I agreed to help my friend out by fixing his computer which has lately become run down which a ton (and I mean a TON) of spyware and other malware crap .
So I went over to his house with an arsenal of Hijack This, Bazooka anti spyware, Adaware, Spybot S&D, Spware Doctor (an old edition before they required you to pay), and Zone alarm ( to install after to prevent this in the future). I was able to take out what seemed like everything using Hijack this, adaware and spybot. He had no popups on his desktop and his performance was incredibly faster. It all seemed to be perfect. So I left. About 2 weeks after he was complaining that it was all back again and indeed it was...
I questioned him what he had done, and he had only checked his email. So i had to look into other possibilities. I ran Bazooka and it detected a suspicious item (along with a host of others) call scvhost. I found it funny how the asshole that made it, was clever enought to make it so close in spelling to svchost. It was classifyed as a worm. I followed the instructions on the web site it provided to delete it, which required starting in safe mode, deleting registry keys, rebooting, and deleting a few other files. Unfortunately every step in the process where it wanted me to delete something, the file did not exist in the directory . I tried running all of the other antimalware programs I had brought, but nothing could kill it. I am pretty confident that this is sending all of the other spyware that he is getting. I also found it in the running processes. After I "ended it", it started itself again . I need to get this off of his computer by any means necessary!!!
Normally I would just format the drive and be done with it, but it's not so simple. He is running Windows XP SP2 and it came set up with the computer. Unfortunately he either lost the XP disks or it never came with any. I believe its the latter because my new comp didn't come with XP cd's either. Any suggestions on what I can possibly due. I can give you guys a log of the error from bazooka tomorrow if that will help.
So I went over to his house with an arsenal of Hijack This, Bazooka anti spyware, Adaware, Spybot S&D, Spware Doctor (an old edition before they required you to pay), and Zone alarm ( to install after to prevent this in the future). I was able to take out what seemed like everything using Hijack this, adaware and spybot. He had no popups on his desktop and his performance was incredibly faster. It all seemed to be perfect. So I left. About 2 weeks after he was complaining that it was all back again and indeed it was...
I questioned him what he had done, and he had only checked his email. So i had to look into other possibilities. I ran Bazooka and it detected a suspicious item (along with a host of others) call scvhost. I found it funny how the asshole that made it, was clever enought to make it so close in spelling to svchost. It was classifyed as a worm. I followed the instructions on the web site it provided to delete it, which required starting in safe mode, deleting registry keys, rebooting, and deleting a few other files. Unfortunately every step in the process where it wanted me to delete something, the file did not exist in the directory . I tried running all of the other antimalware programs I had brought, but nothing could kill it. I am pretty confident that this is sending all of the other spyware that he is getting. I also found it in the running processes. After I "ended it", it started itself again . I need to get this off of his computer by any means necessary!!!
Normally I would just format the drive and be done with it, but it's not so simple. He is running Windows XP SP2 and it came set up with the computer. Unfortunately he either lost the XP disks or it never came with any. I believe its the latter because my new comp didn't come with XP cd's either. Any suggestions on what I can possibly due. I can give you guys a log of the error from bazooka tomorrow if that will help.