Aces High Bulletin Board
Help and Support Forums => Technical Support => Topic started by: Flyboy on January 08, 2005, 04:22:45 PM
-
lately i am getting screen freezes, i havent changed a thing in the settings yet suddenly it started.
any idea on how to fix it?
-
hmm?
please anyone?
-
check for spyware viruses etc.
-
i just did a full system scan for spyware (with ADaware SE) and for viruses (norton anti virus)
no viruses were found BUT heres the wierd part.
i found alot of spyware.
i remove it..
i reboot my computer
i run adware scan again...AND i found more spyware, i remove it, close adware, launch it again.. again more spyware.
all this time i wasnt connected to the internet, the thing that created the spyware must be on my hard drive, but i have no idea on how to find and remove it.
can someone recomend a good spyware removing software? (for free)
-
You may need to run Adaware when booted in Safe Mode. Many spyware programs are DLL's loaded at runtime and cannot be removed when they are running.
-
ok, heres a new thing
i rebooted my computer and when i loged on (windows XP)
i got an error massage saying windows cant run "advmon32.exe"
i googled "advmon.exe" and found THIS (http://computercops.biz/startuplist-5513.html)
i have no idea how it got there or how to remove it, and it only showes up when i log on in my user (i have 3 users on this computer)
skuzzy, thanks for the tip
can you explain me how to enter safe mode in winXP?
-
one more thing.
i dont know if its importent or helpfull, but all the new stuff that keep coming back when i re scan with adaware are regestry keys, and are win32.somethingsomething.troj andownlaoder
-
to enter safemode hit f8 when the things are running for your boot up memeory check. I know this becuase I set my monitor refresh to high and got a blank wall and freaked.
It will then give you the option to run safemode
Sorry for a the tech talk but I am hopeless when it comes to this stuff. The f8 thing does work though
-
another problem in AH i want to add is it takes several tries from me to log on to the MA, the first time i get "host lost connection" massage
i never had this problem and it started appearing around the same time as the screen freezes.
again, i am clueless :(
-
Originally posted by Flyboy
ok, heres a new thing
i rebooted my computer and when i loged on (windows XP)
i got an error massage saying windows cant run "advmon32.exe"
i googled "advmon.exe" and found THIS (http://computercops.biz/startuplist-5513.html)
i have no idea how it got there or how to remove it, and it only showes up when i log on in my user (i have 3 users on this computer)
skuzzy, thanks for the tip
can you explain me how to enter safe mode in winXP?
it can't run it because it is gone. to remove the annoying message
click start, run, type msconfig, click ok, under general tab click selective startup, then click startup tab, uncheck the boxes with advmon32.exe beside it. , now would be a good time to turn off the other junk that starts too ;) after ya done, click apply, then close. restart computer. it'll pop up a box telling you, that you are in selective startup, blahblah , click whatever to tell it not to remind ya again.
might have to do run services.msc to turn other junk off.
the following is Dangerous.
the hard way to get rid of the message but it is permanant , but is dangerous if ya don't know what ya doing, is run regedit, search for all the keys with advmon32.exe in it and delete those keys.
WARNING messing with regedit CAN mess your computer up real bad. if you delete the wrong things.
if you go this route. you are on your own as for being responsible for what happens.
-
Originally posted by Flyboy
one more thing.
i dont know if its importent or helpfull, but all the new stuff that keep coming back when i re scan with adaware are regestry keys, and are win32.somethingsomething.troj andownlaoder
might help to turn off the system restore til you get the computer clean.
-
thanks dieAz i removed it in the regestry
but i still cant eliminate the spyware from reapearing as regestry keys and now regestry values.
any ideas?
oh, and how do i disable system restore?
-
ok, what i have is a trojan named CRYPTER.C
i keep removing it, but it keeps coming back, so i must be doing something wrong.
i followed dieAz tip about checking my startup list for othe crap,
i googled every procces and they all came clean exept one..
its named ndowaboa.exe and its located at:
C:\WINDOWS\system32
at also has a wierd icon: a "Q" with a yellow background, alot more of the EXE files in that folder has the same icon, i never saw it before.
im no computer wiz, so i aint gonna do a thing about that ndowboa untill you guys advise me, but its sure is suspicious that google gave no matches
-
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.b.html (http://securityresponse.symantec.com/avcenter/venc/data/trojan.gema.b.html)
go here follow directions system restore disable info there too.
would be a good idea to print it out.
if you find more junk, search with this to check see if it a virus.http://www.symantec.com/search/ (http://www.symantec.com/search/)
-
the weird name is probably the trojan's random generated name.
just go to the 1st link in my last post. and do all that 1st.