spyware removal in win 2000

  • Thread starter Thread starter mojo
  • Start date Start date
M

mojo

Apologies for x posting.

Any advice on the following situation greatly appreciated.

runing win 2000.

Somehow got some nasty spyware/pop up crap (from zestyfind (?) and
some other crap made by some outfit called nictech). Adaware can see
the files and deletes them on a reboot. However, the files replicate
themselves (with another name) upon startup. file names change but
they're all .dlls - eg. agfiveds.dll, aactres.dll, awlui.dll,
afledit.dll. they all live in c:\winnt\system 32. The root problem
still persists. I've tried getting rid manually (through cmd/dos
emulation) by changing the file attributes to read, not hidden and not
system but still won't let me delete because 'some other process is
using the file' (or words to that effect). tried to close down
everything in the task manager and was left with critical processes
only but still couldn't delete the damned file. tried the same in safe
mode but again, can't delete. did try to find some way of booting into
the hard drive with a win98 startup disk but nothing happening there
either. i think it doesn't see/recognise the ntfs or whatever the file
system is on the win2k hard drive.

Any ideas greatly appreciated.

tia

mojo
 
mojo said:
Apologies for x posting.

Hi - you've multiposted this, not crossposted. You have replies in
m.p.security.virus...if you want to post to multiple groups, best to
crosspost to a handful of relevant ones by separating the group names with
commas so that everyone can follow along...much easier for everyone. Thanks!
 
thanks for that. i'm less ignorant in real life.

mojo

"Lanwench [MVP - Exchange]"
 
mojohotmail said:
thanks for that. i'm less ignorant in real life.

LOL - no problem, we all gotta learn new stuff sometimes. :-)
mojo

"Lanwench [MVP - Exchange]"
Hi - you've multiposted this, not crossposted. You have replies in
m.p.security.virus...if you want to post to multiple groups, best to
crosspost to a handful of relevant ones by separating the group
names with commas so that everyone can follow along...much easier
for everyone. Thanks!
 
Back
Top