Got infected with spyware, adaware keeps crashing

[maxpower1119]

Hey I got hit with spyware, not quite sure how it happened. I was remote desktopping from work, downloading a MiRC file via packetnews.com. I minimized the RDC window and checked it about a half hour later. On my remote desktop, there was popups everywhere, and Windows had a bunch of messages saying it has stopped malicious code from running.
My usual spyware busting combo is SpyBot and AdAware, and it has worked flawlessly for me in the past. This time, SpyBot found some stuff and cleared it out. AdAware finds about 300 things but when it is running, Explorer crashes, and Windows said it stopped a program called runasdll.exe from running. This always happens at the same point in the spyware search. Adaware runs, but then during the quartining part, it freezes.
I have tried running these programs in safe mode and the same thing happens. I have never had this much trouble with spyware. There are new programs in the "Add/Remove Programs" list and I was able to uninstall half of them but some of them when I try to uninstall, a browser window pops up. Please someone help me out.

 

[iSkylla]

1) Get Hijack This http://www.majorgeeks.com/download3155.html

Then use the the automated analyzer to clean what it finds. http://hjt.iamnotageek.com/

2) Go here in Safe Mode with networking. http://housecall.trendmicro.com/

After all that, get a new version of Ad-Aware and run it.

 

[swatbat]

My experience with spyware doctor as of late has been great but you need to buy it($30) to have it remove anything. Adware and spybot just can't keep up with the new shit out today. Pest Patroll and Spysweeper seem to work well too but if you buy one I'd go for spyware doctor.

 

[omniviper]

if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc

 

[swatbat]

if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc

Thats what I like to do as well but most of my clients don't like that approach so that only comes up in the end.

 

[DR_K13]

reboot in safe mode with out networking.
turn off system restore
run adaware
run spybot S&D
run black ice anti-root kit
run anti virus.

 

[maxpower1119]

I tried the trendmicro thing. It found hundreds of items but could not remove any of them. I will try the other stuff when i get home. I may just reformat.

 

[Slartibartfast]

Check out the msconfig startup tab and uncheck anything that looks suspicious. Look through the task manager and see if any of the running processes look suspicious (stuff like a.exe or system33.exe) and end the process. Try the scans then. If you're comfortable also check out the hkey local machine/software/microsoft/windows/current version/run and .../runonce, clean out anything in there that looks suspicious. Honestly I do a lot of my anti-spyware anti-virus manually.

 

[maxpower1119]

I ponied up for spyware doctor. It keeps finding a bunch of stuff, then says it has to do an emergency restart. I do that and run it again and it still finds some stuff. This is all in safe mode with networking. Also, explorer.exe crashes while its running.

 

[nessus]

reboot in safe mode with out networking.
turn off system restore
run adaware
run spybot S&D
run black ice anti-root kit
run anti virus.

I would do a variation of this except I would run the utilites from a BartPE boot CD made using another clean machine if one was available. I have one with adaware, spybot, McAfee Extradat support, and Firefox PE. It fits on a 210 MB 8cm CD-RW I carry with me whenever visiting friends, relatives, or on the job. Between that (with the drivers for all the servers we use at work and the Microsoft Virtual CD tool) and a 8 GB Megatravel drive by Memorex (BartPE includes USB HD support) loaded with ISO's, I have everything I need for anything from a machine cleanup to a full rebuild.

 

[maxpower1119]

I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.

 

[swatbat]

I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.

Sounds like yours is just fucked pretty bad. At least you have spyware doctor for the future(should help prevent you from getting shit)

 

[Zamboni]

I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.

Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. If it shows a partition in front of the C: drive

 

[GoldenTiger]

Yeah, I would say to dump the install and do a full reformat . At least your purchase won't be in vain... it will help in the future. I use SpySweeper, personally, and love it .

 

[GoldenTiger]

if its a major infection my rule of thumb is that if there is a huge difference in performance, im just going to reformat everything. i take a minimalist approach in my programs so there is very little installation of programs in my pc

Me too... my approach to browsing the internet and especially on installing programs is to act as though I'm a cop in an undercover drug sting in the worst dark alley in New York City at midnight. Minimal contact, minimal installation of anything, exceedingly careful about where I look .

 

[Zamboni]

I think im just going to reformat. I even ponied up for Spyware Doctor and still no go. I cant even run internet explorer. Everytime I try to run a program, explorer just restarts on its own. I can even download and run hijck this.

Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. Check to see if it shows a partition in front of the C: drive like this:

(unknown partition) 37MB
C: 6000MB
(unknown partition) 8MB
​

If it does, delete the first partition (NOT the C-drive!), then cancel out when you get back to the parition screen. Boot into safe mode with no networking and run all your anti-virus again.

 

[swatbat]

Try this before reformatting:

Boot from WinXP CD (preferably a retail or upgrade disk)
Go through until it gets to the partition screen. Check to see if it shows a partition in front of the C: drive like this:

(unknown partition) 37MB
C: 6000MB
(unknown partition) 5MB
​

If it does, delete the first partition (NOT the C-drive!), then cancel out when you get back to the parition screen. Boot into safe mode with no networking and run all your anti-virus again.

The unknown 37 meg one sounds like a dell diag partition. The 5 meg one would be interesting though. I guess something could hide in there though if the op has one.

 

[Zamboni]

The unknown 37 meg one sounds like a dell diag partition. The 5 meg one would be interesting though. I guess something could hide in there though if the op has one.

The 5 should have been 8, my bad. That 8MB leftover partition always pops up for some reason.

I had to dig out some sort of rootkit out of one of those ghost partitions the other day. Drove me nuts for half the day until I went low-tek on it. I haven't seen any harm come from deleting them using the installer.