Swordfish II
Watching A Dream
Premium
join:2002-05-12
Cloud 9
| Help
Hey my friend asked me to help her out with all these popups so I ran adaware but there are some things it cannot remove even though it says it will on the restart. Here is a pic
--
I'm not going there to die. I'm going there to see if i really am alive. |
|
B
Premium,MVM
join:2000-10-28
| Try running it in Safe Mode.
Then try grabbing Spybot from »safer-networking.org . It frequently works better.
Finally have her go through all the steps at »Security »I think my computer is infected or hijacked. What should I do? . Good luck.
-- B
--
In a realm outside causality and function |
|
Kayrac
Premium
join:2001-09-29
Rochester, NH
1 edit | reply to Swordfish II
that means there currently running in memory, one easy way to prevent that, is to boot into safe mode, and then run ad-aware
you can also follow these steps
»Security »I think my computer is infected or hijacked. What should I do?
lol i was slower than 1.....but atleast i was faster than 1  |
|
gt7697c
Premium
join:2001-02-16
The Hive
1 edit | reply to Swordfish II
Suggest try running Ad-Aware in Safe Mode. Please post results.
Edit, too slow. Oh well.;)
If Safe Mode doesn't work you could try using WinBoot CD it comes with Ad-Aware and will run from a boot CD.
HTH.:)
--
Just my 2 bits. |
|
B
Premium,MVM
join:2000-10-28 | But does anyone think they should try it in Safe Mode?
-- B
--
In a realm outside causality and function |
|
Swordfish II
Watching A Dream
Premium
join:2002-05-12
Cloud 9
| reply to Swordfish II
I was kinda confused though, after restarting the computer adaware ran but didnt pick up any of the files in the screen shot. Then after a couple min the pop ups descended and when I ran adaware again, they were all back.
--
I'm not going there to die. I'm going there to see if i really am alive. |
|
Swordfish II
Watching A Dream
Premium
join:2002-05-12
Cloud 9
| reply to Swordfish II
Oh I forgot to mention we log into a domain, but to start in safe mode we have to log in as the admin on the computer. I know the admin user name and password, but will this affect the results?
--
I'm not going there to die. I'm going there to see if i really am alive. |
|
siggyx
Siggy
Premium
join:2003-12-10
Cambridge
| reply to Swordfish II
Follow the steps in the link below or the thread might get locked. Thems the rules.
»Security »I think my computer is infected or hijacked. What should I do?
--
The next best thing to being smart is being able to quote someone who is. |
|
B
Premium,MVM
join:2000-10-28
|
Well, technically, I think the rules are broken ONLY after the first HJT log appears! So we should be safe.
Swordfish, the only potential problem with logging in as local administrator is that you'd be giving any resident trojans more privileges.
If, however, your domain user (the regularly logged in user who was infected) is ALREADY a local administrator of the machine (as is frequently the case), then it won't matter much.
It would probably be best if you took this machine off the network until you clean it up.
-- B
--
In a realm outside causality and function |
|
Swordfish II
Watching A Dream
Premium
join:2002-05-12
Cloud 9 | ok, I ran adaware in safe mode but none of that stuff came up. Gonna do the virus scans and hijack this scans
--
I'm not going there to die. I'm going there to see if i really am alive. |
|
B
Premium,MVM
join:2000-10-28
|
While you're still in Safe Mode, try going to a command prompt (you can use Explorer but I don't trust it) and navigating to the directories indicated in your first screen shot -- see if those files are still there.
-- B
--
In a realm outside causality and function |
|
