(Off Topic) Windoze spam and corruption

Christopher Chisholm christopher.chisholm at syamsoftware.com
Mon Feb 11 17:10:14 EST 2008


paul.cour1 at verizon.net wrote:
> I have a Win XP machine that is terribly infested (Ugh!)
> it takes for ever to boot.
> I have moused around to remove every bit of software
> that makes sense with the exception of "dll" files.
> I.E. I am trying to erase as much stuff as I can with out corrupting
> the Operating system.
>
> One Spyware that is resident on the machine keeps
> popping up and gives reference to files that are allegedly
> spam...
>
> some of these (listed below) are visible in C:\programs and
> C:\Windows as "applications." I have deleted these (or attempted)
> but in a second or two, they are back...
> Can drag them to the Trash can but they will return to the folder or dir.
> For example:
> C:\windows\setn.dll
>   \ngd.dll
>   \764
>   \kvnab$.exe
>   \xxxvideo
>   \hotporn
>   \cbinst$.exe
>   \hcwprn.exe
>
> Several browser windows open by the "clock" every 5 minutes and
> advertise AntiSpyware shrink wrap packages. (ironically)
>
> These Browsers reference Yahoo services and Internet Explorer,
> in the window frame . Obviously I have removed every file that looks
> like it is an I.E. or Yahoo reference. That is eliminate everything that
> even remotely looks like it relates to I. E. or Yahoo.
>
> But spam or advertising pop-ups still occur regularly (by the clock)...
>
> Short of wiping the drive and reinstalling windows, M. S. Office,
> reconfiguring Linksys router, etc., what can I do?
> This machine is used for School projects and wife's email,
> etc...
>
> While my last and most effective option is to wipe drive and reinstall
> Windoze,  I am having fun clicking around and deleting as much stuff
> as I can until I corrupt things beyond a capable "boot"...
> Besides that, up til now I am not interested in Windoze,
> but I am learning some "OS" kinda stuff.
>
> caveat emptor
> 1.) not my machine
> 2.) don't have the patience to teach Linux to the owner of this machine.
>
>
> Any ideas, comments appreciated ...
>
> paulc
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>
>   
Everything everyone else is saying makes sense.  I'm not sure if anyone 
brought it up yet, but it might help to boot into safe mode once you 
have spybot/hijack this/adaware installed.  that way if the maleware has 
attached itself to a service somehow (especially a network service), it 
won't have a chance to respawn itself before it can be cleaned.

Personally on systems that are as bad as you are describing, I've had a 
very hard time ever getting them to be completely normal.  My advice is 
backup your data, reformat, scan your data for maleware on whatever 
medium you backed it up on, and move it back.

-chris


More information about the gnhlug-discuss mailing list