Results 1 to 10 of 10

Thread: Adaware won't install & install file is deleted

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Adaware won't install & install file is deleted

    First This is a machine I am reparing for a Customer..IT IS NOT MINE..
    Consideration of Clean Install Is out of the Question..SO DON'T RECOMMEND
    I am after pointers not weather reports..and not after hand holding
    yes I am in a bad mood.. to add to it it is the Bah Humbug Season again.. I have to go back to the sales floor untill new Year.. An this bloody Compaq laptop finds its way to my desk problem Porn popups.. bloody 15yr old boarding school id-10-t... hormone ridden numb brain retarded boy..

    Started where:

    Bart-pe: Stinger Scan: Clean

    Cant get to the Shell load commands useing the remote registry tools i use.. so can't check .. i do suspect

    So: boot the system Live into Safe mode:
    CWshredder: 1 hit.. CWS_IEengine

    Found a **** load of files in the Win/System Folder random file names 8 to 15 characters in length .. mixture of numbers and letters (as I said random) DLL's and BAK's.. created at set times over 4 days.. but in groups 7:25 - 7:44 one day 18:20 - 18:38 the next day.. about 2 or 3 hundred of these were found.. moved what I could identify to a temp folder..
    Spybot with month old defs was throwen into the pit:

    Webdailer
    VX2/f
    Vloading
    TIBS
    Spex
    RadLight media player
    Powerscan
    n-Case
    ISTbar.slotch
    Haxdoor-H
    DyFuCa.InternetOptimizer
    CoolWWWSearch.? (some idiot spilt coffee on his desk damaged his notes)
    BlazeFind.SearchEnhancer.ISTbar

    Reboot..back to SafeMode

    Now Spy Sweeper has a go:

    Trojan Jeem
    CWS
    Hot as Hell
    Istbar
    Slotchbar
    Powerscan
    TeenXXX
    MoneyTree nem216.dll (had to manually delet this sucker)

    Reboot..back to SafeMode

    The Cleaner:

    BetterInternet 2 versions
    LocalNRD 2 versions as well

    Reboot..back to SafeMode
    Tried to install Adaware.. no joy.. hour glass appeared.. then disappeared

    This is when I tried my first normal mode scan with Spybot SnD

    Found some odd BHO entries and it errored before completion

    BTW.. the Adaware se install file.. that I tried to install.. gone.. (hey I copied it in a folder with a shitload of malware tools while in bart-pe) gone deleted.. recopied from my cd as well as a def update file and moved these to the desk top.. BUT FIRST

    HJT: should have looked at this in Bart..note to self..do a win.ini check when next useing Bart..

    the entry in the win.ini .. Shell= explorer.exe ; init32m.exe

    this init32m.exe is loading with explorer EVEN IN SAFEMODE

    edited the entry.. moved the file to my temp folder

    restarted: rerun Spybot.. no errors..

    displayed some reg entries as BHO problems..

    these were in HKLU\software\microsoft\windows\current version\internet settings\WWRU_Owner|....... (I now am pissed at spilling my coffee I am not sure if the WWRU is correct.. but I do know there was a branch for each user including the Administrator)
    yet to check how valid thse branches are.. I could only see them when I restarted the machine in safemode.. .. even after deleting them.. still problems safe mode scan again with:
    A-squared, the cleaner, spysweeper, spybot, stinger.. and bugger me.. Adaware has gone bloddy AWOL again.. copied back stupid thing won't install..

    Boot back to normal mode.. bloody Adaware AWOL again.. copied it back renamed it to "some stupid name".. bugger me if it didn't disappear on restart.. even renamed the darn file on a clean machine copied it to the machine.. same story AWOL after a restart.. even tried to execute the new named file.. btw.. I found I cant leave my USB drive pluged in on restart.. bloody Adaware AWOL...

    What ever it is I have missed.. it has wiped the Adaware file.. not just hiddn from view

    did a google on this.. 2 mentions.. 1 was the adaware forum.. the other pointed a question back to the same thread.... the ****tards there were implying that the users was just installing the program wrong.. last reply was on the 11th of Nov.. I think the guy gave up in disgust.. so the Lavasoft people are no real help..

    hmm tried joining their forum earlier 2day.. still cant post..

    so any intelligent ppl there.. clues...???
    ..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Und3ertak3r,
    I attempted a search for your problem also, but had less luck in finding anything than even you did.

    I do have one possible solution, that may help though. I have attached a small program that is a registry cleaner (zipped). It is less than 700kbits but is very good. It will show you every piece of software registered and clean up all orphaned files and registry items. It has several other useful aspects also, that you might find useful. Its a little short on documentation, but I have been using it regularely for over a year with no problems. Have a look at it, and see if it might not help.

    The only thing I found in my searching was some guy who couldn't update his AdAware, and it was suggested his host file was the culprit, which wouldn't be in your case as you are loading it from disk.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    you mean regleaner.exe in this attached file (mine is old --2003)


    Haven't tried it yet..thanks for the reminder

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  4. #4
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I have the same one you have, I think. Only one of us (and I think it was me) just sent a zipped shortcut.

    Yeppers they are the same one. (I'll correct my attachment if I still can) And it might have been you I got it from in the first place......I know I got it from some one on 'AO'.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    A couple tools that you may find handy undertaker:

    From Subratams:http://www.subratam.org/?page=removal

    PV.zip There is a readme with it.

    This one is from broadband medic. I can't get to the page this morning for some reason, so this is a direct link to the tool:
    http://download.broadbandmedic.com/DllCompare.exe <--This will show you any locked .dlls.

    The init32m.exe can be killed by using wither the pocket killbox, or using the delete on reboot feature.

    Just out of curiosity, try deleting a file. See if the recycle bin is working properly.

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Might try looking at this thread:

    http://www.antionline.com/showthread...hreadid=260948

    Oddly enough it was you who was asking before, not sure if you ever played around with the idea. Anyway this will allow you to run adaware through a wrapper from BartPE to scan the internal drive.

  7. #7
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Just curious if you try running CounterSpy on the machine (new adware/spyware scanner).
    Afterwards, see what happens to Adaware.

    http://www.sunbelt-software.com/prod...ownload&id=410
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    131
    Even though you said not to recommend, but when a computer has that much crap on it. Its time to just re-install windows. If they are worried about losing any information they should of taken better care of their computer. Heck, put all the junk they want saved on a cd for them, then do a clean install and copy the info back. No reason why it wouldnt work to your benefit. Everthing from internet settings, email settings/addressbook/messages, downloads can be put on cd the copied back.

    I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything. Cd-r's have become soo cheap backing up should be a simple matter of common sense.

    When I used windows, and on the few windows machines I have. Ever program gets put on cd in the case I have a system crash. I even make drive images of the more important machines.

    My linux machines have no problems but this isnt about linux.

    On a helpfull side, If a software won't install there is probably more viruses, or damaged/currupted files on the drive. Try running a microsoft diagnostic program to ensure all the needed files are good. Also making sure the registry isnt currupt.

    Again though some computers are just too damaged from neglect to be repaird with these free tools.
    Whats a \"START\" button?

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything.
    Because then the malware writers win. :?

    The only systems that I have not been able to repair were ones that had rootkits installed.

    EDIT: Which just lead me to another thought. Currently, there are two variants going around that use rootkits to hide themselves. One is a SwapX variant, which shows as an entry in the trusted zone that will not go away.

    The other one is a VX2 variant that alot of people have been working on for awhile with little success. The symptoms are a huge number of pop-ups, and when you delete a file, it bypasses the recycle bin.

    If it isn't one of these, once you get it narrowed down to an infector, could I get a sample??

  10. #10
    Originally posted here by spazzmatrix
    I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything. Cd-r's have become soo cheap backing up should be a simple matter of common sense.
    Dont for about all the customizations (settings, etc) done to programs that you cant back up. Any power user has tweaked their stuff to the hilt and putting that all back would take days. As was the case when I had to move MY stuff to a new PC at work...more horsepower = good, but customization = tons of time. I've gotten to the point where I'm documenting my setup (OS and app settings) because most apps dont let me back the settings up.

    I agree that there is a point where you have diminishing returns: if you spend more time trying to clean the PC up than it would take to reinstall the OS, apps, and do your tweaking or customization than it's not worth it. For the average user that probably is around 1.5 hrs...for software developers we may be talking 3+ hours. On family and friend's PCs you have to spend more time because of their "comfort factor" about redeploying...not to mention you have more time than at work because you're not on the clock.

    That "comfort factor" is pretty significant and requires much coaching/educating of user by us (the techies). The owner who really doesn't want to have to re-configure their PC and is nervous about whether files will be lost.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •