Adaware won't install & install file is deleted

[Und3ertak3r]

Quote:

First This is a machine I am reparing for a Customer..IT IS NOT MINE..
Consideration of Clean Install Is out of the Question..SO DON'T RECOMMEND
I am after pointers not weather reports..and not after hand holding

yes I am in a bad mood.. to add to it it is the Bah Humbug Season again.. I have to go back to the sales floor untill new Year.. An this bloody Compaq laptop finds its way to my desk problem Porn popups.. bloody 15yr old boarding school id-10-t... hormone ridden numb brain retarded boy..

Started where:

Bart-pe: Stinger Scan: Clean

Cant get to the Shell load commands useing the remote registry tools i use.. so can't check .. i do suspect

So: boot the system Live into Safe mode:
CWshredder: 1 hit.. CWS_IEengine

Found a shit load of files in the Win/System Folder random file names 8 to 15 characters in length .. mixture of numbers and letters (as I said random) DLL's and BAK's.. created at set times over 4 days.. but in groups 7:25 - 7:44 one day 18:20 - 18:38 the next day.. about 2 or 3 hundred of these were found.. moved what I could identify to a temp folder..
Spybot with month old defs was throwen into the pit:

Webdailer
VX2/f
Vloading
TIBS
Spex
RadLight media player
Powerscan
n-Case
ISTbar.slotch
Haxdoor-H
DyFuCa.InternetOptimizer
CoolWWWSearch.? (some idiot spilt coffee on his desk damaged his notes)
BlazeFind.SearchEnhancer.ISTbar

Reboot..back to SafeMode

Now Spy Sweeper has a go:

Trojan Jeem
CWS
Hot as Hell
Istbar
Slotchbar
Powerscan
TeenXXX
MoneyTree nem216.dll (had to manually delet this sucker)

Reboot..back to SafeMode

The Cleaner:

BetterInternet 2 versions
LocalNRD 2 versions as well

Reboot..back to SafeMode
Tried to install Adaware.. no joy.. hour glass appeared.. then disappeared

This is when I tried my first normal mode scan with Spybot SnD

Found some odd BHO entries and it errored before completion

BTW.. the Adaware se install file.. that I tried to install.. gone.. (hey I copied it in a folder with a shitload of malware tools while in bart-pe) gone deleted.. recopied from my cd as well as a def update file and moved these to the desk top.. BUT FIRST

HJT: should have looked at this in Bart..note to self..do a win.ini check when next useing Bart..

the entry in the win.ini .. Shell= explorer.exe ; init32m.exe

this init32m.exe is loading with explorer EVEN IN SAFEMODE

edited the entry.. moved the file to my temp folder

restarted: rerun Spybot.. no errors..

displayed some reg entries as BHO problems..

these were in HKLU\software\microsoft\windows\current version\internet settings\WWRU_Owner|....... (I now am pissed at spilling my coffee I am not sure if the WWRU is correct.. but I do know there was a branch for each user including the Administrator)
yet to check how valid thse branches are.. I could only see them when I restarted the machine in safemode.. .. even after deleting them.. still problems safe mode scan again with:
A-squared, the cleaner, spysweeper, spybot, stinger.. and bugger me.. Adaware has gone bloddy AWOL again.. copied back stupid thing won't install..

Boot back to normal mode.. bloody Adaware AWOL again.. copied it back renamed it to "some stupid name".. bugger me if it didn't disappear on restart.. even renamed the darn file on a clean machine copied it to the machine.. same story AWOL after a restart.. even tried to execute the new named file.. btw.. I found I cant leave my USB drive pluged in on restart.. bloody Adaware AWOL...

What ever it is I have missed.. it has wiped the Adaware file.. not just hiddn from view

did a google on this.. 2 mentions.. 1 was the adaware forum.. the other pointed a question back to the same thread.... the ****tards there were implying that the users was just installing the program wrong.. last reply was on the 11th of Nov.. I think the guy gave up in disgust.. so the Lavasoft people are no real help..

hmm tried joining their forum earlier 2day.. still cant post..

so any intelligent ppl there.. clues...???
..

[moxnix]

Und3ertak3r,
I attempted a search for your problem also, but had less luck in finding anything than even you did.

I do have one possible solution, that may help though. I have attached a small program that is a registry cleaner (zipped). It is less than 700kbits but is very good. It will show you every piece of software registered and clean up all orphaned files and registry items. It has several other useful aspects also, that you might find useful. Its a little short on documentation, but I have been using it regularely for over a year with no problems. Have a look at it, and see if it might not help.

The only thing I found in my searching was some guy who couldn't update his AdAware, and it was suggested his host file was the culprit, which wouldn't be in your case as you are loading it from disk.

[Und3ertak3r]

you mean regleaner.exe in this attached file (mine is old --2003)


Haven't tried it yet..thanks for the reminder

cheers

[moxnix]

I have the same one you have, I think. Only one of us (and I think it was me) just sent a zipped shortcut.

Yeppers they are the same one. (I'll correct my attachment if I still can) And it might have been you I got it from in the first place......I know I got it from some one on 'AO'.

[groovicus]

A couple tools that you may find handy undertaker:

From Subratams:http://www.subratam.org/?page=removal

PV.zip There is a readme with it.

This one is from broadband medic. I can't get to the page this morning for some reason, so this is a direct link to the tool:
http://download.broadbandmedic.com/DllCompare.exe <--This will show you any locked .dlls.

The init32m.exe can be killed by using wither the pocket killbox, or using the delete on reboot feature.

Just out of curiosity, try deleting a file. See if the recycle bin is working properly.

[zENGER]

Might try looking at this thread:

http://www.antionline.com/showthread...hreadid=260948

Oddly enough it was you who was asking before, not sure if you ever played around with the idea. Anyway this will allow you to run adaware through a wrapper from BartPE to scan the internal drive.

[wildred]

Just curious if you try running CounterSpy on the machine (new adware/spyware scanner).
Afterwards, see what happens to Adaware.

http://www.sunbelt-software.com/prod...ownload&id=410

[spazzmatrix]

Even though you said not to recommend, but when a computer has that much crap on it. Its time to just re-install windows. If they are worried about losing any information they should of taken better care of their computer. Heck, put all the junk they want saved on a cd for them, then do a clean install and copy the info back. No reason why it wouldnt work to your benefit. Everthing from internet settings, email settings/addressbook/messages, downloads can be put on cd the copied back.

I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything. Cd-r's have become soo cheap backing up should be a simple matter of common sense.

When I used windows, and on the few windows machines I have. Ever program gets put on cd in the case I have a system crash. I even make drive images of the more important machines.

My linux machines have no problems but this isnt about linux.

On a helpfull side, If a software won't install there is probably more viruses, or damaged/currupted files on the drive. Try running a microsoft diagnostic program to ensure all the needed files are good. Also making sure the registry isnt currupt.

Again though some computers are just too damaged from neglect to be repaird with these free tools.

[groovicus]

Quote:

I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything.

Because then the malware writers win. :?

The only systems that I have not been able to repair were ones that had rootkits installed.

EDIT: Which just lead me to another thought. Currently, there are two variants going around that use rootkits to hide themselves. One is a SwapX variant, which shows as an entry in the trusted zone that will not go away.

The other one is a VX2 variant that alot of people have been working on for awhile with little success. The symptoms are a huge number of pop-ups, and when you delete a file, it bypasses the recycle bin.

If it isn't one of these, once you get it narrowed down to an infector, could I get a sample??

[ric-o]

Quote:

Originally posted here by spazzmatrix
I never understood why anyone spends hours fixing a computer riddled with spyware/viruses when it takes 30-45min to just re-install everything. Cd-r's have become soo cheap backing up should be a simple matter of common sense.

Dont for about all the customizations (settings, etc) done to programs that you cant back up. Any power user has tweaked their stuff to the hilt and putting that all back would take days. As was the case when I had to move MY stuff to a new PC at work...more horsepower = good, but customization = tons of time. I've gotten to the point where I'm documenting my setup (OS and app settings) because most apps dont let me back the settings up.

I agree that there is a point where you have diminishing returns: if you spend more time trying to clean the PC up than it would take to reinstall the OS, apps, and do your tweaking or customization than it's not worth it. For the average user that probably is around 1.5 hrs...for software developers we may be talking 3+ hours. On family and friend's PCs you have to spend more time because of their "comfort factor" about redeploying...not to mention you have more time than at work because you're not on the clock.

That "comfort factor" is pretty significant and requires much coaching/educating of user by us (the techies). The owner who really doesn't want to have to re-configure their PC and is nervous about whether files will be lost.