Can't seem to get an answer..

  • Thread starter Thread starter tryingtohelp
  • Start date Start date
T

tryingtohelp

Learn to clean it yourself, don't rely on scanners - you
need 3 or 4 to capture most out there and even then you
won't get them all. I haven't seen spyware i haven't been
able to clean manually cause they all basically work on
the same principle - Startup mode.

What OS?

Just quickly and assuming you have done your virus scan.

Check Winmsd/Startup programs is a good place to start.
Track all that stuff down in the registry/startup folders.
Delete what you don't need. If in doubt delete.

Sysedit
delete all stuff from config and autoexec.
You can also have stuff in system.ini but it is rare

Go through services. Track down whatever isn't legit and
starts in auto mode and delete through registry. Giveaway
would be the startup executable. If you are unsure then
just set them to manual startup and fix it up later if
something don't work.

Delete all scheduler stuff - turn it off

Delete everything in IE downloaded programs folder in
Windows folder - NOT THROUGH IE!

If it says something is locked while deleting try it in
safe mode - if you still can't do it, do it in plain dos.

Don't wait for an answer back from me if you reply, i was
just bored... i may check i may not.

Have fun.
 
tryingtohelp is right on track.
I have found the optional Systems Information that one can
install a very valuable tool to speed up the process.
I would suggest making a backup of your registry before
you start hacking at it.
I have also found it useful to look at the contents of
\Windows\system and system32 in order of both creation
date and update date. I have seen a couple of malwares
that tweak one of these, so you get values that don't make
sense, a dead giveaway that something is not kosher.
When you cannot delete a file, it is probably running as a
service. You can use System Information to determine what
services are running and what executable or dll they are.
The service name is not necessarily the name of the
executable, especially for malware. You can turn off the
service using services in the administration menu, or just
kill the process using task manager. Once the process is
dead, you can delete the executable (though I rename them
to AAAhide_<whatever> in case I make a mistake and need to
get it back).
Another useful trick for a file that keeps reappearing is
to get an executable that just beeps the speaker. Then
rename it to the name of the file that keeps reappearing
and set its attribute to read only. An attempt to
overwrite it will usually pop up an error. If something
is looking to see if it is still there, you will have
fooled it. My record is more than thirty copies before I
got them all, but that was a good ways back.
 
Back
Top