View Full Version : Spyware help needed
smidsy
18th April 2005, 10:33 PM
Hei Guys,
Normally spyware blaster stops this garbage but "AZE search" got past it.
Tried running spybot S&D but the crap comes back every time.
I can't delete IE and re-install it because IE is no longer in the list when I got to add/remove programs - also tried a manual delete through win explorer but it won't let me do that.
Tried a file search for aze files but one is a .dll I can't remove and the ones I can remove come back faster than I remove it.
I found the site below, but the tasks it says to kill in task manager aren't there and I can't find a copy of regsrvr32.
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094055
The menu bar is also in windows explorer and as fast I reset IE the crap is back there on reboot.
Where do I go from here?
TIA
Paul
Zed
18th April 2005, 10:40 PM
reformat and reload baby! those ar$ewholes insinuate themselves so bad you can never be sure if you;ve cleansed your system.
the one time I couldnt get rid of some crap like that I set up a .bat file to fill the hard drive with a bunch of files (to write to every sector) then I did a safe delete with spybot, then formated the HDD then rebuilt windows.
I am now clean..... I suggest you give the site a miss too.... :D
Grunt
18th April 2005, 10:44 PM
What Zed said. I had to rebuild Ms. Grunt's PC a few months ago 'coz it was so badly infected.
smidsy
18th April 2005, 10:46 PM
I was actually looking for a crack code for some software - serve me right I spose.
Reformatting while nice is an option of last resort - if I only back up my must have data I'm still looking at about 10gig to back up.
Surely there must be a tool I can use to sort this out without a reformat.
soundman
18th April 2005, 10:59 PM
Try adaware and make sure its patched up to date.
You can only try.
Sprog
18th April 2005, 11:08 PM
Hei Guys,
Normally spyware blaster stops this garbage but "AZE search" got past it.
Where do I go from here?
TIA
Paul
Everything you need to know about AZE Search - link to info and removal steps
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094055
about halfway down the page
smidsy
18th April 2005, 11:35 PM
Hei Sprog,
That's the same link I posted in my original message - but the tasks it says to kill in task manager aren't there and I can't find a copy of regsrvr32.
Paul
Barry_White
18th April 2005, 11:50 PM
As Soundman says Adaware SE personal will get rid of every thing without any problems. As he says get the latest pattern files.
boban
18th April 2005, 11:53 PM
I think most people underestimate the value of the format/reload procedure. Get a Win 98 startup disk. It will make the whole process easy.
I do it about every 6 months (reformatting that is) and cant recommend it highly enough. I have been doing it since I got my first PC.....
Is that enough ammo to work with guys....off you go.
boban
18th April 2005, 11:57 PM
Oh yes I almost forgot. I use the three following programs to control spyware.
1. Adaware
2. Spybot
3. Spyware blaster
Do the checks regularly and you should be right unless you like your ....
smidsy
19th April 2005, 12:00 AM
Hei Guys,
I use those three programs plus a firewall and usually I never have a problem - I was looking for a serial number for a program and got sucked in to opening something I wouldn't normally open.
Someone another forum recomended a program called killbox.exe which allowed me to remove the .dll file and that seems to have sorted it out.
I agree with what you guys say about a windows reload, and if I could I'd do it about once every year. The problem is that it gets hard to do when you have 10gig of data that you need to back up.
Cheers
Paul
boban
19th April 2005, 12:10 AM
I dont know your financial position or extent of use of a PC so what I am about to suggest may not be viable for you but here it goes.
As far as backing up your Data is concerned, get a second HDD. I have a relatively small HDD on which I have my programs installed. The other hard drives contain the data i want to keep. Makes the whole process easy, but I do remove the data HDD before formatting the C: Drive.
Another option is a DVD burner and 2 discs (you'll get this for about $100).
smidsy
19th April 2005, 12:21 AM
This machine is currently running a 60gig drive that is partitioned to 10/20/30 - I'm no expert but I can do basic hardware stuff
What you say makes sense so when I get some money (is hell due to freeze over anytime soon) I may pick up a second hand 10gig drive and use that for backing up.
Most of what I need to back up could go on CD's except for the 2gig of music and 4 gig of assorted video.
I've got a DVD burner and I've copied movies disk to disk but I'm yet to suss out how to use the 4.7gig disks for data.
Cheers
Paul
Gumby
19th April 2005, 12:25 AM
I gave up on the freebee type spyware programs and purchased Xoftspy over the internet. It got an excellent write up in one of those computer mags (can't remember which one) and it downloads updates all the time and got rid of about 30 invaders which Spybot had missed. I use McAfee Anti virus as well. haven't had a problem since. (I used to be a reload every 6 months type too) :D
boban
19th April 2005, 12:30 AM
This machine is currently running a 60gig drive that is partitioned to 10/20/30 - I'm no expert but I can do basic hardware stuff
What you say makes sense so when I get some money (is hell due to freeze over anytime soon) I may pick up a second hand 10gig drive and use that for backing up.
Most of what I need to back up could go on CD's except for the 2gig of music and 4 gig of assorted video.
I've got a DVD burner and I've copied movies disk to disk but I'm yet to suss out how to use the 4.7gig disks for data.
Cheers
Paul
It's no different to doing it on CD's but you must buy decent disks. Taiyo Yuden if you can find them (JPL Displays in Melbourne have these) or Ritek discs. With DVD's good media is vital, there is a lot of crap out there. Given that your backing up spending slightly more on the media is a good idea. If you do your research on the net you will see what Im talking about but if you buy those discs you wont go wrong. Buy cheap - have no data in 12 months.
Interwood
19th April 2005, 12:41 AM
Hi Smidsy,
In Windows XP it's hiding in c:\windows\system32
In other versions of Windows, start up a dos or command prompt window and enter the following:
cd\ [enter]
dir regsvr32.exe/s
What this does -
The first line takes you to the root directory
The second line searches the whole C drive for regsvr32.exe.
If you have installed windows onto C drive, this will find it. If it is on another drive, ie. D you will need to enter d: [enter] before the two lines above.
Good luck
Interwood
Sprog
19th April 2005, 02:13 AM
Hei Sprog,
That's the same link I posted in my original message - but the tasks it says to kill in task manager aren't there and I can't find a copy of regsrvr32.
Paul
It means to kill the tasks first if they are runnung.
Then you need to unregister and remove the dll's, which you say you have done.
Then you need to delete all the crap from the registry if present using regedit to locate them.
Then delete the named files if present using windows explorer or the search facility.
regservr32 is accessed using the Run option and typing regservr32 /u name_of_dll
Gingermick
19th April 2005, 08:02 AM
Before you reinstall you could try spy sweeper. I had a major problem with popups on IE and it stopped them where spybot hadn't.
mick
Bob Willson
19th April 2005, 02:06 PM
Hello Smidsy
Are you sure that you have 10 gig of data?
Most people have about 20 meg of data and the rest is programs. Programs, assuming you have copies of them, are not a problem as they can just be reinstalled. So, unless you have the Kodak archives mirrored on your system, or you have a whole bunch of movies or music on the HDD then it is likely that all your data will fit on to one CD.
If you do have lots of movies or music then just burn them to CD/DVD. This is where they more properly belong anyway.
To get back to not being able to find the file, you aren't hiding your system files from yourself are you? This is a Micro$oft trick designed to stop cretins from deleting all their system files because they don't know what they are and they never use them anyway.
Go to My Computer/ Tools/ Folder Options/View and make sure that the radio button is ticked to allow you to see the system files.
Sprog
19th April 2005, 02:51 PM
Windows XP has a System Restore function which allows you to get back to a previous state.
Click on
Start>Help and Support>Undo changes to your computer with System Restore
click Restore my computer to an earlier time, click Next
Select a date in bold type that is before your problem and click Next, follow the prompts.
Anything you have saved after this date that is NOT in My Documents may be lost so take the appropriate actions to preserve anything you need.
That is the problem to replying before having a nap :D :D :D
smidsy
19th April 2005, 03:02 PM
Hei Bob,
You got it in one - lots of music and video files.
I could delete these to CD but I watch and listen to them on the PC so I don't see any point until I start running short of drive space.
All I would back up apart from these is e-mail, bookmarks and WP files which total would be less than a meg.
I know what you mean about hidden files and how to look for them - I actually found all the files for this thing but I needed to disable the .dll which killbox allowed me to do.
All seems fine now except that IE is still missing from the add/remove programs list. When I first started looking at this there was something called "Internet Explorer Q123456" in the add/remove programs list which I selected to remove - I'm thinking now that this could have been an anti-fix trick on the spyware.
The system seems to be running ok now and there is no visible signs of the spyware so I shall see how it goes for a day or two.
If worst comes to worst I shall bite the bullet and do a win re-load.
Cheers
Paul
PS I actually run Win2000 guys.
derekcohen
19th April 2005, 03:38 PM
"If worst comes to worst I shall bite the bullet and do a win re-load".
Paul
I went through this quite recently - I was ready to buy another desktop machine. Luckily I mostly use my laptop. (I really do need to buy one anyway as the desktop is an old Pentium 3 with Win 98, about 5 years old - still, it is not used for games and does all it sets out to do). I had to reformat the whole hard drive (only 10 gig) and to make sure I removed all partitions as well since this is where files can hide, I was told. Drastic measures but it worked. Like you, I tried umpteen anti-spy programs, all in vain.
I now run Xoftspy, McAfee and Kerio Firewall, and so far nothing has slipped through.
Regards from Perth
Derek
smidsy
19th April 2005, 06:32 PM
Hei Derek,
This machine is old (built Jan 2002 by yours truly) and slow (P4 1.4gig & 512ram) by most standards but it suits me fine.
I'm not a massive gamer, and use it mainly for word processing, mail and the net.
What I've done in the past to reformat a drive is hook the drive up to a second machine so that during the reformat you are not operating on the drive that's being formatted - I think this is the only way to go.
I'll see how it runs in the next week or so and bite the bullet if I have to.
Cheers
Paul
Bob Willson
20th April 2005, 01:40 AM
No need to remove the HDD from the machine, just boot from the CD and that will allow you the option of reformatting the HDD.
smidsy
20th April 2005, 01:47 AM
I know you can format via the CD, but I would have thought that the pc would need at least some files on the HD to do the actual format.
Based on that theory, to do an absolutely total format you need to be running the format command from another HD.
I may be talking crap here but that's what I would have thought.
Cheers
Paul
Bob Willson
20th April 2005, 01:09 PM
Yes, you are correct there Paul. You are talking crap. :D :D :D
No files are actually required to be on the HDD as they will just reside in the computers memory (RAM) and run from there. So, that should save you a bit of work if you need to do this again. :D
Sprog
20th April 2005, 01:35 PM
All seems fine now except that IE is still missing from the add/remove programs list. When I first started looking at this there was something called "Internet Explorer Q123456" in the add/remove programs list which I selected to remove - I'm thinking now that this could have been an anti-fix trick on the spyware.
PS I actually run Win2000 guys.
You might want to look at this article on MS support site, especially the examples to the right of the page.
http://support.microsoft.com/?kbid=810232