Iím attempting to cleanse a computer. It had 512 pieces of adware and 327 viruses.
Got rid of all but one which is really giving me the fingerÖ.betterinternet. Iíve tried everythingÖ in normal and safe-mode, including scanning for ADS (of which I found nothing except the usual ones that XPsp2 adds) and using the tool Symantec has for removing adware.betterinternet. The tool didnít even find a trace of betterinternet but a process is running that when deleted starts again under a different name made up of random letters and gets registered as a service, I found eight instances using psservices.
Does anyone have any knowledge of this?
The machine is running XP home and the first thing I did is disable system restore.
May 10th, 2005, 08:14 PM
does xp home have the boot up option to do a step by step confirmation?
If not maybe make a boit disk and put the removal tool on the disk, do a step by step confirmation to ensure the registry does not run the crap-ware and that it isnt getting started as some system file or piggy backed off something else. Its a long shot but maybe it will work.
May 10th, 2005, 08:59 PM
xp home does not have a step by step start-up option. when i first began all this i ran stinger and a few other tools from bartPE but when i got down to this one i tried safe mode only but figured what the heck i didn't try this so following you suggestion i tried runing the tool from bart but it still didn't find anything but thanks for the advice. i appreciate it.
May 10th, 2005, 09:54 PM
Hmmmm, Hi, Ted
I presume that you have tried Spybot S&D and Win Patrol?
If you start Spybot in "advanced" mode it lets you look at all sorts of stuff like BHOs.......might be worth a look? Also Win Patrol gives you some good hands on control of what starts and runs.
And there is always the good 'ol 30 day Moosoft "The Cleaner" trial?
I firmly believe that the criminalisation of the production and association with this kind of garbage should progress...........
If you cannot remove software from your system at the "jack knows sh1t all" level then it is criminal, with criminal intent............time to show some of the fat ba$tard suits that we mean business?
Please lobby your politico :)
May 10th, 2005, 09:58 PM
I believe I had the same problem with a machine someone brought to me about a month ago.
Wound up booting in safe mode then using the manual delete method ( editing the registry by hand, etc. ) as no tools would work.
Finally got rid of it, but it was a pain.
Oh, one more thought. I noticed very large temp folders . Seems when it started it would fill them up with crap while installing itself, then muck things up even when the computer was started in safe mode. Had to clean all temp files etc. before rebooting into safe mode.
Hope this helps.
May 10th, 2005, 10:57 PM
I believe this was what I had on a users home computer recently. I gave it to one of my staff as a learning excercise....
A day later we traced the actual infection to the system process itself.... :eek: I taught her something.... There _is_ a time to give up.... We backed up data, reformatted and reinstalled. It works fine now..... ;)
May 11th, 2005, 12:13 AM
betterinternet = vx2 = L2M = PITA
There are some specialized tools to deal with this, depending on the flavor you have. If you post up a HJT I'll probably be able to figure out which tool you need & link you to it.
May 11th, 2005, 01:40 AM
Sorry to take so long in replying. Had an emergency at a remote (but close, 20 miles) location and had to leave.
Wound up giving the computer back telling him to copy all the files he wanted off before connecting to the internet again. He had 19+ gig of mp3s and vids and I wasnít going to deal with that. Told him to expect pop-ups within the first hour (first min. really), use it until it was unusable, then let me have it again to re-install.
When I get it back im going to follow all your advice and anything else I can learn on the subject. I really hate to be defeated by these bozos. Then Iíll reinstall because there IS too much crap on his box.
Thank you all for helping.
P.S nilih, i did ask the guy if he wanted to sue these bastards and he said he did want to. gave him the company name and info and we'll see what happens. fixing the computer was a freebee but i'll testify for a cut.
May 11th, 2005, 05:47 PM
I had a pc with some spyware that was a real pain. After you cleaned the computer it the bug renamed itself during the windows shut down process. Had to clean it and then pull the plug to crash it and it worked fine after.
May 11th, 2005, 05:51 PM
I would tell your customer even if you clean out a virus the virus will leave holes in the OS making it vulnerable to other attacks and on top of that unstable. Having that many viruses, spy ware, ad ware, and mal ware would be a very good reason to reload the system. The fact that you spent time trying to remove the viruses just lost you time and we know that time is money. But if you really want to remove that virus I would pull the hard drive and place it in another computer as a slave and run the latest antivirus. This should remove it. The fact is the virus is running in your processes and himem, trying to remove it will just give you what you already know (it comes back under a different name). So you are on the right track now but make sure that the customer doesnít back up the virus as well.