spyware

G

Guest

I have got a file on my computer that will not delete each time I delete it
it reappears 30 seconds later I can end up with 20 copies in the recycle bin
and still have one copy in the oridginal place I think that another program
is creating it How do I find the program that is doing this also can anyone
reccomend a good spyware/ adware blaster.
 
A

Alias

|I have got a file on my computer that will not delete each time I delete it
| it reappears 30 seconds later I can end up with 20 copies in the recycle
bin
| and still have one copy in the oridginal place I think that another
program
| is creating it How do I find the program that is doing this also can
anyone
| reccomend a good spyware/ adware blaster.
| --
| Jack Allen

Name of file?
--
Alias

Use the Reply to Sender feature
of your news reader program to email me.

Utiliza Responder al Remitente
para mandarme un mail.
 
D

David H. Lipman

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt363.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




| I have got a file on my computer that will not delete each time I delete it
| it reappears 30 seconds later I can end up with 20 copies in the recycle bin
| and still have one copy in the oridginal place I think that another program
| is creating it How do I find the program that is doing this also can anyone
| reccomend a good spyware/ adware blaster.
| --
| Jack Allen
 
M

Malke

Jack said:
I have got a file on my computer that will not delete each time I
delete it it reappears 30 seconds later I can end up with 20 copies in
the recycle bin and still have one copy in the oridginal place I think
that another program is creating it How do I find the program that is
doing this also can anyone reccomend a good spyware/ adware blaster.
Click to expand...

Here are general malware removal steps. Do everything with updated tools
in Safe Mode:

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://forum.aumha.org/
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
 
G

Guest

ditto what david wrote, but also download Spybot search and destroy aswell,
make sure you update it when u downloaded it. ad-aware and spybot make a good
team, use them together in safe mode. when all spyware is gone, you could try
"tune-up utilities 2004" the one-click maintenance feature will find orphaned
entries in the registry. good luck
 
B

Bruce Chambers

Jack said:
I have got a file on my computer that will not delete each time I delete it
it reappears 30 seconds later I can end up with 20 copies in the recycle bin
and still have one copy in the oridginal place I think that another program
is creating it How do I find the program that is doing this also can anyone
reccomend a good spyware/ adware blaster.
Click to expand...


To deal with issues caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or KaZaA,
and their remnants, that you've deliberately (but without understanding
the consequences) installed, two products that are quite effective (at
finding and removing this type of scumware) are Ad-Aware from
www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even possible
to use SpyBot Search & Destroy to "immunize" your system against most
future intrusions. I use both and generally perform manual scans every
week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
X

XL

Jack said:
I have got a file on my computer that will not delete each time I delete it
it reappears 30 seconds later I can end up with 20 copies in the recycle bin
and still have one copy in the oridginal place I think that another program
is creating it How do I find the program that is doing this also can anyone
reccomend a good spyware/ adware blaster.
Click to expand...

Microsoft® Windows AntiSpyware (Beta)

http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
 
G

Guest

Thanks everyone for getting back to me on this. I have had quite a night I
followed your instructions Dave I ran trend micro which took 4 hours the
first time it found one instance of a virus called troj_istbar.am and four
instances of another one called troj_startpge.kr. it apperaed to me that
trend micro tried first to move these files and then deleted them also the
original file "error32.dat" was in this list. A lot of files came up as error
94 what does this mean? I then ran the Lava soft ad-aware which found 188
objects. 47 reg keys, 124 reg values, 17 files. at the third pass the user
stat page informs me that it has removed 614 objects. I am very annoyed at
this outcome when I purchased this machine i also purchased (off the shelf )
Norton internet security professional 2004 which included the firewall and
antivirus software I left the pc to run trend micro again and went to bed and
on it's second pass has found no virus but again a great many files with
error 94. I like to add that I do not use any of the dodgey download sites
but would sometines get cd's from friends other than that ido not know how i
could catch a virus.

thanks again everyone for taking the time and interest. Alias I am not sure
how to use the reply to sender feature so I will read the help file. one
final question what do I do now.

jack
 
A

Alias

It would have been quicker to reformat :)
--
Alias

Use the Reply to Sender feature
of your news reader program to email me.

Utiliza Responder al Remitente
para mandarme un mail.
| Thanks everyone for getting back to me on this. I have had quite a night I
| followed your instructions Dave I ran trend micro which took 4 hours the
| first time it found one instance of a virus called troj_istbar.am and four
| instances of another one called troj_startpge.kr. it apperaed to me that
| trend micro tried first to move these files and then deleted them also the
| original file "error32.dat" was in this list. A lot of files came up as
error
| 94 what does this mean? I then ran the Lava soft ad-aware which found 188
| objects. 47 reg keys, 124 reg values, 17 files. at the third pass the user
| stat page informs me that it has removed 614 objects. I am very annoyed at
| this outcome when I purchased this machine i also purchased (off the
shelf )
| Norton internet security professional 2004 which included the firewall and
| antivirus software I left the pc to run trend micro again and went to bed
and
| on it's second pass has found no virus but again a great many files with
| error 94. I like to add that I do not use any of the dodgey download sites
| but would sometines get cd's from friends other than that ido not know how
i
| could catch a virus.
|
| thanks again everyone for taking the time and interest. Alias I am not
sure
| how to use the reply to sender feature so I will read the help file. one
| final question what do I do now.
|
| jack
| "David H. Lipman" wrote:
|
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download Sysclean.com and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt363.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
directory as
| > sysclean.com.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode and shutdown as many applications
as possible
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full
Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform
using both the
| > Trend Sysclean utility and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore
preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | I have got a file on my computer that will not delete each time I
delete it
| > | it reappears 30 seconds later I can end up with 20 copies in the
recycle bin
| > | and still have one copy in the oridginal place I think that another
program
| > | is creating it How do I find the program that is doing this also can
anyone
| > | reccomend a good spyware/ adware blaster.
| > | --
| > | Jack Allen
| >
| >
| >
 
D

David H. Lipman

The errors on files being Scanned by Trend Sysclean are either files that have the
respective File Handles open and thus can't be scanned or you logged in with insufficient
rights to scan all files. To fully scan and clean a system it is best to logon as the
administrator or an account with administrative rights.

It sounds like you are now in good shape. That's good. To let you know, reformatting and
reinstalling an OS is a draconian knee jerk reaction and should only be done if there is NO
personal data or if all other efforts at cleaning the system are exhausted or if the machine
is so infected that it is unrecoverable. It is rare that a PC is so infected that it is
unrecoverable. The infectors you had are not that bad that a format and reinstall would
have been warranted. Note also that a reformat will NOT cure true viruses in the sub-class
Boot Sector Infectors.

--
Dave




| Thanks everyone for getting back to me on this. I have had quite a night I
| followed your instructions Dave I ran trend micro which took 4 hours the
| first time it found one instance of a virus called troj_istbar.am and four
| instances of another one called troj_startpge.kr. it apperaed to me that
| trend micro tried first to move these files and then deleted them also the
| original file "error32.dat" was in this list. A lot of files came up as error
| 94 what does this mean? I then ran the Lava soft ad-aware which found 188
| objects. 47 reg keys, 124 reg values, 17 files. at the third pass the user
| stat page informs me that it has removed 614 objects. I am very annoyed at
| this outcome when I purchased this machine i also purchased (off the shelf )
| Norton internet security professional 2004 which included the firewall and
| antivirus software I left the pc to run trend micro again and went to bed and
| on it's second pass has found no virus but again a great many files with
| error 94. I like to add that I do not use any of the dodgey download sites
| but would sometines get cd's from friends other than that ido not know how i
| could catch a virus.
|
| thanks again everyone for taking the time and interest. Alias I am not sure
| how to use the reply to sender feature so I will read the help file. one
| final question what do I do now.
|
| jack
| "David H. Lipman" wrote:
|
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download Sysclean.com and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt363.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same directory as
| > sysclean.com.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
| > Trend Sysclean utility and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| >
| > --
| > Dave
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > | > | I have got a file on my computer that will not delete each time I delete it
| > | it reappears 30 seconds later I can end up with 20 copies in the recycle bin
| > | and still have one copy in the oridginal place I think that another program
| > | is creating it How do I find the program that is doing this also can anyone
| > | reccomend a good spyware/ adware blaster.
| > | --
| > | Jack Allen
| >
| >
| >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot delete a tmp file from the recycle bin 8
desktop clogged with picture copies 8
Recycle Bin conflict with Windows Explorer 4
Persistent desktop folders 3
Deleting and the recycle bin 3
Oddity in the Recycle Bin 5
Add Remove Programs 5
Emptying the recycle bin 7

Top