Re: Spyware recovery

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Gary Walker" <twf@xxxxxxxxxx> wrote in message news:...
Details:

Win/XP home(neighbor's system)
Contracted non-malicious(apparently) intruder - "pest trap".
Many other non-significant details, but I became so im-
patient with this system so clogged with unknown/needed
process(es), I initially began a serious SF removal and
clean-up. Response time was measured in 15 minute
intervals. <g>

So, have I now compromised any ability for a recovery
point restore as an attempt at PT removal?

Or, any other suggestions?


Thank you,

Gary





Rather than manually attempting removal, (loads of work and usually not
effective)
use the free software out there to do the removal, and scans, hijack this,
adaware,
free online scans for malware and virus etc.
Since you didn't give details on what you did, there is no way of telling if
you did damage. what does SF removal mean??




SF was supposed to be software. OOps!

I tried Zone Alarm, which seems to neutralize the offen-
der until the next startup(warm/cold start). But, the sys-
tem doesn't have the cycles for perpetual ZA usage.

Thanks - Gary




Two part reply..


Perform Part 1 then perform Part 2.


If the first two parts don't work, perform the alternate section.


It is suggested that you execute each tool in Normal Mode then in Safe Mode.


Part 1
-----------


Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool --
SmitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1


http://www.bleepingcomputer.com/forums/topic43659.html


Part 2
-----------


Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe


Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close


NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.


Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }


A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan,
it will be
displayed in your browser (Opera, FireFox or Internet Explorer). However,
if you are using
WinXP, Win2K or Win2003 your system will be left in a state where you will
have to manually
shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown
in your bowser
but your PC will automatically be shutdown. It is suggested that you move
the report out of
c:\mcafee before performing another scan.


It would be best to scan in both Safe Mode and in Normal Mode and save a
copy of the HTML
report for each session.


ALTERNATE:


S!ri's SmitfraudFix
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


Please Copy and Paste the contents of the HTML Log files;
C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your
reply.


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Thanks Dave, but I'm afraid that's probably going to be beyond my commitment
level. As I said, this is a favor for a neighbor, and I really don't want to
make a career of this. It's one of those "never touch the system 'until it
breaks" issues, from the owner's perspective.

Thanks - Gary




What is a "serious SF removal"?

Response time for what?

What do you mean by a "recovery point restore"?

What is "PT removal"?

Rock [MVP - User/Shell]



SF was a typeo for (S)oft (W)are. Sorry !

Response time = system response, aka performance.

Recovery point restore = A recovery restore from system

saved synchronization points.

PT removal = Pest Trap removal



Thanks - Gary





It looks like I'll just probably rebuild the system, it prob-

ably needs it anyway. I did it previously about 2 years

ago. And, that will take care of everything at once.



Thanks for the replies.

Gary




.

Relevant Pages

  • Re: Spyware recovery
    ... have I now compromised any ability for a recovery ... It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... On Win9x/ME platforms the report will not be shown ... What do you mean by a "recovery point restore"? ...
    (microsoft.public.windowsxp.general)
  • Re: smitfraud creating fake registry entries??
    ... Download Adware-Virtumundo Removal Tool -- ... Information on the Adware-Virtumundo Removal Tool: ... On Win9x/ME platforms the report will not be shown in your bowser ... It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML ...
    (microsoft.public.security.virus)
  • Re: MDMS.EXE
    ... Please,submit that file to Virus Total and then post the report here: ... and scan your computer for all kind of threats using Panda's online scanner. ... FireWall to allow it to download the needed AV vendor related files. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.security.virus)
  • Re: Restoring My Computer...
    ... "Rock" wrote: ... restore my computer so I can't go back to an earlier date to fix ... You're next step would be to try a repair install. ... You'll have to use whatever recovery method is in place for your system, ...
    (microsoft.public.windowsxp.general)