"beat around the bush" scans too long, gets killed by spyware

  • Thread starter Thread starter want to run quicker
  • Start date Start date
W

want to run quicker

While MS Antispyware is scanning the whole system (why ?)
my system gets shutdown by spyware.

When starting to run, it recognizes a trojan horse, but
nevertheless continues scanning the system for nearly 30
minutes (1.5 GHz laptop - 17000 files). Why not start
killing these things right away and not beat around the
bush to get killed? the whole concept of "let me scan your
world first" is weak.... start working now.
 
While MS Antispyware is scanning the whole system (why ?)
my system gets shutdown by spyware.

When starting to run, it recognizes a trojan horse, but
nevertheless continues scanning the system for nearly 30
minutes (1.5 GHz laptop - 17000 files). Why not start
killing these things right away and not beat around the
bush to get killed? the whole concept of "let me scan your
world first" is weak.... start working now.
Click to expand...

First of all - send a Suspected Spyware Report through the Tools menu of
MSAS to the SpyNet.

Then turn off the System Restore: Start-> right click on My
computer ->Properties -> System restore -> select the box ' Turn off system
restore ' and press Apply, then exit.
(Remember to turn it on - i.e. deselect that box - again after cleaning the
system!!)

Next start the computer in the Safe mode (F8 during boot-up), run Windows
Explorer, go to your profile temporary folders (usually C:\Documents and
Settings\username\local settings\temp and c:\Documents and
Settings\username\local settings\Temporary Internet Files\Content.IE5) and
delete all the files in those directories and subdirectories. Then do a
full system scan with MS AntiSpyware (check the proper option under Scan
settings). Scan the computer with the antivirus software that you use. And
also with some other "cleaning" software such as:

Spybot Search&Destroy http://www.majorgeeks.com/download2471.html
HijackThis http://www.majorgeeks.com/download3155.html
CWShredder http://www.majorgeeks.com/download3019.html
Ad-Aware SE Personal http://www.lavasoft.com/software/adaware/
McAfee Stinger http://vil.nai.com/vil/stinger/

If you run HijackThis you can check the log it prepares - just copy and
paste it to the http://www.hijackthis.de web page and click analyze button.

Need a free antivirus? Try this one http://www.free-av.com

And protect your system with antispyware, antivirus and firewall software.
Keep this software up to date.
Also KEEP THE SYSTEM UP TO DATE (http://www.windowsupdate.com)
 
want to run quicker schreef:
While MS Antispyware is scanning the whole system (why ?)
my system gets shutdown by spyware.

When starting to run, it recognizes a trojan horse, but
nevertheless continues scanning the system for nearly 30
minutes (1.5 GHz laptop - 17000 files). Why not start
killing these things right away and not beat around the
bush to get killed? the whole concept of "let me scan your
world first" is weak.... start working now.
Click to expand...
This is no Spyware but a virus!

Try :
http://nl.trendmicro-europe.com/consumer/housecall/housecall_launch.php

Regards >*< TOM >*<
 
The SAFE mode doesn't save each time. For example due to
some trojans, in safe mode i could not boot because the
"winlogon.exe process asked runtime to terminate itself in
an unusual way..." after which the safe mode shutdown the
computer. I tried each type of safe mode - each generated
that error.

Microsoft should change the way safe mode runs to actually
always be able to come up.


yeah, Hijackthis is mostly useless...it just removes
entries, which go right back in, since it's not killing
them, anyway it's a weak tool, in fact the name is inviting
to get itself hijacked too ;-)
 
Hi there,
First, MS didn't put that junk on your pc. You may not have done it either,
so let's work together to get rid of it.
Are you at SP2 yet? Firewall on? Your terminology leads me to believe that
it may be a critter running around, rather than plain vanilla spyware. I
suggest going online and doing a full free AV scan from Trend Micro or
Panda.

Then:

Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files* C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize.

Ron Chamberlin
MS-MVP



*The .tif are Temporary Internet Files, and are stored in a different barn
than 'normal' temp files.
Here's how I kludge thru to them: Open Windows Explorer--->C:\Documents and
Settings. Then it's to the Tool Bar--->Folder Options--->View--->Hidden
Files and Folders and check the box "Show hidden files and folders" > Now
expand C:\Documents and Settings and under each user you will now see a
folder "Local Settings". Open that puppy and choose Temporary Internet
Files. I am not concerned about the cookies therein, but everything else
can go for now.
 
Ad-Aware also won't start removing infections until it
has completely scanned the system, and for GOOD reason.
There might be a process running, such as a Trojan horse,
but killing the process won't remove the infection. You
must find every last bit of the infection and remove all
of it at the same time to be certain it's completely
gone, or the infection can return, even while the
scan/removal is taking place.

What most scanners do is quarentine the process until the
scan is done and then remove all parts at the same time.
If I'm not mistaken, most AV scanners today don't try to
fix infected items until the entire system has been
scanned, as they want to make certain all parts of the
infection are removed from the system.

Also, removing some file that a process has placed onto
the system without first killing the process is an
absolutely DUMB thing to do. This is because the process
will likely monitor the files it's placed onto the
system, and once the antispyware (AS) app has removed one
of those files, it replaces it after the AS program has
removed it. Meaning you will have to do two scans to
remove everything. This is not the thing most people
want to have to do to make certain their system is free
of spyware/malware.

Alan
 
The SAFE mode doesn't save each time. For example due to
some trojans, in safe mode i could not boot because the
"winlogon.exe process asked runtime to terminate itself in
an unusual way..." after which the safe mode shutdown the
computer. I tried each type of safe mode - each generated
that error.
Click to expand...

Have you tried to repair the system files using installation CD? This should
eliminate the trojans/viruses that change the system files to their own.
After that you should reapply all patches to the system, if you have
installed any. Then try to boot in safe mode.
And before connecting the computer to the network PROTECT THE SYSTEM at
least with some firewall, antivirus, antitrojan, antispyware. And keep the
system up to date.

Microsoft should change the way safe mode runs to actually
always be able to come up.
Click to expand...

If you haven't protected the system and its files, how can this be acheived,
when system libraries/executive files are infected?

yeah, Hijackthis is mostly useless...it just removes
entries, which go right back in, since it's not killing
them, anyway it's a weak tool, in fact the name is inviting
to get itself hijacked too ;-)
Click to expand...

It is just reporting tool, not killing one.. You don't use fork to eat the
soup, do you?
It shows where uninvited guests have "catched" to the system. Next step
belongs to you - to find the way to get rid of them (using other tools for
example).
 
Back
Top