June 22nd, 2008, 02:32 AM
Hi, hope some genius can help me. I have WindowsXP, IE7 and I have spyware running that I can't get rid of. I tried 2 weeks ago to download Microsoft Malware Removal Tool, Spybot, AdAware and could not download them, I got error msgs after each attempt that they were "not a valid Win32 application". Since yesterday afternoon I have been trying to run Microsoft Safety Scanner, hours at a time to download, never completed...I got an error msg 0x08402805, which indicates that my internet connection was interrupted, but it wasn't. Since this morning, I have successfully run Microsoft Clean up Scan, Microsoft Tune up Scan and have been trying for the last 10 hours to download the Protection Scan (these three make up the "Safety Scan", I just thought it would be easier one at a time) but the Protection Scan gets to about 70% and won't go any further, same error msg every time 0x08402805. I've tried all the suggestions I can find except dickering with my registry, none work. I need the spyware gone because I process sensitive info constantly...Please help
June 22nd, 2008, 10:46 AM
Have you any idea what the spyware is?
Your downloading problem might be unrelated as I have heard of people having those issues with IE7 and XP and particularly with the MS security products.
You might try Firefox or Opera and see if you can download Spybot and A-squared using them. Otherwise download them on another computer and burn them to a CD/DVD before installing on the target machine.
My preferred methods in these circumstances are:
1. Slave the HDD to another computer and run the antimalware scans from there.
2. Use a live CD and boot from that.
Of course, the "safest" method is to save your data, format the drive and reinstall.
June 22nd, 2008, 02:17 PM
My daughter's HD had something similar.
We use Avast for AV protection, it wouldn't let Avast get through it's memory check. I started Avast, killed the memory check. Set the computer for a boot scan and rebooted. A boot scan is when the OS only comes up and then only runs the Virus scan. There's no other program in the way. If your AV program doesn't have a boot sector scan option get Avast, it's free.
Another free product you could try is Spybot Search and Destroy. Once you get the little bugger removed, you could set up Spybot to run Teatimer as resident program. This will stop future changes to you registry and startup without your permission.
Good luck and keep us posted.
"Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot
June 22nd, 2008, 08:42 PM
Hey Nihil, you're way above my head. I don't know what spyware I've got but someone in Germany stole a domain from me pretty much as I was paying for it. Yahoo says that the only way that can happen is if someone knows what I'm doing, it was an odd name. I've had tons of runtime errors for the past month (R6025) and very slow performance....course it's dial up so that's part of it, but much slower than usual, and wierd popup ads that seem to go along with some of my email content. So, as I said I've tried everything but what you're suggesting, can you get me started? Then I'll try fourdc's advice. Hey, could Yahoo be causing this? This all seemed to start within about a month of installing it......????
June 22nd, 2008, 10:19 PM
One more thing that might be important, when I first tried to dl Spybot and the others two weeks ago, they would completely download, then I would get an error msg that said "not a valid Win32 application". Last night, after I gave up on the MS Protection Scan, I tried to dl the WindowsXP Svc Pack 3, to see if that was the problem. I started at about 10:30 pm and around 4:30 am, got a msg that it failed to download, I didn't see any other msgs so I have no details there....It hasn't been 2 years since I had to re-format this thing for similar problems...I hate, hate, hate to do it again....
June 23rd, 2008, 02:08 AM
Download the apps on another PC.. Get the A Squared as Nihil recommends..
Load thes onto a jumpdrive..(USB Memeory Stick)
START THE PC IN SAFE MODE.. follow the following instructions..
Just some apps will not install in safemode.. but it should be enough to see if the Win32 errors still occure when attempting to install those apps..
If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.
To use the System Configuration Utility method
- If the computer is running, shut down Windows, and then turn off the power
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.
- Close all open programs.
- Click Start, Run and type MSCONFIG in the box and click OK
- The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
- The computer restarts in Safe mode.
- Perform the troubleshooting steps for which you are using Safe Mode.
When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
June 23rd, 2008, 02:55 AM
Thanks so much Und3ertak3r, I'll give it a shot!
June 23rd, 2008, 02:31 PM
Umm.. above all "DISABLE SYSTEM RESTORE"....
Try doing an online scan at either safety.microsoft.com or kaspersky.com
see what is that it detects.. give us the name maybe there is a removal tool for it..
1. download - http://www.trendmicro.com/ftp/products/tsc/sysclean.com (save it in C:\clean folder, create the folder[folder name doesnt matter])
2. download - http://www.trendmicro.com/ftp/produc...ern/lpt357.zip (its' latest one as of this reply, but it should do even if you download it later; save it in C:\clean [same as above folder])
3. Deflate the second file that you downloaded and extract it in the same folder (C:\clean, as of now)
4. Run sysclean.com and let it scan..
DO THE SAME IN SAFE MODE TOO.. See if it helps.
will write a complete spyware removal procedure soon..
Last edited by ByTeWrangler; June 23rd, 2008 at 02:33 PM.
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
June 23rd, 2008, 05:54 PM
Better yet, why not just learn how to use your policy editor for that type of thing instead.
This will stop future changes to you registry and startup without your permission.
June 23rd, 2008, 06:15 PM
TeWrangler - the second file downloaded for 2 1/2 hours then, with 28 secs left, I got an error msg that said that Internet explorer could not download the file because the connection to the server was reset...!!!!!!!
I'm gonna try again.
Would you tell me what deflate and extract mean? Sorry.
Last edited by jenniferdoes; June 23rd, 2008 at 06:18 PM.
By ric-o in forum Spyware / Adware
Last Post: March 10th, 2005, 06:09 PM
By SDK in forum Spyware / Adware
Last Post: February 9th, 2005, 07:32 PM
By StatiCoR3 in forum The Security Tutorials Forum
Last Post: August 12th, 2004, 12:11 AM
By Spyder32 in forum The Security Tutorials Forum
Last Post: July 24th, 2004, 07:31 AM
By saintakaagni in forum Spyware / Adware
Last Post: February 4th, 2004, 10:48 AM