PDA

View Full Version : Another way to beat the bozoos



txtaz
03-24-2005, 04:37 PM
Since I have been working on the road most of last year, my main computer in the house had been shut down 90% of the time. Well, I got around to setting up the home network and low and behold some (insert own profanities here) got malware on that puter. The name was elite toolbar and popped up ads constantly. I did the usual scans with all the tools and nothing got rid of it. So here's what I did....
Run all scans and write down all the info, most important is location and filename. Now these guys think they are smart changing the name of the exe, but weren't smart enough to change the full name. Next reboot into safe mode and go to the command prompt. Change to the directory where the exe is, do a directory search for the partial name. For example, in my case it was "dir elite*.*". This shows you all files starting with "elite" plus any characters after elite and any extension. Make sure you don't delete any system files. If you are not sure, ask. You can delete each one individually with "del filename" or all of them at once, "del elite*.*" (my case). Reboot into normal mode and run all scans again to clean up the reg entries the last enumeration made.
There, clean puter...Now go boating. :biggrin: :biggrin: :biggrin:
Hope this helps,
Wes

TuxedoPk
03-24-2005, 06:47 PM
There, clean puter...Now go boating. :biggrin: :biggrin: :biggrin:
Hope this helps,
Wes

Wes, I tried what you said but it didn't help at all- We just got another 6" of white crap last night and boating season seems further and further away :(

Rich

MOP
03-24-2005, 09:14 PM
Wes I had one get through the other day, none of the four programs I have could find it. What I do to get rid of them is to go into the registry and search the name then delete the keys. I run scan disk with delete cross links, free lost file fragments and check for invalid file names that seems to clear all the crap out. It has gotten so bad I have been in there 3-4 times this year, they are getting slicker. I had no need to go into the registry for a long time but I have had to brush lately.

Phil

txtaz
03-25-2005, 08:10 AM
Rich, Send me your info about the malware and I will see what I can do. Sorry to hear about the white stuff.
Just to be clear, you need the following:
Ad Aware
hijackthis
sybot search and destroy
yahoo anti spy
MS spy tool (don't remember the name and not on this puter)
Once installed get the latest update to the programs definition file.

Phil, I have a hard time thinking there is not a way of preventing this. I have to get the house put back together today so I can boat tommorow. Jenn get home on Sunday and I will be ( well you know ) if the house isn't done. I'm going to start researching ways to prevent malware.
Also, remember reg keys are only a pointer to the actual file. I prefer to get rid of the file first, reg keys next. This way the file does not load on boot and you don't get a file is in use error.
Wes

TuxedoPk
03-25-2005, 03:52 PM
Rich, Send me your info about the malware and I will see what I can do. Sorry to hear about the white stuff.


Wes, I'm fine in terms of malware- it's the white stuff I could have used a hand with!