Results 1 to 10 of 10

Thread: bitter internet

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785

    bitter internet

    I’m attempting to cleanse a computer. It had 512 pieces of adware and 327 viruses.

    Got rid of all but one which is really giving me the finger….betterinternet. I’ve tried everything… in normal and safe-mode, including scanning for ADS (of which I found nothing except the usual ones that XPsp2 adds) and using the tool Symantec has for removing adware.betterinternet. The tool didn’t even find a trace of betterinternet but a process is running that when deleted starts again under a different name made up of random letters and gets registered as a service, I found eight instances using psservices.

    Does anyone have any knowledge of this?

    The machine is running XP home and the first thing I did is disable system restore.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    does xp home have the boot up option to do a step by step confirmation?

    If not maybe make a boit disk and put the removal tool on the disk, do a step by step confirmation to ensure the registry does not run the crap-ware and that it isnt getting started as some system file or piggy backed off something else. Its a long shot but maybe it will work.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    xp home does not have a step by step start-up option. when i first began all this i ran stinger and a few other tools from bartPE but when i got down to this one i tried safe mode only but figured what the heck i didn't try this so following you suggestion i tried runing the tool from bart but it still didn't find anything but thanks for the advice. i appreciate it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm, Hi, Ted

    I presume that you have tried Spybot S&D and Win Patrol?

    If you start Spybot in "advanced" mode it lets you look at all sorts of stuff like BHOs.......might be worth a look? Also Win Patrol gives you some good hands on control of what starts and runs.

    Otherwise a couple you might not have tried?:

    http://www.ewido.net/en/

    http://www.emisoft.com/en/software/free/

    And there is always the good 'ol 30 day Moosoft "The Cleaner" trial?

    I firmly believe that the criminalisation of the production and association with this kind of garbage should progress...........

    If you cannot remove software from your system at the "jack knows sh1t all" level then it is criminal, with criminal intent............time to show some of the fat ba$tard suits that we mean business?

    Please lobby your politico

  5. #5
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I believe I had the same problem with a machine someone brought to me about a month ago.

    Wound up booting in safe mode then using the manual delete method ( editing the registry by hand, etc. ) as no tools would work.

    Finally got rid of it, but it was a pain.

    Oh, one more thought. I noticed very large temp folders . Seems when it started it would fill them up with crap while installing itself, then muck things up even when the computer was started in safe mode. Had to clean all temp files etc. before rebooting into safe mode.

    Hope this helps.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I believe this was what I had on a users home computer recently. I gave it to one of my staff as a learning excercise....

    A day later we traced the actual infection to the system process itself.... I taught her something.... There _is_ a time to give up.... We backed up data, reformatted and reinstalled. It works fine now.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    Feb 2004
    Posts
    201
    betterinternet = vx2 = L2M = PITA

    There are some specialized tools to deal with this, depending on the flavor you have. If you post up a HJT I'll probably be able to figure out which tool you need & link you to it.

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    Sorry to take so long in replying. Had an emergency at a remote (but close, 20 miles) location and had to leave.

    Wound up giving the computer back telling him to copy all the files he wanted off before connecting to the internet again. He had 19+ gig of mp3s and vids and I wasn’t going to deal with that. Told him to expect pop-ups within the first hour (first min. really), use it until it was unusable, then let me have it again to re-install.

    When I get it back im going to follow all your advice and anything else I can learn on the subject. I really hate to be defeated by these bozos. Then I’ll reinstall because there IS too much crap on his box.

    Thank you all for helping.


    P.S nilih, i did ask the guy if he wanted to sue these bastards and he said he did want to. gave him the company name and info and we'll see what happens. fixing the computer was a freebee but i'll testify for a cut.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    I had a pc with some spyware that was a real pain. After you cleaned the computer it the bug renamed itself during the windows shut down process. Had to clean it and then pull the plug to crash it and it worked fine after.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  10. #10
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    I would tell your customer even if you clean out a virus the virus will leave holes in the OS making it vulnerable to other attacks and on top of that unstable. Having that many viruses, spy ware, ad ware, and mal ware would be a very good reason to reload the system. The fact that you spent time trying to remove the viruses just lost you time and we know that time is money. But if you really want to remove that virus I would pull the hard drive and place it in another computer as a slave and run the latest antivirus. This should remove it. The fact is the virus is running in your processes and himem, trying to remove it will just give you what you already know (it comes back under a different name). So you are on the right track now but make sure that the customer doesn’t back up the virus as well.
    S25vd2xlZGdlIGlzIHBvd2VyIQ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •