| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 62257 | 2005-10-02 00:16:00 | Getting rid of a tough spy... | ojibwa (8968) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 392715 | 2005-10-03 03:23:00 | I've turned on the teatimer (I think) and am going to look into the false/postive thing more tomarrow. I wasn't sure which scan you wanted me to run in safe mode (ewido/spybot) so let me know in your next post which one, and if it is still a viable option of repair. | ojibwa (8968) | ||
| 392716 | 2005-10-03 03:44:00 | I wasn't sure which scan you wanted me to run in safe mode (ewido/spybot) so let me know in your next post which one, and if it is still a viable option of repair. both |
bartsdadhomer (80) | ||
| 392717 | 2005-10-03 20:47:00 | Ewido comes up with this (all other things scanned were fixed): --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 1:28:19 PM, 10/3/2005 + Report-Checksum: 7109F732 + Scan result: HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Error during cleaning HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Spyware.YourSiteBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historysearch_string -> Spyware.ISTBar : Error during cleaning Example of a cleaned file :mozilla.6:C:\Documents and Settings\Alex'sAlternateAccnt\Application Data\Mozilla\Firefox\Profiles\mhum63yc.default\coo kies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup With Spybot S&D I get an error message, there were two items found and one was fixed. "Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory). This could be fixed after a restart. May Spybot-S&D run on your next system startup? Yes/No" The same message will come up regardless of when I scan. Ewido just finished doing an automatic update, please don't tell me I gotta scan again...takes an hour. :yuck: (I updated when I first installed, but maybe there is something in this update?) |
ojibwa (8968) | ||
| 392718 | 2005-10-03 21:31:00 | Have you run ewido in safe mode? If you are in safe mode the problems shouldn't be loaded to memory Why don't you manually delete the mentioned registry keys Also Hijackthis may be useful to help rid them at startup Have you used Spybots Advanced tools to erase unwanted startup entries |
bartsdadhomer (80) | ||
| 392719 | 2005-10-04 06:07:00 | Yes I ran both Spybot and Ewido in Safemode withOUT networking. I'm on XP Professional if that makes any differance. If found it strange that the files could not be fixed in Safemode as well, usually files will just restore themselves if they are toughies to get rid of, not just simply block my attempts at deletion. I'm not certain how I get to the HKEYLOCALMACHINE directory. I used the tool in Ewido to get rid of system start up operations, I didn't know about the one in Spybot (try it a bit later). With Hijack this I'm not the most experianced, most people ask you to post your results after a scan, you saying I should go with my gut on what to fix? |
ojibwa (8968) | ||
| 392720 | 2005-10-04 07:01:00 | Have you disabled System Restore? 1. Nasties can restore themselves upon a reboot 2. Most programs cannot 'fix' infected files in System restore as they are protected 3. It will save the scanners scanning a couple of GB of files and speed the process up |
bartsdadhomer (80) | ||
| 392721 | 2005-10-04 21:17:00 | Aha, a clue Sherlock . No indeed I have not turned off system restore, I was kinda waiting for someone to come up with something like that . Currently I let it use 1 or 3 % of my harddrive . I believe that every time i've fixed my computer I'd to turn of System restore, thanks for the reminder :D |
ojibwa (8968) | ||
| 392722 | 2005-10-05 11:40:00 | Unfortunately I'm getting the exact same error messages after scanning with Spybot and Ewido even if I turn off System Restore. :mad: | ojibwa (8968) | ||
| 392723 | 2005-10-06 20:25:00 | Guess my last post was made too late in the day, let's bump up this shizzouse. :o | ojibwa (8968) | ||
| 392724 | 2005-10-07 13:40:00 | I still require assistance. | ojibwa (8968) | ||
| 1 2 3 4 5 6 | |||||