WD does not remove spyware??

[Guest]

i just got WD due to an attack of 3 spywares. WD says it removes them all
but next day they are there agin. most persistent is surfsidekick, also
webhancer and coolwebsearch. so i used the 'software explorer and found 3
copies of ssk in startup files. WD says it removes it, but it stays in the
list and never goes away?
any ideas what to do?

 

[Bill Sanderson MVP]

I'd recommend acquiring some additional tools, getting everything up to
date, restarting Windows in safe mode, and retrying scanning and cleaning.

1) Check that Windows Defender is up to date--1.14.1459.12 are the latest
definitions--see the bottom of the home page.
2) update your antivirus--this is a must. If you don't have antivirus
installed, you can use safe mode with networking and safety.live.com for
online scanning, but you need an antivirus along with Windows Defender
3) I'd recommend downloading Ewido:

http://www.ewido.net/en/

installing it, and updating.

Do those steps before restarting in safe mode, or safe mode with networking
if you must use an online scanner.

Once restarted in safe mode, do a full scan with Windows Defender, and do
scans with each of the other products. Safe mode prevents most third-party
services from running, thus allowing the anti-malware tools to work a little
more easily.

Let us know how this goes. There are specialized tools for CWS, and perhaps
for other things you list, but lets see how these standard tools work for
you.

 

[Guest]

thanks. i do have everything up to date. what other tool would be better
thanWD? and why start in safe mode, does that help WD somehow? then after
the new scan i can restart in regular mode?

 

[Guest]

wow, i just had to uninstall the ewido program!! after i DLd and updated it,
it did a scan and found about 82 copies of surfside, then said it was
removing them. every time i have rebooted since (about 12 times) ewido was
the first window to pop up, again finding all those spywares and asking to
remove them. i could not do anything else, no other program would open, task
manager said CPU usage was 100% and the system had locked ewido and would not
allow it to be shut down. i finally for to 'remove programs' abd uninstalled
it. now i will try again to solve y problems. should i try ewido again? i
am afraid to use it again.
will now try the 'safe mode' with just defender.

NB ewido seemed very effective, it found dozens of problems, including a
program called 'defender20' it says is spyware.

any advice is appreciated, thanks!

 

[Guest]

now i find i can not figure out how to start windows in safe mode!
the help files on my XP laptop talk about steps that are not correct for my
XP. there is no "shut down" offered, only 'turn off' and 'restart'.
also i do not get asked when booting 'what OS or what mode" i want to start
in. help!

 

[Tom Emmelot]

HI,

toggle F8 at bootup!

Regards >*< TOM >*<

musiclover schreef:

 

[Guest]

Most vendors hide the BIOS setup routines (boot up stuff) behind a screen
with a logo. So when you start your computer you see the logo and then you
see Windows starting. To enter safe mode, you want to keep
pressing/releasing the F8 key on your keyboard a little while after you see
the logo. If you see the Windows XP screen, it's too late. If you do it
right, you should see a screen with with a line that says something about
safe mode. There's also a line where you can enter safe mode with networking
(if you need to connect to the Internet). I would then follow Bill
Sanderson's advice on the removal aspects of the malware.

 

[Bill Sanderson MVP]

Sorry--here's a clear set of instructions for getting Windows into safe
mode:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039

Yes--you only need do this for long enough to do the scans and get cleaned
up. After you are reasonably sure the system is clean, you can restart
normally.

--

 

[Guest]

thanks, i did get to safe mode but logged in to my usual single profile.
when the desktop comes up there is no start button so i could not start
defender. i could not even restart the computer - had to do a hard reboot.
so i should log in using the 'admin' option?? then will i see a start
button to reach all my programs?

 

[Bill Sanderson MVP]

It's worth trying. I'm not sure what is going on--I suspect that the screen
resolution is set so that the button ends up off the screen.

--

 

[Guest]

right! how do i fix that??

i have now reached safe mode by both methods but in each case i can not
proceed or even reboot. i am trying hard reboots with F8 but even when i
click 'start normally' it always reboots in safe mode. right now i am using
another computer to ask for help.
how do i get my laptop out of safe mode!!?? and what resolution will allow
the buttons to show - it seems safe mode uses low res.


maybe i will have to do a restore to get back to before safe mode was
tried?? man this is complex - my laptop is now useless til i solve this new
problem!!

 

[Guest]

It's booting up now in safe mode, because the system didn't come down cleanly
from your last startup - don't worry, things will go back to normal. Yes,
your screen resolution has probably been set to 800X600. Try a different
resolution. To do so, right click an open area on your desktop. Then click
properties. Then select the Settings tab. Adjust your resolution to a
higher setting with the slider bar and then click Apply. You will be asked
if you want to change your settings now and reply yes. Eventually, you just
might get to resolving the malware issue. Good luck and keep trying. Safe
mode is good to know for resolving other issues.

 

[Guest]

thanks, a smart idea! guess what, i got the res to change but the start
button and taskbar still do not appear!! the icons got smaller but still no
start button. i am stuck in safe mode and can not get to msconfig or get
'start normally' to work.

please help if possible.

 

[Guest]

i just had a paid tech call with MS, they showed me how to get out of safe
mode using task manager, click 'new task' and start msconfig from there.
simple but i did not know it. they also told me that WD will not run under
safe mode, so i was wasting my time. they suggest a few other spyware
removers be tried as well, some do run under safe mode. what a day! thanks
for help.

 

[Bill Sanderson MVP]

My next post was going to suggest a free tech support call to
Microsoft-1-866-pcsafety, in the U.S. and Canada.

Windows Defender does indeed scan and clean in safe mode on Windows XP. It
can't be installed in safe mode, but once installed and updated it does scan
and clean.

--

 

[Guest]

shanks Bill. hey told me since my XP was installed by OEM Acer i had to pat
for MS help. i did try defender under safe mode and it said it would not
run. it is installed and updated and has run a few times. i dont know. i
will try again now i know how to get out of safe mode. i also found
surfsidekick will uninstall using 'remove programs'.

 

[Guest]

Sorry, I was away from my computer when you posted. I don't know if your
monitor has adjustment buttons (may be on your keyboard) where you could move
your screen up or shrink your screen so that the start button and taskbar
will show up. You may need to check your vendor's computer literature. The
problem you are having is that safe mode loads minimal graphics drivers
(which is correct because safe mode does not want to load vendor drivers that
may be buggy), but the normal drivers are probably ensuring that your screen
is centered correctly. So I would suspect you will have to use hardware
adjustments. Some monitors come with software to adjust the screen position.
I do not know if that software will run correctly under safe mode. You may
want to experiment later. For what it's worth, I don't use a laptop, but my
friends who do have not encountered this particular problem. Thanks for the
info on how to get to msconfig (might come in handy some day).

 

[Bill Sanderson MVP]

That special toll-free number (U.S. and Canada) is for help with virus
removal or issues relating to security patches. Your situation definitely
qualifies as a virus removal situation. You might consider calling back to
see whether they'll refund the charge--I would think at minimum they should
have informed you that the free help line was available. (the free help
folks are a different operation from the paid support folks, but given your
circumstances, I think you clearly qualified for the free help, and they
should have at least let you know about it.)

I have seen Windows Defender not run under Windows 2000, but I have run it
in safe mode under XP, as have others here, and I believe that Steve Dodson
has affirmed that it should run in safe mode.

I'm sorry that I didn't steer you to add or remove programs--I was
concentrating on the mechanics of using the tools available, and didn't look
at the details of the actual bugs that you knew you had.

--

 

[Guest]

I have not read the other posts further along, but you MUST disable System
Restore before rebooting. Do this for the same reason that Windows "heals
itself", otherwise you will continue to restore the malware that has taken up
residence.

Keep in mind that the primary directive of malware is SELF-PRESERVATION.
That is why it usually disables anti-malware tools FIRST.

 

[Bill Sanderson MVP]

I disagree completely. Disabling System Restore cuts off a tree limb you
may be sitting on--it removes a backup source that you may need. Turning
off SR deletes ALL restore points, not just ones which may be infected with
malware. Additionally, even a restore point with a spyware or virus
infection may be a better place to be than a non-working system.

Malware does not magically recover itself from System Restore points--you
must choose to use the system restore point.

Don't delete System Restore points until you are reasonably assured that
your system is clean and in good order.

--