Sign in with
Sign up | Sign in
Your question

need help with Ad Aware

Last response: in Windows 95/98/ME
Share
July 10, 2005 10:30:26 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Cutting a loooong story short... how do I handle deleting something
with 31 components? The list goes off the page, so I can't toggle
yes/no. This is driving me crazy. I've deleted over 1000 objects so
far, but can't get rid of these and they are causing popups like
crazy.

TIA
I have hyjack this installed on that computer, but it lists the good
with the bad... so I'm not going there.

TIA

More about : aware

Anonymous
July 10, 2005 11:31:54 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Do you mean that the list of objects found extends below the screen
that's available? There's no scroll bar that appears to the right if the
list extends below the window? Mine does that. I can also right-click
any item and "Select All" or any number of other options. You *are*
talking about Ad-Aware SE? From Lavasoft?

If you are getting these kinds of scans, with so many items to clean
out, on a repeated basis, then the system isn't being properly protected
in the first place. With things like Spyware Blaster, George Geyde's
HOSTS File Manager, proper cookie settings, proper email handling, etc.,
you shouldn't be having to clean out anything like the serious
infestation you describe.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"sf" <sf@gmail.com> wrote in message
news:p ni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
>
> Cutting a loooong story short... how do I handle deleting something
> with 31 components? The list goes off the page, so I can't toggle
> yes/no. This is driving me crazy. I've deleted over 1000 objects so
> far, but can't get rid of these and they are causing popups like
> crazy.
>
> TIA
> I have hyjack this installed on that computer, but it lists the good
> with the bad... so I'm not going there.
>
> TIA
July 11, 2005 12:09:17 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Sun, 10 Jul 2005 19:31:54 -0700, Gary S. Terhune wrote:

> Do you mean that the list of objects found extends below the screen
> that's available? There's no scroll bar that appears to the right if the
> list extends below the window? Mine does that. I can also right-click
> any item and "Select All" or any number of other options. You *are*
> talking about Ad-Aware SE? From Lavasoft?

Yes, it's lavasoft... but it's the list of objects that can't be
removed and adaware wants to do it on the next boot... there is no
right click option.
>
> If you are getting these kinds of scans, with so many items to clean
> out, on a repeated basis, then the system isn't being properly protected
> in the first place.

I KNOW, I know, I know.... I was under orders NOT to put anything on
that computer when my daughter dragged it out for us to use as a
secondary computer back in March.

> With things like Spyware Blaster, George Geyde's
> HOSTS File Manager, proper cookie settings, proper email handling, etc.,
> you shouldn't be having to clean out anything like the serious
> infestation you describe.

It's a real mess. I would have imediately put the Host's file manager
on it and added AdAware if I wasn't under orders.

As long as we're on the subject, I've even had problems installing the
Host's file manager. Usually all I need to do is "extract", but it's
not working for me today. I'd just reformat the hard drive, except I
know she doesn't know where the software is.

I'm going to get Spyware Blaster now...

thanks
Related resources
Anonymous
July 11, 2005 12:38:36 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Unfortunately, I can't repeat that possibility here. I do recall having
to do that recently, but the list wasn't that long I don't think. There
isn't a scroll bar? If you can highlight an item on the list, does the
Down-arrow change the highlight to the next item? If so, that should get
you to the end of the list. <Spacebar> should also work to
Select/Deselect the item.

I presume that if you say Yes to those you can see, then reboot, the
system becomes reinfested?

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"sf" <sf@gmail.com> wrote in message
news:08o3d1d63allqlut8cka0t71v87bjqtoem@4ax.com...
> On Sun, 10 Jul 2005 19:31:54 -0700, Gary S. Terhune wrote:
>
>> Do you mean that the list of objects found extends below the screen
>> that's available? There's no scroll bar that appears to the right if
>> the
>> list extends below the window? Mine does that. I can also
>> right-click
>> any item and "Select All" or any number of other options. You *are*
>> talking about Ad-Aware SE? From Lavasoft?
>
> Yes, it's lavasoft... but it's the list of objects that can't be
> removed and adaware wants to do it on the next boot... there is no
> right click option.
>>
>> If you are getting these kinds of scans, with so many items to clean
>> out, on a repeated basis, then the system isn't being properly
>> protected
>> in the first place.
>
> I KNOW, I know, I know.... I was under orders NOT to put anything on
> that computer when my daughter dragged it out for us to use as a
> secondary computer back in March.
>
>> With things like Spyware Blaster, George Geyde's
>> HOSTS File Manager, proper cookie settings, proper email handling,
>> etc.,
>> you shouldn't be having to clean out anything like the serious
>> infestation you describe.
>
> It's a real mess. I would have imediately put the Host's file manager
> on it and added AdAware if I wasn't under orders.
>
> As long as we're on the subject, I've even had problems installing the
> Host's file manager. Usually all I need to do is "extract", but it's
> not working for me today. I'd just reformat the hard drive, except I
> know she doesn't know where the software is.
>
> I'm going to get Spyware Blaster now...
>
> thanks
Anonymous
July 11, 2005 1:13:33 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"sf" <sf@gmail.com> wrote in message
news:p ni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...

> I have hyjack this installed on that computer, but it lists the good
> with the bad... so I'm not going there.

GO THERE, then post to an appropriate forum for expert help on removal.
http://forums.spywareinfo.com/



http://forum.aumha.org/




>
> TIA
July 11, 2005 1:13:34 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Sun, 10 Jul 2005 21:13:33 -0500, Brian A. wrote:

> "sf" <sf@gmail.com> wrote in message
> news:p ni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
>
> > I have hyjack this installed on that computer, but it lists the good
> > with the bad... so I'm not going there.
>
> GO THERE, then post to an appropriate forum for expert help on removal.
> http://forums.spywareinfo.com/
>
>
Yesm sir!

:) 
Anonymous
July 11, 2005 2:17:41 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You've lost me.....If Ad-Aware is finding 31 items, just right-click an item and
click Select All (or whatever the exact wording is in Ad-Aware), then click Next to
quarantine or delete. If this is not your issue, please be more clear.

If the problems won't go away, and you have Hijack This (the latest version, please)
from:
http://www.majorgeeks.com/download3155.html
Unzip to a folder _other_than_ your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents, or
similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into a new post at ONE of these forums:
http://forum.aumha.org/viewforum.php?f=30
(This is where experts you know, like Robear and Mow, hang out)
http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html

In your post, please state your problem clearly and what you've done so far to fix
it.

The folks there will tell you what to remove.

See the "housekeeping" you should complete before you post your log:
http://aumha.org/forum/viewtopic.php?t=4075

A tutorial for using Hijack This is located here:
http://tomcoyote.com/hjt/
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"sf" <sf@gmail.com> wrote in message
news:p ni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
>
> Cutting a loooong story short... how do I handle deleting something
> with 31 components? The list goes off the page, so I can't toggle
> yes/no. This is driving me crazy. I've deleted over 1000 objects so
> far, but can't get rid of these and they are causing popups like
> crazy.
>
> TIA
> I have hyjack this installed on that computer, but it lists the good
> with the bad... so I'm not going there.
>
> TIA
July 11, 2005 2:17:42 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Sun, 10 Jul 2005 22:17:41 -0400, glee wrote:

> You've lost me.....If Ad-Aware is finding 31 items, just right-click an item and
> click Select All (or whatever the exact wording is in Ad-Aware), then click Next to
> quarantine or delete. If this is not your issue, please be more clear.
>
Ad Aware found over 1000 items, but it can't delete 31. That's the
list I'm talking about. There is no right click option and the list
goes off the page at the bottom with no way to scroll down.

> If the problems won't go away, and you have Hijack This (the latest version, please)
> from:
> http://www.majorgeeks.com/download3155.html
> Unzip to a folder _other_than_ your Desktop or the Temp folder, doubleclick
> HijackThis.exe, and hit "Scan".
>

Just got it today. I'll scan and post to the appropriate ng.

> When the scan is finished, the "Scan" button will change into a "Save Log"
> button.
> Press that, save the log somewhere you can find it (Desktop, My Documents, or
> similar).
> Most of what it lists will be harmless or even required, so do NOT fix anything yet.
>
> Copy the log files and paste them into a new post at ONE of these forums:
> http://forum.aumha.org/viewforum.php?f=30
> (This is where experts you know, like Robear and Mow, hang out)
> http://forums.spywareinfo.com/,
> http://castlecops.com/forum67.html
>
thanks for the forum names... I'd forgotten where to post it.

> In your post, please state your problem clearly and what you've done so far to fix
> it.
>
> The folks there will tell you what to remove.
>
> See the "housekeeping" you should complete before you post your log:
> http://aumha.org/forum/viewtopic.php?t=4075
>
> A tutorial for using Hijack This is located here:
> http://tomcoyote.com/hjt/


This is a 20 GIG HD that must be completely fragmented because DD
doesn't have many programs installed, yet it's almost completely full.
I tried defragmenting, but there are serious errors on the HD that.
What do you think of WinFixer 2005? I'd love to reformat the HD, but
I'm sure she doesn't have a clue where the software is.
Anonymous
July 11, 2005 4:14:08 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"sf" <sf@gmail.com> wrote in message
news:kno3d1ha3ldpq32pn4o9p8am2kebgl9rnm@4ax.com...
> On Sun, 10 Jul 2005 22:17:41 -0400, glee wrote:
>
> > You've lost me.....If Ad-Aware is finding 31 items, just right-click an item
and
> > click Select All (or whatever the exact wording is in Ad-Aware), then click
Next to
> > quarantine or delete. If this is not your issue, please be more clear.
> >
> Ad Aware found over 1000 items, but it can't delete 31. That's the
> list I'm talking about. There is no right click option and the list
> goes off the page at the bottom with no way to scroll down.

See if any of Gary's suggestions work, in his latest reply.

> > Copy the log files and paste them into a new post at ONE of these forums:
> > http://forum.aumha.org/viewforum.php?f=30
> > (This is where experts you know, like Robear and Mow, hang out)
> > http://forums.spywareinfo.com/,
> > http://castlecops.com/forum67.html
> >
> thanks for the forum names... I'd forgotten where to post it.

If you register and post at the first one:
http://forum.aumha.org/viewforum.php?f=30
Robear or Mow or the other regulars will help you, *and* I will drop in to read your
log also.

>
> This is a 20 GIG HD that must be completely fragmented because DD
> doesn't have many programs installed, yet it's almost completely full.
> I tried defragmenting, but there are serious errors on the HD that.
> What do you think of WinFixer 2005? I'd love to reformat the HD, but
> I'm sure she doesn't have a clue where the software is.

I wouldn't spend my money on it. What serious errors are you referring to, when you
tried to defrag? I would not defrag till after I was sure all the malware was off.
*After* the malware is gone, run Scandisk but do NOT let it automatically fix
errors. If errors come up, cancel and post back with what they are.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
Anonymous
July 11, 2005 8:52:25 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Right-click on one entry > choose 'Select all'
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

sf wrote:
> Cutting a loooong story short... how do I handle deleting something
> with 31 components? The list goes off the page, so I can't toggle
> yes/no. This is driving me crazy. I've deleted over 1000 objects so
> far, but can't get rid of these and they are causing popups like
> crazy.
>
> TIA
> I have hyjack this installed on that computer, but it lists the good
> with the bad... so I'm not going there.
>
> TIA
July 11, 2005 8:52:26 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Mon, 11 Jul 2005 16:52:25 -0400, PA Bear wrote:

> Right-click on one entry > choose 'Select all'

For some reason, right click wasn't doing it for me... nada. Maybe I
didn't highlight. In any case, it looks like I've got them all now -
but I'm running AdAware one more time to made sure it can't do any
more for me. Malware programs were replicating themselves yesterday
and fighting AdAware by making the computer freeze up. I know I've
still got at least one hyjacker lurking in there somewhere because the
evidence is in the browser's weird popups and one I recognize is
listed in the Hyjack this log file. At least I was able to get my new
MVP Hosts file installed, so it's redirecting some of the bad stuff.

Yep... I ran AdAware off line and brought it down to zero (although
Hyjack This said otherwise). I've reconnected, gotten way too many
popups and this time AdAware says there 35 critical objects to remove
- which incluces 12 registry keys and one registry value.
Anonymous
July 12, 2005 1:12:07 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

OK... So perhaps Aumha.org's shortcuts should be updated, <sg>.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"PA Bear" <PABearMVP@gmail.com> wrote in message
news:%23VC836nhFHA.2484@TK2MSFTNGP15.phx.gbl...
> Aumha Forums are now found officially at http://aumha.net, Gary.
> --
> ~Robear
>
> Gary S. Terhune wrote:
> <snip>
>> Forums here:
>> http://forum.aumha.org/index.php?c=12
Anonymous
July 12, 2005 1:14:01 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

1. Keep the machine /physically/ disconnected from the internet as much as
possible.

2. Post your HijackThis log to http://aumha.net/viewforum.php?f=30 after
first completing all preliminaries here:
http://aumha.net/viewtopic.php?t=4075.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security


sf wrote:
> On Mon, 11 Jul 2005 16:52:25 -0400, PA Bear wrote:
>
> > Right-click on one entry > choose 'Select all'
>
> For some reason, right click wasn't doing it for me... nada. Maybe I
> didn't highlight. In any case, it looks like I've got them all now -
> but I'm running AdAware one more time to made sure it can't do any
> more for me. Malware programs were replicating themselves yesterday
> and fighting AdAware by making the computer freeze up. I know I've
> still got at least one hyjacker lurking in there somewhere because the
> evidence is in the browser's weird popups and one I recognize is
> listed in the Hyjack this log file. At least I was able to get my new
> MVP Hosts file installed, so it's redirecting some of the bad stuff.
>
> Yep... I ran AdAware off line and brought it down to zero (although
> Hyjack This said otherwise). I've reconnected, gotten way too many
> popups and this time AdAware says there 35 critical objects to remove
> - which incluces 12 registry keys and one registry value.
Anonymous
July 12, 2005 1:14:25 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

PS And avoid rebooting.
--
~PA Bear
July 12, 2005 2:10:18 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Mon, 11 Jul 2005 21:14:01 -0400, PA Bear wrote:

> 1. Keep the machine /physically/ disconnected from the internet as much as
> possible.
>
I figured that out all by myself!!! LOL

> 2. Post your HijackThis log to http://aumha.net/viewforum.php?f=30 after
> first completing all preliminaries here:
> http://aumha.net/viewtopic.php?t=4075.

I'm still "cleaning". I found that when something contained 20-30
objects, they would freeze the computer, so I had to figure out how to
divide and conquer. I'm using Trend Micro right now and am down to my
last 2. Tomorrow is Spybot S & D.

When I can get all of my AdWare busters to read clean, I'll post my
hyjack this log
July 12, 2005 4:08:02 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Mon, 11 Jul 2005 21:14:25 -0400, PA Bear wrote:

> PS And avoid rebooting.

Thanks. Unfortunately, that's been impossible given the number of
times the computer froze up on me and the fact that I needed to reboot
it to remove items that can't be removed otherwise.

Spybot search & destroy has been useless. It says everything is fine.
Trent Micro and AdAware find "stuff". Not the same stuff, but they
find it.

The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
part. It's small, but seems to be a BIG problem.
Also, BookedSpace keeps coming back... it's a lot larger.

Grrrr
Anonymous
July 12, 2005 11:06:03 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"sf" <sf@gmail.com> wrote in message
news:0oq6d111jdsbbgrit3ak9cadnsqmog34ri@4ax.com...
> snip
> The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
> part. It's small, but seems to be a BIG problem.
> Also, BookedSpace keeps coming back... it's a lot larger.
>
> Grrrr

Try adding the VX2 Cleaner plug-in to Ad-Aware:
http://www.lavasoftusa.com/software/addons/vx2cleaner.s...
There are very difficult variants of VX2....now may be the time to post at the
aumha.net HijackThis forums and get the expert advice of the folks there, such as
Robear and Mow.

re: BookedSpace:
http://www.doxdesk.com/parasite/BookedSpace.html
http://sarc.com/avcenter/venc/data/adware.bookedspace.h...
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
July 12, 2005 12:38:54 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:

> PS -- If you download and run the RootKit Revealer detection app from
> Sysinternals, please don't post logs here. There are other forums
> dedicated to that purpose.


LOL... first you tell me about something I've never heard of before;
then you tell me there's a way to "root" them out. After that you
tell me not to post the "log" (which I didn't know it would produce
here). OK, buddy... of the three things you just told me, at least I
know enough not to post any logs here.

:) 
July 12, 2005 2:04:52 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Tue, 12 Jul 2005 03:17:55 -0400, PA Bear wrote:

> I'd also run Trend Micro Sysclean, sf. See
> http://aumha.net/viewtopic.php?t=10610


WOW, thanks! I didn't know that site/service existed. I've
downloaded and am running it now. So far it has found TROJ_SMALL.AAL.

Unfortunately, it hangs on a certain music file. I stopped the
program, went to the specific file and waited way too long (10
minutes) after the TSC stopped running for a result, so I stopped the
program. A popup said words to the effect of "stopped by user" and
every line in the log began with "unable". Do you think I should just
delete the file and see if I can continue?

This computer uses Nero (something I don't allow on my computer)
primarily for burning purposes. Do you have another suggestion for a
free burner?
July 12, 2005 3:00:03 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Tue, 12 Jul 2005 07:06:03 -0400, glee wrote:

> "sf" <sf@gmail.com> wrote in message
> news:0oq6d111jdsbbgrit3ak9cadnsqmog34ri@4ax.com...
> > snip
> > The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
> > part. It's small, but seems to be a BIG problem.
> > Also, BookedSpace keeps coming back... it's a lot larger.
> >
> > Grrrr
>
> Try adding the VX2 Cleaner plug-in to Ad-Aware:
> http://www.lavasoftusa.com/software/addons/vx2cleaner.s...
> There are very difficult variants of VX2....now may be the time to post at the
> aumha.net HijackThis forums and get the expert advice of the folks there, such as
> Robear and Mow.
>
> re: BookedSpace:
> http://www.doxdesk.com/parasite/BookedSpace.html
> http://sarc.com/avcenter/venc/data/adware.bookedspace.h...


I don't know what I did, but the system seems to be clean now. I will
post my new log for confirmation. Many Thanks to all for bearing with
me!
Anonymous
July 12, 2005 3:25:54 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"sf" <sf@gmail.com> wrote in message
news:gro7d15nhl9pmtv5hgkrcl25qgfq0g8v2m@4ax.com...
> On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:
>
>> PS -- If you download and run the RootKit Revealer detection app
>> from
>> Sysinternals, please don't post logs here. There are other forums
>> dedicated to that purpose.
>
>
> LOL... first you tell me about something I've never heard of before;
> then you tell me there's a way to "root" them out. After that you
> tell me not to post the "log" (which I didn't know it would produce
> here). OK, buddy... of the three things you just told me, at least I
> know enough not to post any logs here.
>
> :) 

Heh, heh... I hadn't really looked into rootkits until recently. What
little I do know is mostly what I learned from Mark Russinovich, et al,
at http://www.sysinternals.com/utilities/rootkitrevealer.h... Good
explanation, and includes links to other rootkit info.

In *some* cases, there *may* be ways to root them out, but the overall
consensus is that most are as yet unfixable, leaving reformat as the
only option. The same page I referred you to offers what is essentially
an experimental program to find evidence of RootKits. If you run it, it
creates a log that can be saved. If you want someone to look at that log
and advise... Well, I'm fairly certain you can find people willing to
examine such logs at the Aumha forums.

I ran RootkitRevealer a week or two ago, and it definitely found
evidence of rootkit-like behavior. Further investigation showed that
these items were installed by Adobe when I upgraded to Creative Suite
CS. Far as I can tell, the reason for these items is to make their
licensing and anti-piracy measures more difficult (if not impossible) to
mess with. However, seeing as how that installation has been nothing but
a PITA since I did it, I have to wonder if the "rootkit" items were
deliberate or were they accidental, maybe even at the root of my
problems (pun intended this time, <s>.) I'll know when I get around to
rebuilding this system and reinstalling Adobe

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm
July 12, 2005 3:53:53 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Tue, 12 Jul 2005 11:25:54 -0700, Gary S. Terhune wrote:

> "sf" <sf@gmail.com> wrote in message
> news:gro7d15nhl9pmtv5hgkrcl25qgfq0g8v2m@4ax.com...
> > On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:
> >
> >> PS -- If you download and run the RootKit Revealer detection app
> >> from
> >> Sysinternals, please don't post logs here. There are other forums
> >> dedicated to that purpose.
> >
> >
> > LOL... first you tell me about something I've never heard of before;
> > then you tell me there's a way to "root" them out. After that you
> > tell me not to post the "log" (which I didn't know it would produce
> > here). OK, buddy... of the three things you just told me, at least I
> > know enough not to post any logs here.
> >
> > :) 
>
> Heh, heh... I hadn't really looked into rootkits until recently. What
> little I do know is mostly what I learned from Mark Russinovich, et al,
> at http://www.sysinternals.com/utilities/rootkitrevealer.h... Good
> explanation, and includes links to other rootkit info.
>
> In *some* cases, there *may* be ways to root them out, but the overall
> consensus is that most are as yet unfixable, leaving reformat as the
> only option. The same page I referred you to offers what is essentially
> an experimental program to find evidence of RootKits. If you run it, it
> creates a log that can be saved. If you want someone to look at that log
> and advise... Well, I'm fairly certain you can find people willing to
> examine such logs at the Aumha forums.
>
I just finished posting a rather "good looking" log file... I think I
beat BookedSpace and VX2 into submission.

> I ran RootkitRevealer a week or two ago, and it definitely found
> evidence of rootkit-like behavior.

I'd like to run it, but I'm getting an error message about a missing
DLL. PSAPI.DLL. Not sure what to do next. I'm pretty sure you're
right about a rootkit problem because the Hyjack This log looked
clean, but something is still causing unwanted popups and seems to be
hyjacking IE every now and then.

> Further investigation showed that
> these items were installed by Adobe when I upgraded to Creative Suite
> CS. Far as I can tell, the reason for these items is to make their
> licensing and anti-piracy measures more difficult (if not impossible) to
> mess with. However, seeing as how that installation has been nothing but
> a PITA since I did it, I have to wonder if the "rootkit" items were
> deliberate or were they accidental, maybe even at the root of my
> problems (pun intended this time, <s>.) I'll know when I get around to
> rebuilding this system and reinstalling Adobe

At least you knew what you were looking at! LOL I'm not sure I will
if I can ever get it up and running.
Anonymous
July 12, 2005 4:09:16 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"sf" <sf@gmail.com> wrote in message
news:t438d11pp5th5glkvmfp0egapp77ufjs14@4ax.com...
> On Tue, 12 Jul 2005 11:25:54 -0700, Gary S. Terhune wrote:
> I'd like to run it, but I'm getting an error message about a missing
> DLL. PSAPI.DLL. Not sure what to do next. I'm pretty sure you're
> right about a rootkit problem because the Hyjack This log looked
> clean, but something is still causing unwanted popups and seems to be
> hyjacking IE every now and then.
Anonymous
July 12, 2005 8:06:23 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Delete the problem file, download the latest Control Pattern Release file
and then run Sysclean.com again per the instructions.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

sf wrote:
> On Tue, 12 Jul 2005 03:17:55 -0400, PA Bear wrote:
>
> > I'd also run Trend Micro Sysclean, sf. See
> > http://aumha.net/viewtopic.php?t=10610
>
>
> WOW, thanks! I didn't know that site/service existed. I've
> downloaded and am running it now. So far it has found TROJ_SMALL.AAL.
>
> Unfortunately, it hangs on a certain music file. I stopped the
> program, went to the specific file and waited way too long (10
> minutes) after the TSC stopped running for a result, so I stopped the
> program. A popup said words to the effect of "stopped by user" and
> every line in the log began with "unable". Do you think I should just
> delete the file and see if I can continue?
>
> This computer uses Nero (something I don't allow on my computer)
> primarily for burning purposes. Do you have another suggestion for a
> free burner?
July 13, 2005 7:01:05 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Tue, 12 Jul 2005 12:09:16 -0700, Gary S. Terhune wrote:

> My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!

The one in question is an ME... that's why you recommended it, I
think.
Anonymous
July 13, 2005 7:08:47 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You may have assumed that I had ME in mind, but I'm pretty sure I
didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems are
Win95, 98, 98SE and ME. I simply forgot about that giant truth when
previously discussing it. RKR only works on NT-based systems.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"sf" <sf@gmail.com> wrote in message
news:in3bd15covt7eu43vcqoknu16td8b3hrsp@4ax.com...
> On Tue, 12 Jul 2005 12:09:16 -0700, Gary S. Terhune wrote:
>
>> My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!
>
> The one in question is an ME... that's why you recommended it, I
> think.
>
July 13, 2005 8:47:12 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Wed, 13 Jul 2005 15:08:47 -0700, Gary S. Terhune wrote:

> You may have assumed that I had ME in mind, but I'm pretty sure I
> didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems are
> Win95, 98, 98SE and ME.

Why did I think ME was "the next generation"? Oh, well.

> I simply forgot about that giant truth when
> previously discussing it. RKR only works on NT-based systems.

You're not at sorry as I am! I posted my hyjack this log to the auhma
forum and tried the first two suggested deletes... the first made IE
inoperable and the second was "in use" - which is a ruse used by
viruses, isn't it? Anyway, I restored item one and couldn't delete
item two... so I quit. I wasn't familiar with the name of the person
who responded and wasn't sure if he knew what he was talking about.

I installed the AdAware Plugin that takes care of VX2, so it's not a
problem anymore but BookedSpace keeps rearing it's ugly head along
with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
for that won't work. Now, the last of the last that won't even
pretend to go away in spite of me telling AdAware to "quarentine" are
two temp files in an imaginary folder... I can find them using their
numbers, but again I can't delete them because "they are in use".
BLAH.

I just fininshed running Trend Micro for the umpteenth time and this
is what it came up with after I got down the those last 2 with
AdAware:
40 Adware
9 Cookies
4 Browser helper objects
19 Trackware
Anonymous
July 13, 2005 10:06:25 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You delete "in-use" files by restarting in Safe Mode or Command Prompt
Only.

I also recommend that you give Aumha.net another chance. Evaluate what
you're being told, give feedback when something goes wrong, etc. In the
long run, you're liable to get your best answers there.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"sf" <sf@gmail.com> wrote in message
news:r49bd1l7ndre7nsi73o133p8ditoogl6nh@4ax.com...
> On Wed, 13 Jul 2005 15:08:47 -0700, Gary S. Terhune wrote:
>
>> You may have assumed that I had ME in mind, but I'm pretty sure I
>> didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems
>> are
>> Win95, 98, 98SE and ME.
>
> Why did I think ME was "the next generation"? Oh, well.
>
>> I simply forgot about that giant truth when
>> previously discussing it. RKR only works on NT-based systems.
>
> You're not at sorry as I am! I posted my hyjack this log to the auhma
> forum and tried the first two suggested deletes... the first made IE
> inoperable and the second was "in use" - which is a ruse used by
> viruses, isn't it? Anyway, I restored item one and couldn't delete
> item two... so I quit. I wasn't familiar with the name of the person
> who responded and wasn't sure if he knew what he was talking about.
>
> I installed the AdAware Plugin that takes care of VX2, so it's not a
> problem anymore but BookedSpace keeps rearing it's ugly head along
> with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
> for that won't work. Now, the last of the last that won't even
> pretend to go away in spite of me telling AdAware to "quarentine" are
> two temp files in an imaginary folder... I can find them using their
> numbers, but again I can't delete them because "they are in use".
> BLAH.
>
> I just fininshed running Trend Micro for the umpteenth time and this
> is what it came up with after I got down the those last 2 with
> AdAware:
> 40 Adware
> 9 Cookies
> 4 Browser helper objects
> 19 Trackware
Anonymous
July 15, 2005 3:23:30 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I read your log in the Aumha forum, and also the reply you received. If you " tried
the first two suggested deletes", you did not follow the instructions given in the
reply. Please go back, read the reply you received more carefully, and follow the
instructions in the order they were given to you. You were told to download and run
certain tools in a specific order, and use them, before any deletions were
mentioned.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"sf" <sf@gmail.com> wrote in message
news:r49bd1l7ndre7nsi73o133p8ditoogl6nh@4ax.com...
> You're not at sorry as I am! I posted my hyjack this log to the auhma
> forum and tried the first two suggested deletes... the first made IE
> inoperable and the second was "in use" - which is a ruse used by
> viruses, isn't it? Anyway, I restored item one and couldn't delete
> item two... so I quit. I wasn't familiar with the name of the person
> who responded and wasn't sure if he knew what he was talking about.
>
> I installed the AdAware Plugin that takes care of VX2, so it's not a
> problem anymore but BookedSpace keeps rearing it's ugly head along
> with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
> for that won't work. Now, the last of the last that won't even
> pretend to go away in spite of me telling AdAware to "quarentine" are
> two temp files in an imaginary folder... I can find them using their
> numbers, but again I can't delete them because "they are in use".
> BLAH.
>
> I just fininshed running Trend Micro for the umpteenth time and this
> is what it came up with after I got down the those last 2 with
> AdAware:
> 40 Adware
> 9 Cookies
> 4 Browser helper objects
> 19 Trackware
July 15, 2005 3:23:31 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

On Thu, 14 Jul 2005 23:23:30 -0400, glee wrote:

> I read your log in the Aumha forum, and also the reply you received. If you " tried
> the first two suggested deletes", you did not follow the instructions given in the
> reply. Please go back, read the reply you received more carefully, and follow the
> instructions in the order they were given to you. You were told to download and run
> certain tools in a specific order, and use them, before any deletions were
> mentioned.


You're right I didn't follow the instructions proplerly... but it was
the way to delete them that I didn't do correctly. It all came
together tonight. I deleted them via HT <slapping head> and the
others in Safe Mode. I still haven't posted my logs, but I will.

Thanks for looking.
!