constant bombardment

  • Thread starter Thread starter J
  • Start date Start date
J

J

Hi. Please Help
My friend's pc was riddled with junk. I installed MSantispy and Lavasoft and
got rid of loads of rubbish but there are 3 that will not go away.
They open IE even when not in use. 2 of them are exactly every minute and
the other is around 5 minutes.
MSas shows a message of one of them, INetspeak websearch and I 'remove' each
time, but 1 minute later it comes back EVEN when I disconnected from the
internet!
The other is Aurora which I even removed all mentions in Regedit, and the
other is http:// ads1searchmiracle.com
Then occasionally there's the casino ones.

I've been scanning and removing for 4 days now.
What does one have to do??
If there is a firewall and popup blocker why don't they stop them?
Please help coz my friend is tearing her hair out. ( BTW I also removed
Limewire that her kids installed and all mention of it)
Thank you
J
 
I came across something like that in a college computer lab recently. The two
things I did were not rocket science but they helped. One was rebooting during
the scan when MSAS says to so it can clean things on boot up. Two was scan in
safe mode. Also, I tend to run two or more scans, one after another. Sometimes
the second scan picks up what the first did not (I know it's crazy, but I do this
will all scanners, whether antivirus or antispyware, it is sometimes really worth
it).

Also, and I am sure you're doing this but it doesn't hurt to ask, are you running
a full scan? That helped me as well.

I hope these suggestions aren't too elementary.
 
1) - Please go into Microsoft Antispyware, and submit a Tools, suspected
spyware report.

2) For Aurora, here's a recipe from Ron Kinner:
--------------------------------
Just successfully removed two nail.exe infections today
with the procedure at:

http://forum.hijackthis.de/showthread.php?t=3172

The ABIRemover.exe is a miracle worker!

Ron
--------------------------------------------

In general, scanning and removing in Safe mode--press the F8 function key
while starting or restarting before the first Windows screen appears--will
give the anti-spyware software a much better chance at doing a complete
removal: Update defs on everything--including the antivirus--restart in
safe mode, and do full, deep scans with Microsoft Antispyware until one
comes through clean. Do scans with your other tools as well. Use Ron
Kinner's recipe for Aurora. You may also want to use the Tools, Advanced
tools, system explorers in Microsoft Antispyware to temporarly block startup
items or BHO's or toolbars that you can't identify as useful standard parts
of the system you are working on. Ask here about anything you have doubts
about. Microsoft Antispyware won't let you disable anything required for
system operation, but it won't know all details of video drivers or
antivirus apps installed, etc.

You can also check these groups for messages from Ron Kinner with clear
instructions about how to get him HijackThis logs via email--this is one way
to get an unknown problem cleared up.
 
Scanning in safe mode is an excellent suggestion--one everyone needs to
remember. Safe mode restricts many services, both third-party services, and
some Microsoft services, from starting. This includes "services" installed
by viruses or trojans. Any clean-up app--antivirus or antispyware--has a
better chance of getting the job completely done in this mode.

Unfortunately, Aurora is active even in safe mode. I haven't checked out
Ron Kinners method on this one--I identified the three parts of the puzzle
and removed them using the Recover console--not a method for everyone to
use, I'm afraid.
 
Thanks. I'll let you know how I get on
J

Bill Sanderson said:
1) - Please go into Microsoft Antispyware, and submit a Tools, suspected
spyware report.

2) For Aurora, here's a recipe from Ron Kinner:
--------------------------------
Just successfully removed two nail.exe infections today
with the procedure at:

http://forum.hijackthis.de/showthread.php?t=3172

The ABIRemover.exe is a miracle worker!

Ron
--------------------------------------------

In general, scanning and removing in Safe mode--press the F8 function key
while starting or restarting before the first Windows screen appears--will
give the anti-spyware software a much better chance at doing a complete
removal: Update defs on everything--including the antivirus--restart in
safe mode, and do full, deep scans with Microsoft Antispyware until one
comes through clean. Do scans with your other tools as well. Use Ron
Kinner's recipe for Aurora. You may also want to use the Tools, Advanced
tools, system explorers in Microsoft Antispyware to temporarly block
startup items or BHO's or toolbars that you can't identify as useful
standard parts of the system you are working on. Ask here about anything
you have doubts about. Microsoft Antispyware won't let you disable
anything required for system operation, but it won't know all details of
video drivers or antivirus apps installed, etc.

You can also check these groups for messages from Ron Kinner with clear
instructions about how to get him HijackThis logs via email--this is one
way to get an unknown problem cleared up.
Click to expand...
 
Back
Top