|
10 Nov 2003, 02:08
|
#1
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Spyware unremovable?!
For a long time I've been trying to combat some supposed spyware on my pc. When I load up MSIE, a blue bar pop ups under the address bar, with links to sites and it's in flash or something. You know when you right click the MSIE at the top somewhere a lil menu with "Links, Adress Bar, Standard Buttons & Lock toolbars" appears - well this has some 7/8 letter random and an option selected. I untick it, and Ad-ware Ad-Watch states registry modifcations under Internet Explorer in HKEY Local machine & current user. So I delete all these modifcations and any reference to "Quickbar-search" & "quickbar". I also searched for the random letter combo above and deleted them form my registry.
I've also ran Norton Antivirus and nothing was found. I've ran Spybot Search & Destroy but it comes up with nothing. I know the spyware is still there as I get ad-aware stating "Tracking company" as the data of spyware and its a miner.
You probably wont understand but i need help - thanks!
*** EDIT: Click here to see the spyware thingy in action***
*** EDIT #2: Here's a list of my processes - most I know - some I don't
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
Last edited by Androme; 10 Nov 2003 at 13:36.
|
|
|
10 Nov 2003, 02:55
|
#2
|
Gubbish
Join Date: Sep 2000
Location: #FoW
Posts: 2,323
|
Re: Spyware unremovable?!
__________________
Gubble gubble gubble gubble
|
|
|
10 Nov 2003, 09:16
|
#3
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
how will installing that help me?
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
10 Nov 2003, 10:32
|
#4
|
-=Murderous Plush Toy=-
Join Date: Nov 2001
Posts: 971
|
Re: Spyware unremovable?!
Opera is shite sorry,
I use MSIE right now, but If i couldn't, I'd rather use Mozilla Firebird.
Anyway, have you updated all your spyware search programs?
You could manually edit the registry to get rid if it if you can.
__________________
-Lucky #plush
__________________
Does anyone actually play this anymore?
|
|
|
10 Nov 2003, 13:13
|
#5
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
***EDIT - I've updated the first post with a screenie of my processes and the blue bar I was talking about
I dunno - I've tried and searched with the values Ad-awatch blocks that the spyware is adding to my Internet Explorer registry settings
I could go through the lengthy process of reinstalling MSIE, but I'm afraid the spyware will continue to do so (and I use a browser that uses MSIE as a backend or something - www.crazybrowser.com) and yet no virus programs pick it up? Spyboy & Ad-aware (Plus version) both are only able to pick up the cookies it creates, and Ad-awatch blocks some registry modifcations but not all and I am constantly having to remove them from the registry but not all are removed
Under Explorer bars are few keys but it doesn't look dodgy and is is binary or whatever form - I'm guessing a solution would be to delete one of these but I am not sure which and my searches on google proved void.
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
Last edited by Androme; 10 Nov 2003 at 13:35.
|
|
|
10 Nov 2003, 17:40
|
#6
|
-=Murderous Plush Toy=-
Join Date: Nov 2001
Posts: 971
|
Re: Spyware unremovable?!
i can't really see anything wrong with the process list, apart from evntsvc.exe, since it is so small, not a system process and "looks" like it is trying to pass as a normal process.
I don't think your spyware would be run as a seperate process though.
__________________
-Lucky #plush
__________________
Does anyone actually play this anymore?
|
|
|
10 Nov 2003, 23:11
|
#7
|
Commander
Join Date: Sep 2001
Location: Netherlands
Posts: 146
|
Re: Spyware unremovable?!
http://www.answersthatwork.com/Taskl...s/tasklist.htm
Evntsvc.exe is a part of RealOne Player and you don't need it for RealOne Player. I don't know if it solves your problem, but you can give it a try
__________________
Quote:
Originally posted by Cochese
Cathaar are not overpowered.
You were just "bashed", live with it.
|
|
|
|
11 Nov 2003, 00:38
|
#8
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
although it hasn't helped with the problem, that site has seen about 60% of unnecessary starting up stuff from msconfig and loading up - thanks
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
11 Nov 2003, 18:44
|
#9
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Re: Spyware unremovable?!
There was a place in IE somewhere where you could configure your IE plugins. Dunno where that was, but I'm sure you can find the bugger there.
|
|
|
17 Nov 2003, 09:24
|
#10
|
supadupafly
Join Date: Jan 2001
Location: Nottingham
Posts: 65
|
Re: Spyware unremovable?!
Quote:
Originally Posted by Structural Integrity
There was a place in IE somewhere where you could configure your IE plugins. Dunno where that was, but I'm sure you can find the bugger there.
|
Turn off 3rd party browser extensions. The damn thing will still be there, but if you can't see it...
__________________
I MUST be bored
|
|
|
17 Nov 2003, 17:52
|
#11
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Re: Spyware unremovable?!
Found it
Some dude in my class also had it on his project PC. It's called mysearch from www.lop.com
Now, you go to www.lop.com and on the bottom you find a section " HELP". There you find a FAQ and you look for the link that says "How do I uninstall one of your software products?". Download the uninstaller and run it.
This fixed it at the project computer at school. We just did this today and did one reboot afterwards, so we don't know if there are any side-effects to this uninstaller (which wouldn't really surprise me, since lop is a big spammer).
|
|
|
17 Nov 2003, 18:12
|
#12
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
thanks Struct - I'll have a look and see if it helps
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
20 Nov 2003, 01:34
|
#13
|
Registered User
Join Date: Aug 2000
Posts: 1,967
|
Re: Spyware unremovable?!
I had this once:/ I removed the bar over and over and it kep coming back. Apprently they use trickery through the host file.
|
|
|
22 Nov 2003, 00:05
|
#14
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
my hosts file, which I've looked at, only contains one entry (127.0.0.1)
remember how you got it removed? :|
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
22 Nov 2003, 00:18
|
#15
|
Registered User
Join Date: Jun 2002
Posts: 48
|
Re: Spyware unremovable?!
Looks familiar to something I removed from my parents computer. If my memory isn't fooling me completly, it was installed as a browser helper object.
Using a browser helper object editor like http://www.pcmag.com/article2/0,4149,270,00.asp you should be able to identify it and find the dll file it is loaded from and remove it. Remember to close all instances of internet explorer before you try to remove it. And then delete the browser helper object file containing that toolbar.
|
|
|
22 Nov 2003, 13:32
|
#16
|
Born Sinful
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
|
Re: Spyware unremovable?!
Another way to view helper objects (and this is where I've found a lot of spyware/adware in the past) is via Internet Options.
For windows xp:
Open Internet Options, either via control panel or through IE.
On the General tab, in the Temporary Internet Files section, click Settings.
In the dialog that comes up, click View Objects.
You now have a folder showing all the browser plugins installed.
Some of them will have useful names, some of them will just have a class ID number.
To find out what they are, right click on one and select Properties, and then see what is under the CodeBase heading.
For example, I have one called {00000161-0000-0010-8000-00AA00389B71}, and under CodeBase it says http://codecs.microsoft.com/codecs/i386/msaudio.cab - so it's an audio codec from microsoft, which shouldn't be a problem.
To remove anything that sounds dodgy, just right click on it and select Remove.
I wouldn't normally say this, but in this case it is perfectly ok to remove anything you're suspicious about. If you go to a website which requires the component you removed, you'll simply be prompted to download it again so you won't do any permanent damage if you remove something valid by accident.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
|
|
|
22 Nov 2003, 18:02
|
#17
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
thanks megla - but nothing fishy came up :/
TheShadow - I have to pay for that which is a bum - I'll search for freeware alternatives though - thanks
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
23 Nov 2003, 11:33
|
#18
|
Registered User
Join Date: Jun 2002
Posts: 48
|
Re: Spyware unremovable?!
Right, they have changed it since the time I downloaded it :/ Shouldn't be much trouble to find a free one anyway
|
|
|
23 Nov 2003, 14:06
|
#19
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
luckily I did - this page helped me out - thanks Shadow - it looks like the solution I've been needing
http://www.pcflank.com/art36.htm
*EDIT: turns out the only object I have there is one for Adobe Acrobat Reader
thanks for the help though :|
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
25 Nov 2003, 23:37
|
#20
|
Mr. Blobby
Join Date: Nov 2000
Location: Belgium
Posts: 8,271
|
Re: Spyware unremovable?!
Quote:
Originally Posted by Luckeh!!!!
Opera is shite sorry
|
Opera is ace.
I prefer it to the imo a tad disappointing Firebird, which apparently doesn't even have a 'open requested pop-ups only' feature
|
|
|
7 Dec 2003, 00:50
|
#21
|
Here and Not Here
Join Date: Jan 2003
Location: Maryland, USA
Posts: 183
|
Re: Spyware unremovable?!
Something I live by when taking spyware and adware off my sisters comptuer is Spybot Search and Destroy. You can get it at www.download.com Its like an antivirus for spyware and adware it searches for known adware and spyware on your PC and then gives you the option of wether or not to remove it. It comes in quite handy. Note it does take a while for it to scan. And another plus is you can update it to include new adware and spyware just like norton live update.
|
|
|
7 Dec 2003, 18:44
|
#22
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
I've already got it if you read my first post thoroughly
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
10 Dec 2003, 03:02
|
#23
|
Naked & Profane
Join Date: Jan 2002
Posts: 357
|
Re: Spyware unremovable?!
Please if you find out how you do get rid of that fking annoying thing please tell me i tried to get it off three pcs with no sucsess
|
|
|
20 Dec 2003, 12:15
|
#24
|
The one that never sleeps
Join Date: Aug 2002
Location: England
Posts: 33
|
Re: Spyware unremovable?!
Have you tried spybot search and destroy and ad-aware? Also if it comes to windows not allowing you to delete a file, try deleting it in safe mode. Task manager is important btw, you seemed to have it selected.
__________________
2.7ghz A64 and a 1900gt, a bit more powerful than last time eh?
O you who turn the wheel and look to windward,
Consider Phlebas, who was once handsome and tall as you.
T.S. Eliot
'The waste Land', IV
|
|
|
21 Dec 2003, 17:44
|
#25
|
☆ ♥
Join Date: Jan 2003
Posts: 3,489
|
Re: Spyware unremovable?!
again another person not to read what I've put
__________________
R3: LegioN (came #32) || R4: BlueTuba
R5: WolfPack Order || R6: Wolfpack
R7: Fury
----------retired-------
R52-R55: Apprime
R56-R57: FaceLess
R58-60: Apprime/Ultores
|
|
|
|
All times are GMT +1. The time now is 20:34.
| |