February 13th, 2006, 06:15 AM
Hey, I'm over at my friends house and im trying to setup his computer, recently it started coming up with spyware and he couldn't figure out why. I have run the following programs in safemode:
Avg virus scanner
and a program he installed himself, Spydoctor - I question this program because I havn't heard of it, but that doesn't mean much.
I have removed about 200 malware infected files from this computer, in addition to worms, hijackers, viruses, and trojans. Spybot continuously comes up saying that 3 items could not be removed and spybot will run on next startup, but even on startup I get the same message.
I continue to have problems with this system and I dont care to reinstall windows on it, I'm wondering if there is another step or if I should just bite the bullet and reinstall?
Win xp home
*prior to me installing programs*
*additional programs i just installed*
One file that keeps on coming up, one that could not be removed by spybot is called PMS111x, and another file that comes back is surfsidekick.
Any help would be appreciated. Thanks
February 13th, 2006, 06:43 AM
This won't help with the immediate problem, but after you get it clean, install Spywareblaster. It's free, has regular updates, and it prevents spyware from being installed rather than looking for it after the fact.
For the present infections you could run Hijack This and post the log it produces.
February 13th, 2006, 06:59 AM
once a system has been compromised you cant truly know that it wont remain so. if it were my comp that was that ****ed up, id reinstall, whether or not i could theoretically get rid of everything being reported.
February 13th, 2006, 08:26 AM
Format. Reinstall and don't install any free anti-spyware program or anti-virus. Download Mozilla Firefox and tell your friend to watch what he is downloading.
The access to the computer or
anything else that shows us how the
world works must be total and
February 14th, 2006, 10:56 AM
Go here, http://www.emsisoft.com/en/software/download/ and download ASquared Free or the 30 day demo, it will remove the junk. Once installed run under Normal mode. You may also find Trend Micro's antispyware helpful in cleaning the PC up.
February 14th, 2006, 11:30 AM
Did you try disabling system restore before running these?
I would try that, reboot, rerun those mentioned above, then try Trendís House Call
Let us know how you make out.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
February 14th, 2006, 11:36 AM
I can't say this is the best advice I have ever heard.
Format. Reinstall and don't install any free anti-spyware program or anti-virus.
get this CCleaner
and this McAfee Stinger
and run them.
Then run ad aware in safe mode and then if anything was found, reboot back into safe mode and repeat till you get 2 clear scans. Don't run spybot in safe mode, it is not designed for it.
Then reboot in normal mode, give these online scan a go
and keep the logs so you can post them here
Then run HiJackThis and do a scan and save a log.
Then post the logs here, and the superduper people here will give you some feedback on what to do next.
Sarcasm is a way of life
February 14th, 2006, 11:43 AM
Make sure that you update all anti-malware and run them in SAFE MODE
Get this, update it and run it:
Again, in safe mode
In safe mode you have a much better chance of removing stuff, as most of it won't be active.
What you have to ask yourself is did any of the trojans manage to contact the outside? if the answer is a definate "no", then you don't have to reformat and reinstall.
February 14th, 2006, 01:28 PM
When you get a chance, read How did I get infected in the first place
then if you want to review any other suspicious software read this Rogue Antipsyware Programs
Note: do not disable system restore untill you have identified the problem, System restore is a get out of jail card, you may need.System Restore when you have isolated the problems and still cannot get rid of them either through safe mode or from the HJT fix, then you should flush your system restore points, as sometimes exe's will be in the systemvolumeinformation restore point and will try to execute each time you boot up.
Unfortunately, one of the downsides of the automatic aspect of System Restore is that if your system gets a virus, trojan or such like, before your anti-virus or other security software removes the offender, System Restore backs it up. This effectively renders System Restore useless, because either restoring your system to a previous state can re-establish the virus or other malicious files you have removed, or your anti-virus program will (rightly) prevent you from reverting your system to a previous state (or other subsequent Restore Point) because the System Volume Information folder(s) (where Restore Points are saved) has a virus in it.
So proceed with caution, after you have cleaned the system, re-enable system restore and set a manual restore point....
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."