Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Saurdaukar on November 16, 2004, 01:15:01 PM
-
Got a few peices of spy/adware Ive identified but I cant seem to get rid of no matter what I try.
Spybot and Lavasoft's Adware dont find them and everytime I try to delete them I get the "Cannot be deleted being used by another program, etc, etc, etc **** you, lolerskates!" message.
So eh... whats next? A program Im not trying or something? Its frusttrating as hell to look right at the files and not be able to get rid of them.
-
Start->Run-> 'cmd'
cd\ do as many times to get to file's location.
del filename.
If that doesn't work, you need to be ending some tasks using task manager. ctrl-alt-del or try booting into safe mode.
Booze greatly assists the removal of adware and spyware.
-SW
-
A guy I work with is really good at deleting those hard to get ones but I have no idea of how to do it. He does tell me to be careful removing files like that because a lot of times they imbed themselves in system files and removing them will case major problems. He removed one at work and it wiped out a bunch of registry files and had to reload the operating system. Sorry I can't be of any real help but just be careful when removing some of that spyware.
68Parker
-
I had the same problem a couple of months ago. I used HijackThis to remove the boot programs.
http://www.spychecker.com/program/hijackthis.html
How to use:
http://hjt.wizardsofwebsites.com/
-
Originally posted by Mickey1992
I had the same problem a couple of months ago. I used HijackThis to remove the boot programs.
http://www.spychecker.com/program/hijackthis.html
How to use:
http://hjt.wizardsofwebsites.com/
"Connection refused."
-
what operating system are you using...?
IF XP I got some commands you can run from the command window to manually remove stuff..
If something else let me know..
for starters you can goto the run command at the start menu which will bring up a window...
Type msconfig
then goto the startup tab and uncheck the spyware.. (this is your registry run section so a regedit also works.. but msconifg is faster with no registry know how needed...)
restart the machine..
again if you have XP.. which has a very good netstat command.. with the -b attribute.. which shows each program and their attempted network activity.
Tell me what you got.. But try the msconfig first.... (works win98, 2000, and xp)
DoctorYO
-
XP - did the config thing - took out what I could find but for some reason I still get the message that a couple of the programs are being used and cannot be deleted.
-
So, you don't want to take my advice because I'm too sexy?
-SW
-
yet another options would be a program like CyberScrub. Set it up to delete the file, and if it's in use, it will restart your computer and delete upon boot.
http://www.download.com/CyberScrub-Professional-Edition/3000-2144_4-10245887.html?tag=lst-0-1
-
make sure it hasnt put in a host file to reroute your browser so that you cant get to a anti virus site
-
Saur... run Hijackthis after booting in safe mode.
several download sites here:
http://www.majorgeeks.com/download3155.html
-
Oh ya.... I also use spybot..... really like it.
-
The offending files post em..
The names that is..
What im suggesting is the same thing the program WMlute (most likely the program is easier than the command shell im about to guide you thru the attrib process and manually remove the files) posted except using command shell to do it..
Then boot to safe mode....
Then open command shell by using the run command.. then type command..
then you have a dos looking window..
do you know how to navigate dos...? (if not navigate using explorer first to the files then open the dos shell using the run command) (should be in the directory you were just in..)
cd d:\example (change directory command)
find your files...
then type the following:
Attrib -R -A -S -H C:\windows\desktop\crummyfile.arse (example...)
note the attrib command has help.. so you can see what i did.. suggest :
attrib /?
this will bring up the command list for reference....
Now that your removed the attributes from the files its should delete normally if you booted to safe mode(hence shouldn't be loaded therefore no BS reinstalling auto install spycrap..)
Most likely that program at download.com does the same as above and most likely is much easier than the stuff I posted..
That should do it..
DoctorYO
-
http://www.javacoolsoftware.com/downloads.html - download and install : SpywareBlaster and SpywareGuard FREE
http://www.safer-networking.org/index.php?page=download - Download and install Spybot - Search & Destroy FREE
http://www.spywareinfo.com/~merijn/downloads.html - Download Hijackthis and CWShredder. Put them in a new folder named "Hijackthis". Put the folder on c drive. This is important for proper logging of info when you get hijacked. Do not use these programs unless you completely know what you are doing. FREE
http://www.lavasoftusa.com/support/download/ - Download the free version of Adaware and install. Or pay for the advanced version if you want. FREE
http://www.grisoft.com/us/us_dwnl_free.php - If you don't have an antivirus program and don't want to pay for one then get AVG . It is free and good. FREE
http://www.free-av.com/ - another antivirus FREE
If you dont have an antivirus you can do free scans at http://housecall.antivirus.com/ or http://www.pandasoftware.com/activescan/
SpywareBlaster, SpywareGuard, Spybot, Adaware, and AVG all need updating regularly.
Hijackthis and CWShredder also need updating but these should only be used when you have a problem. If you have a problem,you can contact me for help or go to the http://help.lockergnome.com/index.php?showforum=50 and click on the "HIJACKTHIS LOGS" forums. Register and post your problem. An expert will get to you within a few days to guide you to a clean machine :)
Contact me if you need help:) I can call you.
-
Originally posted by Pongo
make sure it hasnt put in a host file to reroute your browser so that you cant get to a anti virus site
ya good point ... but he proably won't know what you mean with just that .. and if new hostfile has been made, killing programs won't help that part.
check basicly
c:/windows/system32/driver/etc/hosts
should really only have a loopback address 127.x.x.x
if anything else is there ... proably put there by spyware etc......
-
Originally posted by AKS\/\/ulfe
So, you don't want to take my advice because I'm too sexy?
-SW
I dunno - thats alot of typing.
Ook, ok, ok... slow down everyone.
Unlike 80% of the people that play AH, Im not exactly fluent in PC speak.
Most of the websites posted (ALL of Silats) are refusing my connection - is the bad guy software doing this?
I feel stupid for even asking this... but how do I boot in safe mode? I never bothered to figure out XP because I hated not being able to do anything so just treat me like the average guy that calls in to Dell customer support and says "A virus ate my megabytes!"
-
Originally posted by Saurdaukar
I feel stupid for even asking this... but how do I boot in safe mode? I never bothered to figure out XP because I hated not being able to do anything so just treat me like the average guy that calls in to Dell customer support and says "A virus ate my megabytes!"
OK. "Sir, my name is Habeeb, and how may I be of assistance to you? Ah yes, you have the spyware on your computer and to fix you need to mail your computer to us and we will reformat it for a small fee of $200."
-
SOB you forgot the INDIA address.
-
Originally posted by Saurdaukar
I dunno - thats alot of typing.
Ook, ok, ok... slow down everyone.
Unlike 80% of the people that play AH, Im not exactly fluent in PC speak.
Most of the websites posted (ALL of Silats) are refusing my connection - is the bad guy software doing this?
I feel stupid for even asking this... but how do I boot in safe mode? I never bothered to figure out XP because I hated not being able to do anything so just treat me like the average guy that calls in to Dell customer support and says "A virus ate my megabytes!"
f8 on boot does startup menu ....
did you check your hosts file like my above post asks too? That is a very easy way to redirect or block people from known sites. If there is an entry in hosts ... it won't goto DNS.
C:/winnt/system32/drivers/etc/hosts
look at it ... it should only have the local host 127.0.0.1 (loopback)
check it damnit .....then we'll move on if that ain't it.
-
Yeah, I'm too sexy to help you.
-SW
-
just in case you missed it...
"make sure it hasnt put in a host file to reroute your browser so that you cant get to a anti virus site"
we can help you do this if you dont know what that means. The effect would be they could make it seem that you couldnt get to sites they didnt want you to get to. But its simple to fix.
The pop up thing is more difficult but one thing at a time.
I went through something simulare a few months ago.
-
Collection of the above resulted in what I THINK is a fixed problem.
Thanks guys! :aok
(yeah, even you Pongo)
The number of "bad guys" was massive (dunno where I picked em up all of the sudden) but they mascaraded as everything from a "Xerox" folder to "Microsoft" files.