General SecurityPost any general questions related to security, viruses or spyware here.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I have been called to a friends to rescue their PC as they detected downloader.small and are having a a problem with a dialer.
I have been successful in the past at fixing many such problems, but this is a bit wierd.
I have deleted some suspiscious exe files with GIPO@MOVEONBOOT that kept appearing in MSCONFIG/STARTUP. The dial up box keeps autostarting even though it has been removed from start up.
Here is the problem.
The PC runs OK, until you run AVG or Spyware removal (including Search and destroy and many others I ogt from computercops.biz.
Then the PC reboots every single time during these scans. Is this a very clever virus? I can't find the name as the scans don't finish. I have run about 5 recommended spyware removal tools - they all cause a reboot half way through, or a cpl that don't detect anything finish but discover nothing (and ask for money to upgrade).
Any ideas?
TiA
Didn't find the information you thought to find? Check out these Similar Threads
Hi thanks for the tip, I close all applications, but I don't know what processes I should close and which I should leave open?
Is there a basic list of what i should leave on before the scan?
What operasting system?
If XP or 2k you can close everything except windows will not let you end a system process. Just use task manager to end everything one by one and if a process can't be ended windows will tell you.
Thanks TonyT - it is XP Professional. So I iwll follow that advice.
I have noticed that these maliscious spyware, hijackers and diallers are getting out of hand - they seem harder to deal with than the "traditional viruses" and they are costing ppl a lot of time to fix.
I have also noticed that all the different spyware removal tools find totally different things. Even Adaware seems to miss loads of stuff other programs find and they miss stuff adaware finds - it's getting so difficult to control
In case anyone finds my results useful for future reference - here you go:
I booted into Safe Mode and ran SpySweepr, a program I am new to, but seems really good (it finds lots more than adaware does on my PC). The program ran and removed a few things. I then tried to run AVG (free edition) and it would not run in SafeMode - I even re-installed it and got the same error.
However, the SpySweeper run had cleared whatever it was that stopped me runnning AVG in normal mode, so I ran AVG that way and found a couple of viruses and removed to the vault.
I then scanned the secondary hard drive and found another group of viruses that AVG could not seem to deal with. They were in a hidden folder called Windows System Information (this disc used to be a system disk). I removed the viruses by deleting with Gipo@moveonboot as I could not delete them the normal method - access denied (Windows thinking they are in use).
System now seems clean
Anyone got a good recomendation for a Spyware program the stops these pests getting on the system in the first place? As opposed to cleaning once infected. I will try SpySweeper - but would appreciate some advice from the experts!
www.spywarewarrior.com is a good place to start when looking for recommendations. You might also note that some of the removal and preventions programs have to be run for each user or you risk reinfections.
Thanks for the replies - I will check them out. Need a free version really
I forgot to mention - I turned system restore off - as I suspect this may have had something to do with the re-infection. Is it safe to turn back on once system appears clean?
If you are sure that your clean. A program that I use to backup the registry at different points during a disinfections is ERUNT found here http://home.t-online.de/home/lars.hederer/erunt/ you might want to check it out. It is an emergency registry recover tool. Very simple, very helpful.
I just realised - you have to pay to update the definitions on SpySweeper - guess I'll have to try something else as I can't afford more software bills!!!
I clean my kids systems and clients systems using these free apps:
1. SpywareBlaster (makes an extensive list of IE Restricted Sites)
2. Spybot S&D
3. Adaware
4. CWShredder
5. Autoruns (by sysinternals.com shows ALL things that load at boot)
6. HijackThis (if necessary)
7. Regedit
First thing I do is kill all unneeded processes, then I delete unnecessary files in: (usually using command prompt after killing explorer.exe)
c:\windows\temp
c:\windows\downloaded program files
docs&settings\user\local settings\temp
docs&settings\user\local settings\tif
docs&settings\user\cookies
Then I run autoruns and use regedit to get rid of the startup items. Then run antispy apps as needed. AFTER all spyware has been cleaned I then run antivirus.
