spyware that just wont go away

Discussion in 'OT Technology' started by mia, Feb 19, 2005.

  1. mia

    mia New Member

    Joined:
    Feb 13, 2005
    Messages:
    208
    Likes Received:
    0
    i have a folder on my pc that comes up when you use adaware or spybot and every time i delete it the bastard comes right back.

    i've tried deleting it in safe mode. i've cleared cookies, temp files, you name it. and it does no good.

    what else should i try ?
     
  2. Buttcheeks

    Buttcheeks Guest

    format c:
     
  3. Zourn

    Zourn 16-bit Ninja OT Supporter

    Joined:
    Apr 3, 2002
    Messages:
    2,354
    Likes Received:
    0
    Location:
    Texas
    Microsoft's Antispyware Beta
     
  4. ibjhb

    ibjhb the original ib

    Joined:
    Feb 9, 2005
    Messages:
    6,114
    Likes Received:
    0
    Location:
    St. Petersburg, FL
    try XoftSpy
     
  5. SWTNLOW37

    SWTNLOW37 New Member

    Joined:
    Feb 15, 2005
    Messages:
    25
    Likes Received:
    0
    Location:
    Cedar Rapids, Iowa but originally from Europe
    i agree with format c drive, stuff like that is in the registry files and ware progs dont touch those usually just quarantine them.
     
  6. Shibboleth

    Shibboleth teh mad Plato skillz

    Joined:
    Sep 29, 2004
    Messages:
    1,769
    Likes Received:
    0
  7. mahal.

    mahal. mahal kita? OT Supporter

    Joined:
    Feb 21, 2005
    Messages:
    11,684
    Likes Received:
    0
    Location:
    tallahassee, fl
    Clear anything suspicious in the registry:
    Start > Run > regedit > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run &
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    Anything in here runs as soon as you login to your pc.

    Clear all Temp, Temp Internet and suspicious items in your profile and all users' Startup folder. Make sure your homepage is set to something legit.
     
  8. Jesse

    Jesse PSN: iamajesse; XBL: Inhale My Rod; G8 GT crew; Ne OT Supporter

    Joined:
    Jan 12, 2005
    Messages:
    25,649
    Likes Received:
    0
    Location:
    California :: (925)
    One more vote for that.

    No spyware prog knows MS OS's better than MS itself. Therefore, if something shouldn't be there, MS will find it.
     
  9. mahal.

    mahal. mahal kita? OT Supporter

    Joined:
    Feb 21, 2005
    Messages:
    11,684
    Likes Received:
    0
    Location:
    tallahassee, fl
    if your os is not valid, make sure to not authenticate when downloading the MS Antispyware Beta. my buddy accidentally authenticated his pirated copy, and since then all ms products on his pc have been forwarding him to the microsoft piracy prevention website. he can't do anything on his pc.. to the point where he had to format c:.
     
  10. Jesse

    Jesse PSN: iamajesse; XBL: Inhale My Rod; G8 GT crew; Ne OT Supporter

    Joined:
    Jan 12, 2005
    Messages:
    25,649
    Likes Received:
    0
    Location:
    California :: (925)
    I've never had a problem, and never paid for any of my software.
     
  11. mahal.

    mahal. mahal kita? OT Supporter

    Joined:
    Feb 21, 2005
    Messages:
    11,684
    Likes Received:
    0
    Location:
    tallahassee, fl
    I'm sure you've never authenticated your Microsoft software.. on Microsoft's website.
     
  12. C_Blyth

    C_Blyth Guest

    if you know what the folder is then:

    start>run>msconfig>startup...and find it, if not there then sorry no idea's
     
  13. Scoob_13

    Scoob_13 Anything is possible, but the odds are astronomica

    Joined:
    Oct 5, 2001
    Messages:
    73,801
    Likes Received:
    38
    Location:
    Fort Worth. Hooray cowgirls.
    2nd. We're using this in place of Spybot S&D as our first response tool.
     
  14. mia

    mia New Member

    Joined:
    Feb 13, 2005
    Messages:
    208
    Likes Received:
    0
    this is actually what finally did it. and let me tell you, i tried every friggin program everyone told me to do and the bastard came back




    MFDnSC's Avatar
    MFDnSC MFDnSC is online now
    Distinguished Member

    Join Date: Sep 2004
    Location: Low Country SC
    Posts: 5,240
    Experience: Ret. Director IT
    Print this – boot to safe mode and fix

    O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe

    O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"


    Delete this folder

    C:\WINDOWS\isrvs

    Empty the recycle bin
     

Share This Page