deleting a spyware file.

[FRUSTRATED FREDDY]

How do I delete a file. ciadmi.dll I been tryin for about 10 hours!!!!!!!!!!!
WindowsXP Proffesional SP2

Its a spyware thing.

Its loaded as a BHO and its doin stuff like downloading more spyware, and
trying to send files to wherever I am connected.

I can never get permision to delete it, it must be loaded somewhere. I've
spent an hour or 2 in Process Explorer trying to find where it is loaded. I
can't kill the process cos I can't find it. What service runs BHO's? BHO
Demon don't work.

Its loaded in
HKEY_CLASSES_ROOT\CLSID\{D5E58C6B-A379-44EF-B915-3D375DDB7030}\InprocServer32
C:\WINDOWS\system32\ciadmi.dll

I cannot modify or delete the registry key, or change its permissions as any
user
Its my registry, how do i get access to it

I can't unload the dll.
I can't figure out how to mount the drive with rw permission in linux
Can I make a DOS type bootdisk for XP and just del it?
Can I just mangulate it with a hex editor.. can I block it somehow
what process runs bho's, how can i unload it.. kill it?

No spyware software works on it, I've tried them all. Some see it but can't
delete it.

I spent hours researching through google, reading forum posts.....

Why does everyone else have more control over my computer than me? Its
mine!!!! I HATE WINDOWS AND MICROSOFT SOOOOOOO MUCH!!!!!!! some of the
linuxes i tried look great!! but i got stuff to do. I need to delete the
file. FEGKJFEGDF AAARGGGGGHHHHHHH!!!!!!!!!!!!!

IF YOUR NOT GUNNA HELP ME... DONT POST A SMARTASS UPITY I'M THE LORD OF
NEWSGROUPS , WRONG THREAD, WRONG GRAMMA, RTFM, LET ME TELL YOU!!
REPLY!!!!!!!!!!!!!!! I am so angry and frustrated.. you get that way
sometimes, with windows

 

[Randem]

Try this http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org

 

[Mick Murphy]

Enjoyed your rant????
And you are lord of 3/5ths of 5/8ths of F all.
No-one gets paid to help you; learn some manners.

I wish you had said WHAT Programs you had tried, and IF you have an AV
installed!
Also, learn how to write a post!
If no AV installed, try Avast.

Also download Malwarebytes and Spybot Search & Destroy.
ALL info on how to scan in SM or SM with Networking below.

http://www.avast.com/eng/download-avast-home.html

Avast Anti-Virus is XP and Vista compatible (32bit and 64bit Versions),
FREE, auto-updating, and a low resources user of your computer.
And, only have 1(one) Anti-Virus installed / running on your computer at any
one time..
Conflicts may occur if you have more than 1(one).

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating
Programs to remove them.
If that happens, reboot into Safe Mode with Networking, and install, update
and scan from there.

 

[Paul]

How do I delete a file. ciadmi.dll I been tryin for about 10 hours!!!!!!!!!!!
WindowsXP Proffesional SP2

I can't figure out how to mount the drive with rw permission in linux

I use -

sudo mount -o rw /media/<diskid>

Have a look in /etc/fstab to see what the system planned in terms
of mount points for the disks.

Don't click the drive on the desktop, until you've
had a chance to open a terminal window and use
the mount command. You should "umount" the disk, if
it is already mounted read-only, and then you can do
the above command.

I included "sudo" in the example above, because that
is how you do root stuff in Knoppix. Depending on your
distro, the default setup could be different.

I've also scanned for viruses from the Linux side, but what
I cannot tell you, is whether the tool I used, could
actually delete any of them. I haven't had a chance to
test that yet. So far, the scan only picked up one
nuisance file, which was easily deleted before booting
back into Windows. I suspect the Windows tools people in
this group will tell you about, will be much better at
the job.

I've also downloaded the trial from Kaspersky, and used
that to clean a machine here once.

Good luck and good hunting,
Paul

 

[Randem]

If you boot from Bart PE or the Linux System Rescue CD you can delete any
file you like.

--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org

 

[nass]

How do I delete a file. ciadmi.dll I been tryin for about 10 hours!!!!!!!!!!!
WindowsXP Proffesional SP2

Its a spyware thing.

Its loaded as a BHO and its doin stuff like downloading more spyware, and
trying to send files to wherever I am connected.

I can never get permision to delete it, it must be loaded somewhere. I've
spent an hour or 2 in Process Explorer trying to find where it is loaded. I
can't kill the process cos I can't find it. What service runs BHO's? BHO
Demon don't work.

Its loaded in
HKEY_CLASSES_ROOT\CLSID\{D5E58C6B-A379-44EF-B915-3D375DDB7030}\InprocServer32
C:\WINDOWS\system32\ciadmi.dll

I cannot modify or delete the registry key, or change its permissions as any
user
Its my registry, how do i get access to it

I can't unload the dll.
I can't figure out how to mount the drive with rw permission in linux
Can I make a DOS type bootdisk for XP and just del it?
Can I just mangulate it with a hex editor.. can I block it somehow
what process runs bho's, how can i unload it.. kill it?

No spyware software works on it, I've tried them all. Some see it but can't
delete it.

I spent hours researching through google, reading forum posts.....

Why does everyone else have more control over my computer than me? Its
mine!!!! I HATE WINDOWS AND MICROSOFT SOOOOOOO MUCH!!!!!!! some of the
linuxes i tried look great!! but i got stuff to do. I need to delete the
file. FEGKJFEGDF AAARGGGGGHHHHHHH!!!!!!!!!!!!!

IF YOUR NOT GUNNA HELP ME... DONT POST A SMARTASS UPITY I'M THE LORD OF
NEWSGROUPS , WRONG THREAD, WRONG GRAMMA, RTFM, LET ME TELL YOU!!
REPLY!!!!!!!!!!!!!!! I am so angry and frustrated.. you get that way
sometimes, with windows

Adding to "Randem" Advice, this a Trojans BHO or Downloader and having
control on your machine.
# First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start >> Control Panel >> Double click Network and Internet
Connections >> Double click Internet Options.
On the IE properties windows you will see these Tabs:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
# Scan for malware from here:
Download and Update both SuperAntispyware and Malwarebytes then run a
complete scan - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe

# Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html

# If you wish to send me your Hijackthis log I will be happy to help you
further or send to one of many forums on the internet for help!
Download Hijackthis from here.
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
my address is : to_you_ross(at remove this and repalce with the
obvious)yahoo.co.uk ( _ is underscore)
HTH,
nass

 

[FRUSTRATED FREDDY]

Thanks Paul I managed to mount the filesystem in linux and delete the file.

The registry key still has all its permissions locked out, so i can't delete
it, but I'll figure that!

cheers!

 

[db.·.. >]

bho means browser
helper objects.

you might try using
a utility called autoruns
from microsoft.com

--

db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces