I can't remove a spyware. Help !!!

Discussion in 'Windows Desktop Systems' started by percy, Mar 29, 2005.

  1. percy

    percy OSNN Senior Addict

    Messages:
    416
    I had inadventently install a bogus file that is a spyware and it randomly open an IE site with ads. I had already ran spybot and ad-aware again and again but it is comes back. I tried to look for an uninstall but none. What else can I use to remove this? I am using Mozilla Firefox as my browser. Thanks.
     
  2. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Post a HijackThis log.
     
  3. Petros

    Petros Thief IV

    Messages:
    3,038
    Location:
    Pacific Northwest
    Look for odd-looking processes running in the task manager. Usually spyware programs have telltale names, and when you end them, they keep coming back. You can reboot Windows in safe mode to delete them.
     
  4. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Thread moved to Windows Security
     
  5. percy

    percy OSNN Senior Addict

    Messages:
    416
    when i tried to end the process of this file "wuauclt.exe" it came back and back. i will try to find and delete it from safe mode.
     
  6. Lee

    Lee OSNN Proxy

    Well thats a process for windows update.

    Windows Update AutoUpdate Client
     
  7. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    why dont you do a print screen of your processes and perhaps we can identify the process and program to delete.
     
  8. gonaads

    gonaads Beware the G-Man Political User Folding Team

    It prolly came through as a Java applet or something like it. One of my daughter's computers had a problem such as this. In your AdAware when it finishes it should show loctions of the spyware files. I found them as a zip file with like 20 files within the zip. took five runs of AdAware to kill them all. It just kept duplicting itself. Look in your Firefox profile directory. There should be a folder that has to do with Java or is named Java. Or in the Firefox directory. (I don't frickin remember :( ) Look in there, there could be some zip files in it that should not be there. I wish I remembered what they looked like or the names of them.


    Hope this points ya in the rite direction. :)
     
  9. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    .
     
  10. percy

    percy OSNN Senior Addict

    Messages:
    416
    this was an EXE file that i downloaded and run. it had a different name so i thought it was the file that I was really looking for. as soon as the IE pops up then I will take a screen shot and post it. thanks.
     
  11. percy

    percy OSNN Senior Addict

    Messages:
    416
    It's an = Elitum.EliteBar ..
    Spybot sees it and after uninstalling it will will resintall itself again. I don't know where to find the file to delete . ???
     
  12. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  13. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    search for it in windows, once you've found it restart your computer go in to ms dos mode, locate the file and delete, this way it shouldn't be able to replicate itself, i've had to do this a few times, with some persistant spyware.
     
  14. Evil Marge

    Evil Marge I Rule Political User

    Messages:
    6,574
    I had exact same problem with that exact same file only yesterday with stupid pop up all the time :mad:
    Only way we could get rid of it was to delete it in Safe mode.It was system32 folder I think :)
     
  15. percy

    percy OSNN Senior Addict

    Messages:
    416
    i'll check the files again. thanks.
     
  16. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal

    One would hope it is Lee, but I doubt it.

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.clt.html

    Run Spybot, and Adaware in safe mode. Disable system restore before you do it (you will lose your restore points)

    Make sure to post your hijack this log as several have requested in this thread.

    This guy got it fixed - mostly using hijackthis, and some safe mode action:

    http://www.geekstogo.com/forum/spyware_removal-t11383.html
     
  17. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    OK, last try, if you post a HJT log I can fix you up, if you don't, then I can't help you.