I'm a computer technition, and of late, most of the problems have been
with adware. I've used spybot/ad-aware to remove most of the stuff,
then I remove the temp files in all the profiles, and system dirs. I
also make sure to comb through the reg looking for "run" keys, and
removing anything everything that doesn't need to be running. However,
there are times where even then, I'll remove something and think it's
100% clean, and sure enough, after the reboot, the damn thing comes
back. My thinking here is it has to be a file being executed as
possibly a service? I need to know how to track down the harder kind
of spyware that hide themselves. I've come across ones that execute
files when IE loads such as system32.dll.. which is a fake file NOT
used by windows. How do you track down those? |
Request for Question Clarification by
hummer-ga
on
21 Jul 2004 04:56 PDT
Hi grinch,
Have you tried HijackThis?
HijackThis (check for updates before running):
http://www.spychecker.com/program/hijackthis.html
HijackThis Log Tutorial:
http://www.computercops.biz/HijackThis.html
Please let me know if that is what you are looking for.
hummer
|
Request for Question Clarification by
techtor-ga
on
21 Jul 2004 19:59 PDT
Hello Grinch,
It's probable that some spyware keep coming back after being cleaned
because they are associated with some installed programs in your
computer. For example, Download Accelerator has some spyware
(user-reporting software I believe) that appear on a Spybot scan, but
they can't get removed. You might have to see which spyware are tied
in to one of your programs on the computer. And you might have to
uninstall those programs to get rid of the spyware, unless you need
those programs.
|
Clarification of Question by
grinch-ga
on
22 Jul 2004 10:25 PDT
I'm quite good at getting rid of adware and IE hijacks. However, there
are a rare few that hijackthis, adaware, spybot, and cwshredder can't
get rid of. The problem I'm having is something that I can go through
the reg manually and remove an entry from the all the run keys. Yet
when I reboot, the program re adds itself to to the run in the reg and
also usually hijacks the browser. This isn't a single issue for my own
personal, I just want to learn how to track these things down.
Usually what happens is this. There is a program in the system32 dir
that say add 123.exe into the run dir, and extracts 123.exe to the
system32 folder. I can remove 123.exe from the run entry AND from the
system32 folder, yet when I reboot they are back. However, there are
no programs in the run entries or the startup folder in the program
menus via the startbar. I need to be able to track down what the
mother process is that executes/extracts 123.exe. 123.exe isn't a real
example, but I'm just saying. If I could, I'd like a program that
tells me EXACTLY whats being executed on startup from what folders.
Also, possibly, what changes to the reg they make. However, I want
something that's semi easy to remove, seeing as it will be a pain and
a waste of my time to add/remove these to computers that come in. Hope
that makes myself more clear.
|
