| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 58930 | 2005-06-16 07:45:00 | Spyware not removable?? | pctek (84) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 364371 | 2005-06-16 07:45:00 | While doing a spyware check I came across this folder under Program Files: vpurptw It contains these files: cnml.exe fyqchsbn.dll fyqchsbn.exe nbshcqyf.exe profile.dat None of it shows up in any of the checkers I have run, inc Hijackthis. There WAS stuff but it all cleaned out. I only noticed this as I was going through the drive and cleaning out temp files, cookies etc. It will not allow delete even in safe mode. They look suspect to me and the f and n files are running in processes. PC seems ok at present but I don't like it and would like to be able to remove them Any ideas? Google didn't bring up anything I could find. |
pctek (84) | ||
| 364372 | 2005-06-16 07:53:00 | If you wish to delete the files give Move on boot a go it can be downloaded here (www.softwarepatch.com) :thumbs: | Overdrive_5000 (4950) | ||
| 364373 | 2005-06-16 08:17:00 | Hijackthis has a moveonboot tool as well, its buried a couple of menu's into the program.The only advantage the proper moveonboot tool has is you can drag files into it. | Metla (12) | ||
| 364374 | 2005-06-16 08:24:00 | But Hijackthis doesn't even see them. | pctek (84) | ||
| 364375 | 2005-06-16 08:49:00 | This is a nasty one and quite tricky to remove completely because of the different files it hides everywhere . Download KillBox ( . bleepingcomputer . com/files/killbox . php" target="_blank">www . bleepingcomputer . com) . Run KillBox and paste The FIRST ONE of these lines into the box, select delete on reboot then press the red X button, say yes to the prompt but no to reboot now . Continue to paste the lines in in turn and follow the above procedure every time . C:\PROGRAM FILES\vpurptw\cnml . exe C:\PROGRAM FILES\vpurptw\fyqchsbn . dll C:\PROGRAM FILES\vpurptw\fyqchsbn . exe C:\PROGRAM FILES\vpurptw\nbshcqyf . exe C:\PROGRA~1\vpurptw\profile . dat Then on KillBox's top bar press Tools and then empty temp files and follow those prompts and say yes to everything . Reboot . Delete the folder you found: C:\PROGRAM Files\vpurptw Then go to C:\windows\temp and select EVERYTHING and delete it all and then do the same for C:\temp . Delete all the Temporary Internet Files, History and Cookies in Internet Options . You may also find that the Hosts file has been changed to divert you to all sorts of other sites so make sure you check in there . There will likely be other files buried elsewhere in Windows/System and other places . HijackThis might reveal them so you might like to post a log for examination . |
FoxyMX (5) | ||
| 364376 | 2005-06-16 09:10:00 | But Hijackthis doesn't even see them. Ya, I was referring to a delete on boot tool that is part of Hijackthis but seperate from that scan and display part of the program. It just opens a text box and you can enter in the names of any files you want deleted on next boot. |
Metla (12) | ||
| 364377 | 2005-06-17 11:33:00 | So.... how did you get on with removing these pests? | FoxyMX (5) | ||
| 364378 | 2005-06-17 13:36:00 | yeah pctek I'd like to know what happened too. That's how I (and I guess lots of others) learn about things here. :p :o ;) :xmouth: :D | mark c (247) | ||
| 364379 | 2005-06-17 22:19:00 | Haven't yet . lady took it home to see how she gets on . I had already cleaned out temp folders, cookies etc etc . It did not appear to be active, but it was annoying me I couldn't remove that last folder and contents . All scans with everything were clean . I did tell her I had posted here and would get back to her with removal instructions if any were suggested so looks like I'll be going over there today and trying Foxys program . I forgot about those kind of tools . . . . I had removed everything Hijackthis found as well and installed SPywareblaster and enabled everything, hosts is ok . She had a LOT of different spywares . Not helped by the fact that she had downloaded a heap of them herself, various toolbar helpers, online casino stuff and kazaa . And Imesh . And some lovely porn that launched in your face on startup . Apparently her sisters PC is the same so I'll have that joy to do too . |
pctek (84) | ||
| 364380 | 2005-06-17 22:22:00 | Ya, I was referring to a delete on boot tool that is part of Hijackthis but seperate from that scan and display part of the program. It just opens a text box and you can enter in the names of any files you want deleted on next boot. Where do I find that? Or how I should say? I looked but couldn't see it. |
pctek (84) | ||
| 1 2 | |||||