Self generating spyware

  • Thread starter Thread starter Mary
  • Start date Start date
M

Mary

HELP! SOS!
I have been trying to get rid of "A Better Internet"
Adware/Spyware on my computer for several days. I even
called the company located in NYC 646-613-0376--no one
answers the phone you are directed to leave a message or
go to the website to download uninstall software.(which I
would never do!) I left a message and they have not
returned my call.

Once I remove with MS AntiSpyware
C:\WINDOWS\system32\DrPMon.dll
after rebooting and running a scan again I find
c:\windows\system32\drpmon.dll
Again I remove with MS Antispyware
after rebooting and running a scan again I find
C:\WINDOWS\system32\DrPMon.dll

(PLEASE NOTE: case sensitivities)

It seems to self generating and then propagates
additional adware pops up from Icannews and Navidad Worm
(Worm).

I also noticed the addition of empty files--which I
believe is where the self propagating adware"grow" from.

Is it possible to delete a .dll in C:\WINDOWS\system32?
Is it possible to delete all my software and then
reinstall my software with the hopes of deleting the
adware/spyware?

Thanks--Any help is greatly appreciated.
 
Hello Mary

This is Andy M. method
<<qoute>>
My method of fixing Aurora is this :

(Copy it to notepad so you can still view it in safe
mode )

----------------------------------------------------------
Download Nailfix to your desktop

http://www.noidea.us/easyfile/file.php?
download=20050515010747824

mirror:

http://www.dknoppix.com/cgi-bin/download.cgi?Nailfix

----------------------------------------------------------
Download The ABI remover (Better Internet Remover)

http://andymanchesta.com/Downloads/ABIremover.zip

Download the Remover to your desktop
----------------------------------------------------------
Download Ewido Security Suite

http://download.ewido.net/ewido-setup.exe

install and get all updates while in normal mode & run in
safe mode

----------------------------------------------------------
Download AD-Aware SE

http://www.download.com/3000-2144-10045910.html

install and get all updates while in normal mode & run in
safe mode

----------------------------------------------------------
Download Ccleaner

http://download.ccleaner.com/download120bin.asp

----------------------------------------------------------

You may need to empty your system restore points,Drpmon &
Bolger.dll is sometimes left in the restore area.To turn
off system restore goto start then right click my
computer then goto properties then system restore.
Check the box 'Turn off system restore' then press apply
and exit

Reboot into Safe Mode by hitting the F8 key repeatedly
until a menu shows up (and choose Safe Mode from the list)

start the ABIRemover.exe, press install, wait (explorer
window will disapear)

in Safe Mode, double-click on nailfix.bat. Your desktop
and icons will disappear and reappear, and a window
should open and close very quickly.

Next run a full scan with Ewido & Ad-aware SE (Ewido will
find the random named files in the system folder and
windows/last good folder if they exist.Ad-aware will
detect and remove DrPmon and Bolger.dll )

Goto start then run and type

prefetch

delete the contents of this folder

Run Ccleaner and remove anything found,also use
the 'issues' button and fix any problems that are
detected.

Reboot & Re-Enable System Restore (Goto start again,then
right click my computer,then choose properties & goto
system restore) Un-check the box 'turn off system
restore' and press apply

Your done !

AndyI hope this is the solution for your problem.

Engel
 
Hi Mary,
As you've concluded, you've got a pretty good problem. Navidad tho is a new
one on me from a perspective of ABI junk.

Have you a current, up to date AV program installed?

Further, you might wish to check the 'general antiSpyware' newsgroup here,
and search up some of the fixes that others have proposed for "nail.exe" or
"ABI."

Ron Chamberlin
MS-MVP
 
Back
Top