Just this last week, I have had to deal with a couple of adware infected machines at work. One of our operations PC got infected with a TON of stuff, the most insidious of which is one called VX/BetterInternet. (Yeah, right!) Yeah, I would run ad-aware, and even spybot search and destroy. They would each say that there was something still running, so it couldn't delete the file. I also cleaned up the RUN key in the registry. I tried to delete the adware manually (i.e., stop the process, then delete the file), but it kept respawning immediately! There was another process that was launching the adware and also creating the .exe under different names, but I couldn't find the parent process in the task manager process tab. I went to www.sysinternals.com and downloaded Process Explorer. I used it to kill the parent process of the adware, then ran ad-aware and spybot to clean up the files. IT WORKED! The process was unable to respawn, and I got rid of it. Try it! Now I can't wait till Monday. I can finally clean the crap off of the VP's laptop. (Sheesh!) At 11:49 AM 6/12/2004 -0400, you wrote: >Well if you're gonna nuke it all anyway and reinstall windows XP.... may as >well learn a little along the way. Try disabling any startup program that >doesn't look too important and see what happens. Worst case you'll f-disk >and reinstall. Best case you'll fix it and not need to. > > >----- Original Message ----- >From: "Dave Dilatush" >To: >Sent: Saturday, June 12, 2004 11:35 AM >Subject: Re: [OT:] Adware Aggrevations > > >> Russell McMahon wrote... >> >> >If you are down to the one intractable program now, how about giving us >as >> >much information as you can and seeing if we can't beat it together. >> >> I suspect "one intractable program" might be a bit optimistic; >> let's say the steps I've taken so far have resulted in a >> significant reduction in the annoyance. But after running >> Adaware, Spybot S&D and Mcafee multiple times, they ALWAYS still >> report bad stuff on the next run-- even if I've disconnected from >> the network while running them. (That seems to be the case with >> the complainant in the www.computercops.biz link you posted, >> too.) >> >> Part of the problem here, is that I am PROFOUNDLY paranoid about >> tinkering around with the innards of Windoze. I've had a lot of >> experience with it in the past, ALL of it disastrous. I seem to >> have an uncommon talent for screwing up my computer and have >> learned simply to refrain from messing with anything as it always >> seems to make things worse no matter how clever or careful I >> think I am. >> >> I appreciate the suggestions you presented, and will keep your >> post for future reference. The "45 Magnum" idea seems a bit >> dire, though, as I'd have to go out and buy one. I do have a .22 >> Browning which works fine for murdering tin cans, perhaps that >> would suffice? >> >> Thanks, >> >> Dave D. >> >> -- >> http://www.piclist.com hint: The PICList is archived three different >> ways. See http://www.piclist.com/#archives for details. > >-- >http://www.piclist.com hint: The PICList is archived three different >ways. See http://www.piclist.com/#archives for details. > > Remove the BALONEY from my email address. ----------------------------------------------------- Matthew Fries Minneapolis, MN USA freeze@baloneyvisi.com "Quit eating all my *STUFF*!" - The Tick -- http://www.piclist.com hint: The PICList is archived three different ways. See http://www.piclist.com/#archives for details.