SWG Tales

We had a major spyware problem on one of our main computers at work today, and I got elected to fix it. So much junk has been downloaded and is running that the computer has 0 system resources left. I don't know what to do.

Does anyone know a GOOD spyware removal system or a place where I can get a copy of a good professional tool? I am struggling here and we can't do much without that computer.

PLEEEEEEEEEASE help me...anyone.

Stephen: (To Wallace) The Lord says He can get me out of this mess, but He's pretty sure you're fucked.

Go to downloads.com and grab Spybot. For good measure, grab AdAware while you're at it.

If your machine is so hosed that you have 0 system resources left, you might need a professional to remove all that shit. My bro-in-law's machine was like that, and it took the combined effort of my wife and I an entire weekend of screwing with it to get it to work.

It actually involved re-installing the OS in the end, so be warned, this could be a lengthy process.

The problem is figuring out how to get Spybot running in Safe mode, so that you can kill the spyware that's booting up in your system tray (that's why you have zero resources left). Otherwise, the system is too bogged to even get it to be able to install the anti-spyware softs.

Call me at home tonight or on my cel and I can walk you through what we did.

Crap....

I was actually able to download and run spybot and run it...

it cleaned out 86 files...and said that it couldn't find any more.

But Norton keeps picking up this one trojan labeled randreco.exe. It's also called 2nd thought trojan. And norton won't delete it.

Running spybot in safe mode was no problem, but it hasn't fixed the problem.

Del'tar Chagas wrote:Crap....

I was actually able to download and run spybot and run it...

it cleaned out 86 files...and said that it couldn't find any more.

But Norton keeps picking up this one trojan labeled randreco.exe. It's also called 2nd thought trojan. And norton won't delete it.

Running spybot in safe mode was no problem, but it hasn't fixed the problem.

Did you get the updates for Spybot? It's in like the upper left hand corner of the main screen. You might need to update the defs.

Also, update Norton's defs too.

I'm guessing the reason why norton might not be deleting it is because it's infected your "root" directory tree or some such device, meaning if it deletes it, you won't be able to run Windows again. I had one of those awhile back called the Form A virus. Had to re-install windows.

Use Microsoft anti-spyware, which is free from Microsoft. It is better than spybot and ad-aware combined, IMHO. It has been benchmarked against them and even though its only in beta - it is one of the best solutions out there. Plus it will monitor the system from here out if you decide to do so.

Jabe

To add to Jaberade's post,

Just uninstall all of the stuff you installed :P, then run windows update...

I saw PC-cillin was rated better than Nortons in Consumer Reports. So I picked up a copy since my Internet Security was out of date and the subscription expired.

They also have a free website where you can scan and remove viruses from.

http://housecall.trendmicro.com/

Holy f-ing God, was this an ordeal. I got microsoft anti-spyware loaded and running and stuff, but there is ONE spyware file I cannot get rid of. It is shown as randreco.exe and symantec has it called Adware BetterInternet. They even made a removal tool just for it. However when I run it, it says that I don't have the file on my computer. Any more suggestions ladies and gents?

Del'tar Chagas wrote:Holy f-ing God, was this an ordeal. I got microsoft anti-spyware loaded and running and stuff, but there is ONE spyware file I cannot get rid of. It is shown as randreco.exe and symantec has it called Adware BetterInternet. They even made a removal tool just for it. However when I run it, it says that I don't have the file on my computer. Any more suggestions ladies and gents?

Re-install windows.

No. I refuse. Plus, I don't know how to do that properly.

Del'tar Chagas wrote:No. I refuse. Plus, I don't know how to do that properly.

It sounds like you are dealing with a worst case scenario. Formatting and re-installing is the only way to ensure the system is not owned.

Jabe

Jabe Adaks wrote:Formatting and re-installing is the only way to ensure the system is not owned.

You mean P@WN3D?

Thanks for the suggestions folks...I think I have managed to fix the problem. I actually found manual removal instructions for what had infected the computer...turns out everything was uninstalled and nothing malicious was running, but there was a shortcut, some registry keys and some DLL files that just wouldn't delete. That was fun. But I have to say, microsoft's anti spyware is pretty wonderful. It has a process analyzer and a startup program manager built right in (which is quite helpful if you are unsure of what processes are doing what on your computer).

Once again, thanks all.

Another thing to always remember:

Safe mode is your friend!

Next time that happens, boot up into safe mode (with or without network support) and do your work from there. Safe mode keeps the spyware from running and only uses enough drivers to keep the system up. So you can load up or use some spyware removers without working about lockups.

A re-installation is the easy way out.