PC won't shut down

[Ms.Goodwrench]

Alert comes up saying it can't find "RUNDLL32.exe". I have to click to
'end process' so the machine can shut down. I have one adware hiding in
the registry I can't eliminate. I use Norton, SpyDoctor, and Spyware
Search & Destroy. They find it, but it's there each time I reboot again.
I suspect this is the cause.

The thing is, I don't want to have to system restore. We have games and
photo editting software and things I can't backup to do a system restore.
I do have GoBack3, but is there an easier way to fix the problem?

 

[Guest]

The malware is saved/stored in your Restore when you shutdown. You must
turn off your Restore then run Spybot and reboot so that the file does not
go to
the System Restore files otherwise it will put them right back again. After
cleaning up, you can activate the Restore again.
Start/All Programs/Accessories/System Tools/System Restore
left hand panel to activate/deactivate system restore settings.

 

[Ms.Goodwrench]

The malware is saved/stored in your Restore when you shutdown. You
must turn off your Restore then run Spybot and reboot so that the file
does not go to
the System Restore files otherwise it will put them right back again.
After cleaning up, you can activate the Restore again.
Start/All Programs/Accessories/System Tools/System Restore
left hand panel to activate/deactivate system restore settings.

I tried this, shutting off restore both in windows and deactivating
GoBack. Ran Spybot and SpyDoctor and rebooted several times, but
"xxxtoolbar" was back in the registry again each time.

 

[annoyed]

I tried this, shutting off restore both in windows and deactivating
GoBack. Ran Spybot and SpyDoctor and rebooted several times, but
"xxxtoolbar" was back in the registry again each time.

Hello Ms. G. Funny seeing you here

Make sure your startup items aren't loading either. Run msconfig on the
General tab and click "Diagnostic Startup" to disable loading of all but
critical items as well as setting /SAFEBOOT on the BOOT.INI tab. Also
flush your IE cache before rebooting into safe mode. I've found some
crapware reloading out of the cache. Make sure you can display all
hidden & system folders (Open a Windows Explorer window, Click on Tools
- Folder Options - View, select "Show hidden files and folders' and
"Display the contents of system folders" and click OK) and search for
the folders named "Temporary Internet Files" on your computer. Search
for any .exe files living in there. You may be only able to turf 'em
after a safe boot because they could be running by being loaded by
something else in your normal boot. I've had Symantec Antivirus on
client PCs find some infections but not able to kill 'em because another
process re-created them from some .exe in the Temp folder I named above.

Another thing to try is a program called "HijackThis". It doesn't
automatically select things to delete, but you can scan through the list
of what it finds and check what you want it to trash. It lists browser
helpers, things loaded from the registry's "HKLM...Run" keys, etc. Some
of my users get so infected that it takes a multi pronged approach to
kill this crap, so I'm using an antivirus scanner/cleaner, CWShredder,
HijackThis, Ad-Aware and Spybot all together in Safe Mode to have a
chance. Having System Restore disabled for all hard drives as
previously noted is a must.

See you on the other group

Craig
--
(e-mail address removed)
Ban low performance drivers, not high performance cars!
"Guns are no more responsible for killing people than spoons are
responsible for making Rosie O'Donnell and Oprah Winfrey fat." -- Unknown
"Rosie O'Donnell puts the 'hippo' in 'hypocrite'" - CW

 

[Ms.Goodwrench]

(e-mail address removed) wrote in 4ax.com:

Hello Ms. G. Funny seeing you here

Make sure your startup items aren't loading either. Run msconfig on the
General tab and click "Diagnostic Startup" to disable loading of all but
critical items as well as setting /SAFEBOOT on the BOOT.INI tab. Also
flush your IE cache before rebooting into safe mode. I've found some
crapware reloading out of the cache. Make sure you can display all
hidden & system folders (Open a Windows Explorer window, Click on Tools
- Folder Options - View, select "Show hidden files and folders' and
"Display the contents of system folders" and click OK) and search for
the folders named "Temporary Internet Files" on your computer. Search
for any .exe files living in there. You may be only able to turf 'em
after a safe boot because they could be running by being loaded by
something else in your normal boot. I've had Symantec Antivirus on
client PCs find some infections but not able to kill 'em because another
process re-created them from some .exe in the Temp folder I named above.

Another thing to try is a program called "HijackThis". It doesn't
automatically select things to delete, but you can scan through the list
of what it finds and check what you want it to trash. It lists browser
helpers, things loaded from the registry's "HKLM...Run" keys, etc. Some
of my users get so infected that it takes a multi pronged approach to
kill this crap, so I'm using an antivirus scanner/cleaner, CWShredder,
HijackThis, Ad-Aware and Spybot all together in Safe Mode to have a
chance. Having System Restore disabled for all hard drives as
previously noted is a must.

See you on the other group

Craig
--
(e-mail address removed)
Ban low performance drivers, not high performance cars!
"Guns are no more responsible for killing people than spoons are
responsible for making Rosie O'Donnell and Oprah Winfrey fat." -- Unknown
"Rosie O'Donnell puts the 'hippo' in 'hypocrite'" - CW

Thanks Craig

Will give it a try at home tonight.