Paul, a friend at work has recently gotten this thing.
Any advice/tips/help?
Cool Web Search
I kick that bitch's ass all teh time.
If he has that, he probably has more stuff he doesn't know about. Here's how to get rid of 95% of those crappy programs.
He has WinXP, right?
1) Download Spybot Search & Destroy (Download.com)
2) Download Ad- Aware (Download.com)
3) Download Microsoft AntiSpyware Beta (microsoft.com/spyware)
4) Download Spy Sweeper 30 day trial (webroot.com)
5) Download Hijack This
6) Download Winsock Fix. (Just in case)
7) Download AVG Free Edition (grisoft.com) if there's no antivirus.
You can burn these to CD if you wish.
A - Go to Add/Remove Programs and uninstall what crap you can.
B - Disable System Restore (Right-mouse-click My Computer, then System Restore)
C - Install and update #1, #2, #3, and #4. Don't waste your time running them yet. If there's no antivirus, install and update #7
D - Reboot into Safe Mode (by tapping F8 before XP loads)
E - Delete your Internet cookies, history, and cache.
F - Delete all temp files (Start, Run, "%temp%", select all, delete everything you can in that folder)
G - Run 1-4 in order, removing whatever they find.
H - If you installed/updated AVG, run it and do a scan.
I - Run Hijack This and "Do a system scan only"
J - Go through the list and delete crap with random file names such as "cxfpw7q.dll" that like to hang out in the windows/system32 directory. Also delete anything that's obviously bad. If you're unsure, do a Google on the file name and it'll tell you what it is. If there are no hits on the file name, delete the mofo. (Warning: When it says "Fix" it means "Delete." Deleting the wrong thing can prevent good stuff from running, like antivirus, scanners, Windows, etc.)
K - Reboot the PC and enable System Restore.
If removing the spyware screws up his Internet connection, run Winsock Fix.
Edited By Paul on 1114021661
If he has that, he probably has more stuff he doesn't know about. Here's how to get rid of 95% of those crappy programs.
He has WinXP, right?
1) Download Spybot Search & Destroy (Download.com)
2) Download Ad- Aware (Download.com)
3) Download Microsoft AntiSpyware Beta (microsoft.com/spyware)
4) Download Spy Sweeper 30 day trial (webroot.com)
5) Download Hijack This
6) Download Winsock Fix. (Just in case)
7) Download AVG Free Edition (grisoft.com) if there's no antivirus.
You can burn these to CD if you wish.
A - Go to Add/Remove Programs and uninstall what crap you can.
B - Disable System Restore (Right-mouse-click My Computer, then System Restore)
C - Install and update #1, #2, #3, and #4. Don't waste your time running them yet. If there's no antivirus, install and update #7
D - Reboot into Safe Mode (by tapping F8 before XP loads)
E - Delete your Internet cookies, history, and cache.
F - Delete all temp files (Start, Run, "%temp%", select all, delete everything you can in that folder)
G - Run 1-4 in order, removing whatever they find.
H - If you installed/updated AVG, run it and do a scan.
I - Run Hijack This and "Do a system scan only"
J - Go through the list and delete crap with random file names such as "cxfpw7q.dll" that like to hang out in the windows/system32 directory. Also delete anything that's obviously bad. If you're unsure, do a Google on the file name and it'll tell you what it is. If there are no hits on the file name, delete the mofo. (Warning: When it says "Fix" it means "Delete." Deleting the wrong thing can prevent good stuff from running, like antivirus, scanners, Windows, etc.)
K - Reboot the PC and enable System Restore.
If removing the spyware screws up his Internet connection, run Winsock Fix.
Edited By Paul on 1114021661
I've also fought CWS a few times and only once required a reformat.
I'd add to Paul's list that this guy (and anyone) should be updating their anti-spyware programs constantly and grabbing all the MS security updates that come out.
One thing about Spybot that some people miss is the "Immunize" tab. It helps to prevent you from getting infected with spyware in the future. As does the Real Time scan in MS's product.
If the guy needs an anti-virus program I'd recommend Trend's PCillin 2005. Its a personal preference of mine as it works fantastically and has never broken a PC I've run it on like McAfee's product have done. Plus, it done its own scanning for spyware, so its another level of protection there.
You can try the Trend product for free at http://www.trendmicro.com/housecall.
Their product that scans for both viruses and spyware is the beta version.
Edited By Leisher on 1114023096
I'd add to Paul's list that this guy (and anyone) should be updating their anti-spyware programs constantly and grabbing all the MS security updates that come out.
One thing about Spybot that some people miss is the "Immunize" tab. It helps to prevent you from getting infected with spyware in the future. As does the Real Time scan in MS's product.
If the guy needs an anti-virus program I'd recommend Trend's PCillin 2005. Its a personal preference of mine as it works fantastically and has never broken a PC I've run it on like McAfee's product have done. Plus, it done its own scanning for spyware, so its another level of protection there.
You can try the Trend product for free at http://www.trendmicro.com/housecall.
Their product that scans for both viruses and spyware is the beta version.
Edited By Leisher on 1114023096
"Happy slaves are the worst enemies of freedom." - Marie Von Ebner
"It was always the women, and above all the young ones, who were the most bigoted adherents of the Party, the swallowers of slogans, the amateur spies..." - Orwell
"It was always the women, and above all the young ones, who were the most bigoted adherents of the Party, the swallowers of slogans, the amateur spies..." - Orwell
I had a virus about a month ago. It was a worm that got in before the Norton update kicked in. Once I updated it found it and killed it.
I think the last one we got before that was Melissa.
I don't run an antivirus at home, though I do install, use, and remove an antivirus every once in awhile. My connection at home is slow, so I mainly use it to check webmail, my websites, and some forums.
I don't have any spyware software on my work PC other than Symantec Corporate Edition (antivirus), I do have JAVA on, and I had no spyware unless you count cookies. I installed some of the programs mentioned above for the first time last month when that virus hit, and all I remember them finding were cookies. Big whoop.
Me thinks Goron surfs in dangerous waters.
I think the last one we got before that was Melissa.
I don't run an antivirus at home, though I do install, use, and remove an antivirus every once in awhile. My connection at home is slow, so I mainly use it to check webmail, my websites, and some forums.
I don't have any spyware software on my work PC other than Symantec Corporate Edition (antivirus), I do have JAVA on, and I had no spyware unless you count cookies. I installed some of the programs mentioned above for the first time last month when that virus hit, and all I remember them finding were cookies. Big whoop.
Me thinks Goron surfs in dangerous waters.
One more bit of advice.
Sometimes you have to go on the bastard's site to remove the software.
Today, when running all that shizzle didn't prevent an ABetterInternet file from reinstalling (I could only identify it because Spy Sweeper named it) over and over again, I eventually went to abetterinternet.com and found this in their contact section. It lead to a program that removed the problem.
Companies put this stuff on so they can claim that they tried to help should they ever get sued for their damn software.
Edited By Paul on 1114031711
Sometimes you have to go on the bastard's site to remove the software.
Today, when running all that shizzle didn't prevent an ABetterInternet file from reinstalling (I could only identify it because Spy Sweeper named it) over and over again, I eventually went to abetterinternet.com and found this in their contact section. It lead to a program that removed the problem.
Companies put this stuff on so they can claim that they tried to help should they ever get sued for their damn software.
Edited By Paul on 1114031711
Apparently that's what it takes for the reall good hard-core addict/junkie porn.Paul wrote:I had a virus about a month ago. It was a worm that got in before the Norton update kicked in. Once I updated it found it and killed it.
I think the last one we got before that was Melissa.
I don't run an antivirus at home, though I do install, use, and remove an antivirus every once in awhile. My connection at home is slow, so I mainly use it to check webmail, my websites, and some forums.
I don't have any spyware software on my work PC other than Symantec Corporate Edition (antivirus), I do have JAVA on, and I had no spyware unless you count cookies. I installed some of the programs mentioned above for the first time last month when that virus hit, and all I remember them finding were cookies. Big whoop.
Me thinks Goron surfs in dangerous waters.
It's not me, it's someone else.
Update.
Dude tried your steps, but didnt quite work for him. He was able to use cygwin though to finish things up. Some files simply could not be removed, but I suggested he use cygwin (a unix emulator for windows) to remove the files, since it doesnt care what the wdinwso file permissions are.
So, it's all gone now, but the steps didnt quite work for him (although, maybe he messed 1 up, who knows)
Dude tried your steps, but didnt quite work for him. He was able to use cygwin though to finish things up. Some files simply could not be removed, but I suggested he use cygwin (a unix emulator for windows) to remove the files, since it doesnt care what the wdinwso file permissions are.
So, it's all gone now, but the steps didnt quite work for him (although, maybe he messed 1 up, who knows)
It's not me, it's someone else.
Like I said earlier, my directions will take off 95% of the crappy programs. That last big takes a little more effort.
Cygwin was a good idea. I'd tried Knoppix awhile back, but it didn't let me delete stuff. I'll look into Cygwin myself.
Ending processes and being a bit trickier with Hijack This probably would have fixed him. I'd have needed to see his Hijack This log to be more specific.
Cygwin was a good idea. I'd tried Knoppix awhile back, but it didn't let me delete stuff. I'll look into Cygwin myself.
Ending processes and being a bit trickier with Hijack This probably would have fixed him. I'd have needed to see his Hijack This log to be more specific.
-
DoctorChaos
- Posts: 1579
- Joined: Fri Oct 08, 2004 7:58 pm
In Knoppix, you have to remount the partition.Paul wrote:I'd tried Knoppix awhile back, but it didn't let me delete stuff.
For instance if your c drive is the problem, use the commands
sudo umount /dev/hda1
sudo mount -rw /dev/hda1 /mnt/hda1
This will remount the partition in read-write mode. Then you can delete stuff.
Wadda mean? Other people can read this?!
No, thePaul wrote:The British definition?
You savoury duck!
version.
"Be bold, and mighty forces will come to your aid."