Re: Ad-Aware - OT?

From: Unsubscribe Here! (spam_at_tack.force)
Date: 02/19/05 

Date: Sat, 19 Feb 2005 14:31:31 -0500

Moir wrote:
> Thanks Kerry for your reply - I have downloaded and run Spybot which
> shows a "clean"system! When I ran Ad-Aware (without the updated
> signature files) a number of "bad" entries were found. When trying to
> remove/quarantine them, Ad-Aware just "froze" up on me. I had to
> ctrl+delete my way out of it. :-(
>

Naturally, without knowing what malware may be causing the problem, it's not
easy suggesting a "guaranteed" course of action. Determining whether or not
it's a "security" issue (either with your firewall or router or SP2) might
be necessary. However, you can try this:

1) Run the Ad-Aware scan again.

2) When you get to the list of "bad entries", don't ask for removal, just
record the locations of all of them. (If you can expand all the listings
and print them, that would be the easiest.

3) Restart in Safe Mode and run Regedit (Start>Run>regedit).

4) Delete the listed registry keys manually and exit. (If working with the
Registry is not something you're familiar with, get better qualified help!
Wrong edits to the registry can screw up Windows.)

5) Go to the locations of any files, folders, etc. that were also in the
"bad entries" list, and delete them.

6) Restart normally.

7) Open Ad-Aware and try to update it.

If Ad-Aware updates successfully, run the scan again! See if any found
entries will remove normally.

Bear in mind, those steps won't cover the "worst scenario".
If the malware has installed startup routines, some of the registry entries
that were deleted may return when you boot normally.

If you can identify the application(s) that are running on boot that aren't
part of your intended setup, you may have to unload them
(Start>Run>msconfig>Startup tab, uncheck the box to each one you don't want
to start on boot). If you do, and can boot without these apps rewriting
their way back into the startup, either Ad-Aware or SpyBot should remove it.

There's lots more to this, but let's see if you try this and if it helps.

- Brent

Relevant Pages

  • Re: registry cleaner
    ... on the add/remove tool when removing programs from your ... removing such entries. ... I see a marked improvement in performance and boot up time, especially when using CCleaner and SystemSuite5 after a clean install of XP and Office. ... I removed almost a THOUSAND errant registry entries. ...
    (microsoft.public.windowsxp.general)
  • Re: SP2 and Control Panel problems - delete programs function
    ... it was a long shot anyhow and I assume the problem persists if you boot ... and look at the key entries for visible signs of registry corruption. ... malware utils either seem to cause minor registry damage themselves during ...
    (microsoft.public.windowsxp.help_and_support)
  • [OT Windows tricks] Re: which 64 bit Linux distro for best OS/2 eCS compatibility?
    ... fixed with some registry updates, I have a file that can be imported to ... accomplish this, but I have yet to find a tool that can be used to ... I have found the Offline NT Password and Regedit boot ... After HD surgery behind Windows' back the entries in boot.ini might point to the wrong partition. ...
    (comp.os.os2.misc)
  • Re: Ad-Aware - OT?
    ... also ran Ad-Aware and Spybot in safe mode with system restore turned off. ... > entries will remove normally. ... > entries that were deleted may return when you boot normally. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: Network and DHCP failure with hive based registry on CE PC
    ... Ok, after many laborious hours, putting the PCI bridge template registry ... entries into the boot hive section seems to make this work: ... ; HIVE BOOT SECTION ... Sean ...
    (microsoft.public.windowsce.embedded)