Page 2 of 2 FirstFirst 12
Results 16 to 17 of 17

Thread: All adware/spyware programmers need to be shot.

  1. #16
    Join Date
    Jun 2005
    Posts
    347

    Default Re: All adware/spyware programmers need to be shot.

    There are actually several Malwares now that will higjack descktop, some more worse then others, One I know of is called "spy sherif" evil sumbichin lil program that will rewrite reg files, It will also highjeck desktop put up their silly lil spyware ad, plus write to registries so that you can not change the desktop themes, Also will turn of "system restore" as well as delete restore history..

    Common thing to fix this is first, disconnect from internet, Go into your "Documents and setting" in the c/: drive, in the root of (computer's user's name) will be the original desktop.html plus a coupl of datfile. In side those file are the dump command to redirect it to c/:WINDOW/system32 =root file, delete those files first...youll know its safe because of the last modified date on them..

    (keep in mind they catch onto this and will relocate but all within Document and settings folders commonly in temp) By deleting this file(s) whenever you perform other deletings they will now not apear..

    Now got c/:WINDOWS, Delete the entire "Temp" folder incase any hidden files are within that folder, Clear all cache files, its important because if not they will only pop up again as soon as you launch IE/browser..

    Now, provided the malware hit that very day, just from browsing the net, you can safely go into your systems32 file, Select to few the files as "details" (option at top of window explorer window) then click at the top along the top of the files where it says "Date modified" click it a second time it will list every file added/modified that day, all in order.. Youll then see some .EXE file(s) plus some .DLL files maybe even a XML file, usually the xml is safe. You will aslo see the carbin copy of "desktop.html" or in other cases whatever they name thier new html..If you do not have a second PC in the house it is safe to reconect however DO NOT click any links once you launch a browser.. whatever home page you use now will only use serch ingine, Now look at the list of exe file(s) type that file name into engine, youll then get a huge selections of sites talking about it, simply look for the key words virus, malware spyware blah blah blah,,,delete that file, Then move on to the .DLL files, same procedure, and ANY files listed as modified for that date check in this manner..

    Then close browser clear cache, history, downloaded internet files, and delete temp folders again (they will come back upon boot up) then goto this site... http://www.kellys-korner-xp.com/xp_tweaks.htm And click on the link at #128 right hand side, it will restore your ability to change desktop theme..

    At this point you want to run "spybot" to ensure no "time bombs" are stored in regedit (these activate when openeing a program IE being one of them but "Highjack this" will clear IE later..

    Run any virus scans, and adromover scan you ahve, believe it or not not much comes up after you follow these steps other then some small ones that are not even considered "malware"

    At some point in doing this you may have came across in systems32 folder one that wont delete try rebooting into safemode and see if you can then delete it, however ive seen some cases you can not without doing a format, However if it is part of that paticular malware, now that the >DLL file is gone the program itself is corrupted and wont run prperly meaning youll never notice it.

    Now run the highjack this program, but first shut everything active off. and before cleaning or fixing read the list or it will aslo delete your files needed like svhost, among other programs youll reconize as daily use, and windows OS/IE etc.
    Priest Coaidiel Ovhate
    75 Cleric of the Rathe

  2. #17
    Join Date
    Jun 2005
    Posts
    347

    Default Re: All adware/spyware programmers need to be shot.

    Sorry if confuseing and spelling sucks, tired as hell, I feel like I did 7 back to back Creators or somthing..blah
    Priest Coaidiel Ovhate
    75 Cleric of the Rathe

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •