MS Antispyware Difficulties

[Zachary]

MS Antispyware Beta 1 has detected the following items on
my computer, but cannot remove them:

Transponder.ABetterInternet.DrPMon
--Located in c:\windows\system32\drpmon.dll
Transponder.ABetterInternet.Aurora
--Locate in c:\windows\SvcProc.exe
Transponder.ABetterInternet(Adware)
--Located in at least 9 places

Is anyone familiar with a way to get rid of these items?

 

[Alien]

Dear Zachary
i alredy put a post up about this .. i ll copy it for u here
hope it works even for u

================
Hi
yes i no alot about Aurora it was on my pc for 2 weeks
befor u managed to take it off anyway here is what you
should do

lots of people say u need to install nail.exe but i didnt
do it because i dnt like the whole reboot in safe mode i
thought that there was an esayer way and well i found it..
if you download this program
http://www.ewido.net/en/download/
Ewido is a very good spyware and other bug remover its only
a 30 day trial but i should do just fine for you.. just
install it and download the updates and then scan.. it took
my aurora.exe off

if this scan doesnt work ten you can download the nail.exe
http://www.noidea.us/easyfile/file.php?dow...050515010747824

after u downloaded the nail.exe then just follow these steps
download Nailfix.exe
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the
following:
1) Restart your computer
2) After hearing your computer beep once during startup,
but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the
following site:
http://www.pchell.com/support/safemode.shtml



Once in Safe Mode, please double-click on Nailfix.cmd. Your
desktop and icons will disappear and reappear, and a window
should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the
logfile from the scan.


i hope i helped you
Alien

 

[AndyManchesta]

Hi Zachary

This is going to take abit of work but we can easily stop
this theres alot of programs you can use if its
needed,the problem is there is also a random named file
in your system32 folder which will reinstall this when
you reboot.Press control,alt & delete and goto
processes.check here for a complete random name you
cannot miss it it will have 6 or 7 letters and will look
suspicious like pvyvfgr.exe or vzxyws.exe(these are just
examples) if you find it stop the process if your unsure
leave it and Ewido will find it but dont reboot as it
will change its name or possibly create 2 random entries.

Work through this if you can and let me know if you have
any problems

**Note please do not reboot untill you have worked
through the full list or else the random file in the
system folder will change its name and try do a fresh
install of Aurora.


Download Adaware SE & Ewido Security Suite

Ewido .

http://www.ewido.net/en/download/


Adaware SE

http://www.download.com/3000-2144-10045910.html

Update the definitions and run them both after following
these steps.

Download Ccleaner

http://download.ccleaner.com/download120bin.asp



1.

Go to: Start > Run >Type:


services.msc


Hit Enter

In the Services window, press name to sort them into
order then scroll down for:

System Startup Service (Make sure its the exact name)

Right click it and select "Properties"
Click the "Stop" button, and wait for Windows to stop the
process
Then change the "Startup Type" drop-down menu
from "Automatic" to "Disabled"


2.

Go to Start > Run and type in

cmd


Click OK


In the command window that opens Copy and Paste the
following commands one at a time exactly as the appear
below and hit the Enter key after each one:


del C:\WINDOWS\svcproc.exe

Press Enter

del C:\WINDOWS\system32\drpmon.dll

Press Enter

cd C:\windows

Press Enter

nail.exe /FullRemove

Press Enter

then type

exit

Press Enter


3.

Go to Start > Run and type

%temp%

The Temp folder will open.

Click Edit > Select All > Right click the files and press
Delete to delete the entire contents of the Temp folder.

Goto start then run and type

prefetch

delete the contents of this folder


Finally go to Control Panel > Internet Options. On the
General tab under
"Temporary Internet Files" Click "Delete Files". Put a
check by "Delete
Offline Content" and click OK.

Click on the Programs tab then click the
"Reset Web Settings" button. Click Apply then OK.


4.

Click on start, then run, and type cmd and press the ok
button. Then copy & paste the following:

sc delete SvcProc

Press Enter

Type exit and the press enter again to exit the cmd prompt



5.

Run full system scans with both Adaware SE & Ewido and
clear anything found.


6.

Run Ccleaner and remove anything found also use the
issues button and scan for any issues,repair any that are
detected.



Reboot and hopefully that will be the end of it ,If not
post back and we can run through it again but use
Nailfix,killbox and Hijack This if needed


Regards


Andy Manc