probable spyware/virus  | | | 
July 3rd, 2004, 04:01 AM
|
#11 (permalink)
| | Member
Join Date: Jun 2004 Location: usa
Posts: 250
|
i'm glad it saved your computer! 
trust me? lol | 
|  | |
July 3rd, 2004, 10:33 AM
|
#12 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
Sigh, whoever was on here this morning disabled the adaware resident. Whatever this piece of crapware was trying to do has been done. I've noticed im unable to use regedit, but only after these reg values find there way into my registry. Coincidence? hm..
Beemer, I will try your suggestions and post back
__________________
“One things for sure: Whenever we play, our goalie stays warm.”
- Ville Nieminen, Pittsburgh Penguins
| |
| | |
July 3rd, 2004, 11:53 AM
|
#13 (permalink)
| | Member
Join Date: Jun 2004 Location: usa
Posts: 250
|
Gilt, try renaming regedit.exe to regedit.com
works when infected with certain win32 worms,trojans,etc..
If you ever get problem opening task manager the same renaming process with taskman can be used. http://www.mvps.org/sramesh2k/exefile.htm
Once registry ca be opened, the hacks can be done.
usually regedit.com will not have to be renamed back to the exe. Regedit.exe will already have duplicated itself when you renamed it to regedit.com
Just delete regedit.com (or rename back to exe if the exe isn't there.)
I hope this helps you
Last edited by noseBleeD : July 3rd, 2004 at 12:06 PM.
| |
| | |
July 3rd, 2004, 01:43 PM
|
#14 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
Thanks nosebleed, that worked like a charm. Found and deleted reg entries associated with "aol messenger". AS soon as that was done, adawre started alerting me again, so it immidiately is trying to reinstall itsself. This is the most elusive spyware I've ever seen. Virus and spyware scans in safe mode show nothing except normal tracking cookies that always come up in scans after somone browses the web for a while. Spycleaner and Spysweeper as recommended above are showing nothing. | |
| | |
July 5th, 2004, 03:24 PM
|
#15 (permalink)
| | Senior Member
Join Date: Dec 2003
Posts: 877
|
I'm absoltely baffled here. I'm picking up a running process in adaware's adwatch called c:\winnt\system32\aolmsngr.exe
This file doesn't exist! How can it be a running process? I thought maybe somehow it was "hiding" in windows, so i booted to the recovery console and did DEL aolmsngr.exe
I got a file not found error. | |
| | |
July 5th, 2004, 03:31 PM
|
#16 (permalink)
| | Member
Join Date: Jul 2004 Location: Oregon, US
Posts: 182
|
are you sure it's not a Hidden file that you just didn't enable to view all the files, and also, try clean up your internet explorer's temp. folder. sometimes it runs in there as a different file, oh and maybe unplug your cable modem while you're doing it | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
