• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Unbelievable...annoyance at its finest

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Well...after you get this fixed (formatted), you might want to go to here:
http://www.i-hacked.com/content/view/134/42/

Sometimes a Windows install can get corrupted or compromised in such a way that it?s hard to correct without removing the hard drive and using another computer and Operating System to fix it. Bart?s PE Builder is a free tool that allows you to create a bootable Windows CD or DVD from an existing install CD of Windows XP or Windows Server 2003. This Windows boot CD runs a cut down version of XP, with network, gui and FAT/NTFS/CDFS file system support. Since you can run Windows applications from this boot CD it?s a useful tool for fixing various problems on Windows 2000/2003/XP/9x system that can not easily be fixed while booted from the copy of Windows on the hard drive. The company Winternals makes a similar tool called ERD Commander, but it costs $149 to $299 and lacks the third party plugin support that Bart?s PE Builder has. By using the PE Builder Plugins that others have created you can easily add software to your bootable CD to do all sorts of tasks:



? Run Anti-Spyware tools like Ad-Aware Pro SE or HiJackThis.
? Use MSConfig to configure what apps start on login.
? Read and write to NTFS and FAT partitions.
? Edit the registry on the local hard drive.
? Copy files off of a hosed machine to another computer over the network.
? Access USB drives.
? Use MMC and Disk Manager to partition drives.
? Change local passwords.
? Defrag the hard drive with out booting from it (running defrag this way does a better job since there are no locked system files on the hard drive).
? Load the CD with SSH, Remote Desktop Client and VNC so you can use the boot CD as a workstation.
? Recover deleted files from slack space.
? Perform a byte for byte wipe of the hard drive so others can?t recover deleted files.
? Read event logs off the hard drive.
? Undo Syskey and get password hashes for later cracking if you lost a password.
? Use Internet Explorer and Firefox from the boot CD to surf the web.
? Run security tools for checking your network.
? Make a locked down web terminal for patrons. Since the CD is read only media deviant users can do little to corrupt the workstation that can?t be fixed by a quick reboot.

One great use for a PE Builder CD is to remove spyware from a computer and that is the task that this article will focus on. A lot of spyware is hard to remove when you are running the removal tools while booted in the Windows OS from the local hard drive. Some spyware will try to reinstall itself as soon at its files or registry keys are deleted. You can get around some of these problems by running the anti-spyware tools in safe mode, but even then some spyware can find a way to keep itself alive. By booting a copy of Windows from a boot CD and running tools like Ad-Aware and HiJackThis you can eliminate this problem almost entirely.
Click to expand...
 
ok, so if I have no symptoms, and adaware and spybotSD don't turn anything up on a search, how do I know I don't have spyware anyways? How do I know there isn't a keystroke logger sending everything I type off to some hakurz?
Does fdisk work with ntfs?
 
Spooner is slowly solving the spyware problems.

most of it is gone.

Soon he will be back to normal. 😀
 
see what process are running. Kill different ones and see which ones come back. find those files on your pc and set permission to deny all. Even at the administrative level 🙂
. delete, purge, download and install firefox
 
1. set aside 8 hours
2. install spybot, adaware, hijackthis, microsoft antispyware and symantec av 10.0 corporate edition

you can get everything except symantec at download.com

3. msconfig, startup, disable all, reboot

4. clean with adaware
5. clean with spybot
6. clean with microsoft anti-spyware
7. run hijackthis and disable anything that doesn't look normal
8. run anti-virus

9. reboot in safe-mode

10. repeat steps 4-8

11. reboot, your machine is now cleaned

😀
 
Originally posted by: FreshPrince
1. set aside 8 hours
2. install spybot, adaware, hijackthis, microsoft antispyware and symantec av 10.0 corporate edition

you can get everything except symantec at download.com

3. msconfig, startup, disable all, reboot

4. clean with adaware
5. clean with spybot
6. clean with microsoft anti-spyware
7. run hijackthis and disable anything that doesn't look normal
8. run anti-virus

9. reboot in safe-mode

10. repeat steps 4-8

11. reboot, your machine is now cleaned

😀
Click to expand...
Not quite. Spybot and adaware won't get everything. Counterspy will get more than the both of them put together.

Hijackthis won't do him any good unless he posts his results on a forum so someone can tell him what shouldn't be there.


 
If reformatting is out of the question, then I suggest doing this. You need to have 2 computers.

1. Scan the infected computer with the spyware and anti-virus tools.
2. Reboot the computer into Safe Mode (Command Prompt).
3. Start the Registry Editor.
4. Navigate to the HKLM\Software\Microsoft\Windows\CurrentVersion\Run node.
5. Delete any keys that are highly suspect. If you have doubts, use the second computer to search for the name of the executable and delete if it turns out to be spyware.
6. Repeat for the HKCU\Software\Microsoft\Windows\CurrentVersion\Run node.
7. One more time on the HKDU\...\Run node
8. Delete any suspicious shortcuts that are located in the \Documents and Settings\<username>\Start menu\Startup folder.
9. Replace the iexplorer.exe with one from a non-infected computer running the same version and build of IE.
10. Reboot.

Did I say, backup any keys that you aren't sure are spyware?
 
Originally posted by: Iron Woode
Originally posted by: FreshPrince
1. set aside 8 hours
2. install spybot, adaware, hijackthis, microsoft antispyware and symantec av 10.0 corporate edition

you can get everything except symantec at download.com

3. msconfig, startup, disable all, reboot

4. clean with adaware
5. clean with spybot
6. clean with microsoft anti-spyware
7. run hijackthis and disable anything that doesn't look normal
8. run anti-virus

9. reboot in safe-mode

10. repeat steps 4-8

11. reboot, your machine is now cleaned

😀
Click to expand...
Not quite. Spybot and adaware won't get everything. Counterspy will get more than the both of them put together.

Hijackthis won't do him any good unless he posts his results on a forum so someone can tell him what shouldn't be there.
Click to expand...


what is this counterspy you speak of? 🙂
 
you need to remove the harddrive, sprinkle it with holy water, and begin the rites of exorcism. If that doesn't work you then have to pick it up and yell "Take me! Take me instead" then jump out a window down a flight of stairs.





Sorry this is the only way 🙁
 
Originally posted by: FreshPrince
Originally posted by: Iron Woode
Originally posted by: FreshPrince
1. set aside 8 hours
2. install spybot, adaware, hijackthis, microsoft antispyware and symantec av 10.0 corporate edition

you can get everything except symantec at download.com

3. msconfig, startup, disable all, reboot

4. clean with adaware
5. clean with spybot
6. clean with microsoft anti-spyware
7. run hijackthis and disable anything that doesn't look normal
8. run anti-virus

9. reboot in safe-mode

10. repeat steps 4-8

11. reboot, your machine is now cleaned

😀
Click to expand...
Not quite. Spybot and adaware won't get everything. Counterspy will get more than the both of them put together.

Hijackthis won't do him any good unless he posts his results on a forum so someone can tell him what shouldn't be there.
Click to expand...


what is this counterspy you speak of? 🙂
Click to expand...
my new best friend. 😀


 
Originally posted by: Iron Woode
Originally posted by: FreshPrince
Originally posted by: Iron Woode
Originally posted by: FreshPrince
1. set aside 8 hours
2. install spybot, adaware, hijackthis, microsoft antispyware and symantec av 10.0 corporate edition

you can get everything except symantec at download.com

3. msconfig, startup, disable all, reboot

4. clean with adaware
5. clean with spybot
6. clean with microsoft anti-spyware
7. run hijackthis and disable anything that doesn't look normal
8. run anti-virus

9. reboot in safe-mode

10. repeat steps 4-8

11. reboot, your machine is now cleaned

😀
Click to expand...
Not quite. Spybot and adaware won't get everything. Counterspy will get more than the both of them put together.

Hijackthis won't do him any good unless he posts his results on a forum so someone can tell him what shouldn't be there.
Click to expand...


what is this counterspy you speak of? 🙂
Click to expand...
my new best friend. 😀
Click to expand...

wtf, I just tried it and it looks exactly like microsoft antispyware.... :|

 
1. Never use IE unless you're on a page called "Windows Update"
2. Set all of your IE security settings to the max just in case you ever break rule #1
3. Install Firefox or Opera or something
4. Use a firewall like Kerio or Sygate

Problem solved

Sorry. I know that doesn't take care of your current problems. I'd personally format and secure things from the start. It's way less frustrating than trying to clean stuff up after it gets in.
 
there's a section in the registry you'd want to check out; local computer/software/ms/windows/run/ I think that's where it is.
Hijack this should help you out some.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top