1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Lavasoft Malware

Discussion in 'Other PC Software' started by gw1500se, 2015/08/18.

  1. 2015/08/18
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Somehow I got Lavasoft's Ad-Ware installed and can't get rid of it. I used Revo uninstall which removed everything except LavasoftTcpService64.dll. That is apparently loaded by service.exe so I can even get rid of it in safe mode. What do I do? TIA.
     
    gw1500se,
    #1
  2. 2015/08/18
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,314
    Likes Received:
    252
    Click on START->RUN and type: MSCONFIG

    Look in the startup tab for reference to Lavasoft.

    Or Control Panel->Admin Tools->Services to see if there is a service you can stop and disable.
     
    Steve R Jones,
    #2


  3. to hide this advert.

  4. 2015/08/18
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Already did that. Nothing. That is why I'm here.
     
    gw1500se,
    #3
  5. 2015/08/18
    lj50 Lifetime Subscription

    lj50 SuperGeek WindowsBBS Team Member

    Joined:
    2003/07/04
    Messages:
    2,801
    Likes Received:
    137
    You may also need to do this although I'm not sure Back up you registry
    Folders that were found:
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2

    Files remaining:
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftLSPInstaller.exe
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftLSPInstaller.ini
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftLSPInstaller64.exe
    C:\Program Files\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.dll

    You will find in the Windows Registry that the following keys will not be cleaned; remove them one by one using regedit.exe:
    HKEY_CLASSES_ROOT\AppID\LavasoftTcpService.exe
    HKEY_CLASSES_ROOT\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5916A24B-59A4-4FDB-9753-499CB1F65362}

    Additional values that are not removed:
    HKEY_CLASSES_ROOT\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\
    HKEY_CLASSES_ROOT\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\
    HKEY_CLASSES_ROOT\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\
    HKEY_CLASSES_ROOT\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\
     
    lj50,
    #4
  6. 2015/08/18
    Steve R Jones

    Steve R Jones SuperGeek Staff

    Joined:
    2001/12/30
    Messages:
    12,314
    Likes Received:
    252
    And are you getting something somewhere that resembles an error message?
     
    Steve R Jones,
    #5
  7. 2015/08/18
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Not directly. I have some real software that it is interfering with so I need to remove it.
     
    gw1500se,
    #6
  8. 2015/08/18
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Thanks but all that was already gone (Revo uninstall does a pretty good job). The crux of the problem is that services.exe loads that dll and as far as I know there is no way to boot without services.exe thus no way to remove that file. There must be something somewhere that tells services.exe waht to load but it is apparently not in the registry. I guess I need to boot a Linux shell to remove it. I'm going to try Haren's.
     
    gw1500se,
    #7
  9. 2015/08/18
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Haren's worked.
     
    gw1500se,
    #8
  10. 2015/08/18
    retiredlearner

    retiredlearner SuperGeek WindowsBBS Team Member

    Joined:
    2004/06/25
    Messages:
    7,209
    Likes Received:
    514
    Harens or Hirens? What did you use to delete it? Neil.
     
    retiredlearner,
    #9
  11. 2015/08/19
    gw1500se

    gw1500se Well-Known Member Thread Starter

    Joined:
    2003/01/10
    Messages:
    444
    Likes Received:
    0
    Typo. I used miniXP.
     
    gw1500se,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...