Need help getting rid of a powerful worm.....
» >
»
» View previous topic :: View next topic  
I agreed to help my friend out by fixing his computer which has lately become run down which a ton (and I mean a TON) of spyware and other malware crap Mad .

So I went over to his house with an arsenal of Hijack This, Bazooka anti spyware, Adaware, Spybot S&D, Spware Doctor (an old edition before they required you to pay), and Zone alarm ( to install after to prevent this in the future). I was able to take out what seemed like everything using Hijack this, adaware and spybot. He had no popups on his desktop and his performance was incredibly faster. It all seemed to be perfect. So I left. About 2 weeks after he was complaining that it was all back again and indeed it was...

I questioned him what he had done, and he had only checked his email. So i had to look into other possibilities. I ran Bazooka and it detected a suspicious item (along with a host of others) call scvhost. I found it funny how the asshole that made it, was clever enought to make it so close in spelling to svchost. It was classifyed as a worm. I followed the instructions on the web site it provided to delete it, which required starting in safe mode, deleting registry keys, rebooting, and deleting a few other files. Unfortunately every step in the process where it wanted me to delete something, the file did not exist in the directory Mad. I tried running all of the other antimalware programs I had brought, but nothing could kill it. I am pretty confident that this is sending all of the other spyware that he is getting. I also found it in the running processes. After I "ended it", it started itself again Mad Mad Mad . I need to get this off of his computer by any means necessary!!!

Normally I would just format the drive and be done with it, but it's not so simple. He is running Windows XP SP2 and it came set up with the computer. Unfortunately he either lost the XP disks or it never came with any. I believe its the latter because my new comp didn't come with XP cd's either. Any suggestions on what I can possibly due. I can give you guys a log of the error from bazooka tomorrow if that will help.






Question your beliefs!
Gar, that sucks. Sorry, no ideas. Sad
Try Microsoft Anti-Spware, it is very good, cpmsumer reports rated one of the top ones out there, and it is free.
I am the eye of the river
>(<')


O ya. I use that on my comp. I forgot to try that. I'll tell you tomorrow if it has any effect Smile






Question your beliefs!
Yeah, that one's supposed to be fairly good...
i'd try installing/running AVG Free edition on there. Its a full anti-virus program that's very good (not sure if you mentioned this or not, i just skimmed the post)

Try and see if either A) the company can sell (or just send out) copies of the recovery CD's or B) That the windows OEM cd key is on the case.

For B, just borrow (or download...) the windows CD to install it using that CD key. The comp would still be able to get updates and such, since M$ will recognize that the CD-key is being used on the same computer

Worse comes to worse, it could be a good time to switch (or at least dual-boot) in linux Smile
Quote:
Worse comes to worse, it could be a good time to switch (or at least dual-boot) in linux


This is what I would recommend ultimatly
I am the eye of the river
>(<')


Let's just say he wouldn't be able to use linux. And where can I get AVG free? Download.com?






Question your beliefs!
my windows boot is so f'd up, i really need to reinstall it, but i'd rather spend 2 days recompiling my gentoo system than 2 hours reinstalling windows Very Happy

i only boot into windows when i really HAVE to (such as me being a dumbass and recompiling the kernel with GCC 3.4 but forgetting to fetch the ndiswrapper drivers so that i could recompile IT with 3.4 - oops)
Chipmaster wrote:
Let's just say he wouldn't be able to use linux. And where can I get AVG free? Download.com?


google for it, you'll end up getting it straight from grisoft's website, but its not as easy to find there as it used to be. (so use google to find it Wink )

Its been awile since i've installed it, but you might need to register it...(if you have an internet connection, it does it automatically during install i believe)

---And ANYONE can learn/use linux if they have the motivation to do so. Its really not all that hard to just use it, especially with a distro like Debian that doesn't require tweaking/compiling
http://www.grisoft.com/doc/289/lng/us/tpl/tpl01
I am the eye of the river
>(<')


well since you are going to make it easy for him, here's the better URL to go to (since its the free version's website)

http://free.grisoft.com/doc/1
I ran that. And it took over an hour to completely scan the system. It found somewhere in the neiborhood of 1500 infections (and that's after I ran the gammit of antispyware on it). I tried MAS (mircrosoft anti spware), but I couldn't download it. Anyways, it deleted all 1500 infections it found, but not scvhost.worm apparently Sad It somehow restored his internet connection in the process ( it had been shakey due to a load of crap I couldn't begin to name). So I decided I would leave it like this (its all gone, but this lone worm which I can't seem to get rid of Mad ), and if it starts putting things on there again I am going to reformat it and contact microsft to get a disk (hopefully that will work). I am checking it in a week so I'll get back to you on this again then.






Question your beliefs!
*gamut Smile
Wow, that must be a really insidious worm. Did you try posting on some forums specifically for anti-spyware/virii?
I contacted Microsoft and they gave me a step by step process on deletion so I think I'm going to try that and see how it goes. It's a nasty little worm. I thought it was clever how they named it scvhost to cloak it so most people would mistake it for svchost (of course most people don't even know what that is, and may mistake that for malware in the end anyway Laughing ).






Question your beliefs!
Chipmaster wrote:
I contacted Microsoft and they gave me a step by step process on deletion so I think I'm going to try that and see how it goes. It's a nasty little worm. I thought it was clever how they named it scvhost to cloak it so most people would mistake it for svchost (of course most people don't even know what that is, and may mistake that for malware in the end anyway Laughing ).


I know what svchost is... Rolling Eyes
Chipmaster wrote:
I ran that. And it took over an hour to completely scan the system. It found somewhere in the neiborhood of 1500 infections (and that's after I ran the gammit of antispyware on it).


Virus's aren't spyware, and spyware aren't virus's. Don't get your scanning apps confused now Wink
There are only two kinds of programming languages: those people always bitch about and those nobody uses. (Bjarne Stroustrup)
Kllrnohj wrote:
Chipmaster wrote:
I ran that. And it took over an hour to completely scan the system. It found somewhere in the neiborhood of 1500 infections (and that's after I ran the gammit of antispyware on it).


Virus's aren't spyware, and spyware aren't virus's. Don't get your scanning apps confused now Wink


Haha....excellent point there.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Need help getting rid of a powerful worm.....
»
» View previous topic :: View next topic  
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement