Unstoppable spyware

D

dobbz

Limp Gawd
Joined
Sep 4, 2002
Messages
339
75c0cb0340.jpg


These fuckers will not go away. Spybot fixes the DSO thing, says the TIBS one is in memory and cannot be fixed until the next startup. So I restart, Spybot loads and finds em all again (even the DSO shit which it says it fixed already) and says the TIBS one is in memory and cannot be fixed until the next startup. This shit is being loaded before Spybot.

Adaware finds 19 other exploits/spyware and says it fixes them, but the same shit comes up everytime I run em.

Norton Anti-Virus Corporate is up to date and finds a few things here and there, but right now it says my system is clean. Periodically, Realtime Protection blocks "Download.Trojan".

I'm getting BS porn and search startup pages in IE, a little windows dialog box that keeps popping up telling me to select my language for whatever the fuck it is and processes called WINHOST.EXE, MSGSYS.EXE and ASS[1].EXE that I've never heard of.
 
Reboot into safe mode Run Adaware and Spybot.

Make sure you disable your start up via registry or Msconfig (not recommanded)

Manualy Purge all temp files in your profile and in windows dir. Then run adaware and spybot once more.
 
Somehow I have no msconfig anymore. Where do I find my startup settings in registry?

I've also tried scanning in Safe mode and get the same results (no results), and I've found those directories and registry keys/values and deleted them but they keep coming back.
 
By the time you remove the old version, download, install and run the new version, you could of easily just done a regedit to fix the DSO issue. No need to upgrade.
 
The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it will not be dangerous for your system. Spybot S&D will still find it, because it contains an invalid value. Spybot S&D just has to reset that value. Unfortunately, in the current version, it sets again an incorrect value, so it is found in the next scan. Please update your main program.
Click to expand...

:confused:
 
carloswill said:
By the time you remove the old version, download, install and run the new version, you could of easily just done a regedit to fix the DSO issue. No need to upgrade.
Click to expand...

its a patch, no uninstall & install required.
 
carloswill said:
no need to patch.
Click to expand...

Well, yeah there is. I said I'd already tried fixing the registry myself. The keys and values come back.
 
if it keeps coming back, what I do is boot with a WinPE boot disk (google up Bart's PE), then search your Windows/System32 for all files that are executable AND marked as hidden AND have conspicuous names. By default, M$ does NOT hide system files, instead, it hides the folders they are in. So if you run across a hidden file in the system32 or windows folders that is executable...chances are it's the spyware you're looking for. And while you're booted with PE, blast the spyware's folder in Program files too. This way it has no chance to load on next reboot. Once it's rebooted, re-run spybot again, or regedit the spyware entries yourself to get rid of them on your system.

If you don't feel comfortable deleting the hidden .exe's from your system32 folder, move them to a quarantine folder elsewhere on your drive. Then reboot and run spybot again.

hope that offers some help, it's worked for me in the past quite a few times.
 
The individual who mentioned manually editing the registry is correct...that will permanently solve the issue. Please so the post regarding this same subject on the page or use the search function (if working?) where a month or two ago I explained how to do this as well.

Khem
 
You must log in or register to reply here.
Back
Top