very sick comp.

I was cleaning a computer that was very sik

It had no virus or firewall software, and the XP firewall was disabled.

The browser was hijacked so I had no real internet access, it would not let me open "msconfig, taskmanager, or regedit ", they would close instantly.

I had no access to network adapters, it said the service wasn't running but I did have internet.

I installed Adaware in safemode, it found 780+ entries.
I ran the online virus scan at symentac, it found 101 viruses,

among them were the blaster worm, and the W32.Spybot.Worm which counted for about 95% of the files.
There was no virus software so I removed all startup entries from rededit and system.ini. It must hav been more places because all spyware and virus services started up again. about 50 unwanted services running.

the problem is that Adaware won't remove any of the spyware entries, it crashes when you select "clean ".

and I can't install norton2003, it also crashes on install.

i hav some control in safemode, non of the unwanted services startup and I have proper internet access.

any suggestions??

 

perhaps PepiMK's CoolWWWSearch.SmartKiller removal tool followed by CWShredder might help?

from the CWShredder download page , re the removal tool:

but from what it says you may get blown off course trying to get to the downloads page, so the link for CWShredder given above is the "direct" link - it says to use if having trouble accessing the normal ones.

good luck with it & best wishes, HJ.

 

the problem is that Adaware won't remove any of the spyware entries, it crashes when you select "clean ".
===============

Try it in safe mode and only fix one thing at a time,, also install update and run SpyBot S&D,,But first take care of any viruses

as a supplement to the online you did
well get another from one of the other companies if possible and install one of the free av programs
an get and run stinger
McAfee AVERT Stinger 2.0.0
http://www.majorgeeks.com/download4063.html
Theres a list of free on-lines and programs in the pinned topics

are you using the recommended settings for Adaware ?
Adaware 6 How To Perform a Full Scan: http://www.lavahelp.com/howto/fullscan/

about the same thing here
Lavasoft - Basic Settings - Configuration: http://www.lavasoftsupport.com/index.php?showtopic=2933


Let us know what happens

 

Gasoline - the system can probably be made to work and maybe even completely cleaned up including dumping all the bad stuff and fixing what was broken.

But unless there is a compelling reason to do so, I tend to agree with broni. Wipe the thing completely out and start over.

I would also suggest having AV software of some kind on a local removable media so you could install and update it before ever letting the system anywhere near the internet.

 

I'm with Newt and Broni. Reinstall after wiping -too much of a mess to clean up. A few word about the owner- first, he deserves the idiot surcharge on your bill. Second, he needs education. If he won't agree to a reasonable security policy, he has no business being online. There's no tactful way to tell someone they are clueless, and he may not care what a menace his computer is to cyberspace. If that is the case, how will you handle it?

Johanna

 

thnx for the replies,

O'v got a couple tools that I'm goin to try, but if I can't run any spyware or virus software then it will definately be a wipe.

as for the idiot charge, I aggree exept this is for a friend of the family.

She had no idea what a firewall was, and their virus software expired 2 years ago. They thought if they just uninstalled it, the cpu would run faster.
She also has a 16y old son who is probably the cause of most of the spyware/viruses. Lot's of kazaa files and game cracks, not to mention the ****.

infact, one of the spyware files was a "popup ad blocker ". (irony)

They actually called me because they got an email from their ISP saying they were in violation (repeat offence) of their terms of service, as mass amounts of unsolicited emails were being sent from that IP.

They had no idea what the even meant. had their ISP not informed them, they would probably still not have a clue.

 

You could also try this online scanner, which can also fix what it finds. Good luck!