Got infected with spyware, adaware keeps crashing

maxpower1119

Limp Gawd
Joined
Jun 4, 2004
Messages
151
Hey I got hit with spyware, not quite sure how it happened. I was remote desktopping from work, downloading a MiRC file via packetnews.com. I minimized the RDC window and checked it about a half hour later. On my remote desktop, there was popups everywhere, and Windows had a bunch of messages saying it has stopped malicious code from running.
My usual spyware busting combo is SpyBot and AdAware, and it has worked flawlessly for me in the past. This time, SpyBot found some stuff and cleared it out. AdAware finds about 300 things but when it is running, Explorer crashes, and Windows said it stopped a program called runasdll.exe from running. This always happens at the same point in the spyware search. Adaware runs, but then during the quartining part, it freezes.
I have tried running these programs in safe mode and the same thing happens. I have never had this much trouble with spyware. There are new programs in the "Add/Remove Programs" list and I was able to uninstall half of them but some of them when I try to uninstall, a browser window pops up. Please someone help me out.
 

swatbat

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,979
My experience with spyware doctor as of late has been great but you need to buy it($30) to have it remove anything. Adware and spybot just can't keep up with the new shit out today. Pest Patroll and Spysweeper seem to work well too but if you buy one I'd go for spyware doctor.
 

omniviper

n00b
Joined
Feb 23, 2005
Messages
61
if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc
 

swatbat

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,979
omniviper said:
if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc

Thats what I like to do as well but most of my clients don't like that approach so that only comes up in the end.
 

DR_K13

2[H]4U
Joined
Apr 21, 2004
Messages
3,491
reboot in safe mode with out networking.
turn off system restore
run adaware
run spybot S&D
run black ice anti-root kit
run anti virus.
 

maxpower1119

Limp Gawd
Joined
Jun 4, 2004
Messages
151
I tried the trendmicro thing. It found hundreds of items but could not remove any of them. I will try the other stuff when i get home. I may just reformat.
 

Slartibartfast

Supreme [H]ardness
Joined
Sep 25, 2004
Messages
7,273
Check out the msconfig startup tab and uncheck anything that looks suspicious. Look through the task manager and see if any of the running processes look suspicious (stuff like a.exe or system33.exe) and end the process. Try the scans then. If you're comfortable also check out the hkey local machine/software/microsoft/windows/current version/run and .../runonce, clean out anything in there that looks suspicious. Honestly I do a lot of my anti-spyware anti-virus manually.
 

maxpower1119

Limp Gawd
Joined
Jun 4, 2004
Messages
151
I ponied up for spyware doctor. It keeps finding a bunch of stuff, then says it has to do an emergency restart. I do that and run it again and it still finds some stuff. This is all in safe mode with networking. Also, explorer.exe crashes while its running.
 

nessus

2[H]4U
Joined
Jan 30, 2001
Messages
2,221
DR_K13 said:
reboot in safe mode with out networking.
turn off system restore
run adaware
run spybot S&D
run black ice anti-root kit
run anti virus.

I would do a variation of this except I would run the utilites from a BartPE boot CD made using another clean machine if one was available. I have one with adaware, spybot, McAfee Extradat support, and Firefox PE. It fits on a 210 MB 8cm CD-RW I carry with me whenever visiting friends, relatives, or on the job. Between that (with the drivers for all the servers we use at work and the Microsoft Virtual CD tool) and a 8 GB Megatravel drive by Memorex (BartPE includes USB HD support) loaded with ISO's, I have everything I need for anything from a machine cleanup to a full rebuild.
 

maxpower1119

Limp Gawd
Joined
Jun 4, 2004
Messages
151
I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.
 

swatbat

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,979
maxpower1119 said:
I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.

Sounds like yours is just fucked pretty bad. At least you have spyware doctor for the future(should help prevent you from getting shit)
 

Zamboni

[H]ard|Gawd
Joined
Jun 1, 2004
Messages
1,074
maxpower1119 said:
I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.
Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. If it shows a partition in front of the C: drive
 

GoldenTiger

Fully [H]
Joined
Dec 2, 2004
Messages
22,049
Yeah, I would say to dump the install and do a full reformat :(. At least your purchase won't be in vain... it will help in the future. I use SpySweeper, personally, and love it :).
 

GoldenTiger

Fully [H]
Joined
Dec 2, 2004
Messages
22,049
omniviper said:
if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc


Me too... my approach to browsing the internet and especially on installing programs is to act as though I'm a cop in an undercover drug sting in the worst dark alley in New York City at midnight. Minimal contact, minimal installation of anything, exceedingly careful about where I look ;).
 

Zamboni

[H]ard|Gawd
Joined
Jun 1, 2004
Messages
1,074
maxpower1119 said:
I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.
Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. Check to see if it shows a partition in front of the C: drive like this:
(unknown partition) 37MB
C: 6000MB
(unknown partition) 8MB
If it does, delete the first partition (NOT the C-drive!), then cancel out when you get back to the parition screen. Boot into safe mode with no networking and run all your anti-virus again.
 

swatbat

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,979
Zamboni said:
Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. Check to see if it shows a partition in front of the C: drive like this:
(unknown partition) 37MB
C: 6000MB
(unknown partition) 5MB
If it does, delete the first partition (NOT the C-drive!), then cancel out when you get back to the parition screen. Boot into safe mode with no networking and run all your anti-virus again.

The unknown 37 meg one sounds like a dell diag partition. The 5 meg one would be interesting though. I guess something could hide in there though if the op has one.
 

Zamboni

[H]ard|Gawd
Joined
Jun 1, 2004
Messages
1,074
swatbat said:
The unknown 37 meg one sounds like a dell diag partition. The 5 meg one would be interesting though. I guess something could hide in there though if the op has one.
The 5 should have been 8, my bad. That 8MB leftover partition always pops up for some reason.

I had to dig out some sort of rootkit out of one of those ghost partitions the other day. Drove me nuts for half the day until I went low-tek on it. I haven't seen any harm come from deleting them using the installer.
 
Top