A really stupid question about removing spyware
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: A really stupid question about removing spyware

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    187

    A really stupid question about removing spyware

    I was checking my system for spyware with Spybot(that's the best program for spyware ever done ) And it found something. I said to delete it. After thinking a while it said that it can't and asked me if I want that it starts next time with windows. I said okey i restarted the machine and then spybot started checked the system, found the same **** on my PC and told me again the same thing: cannot remove the **** is in use . So I said if you can't do it my friend I will do it by myself. I went in the regestry and deleted the spyware. My question is: "I'm I free of this ****?" I was wondering, how it is possible that spybot can't delete this tracking things and I can do with out anyproblem? Spybot didn't find them anymore(the spyware). So I'm I free?
    Remember, all I\'m offering is the truth, nothing more.

  2. #2
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    I would like to know the same thing. I get the same problem when Norton2002 detects a virus but can not remove it. How lame is that. Either way I can either just delete it myself or I have to attrib -s -h <file> before it lets me delete it, but why can't the all powerful norton antivirus remove the system/hidden attributes.
    The command completed successfully.


    \"They drew first blood not me.\"

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    No tool can remove a file if it is in use (in general). Did you ever consider running the tool in safe mode? Most of the time that will work.

    I went in the regestry and deleted the spyware.
    No, you didn't delete the spyware.. you deleted the registry entry that started the file.

  4. #4
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716

    You Could




    You could also try Ctrl-Alt-Delete, to Windows task manager, identify the process of the Proggie. manually close it, and run your Spybot.

    Me thinks that would work.


    BTW- Whether or not Spybot is the best ever made is debatable.


    Get some good religion from Bad Religion.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    it could also be a false positive. which means that it thinks its there but really isnt. so it cant delete it.

    oh, and its generally not a good idea to make the subject of your post any in the realm of "a stupid question about..."

    why would anyone want to read stupid question? I only read it becasue i am out of other things to read.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Banned
    Join Date
    Jun 2005
    Posts
    445
    You could also try Ctrl-Alt-Delete, to Windows task manager, identify the process of the Proggie. manually close it, and run your Spybot.
    This usually works, although, often enough there are combinations of processes that work together to respawn when you close them. Also... some things don't show up in the process listing directly. (ie... svchost.exe)

    A Groovicus mentions, safe mode is usually the best way to work with malware. It starts the system up with a bare minimum of proccesses and devices. This prevents most malware from even starting, regardless of whether the malware has a registry entry. It also cuts back on system overhead, making tools run signifigantly faster in some cases.

    As far as Spybot being the best... the best is whatever works best for you. I myself, like regedit.

    Note: I use the term "malware" instead of spyware due to the fact that these methods work well for just about any ill-intentioned peice of software. Viruses, spyware, AOL, whatever you happen to be infected with.

    EDIT: The reason Spybot no longer finds the malware is because the registry entry is gone, detection occurs in the registry, not with the actual binary IIRC.

    EDIT 2: Attempted to correct horrible spelling/grammar. Probably failed.

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    EDIT: The reason Spybot no longer finds the malware is because the registry entry is gone, detection occurs in the registry, not with the actual binary IIRC.
    in spybot yes. in adaware it does the registry as well as matching gilenames and process names.(more likie virus scanners) that is why spybot has that number on the bottom and is generally faster, it is just matching reg keys. and I agree...regedit seems to work well for me. although adaware and spybot are also good programs.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #8
    Banned
    Join Date
    Jun 2005
    Posts
    445
    although adaware and spybot are also good programs
    Definitely... My point was that the best tool is the one that works best for you. Anybody can use Spybot or Adaware... but do you really want grandma playing with regedit? Even if regedit is more powerful, direct, whatever, it is more dangerous. It all depends on the skill of the user.


    Oh yeah... I don't know if there is a thread about this yet... if not I will be posting one...

    Trendmicro Housecall, one of the best online virus scanners has a new version out for beta testing. The new housecall also does spyware/adware and security checks including missing patches. It's definitely worth a try. And last time I checked, it was completely free. Housecall You do need IE and ActiveX for this to run properly IIRC.

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    It all depends on the skill of the user.
    I couldnt agree more. I would have a heart attack if I walked in on one of my users with regedit open, but if they were running adaware...well Id have a heart attack anyway, but that would be out of shock and not pure horror. lol
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    Banned
    Join Date
    Jun 2005
    Posts
    445
    The real problem with computer software in general is user skill. You have to find the perfect balance between useability and functionality. A perfect example of this is something like Spybot vs. something like HijackThis. Spybot is simple, easy to use and comprehensive, but lacks, well maybe not heuristic, but the ability to clean "undocumented" items. HijackThis on the other hand, lacks definition files, and any useful guidelines, instead, giving the user the ability to almost completely clean the system of malware by presenting every registry key that can be used in browser hijacks, auto startups, etc., and allowing a skilled tech to comprehensively clean the system, without worrying about whether a specific item is "defined."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides