Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #21 (permalink)  
Old July 30, 2009, 10:24 AM
somecanadianguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: somecanadiancity
Posts: 1,118

My System Specs

Default

So now I have to try to convince her to have a look around for ScanSpyware leftovers...
Don't think she'll just let me do it...
Then I have to convince her to run SuperAntiSpyware again...
We'll see how this goes.

This sucks
I can't believe she installed that program.
She said that it got from Cnet and it had great reviews...

Thanks again guys.
Looks like I'm in for a fun weekend.

Last edited by somecanadianguy; July 30, 2009 at 10:42 AM.
Reply With Quote
  #22 (permalink)  
Old July 30, 2009, 11:03 AM
somecanadianguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: somecanadiancity
Posts: 1,118

My System Specs

Default

Ok, she did a Windows search and found some files in C:/Windows and C:/Windows/Prefetch...
She deleted them and then ran a prog called RegistryMechanic which she uses a lot (probably too often).
I'm trying to get her to check out the removal instructions, but she's not that interested.
I'm not even sure if I should push her anymore, because If she something up worse while trying guess who'll get the blame?
Of course she won't just let me on there to deal with it.
How much of a threat is this ScanSpyware?
Should I really be worried?

Last edited by somecanadianguy; July 30, 2009 at 11:24 AM.
Reply With Quote
  #23 (permalink)  
Old August 14, 2009, 08:58 PM
somecanadianguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: somecanadiancity
Posts: 1,118

My System Specs

Default

Well, she finally decided to let me try to help.

Malwarebytes only showed one infection:
Rogue.AntiSpywareBot

The error on install was something about HpSdpAppCoreApp... something to do with Hp Easy Internet Sign-up.

I'm running SuperAntiSpyware right now... only a bunch of tracking cookies so far.

Should be another fun night!!!
Reply With Quote
  #24 (permalink)  
Old August 15, 2009, 07:36 AM
Nodscene's Avatar
Allstar
 
Join Date: Dec 2007
Location: Toronto
Posts: 947
Default

I have to say I've found Superantispyware to be too far behind the ball lately and have pretty much given up on it in favour of Malwarebytes. If you are still infected after Malwarebyte, download Combofix, reboot in safe mode and run it. Once it's done it's thing it will probably ask you to reboot and do so but again go into safe mode and wait for the text file to open up.

I know people are a bit leary of combofix but I have yet to run into any problems with it and I've used it well over a 100 times. Actually, I've run into more issues with Superantispyware blue screening than any other program. If you are still infected after that then it's time to do it the old school way and track down all the files and registry entries and delelte it. Make sure you try updating Malwarebytes before every use in case you do have a 0 day.

Edit: I usually end up running both Malwarebytes (or SAS) and Combofix as it almost always finds more stuff to delete.
__________________

Create something idiot proof and they will make a better idiot.
_____________________________________

Intel Q6600 - Gigabyte EP35-DS4 - OCZ Reaper 4gig PC2-6400 - XFX 8800GT 512Mb Alpha Dog - AuzenTech X-Fi Prelude - Alesis M1Active MK2 - Corsair HX-620 - Silverstone Temjin TJ05B-X - Scythe Katana 2 - WD Raptor 150Gb - Seagate 7200.11 750Gb x2 - Samsung SH-S203N
Reply With Quote
  #25 (permalink)  
Old August 15, 2009, 08:55 PM
somecanadianguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: somecanadiancity
Posts: 1,118

My System Specs

Default

So far, after a night/day of work it's running better.

There are still a couple items in the msconfig startup tab that are invisible.
I'm thinking I may try to get her to let me run SAS or MBAM again in safe mode.
I'll look into combofix.

Any other suggestions?

Last edited by somecanadianguy; August 15, 2009 at 09:02 PM.
Reply With Quote
  #26 (permalink)  
Old August 16, 2009, 05:00 AM
AkG's Avatar
AkG AkG is offline
Hardware Canucks Reviewer
 
Join Date: Oct 2007
Posts: 4,322
Default

I would also try hijackthis and look through its log for any programs which do not belong.
Actually, I would also run a few specialized root kit detectors like F-Secure's Blacklight, Sophos Anti-Rootkit and then Rootkit repeal. IIRC you can't run some of them in safe mode (they need special drivers to be loaded, my memory is fuzzy on the details...hell I may be out to lunch on it and rembering it arse backwards!).

BlackLight
Sophos Anti-Rootkit - Free rootkit detection and removal
RootRepeal - RootRepeal - Rootkit Detector

Between all three (in addition too MBAM, SAS and combofix ) you should feel safe knowing that whatever is left is not malware/spyware or a rootkit.
__________________
"If you ever start taking things too seriously, just remember that we are talking monkeys on an organic spaceship flying through the universe." -JR

“if your opponent has a conscience, then follow Gandhi. But if you enemy has no conscience, like Hitler, then follow Bonhoeffer.” - Dr. MLK jr
Reply With Quote
  #27 (permalink)  
Old August 16, 2009, 07:18 AM
"Quote This..."
F@H
 
Join Date: Nov 2007
Location: Hell
Posts: 3,828
Default

If you scanned your apartment for malware, it would find your girlfriend.

Tell her to let you clean her comp or she can't use your network or your External drive.
Reply With Quote
  #28 (permalink)  
Old August 16, 2009, 08:06 AM
MacJunky's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: Creston, BC
Posts: 1,715

My System Specs

Default

[fantasy]
There needs to be antivirus/rootkit/malware utility that resides on a bootable USB flash drive. No safe mode, no av programs getting messed with, etc.
You can pop it into a booted clean PC then run the updater to get updated database. You then carry it over to the infected PC, boot off it and clean your drive(s).
[/fantasy]
Reply With Quote
  #29 (permalink)  
Old August 16, 2009, 08:06 AM
MacJunky's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: Creston, BC
Posts: 1,715

My System Specs

Default

[fantasy]
There needs to be antivirus/rootkit/malware utility that resides on a bootable USB flash drive. No safe mode, no av programs getting messed with, etc.
You can pop it into a booted clean PC then run the updater to get updated database. You then carry it over to the infected PC, boot off it and clean your drive(s).
[/fantasy]
Reply With Quote
  #30 (permalink)  
Old August 16, 2009, 10:58 AM
somecanadianguy's Avatar
Hall Of Fame
F@H
 
Join Date: Mar 2009
Location: somecanadiancity
Posts: 1,118

My System Specs

Default

Quote:
Originally Posted by AkG View Post
I would also try hijackthis and look through its log for any programs which do not belong.
Actually, I would also run a few specialized root kit detectors like F-Secure's Blacklight, Sophos Anti-Rootkit and then Rootkit repeal. IIRC you can't run some of them in safe mode (they need special drivers to be loaded, my memory is fuzzy on the details...hell I may be out to lunch on it and rembering it arse backwards!).

BlackLight
Sophos Anti-Rootkit - Free rootkit detection and removal
RootRepeal - RootRepeal - Rootkit Detector

Between all three (in addition too MBAM, SAS and combofix ) you should feel safe knowing that whatever is left is not malware/spyware or a rootkit.
I'll see if she'll let me do some more to it.
She says it's working fine now... we'll see...
It's hard to help someone who doesn't want your help.

I've used HijackThis before, but don't really know what to look for always.
Also, last time she saw it in her add/remove programs list she freaked out.


Quote:
Originally Posted by Squeetard View Post
If you scanned your apartment for malware, it would find your girlfriend.

Tell her to let you clean her comp or she can't use your network or your External drive.
Reply With Quote
Reply


Thread Tools
Display Modes