab

Delete all cookies
Delete all temporary internet files
(include all offline content)
Remove all Downloaded Program Files
To do that, you click on that "settings"
button and then click on the "View Objects"
button and then right click and choose remove
for all of them, if any, one at a time.
Some of them may not remove. Don't worry about that.
Close the Downloaded Program Files window,
Click OK to the Settings window.
Now clear History

Now click on the "Advanced" tab at the top
of Internet Options.
In the Browsing section, uncheck the box for
"Enable third-party browser extensions (requires restart)"
Click "Apply" and then "OK" at the bottom
of Internet Options
Close out of Control Panel

Rename C:\Windows\System32\Drivers\etc\hosts to oldhosts

Restart back to Safe Mode

Open Ad-Aware 6.181

On the left - click on "Scan now"

Then in the middle under "Select Scan Mode" -

Set it to "Use custom scanning options"

Then click on "Customize"

In "Scan Settings"

Click on the 3 Red X's to turn them to Green Check Marks

Then click on "Proceed"

Then click on "Next"

Be sure that any "New Objects" that are found have a check next to them

so that they will be removed.

You could also try using SpyBot Search and Destroy

http://www.safer-networking.org/microsoft.en.html

You could also try on-line scans at these sites:

Panda ActiveScan
http://www.pandasoftware.com/activescan/

TrendMicro Houscall Anti Virus Scan
http://housecall.trendmicro.com/

The only "manual location / deletion" I know of is by using the
type of Search that I mentioned previously.

=========================================================

 

[Jim]

The extra step in Ad Aware did the trick.
In fact it found 18 additional instances.
I appreciate your help in all of this.
Look at the top for my latest bleat......error in network
wizard.
Thanx again.
Jim

-----Original Message-----

"Jim Terry" <[email protected]> wrote

in message news:[email protected]...