need help with Ad Aware

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Cutting a loooong story short... how do I handle deleting something
with 31 components? The list goes off the page, so I can't toggle
yes/no. This is driving me crazy. I've deleted over 1000 objects so
far, but can't get rid of these and they are causing popups like
crazy.

TIA
I have hyjack this installed on that computer, but it lists the good
with the bad... so I'm not going there.

TIA
30 answers Last reply
More about need aware
  1. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Do you mean that the list of objects found extends below the screen
    that's available? There's no scroll bar that appears to the right if the
    list extends below the window? Mine does that. I can also right-click
    any item and "Select All" or any number of other options. You *are*
    talking about Ad-Aware SE? From Lavasoft?

    If you are getting these kinds of scans, with so many items to clean
    out, on a repeated basis, then the system isn't being properly protected
    in the first place. With things like Spyware Blaster, George Geyde's
    HOSTS File Manager, proper cookie settings, proper email handling, etc.,
    you shouldn't be having to clean out anything like the serious
    infestation you describe.

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "sf" <sf@gmail.com> wrote in message
    news:pni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
    >
    > Cutting a loooong story short... how do I handle deleting something
    > with 31 components? The list goes off the page, so I can't toggle
    > yes/no. This is driving me crazy. I've deleted over 1000 objects so
    > far, but can't get rid of these and they are causing popups like
    > crazy.
    >
    > TIA
    > I have hyjack this installed on that computer, but it lists the good
    > with the bad... so I'm not going there.
    >
    > TIA
  2. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Sun, 10 Jul 2005 19:31:54 -0700, Gary S. Terhune wrote:

    > Do you mean that the list of objects found extends below the screen
    > that's available? There's no scroll bar that appears to the right if the
    > list extends below the window? Mine does that. I can also right-click
    > any item and "Select All" or any number of other options. You *are*
    > talking about Ad-Aware SE? From Lavasoft?

    Yes, it's lavasoft... but it's the list of objects that can't be
    removed and adaware wants to do it on the next boot... there is no
    right click option.
    >
    > If you are getting these kinds of scans, with so many items to clean
    > out, on a repeated basis, then the system isn't being properly protected
    > in the first place.

    I KNOW, I know, I know.... I was under orders NOT to put anything on
    that computer when my daughter dragged it out for us to use as a
    secondary computer back in March.

    > With things like Spyware Blaster, George Geyde's
    > HOSTS File Manager, proper cookie settings, proper email handling, etc.,
    > you shouldn't be having to clean out anything like the serious
    > infestation you describe.

    It's a real mess. I would have imediately put the Host's file manager
    on it and added AdAware if I wasn't under orders.

    As long as we're on the subject, I've even had problems installing the
    Host's file manager. Usually all I need to do is "extract", but it's
    not working for me today. I'd just reformat the hard drive, except I
    know she doesn't know where the software is.

    I'm going to get Spyware Blaster now...

    thanks
  3. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Unfortunately, I can't repeat that possibility here. I do recall having
    to do that recently, but the list wasn't that long I don't think. There
    isn't a scroll bar? If you can highlight an item on the list, does the
    Down-arrow change the highlight to the next item? If so, that should get
    you to the end of the list. <Spacebar> should also work to
    Select/Deselect the item.

    I presume that if you say Yes to those you can see, then reboot, the
    system becomes reinfested?

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "sf" <sf@gmail.com> wrote in message
    news:08o3d1d63allqlut8cka0t71v87bjqtoem@4ax.com...
    > On Sun, 10 Jul 2005 19:31:54 -0700, Gary S. Terhune wrote:
    >
    >> Do you mean that the list of objects found extends below the screen
    >> that's available? There's no scroll bar that appears to the right if
    >> the
    >> list extends below the window? Mine does that. I can also
    >> right-click
    >> any item and "Select All" or any number of other options. You *are*
    >> talking about Ad-Aware SE? From Lavasoft?
    >
    > Yes, it's lavasoft... but it's the list of objects that can't be
    > removed and adaware wants to do it on the next boot... there is no
    > right click option.
    >>
    >> If you are getting these kinds of scans, with so many items to clean
    >> out, on a repeated basis, then the system isn't being properly
    >> protected
    >> in the first place.
    >
    > I KNOW, I know, I know.... I was under orders NOT to put anything on
    > that computer when my daughter dragged it out for us to use as a
    > secondary computer back in March.
    >
    >> With things like Spyware Blaster, George Geyde's
    >> HOSTS File Manager, proper cookie settings, proper email handling,
    >> etc.,
    >> you shouldn't be having to clean out anything like the serious
    >> infestation you describe.
    >
    > It's a real mess. I would have imediately put the Host's file manager
    > on it and added AdAware if I wasn't under orders.
    >
    > As long as we're on the subject, I've even had problems installing the
    > Host's file manager. Usually all I need to do is "extract", but it's
    > not working for me today. I'd just reformat the hard drive, except I
    > know she doesn't know where the software is.
    >
    > I'm going to get Spyware Blaster now...
    >
    > thanks
  4. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "sf" <sf@gmail.com> wrote in message
    news:pni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...

    > I have hyjack this installed on that computer, but it lists the good
    > with the bad... so I'm not going there.

    GO THERE, then post to an appropriate forum for expert help on removal.
    http://forums.spywareinfo.com/


    http://forum.aumha.org/


    >
    > TIA
  5. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Sun, 10 Jul 2005 21:13:33 -0500, Brian A. wrote:

    > "sf" <sf@gmail.com> wrote in message
    > news:pni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
    >
    > > I have hyjack this installed on that computer, but it lists the good
    > > with the bad... so I'm not going there.
    >
    > GO THERE, then post to an appropriate forum for expert help on removal.
    > http://forums.spywareinfo.com/
    >
    >
    Yesm sir!

    :)
  6. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    You've lost me.....If Ad-Aware is finding 31 items, just right-click an item and
    click Select All (or whatever the exact wording is in Ad-Aware), then click Next to
    quarantine or delete. If this is not your issue, please be more clear.

    If the problems won't go away, and you have Hijack This (the latest version, please)
    from:
    http://www.majorgeeks.com/download3155.html
    Unzip to a folder _other_than_ your Desktop or the Temp folder, doubleclick
    HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log"
    button.
    Press that, save the log somewhere you can find it (Desktop, My Documents, or
    similar).
    Most of what it lists will be harmless or even required, so do NOT fix anything yet.

    Copy the log files and paste them into a new post at ONE of these forums:
    http://forum.aumha.org/viewforum.php?f=30
    (This is where experts you know, like Robear and Mow, hang out)
    http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html

    In your post, please state your problem clearly and what you've done so far to fix
    it.

    The folks there will tell you what to remove.

    See the "housekeeping" you should complete before you post your log:
    http://aumha.org/forum/viewtopic.php?t=4075

    A tutorial for using Hijack This is located here:
    http://tomcoyote.com/hjt/
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "sf" <sf@gmail.com> wrote in message
    news:pni3d1pinqaqv6ooq6ei769ivihip2ahr0@4ax.com...
    >
    > Cutting a loooong story short... how do I handle deleting something
    > with 31 components? The list goes off the page, so I can't toggle
    > yes/no. This is driving me crazy. I've deleted over 1000 objects so
    > far, but can't get rid of these and they are causing popups like
    > crazy.
    >
    > TIA
    > I have hyjack this installed on that computer, but it lists the good
    > with the bad... so I'm not going there.
    >
    > TIA
  7. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Sun, 10 Jul 2005 22:17:41 -0400, glee wrote:

    > You've lost me.....If Ad-Aware is finding 31 items, just right-click an item and
    > click Select All (or whatever the exact wording is in Ad-Aware), then click Next to
    > quarantine or delete. If this is not your issue, please be more clear.
    >
    Ad Aware found over 1000 items, but it can't delete 31. That's the
    list I'm talking about. There is no right click option and the list
    goes off the page at the bottom with no way to scroll down.

    > If the problems won't go away, and you have Hijack This (the latest version, please)
    > from:
    > http://www.majorgeeks.com/download3155.html
    > Unzip to a folder _other_than_ your Desktop or the Temp folder, doubleclick
    > HijackThis.exe, and hit "Scan".
    >

    Just got it today. I'll scan and post to the appropriate ng.

    > When the scan is finished, the "Scan" button will change into a "Save Log"
    > button.
    > Press that, save the log somewhere you can find it (Desktop, My Documents, or
    > similar).
    > Most of what it lists will be harmless or even required, so do NOT fix anything yet.
    >
    > Copy the log files and paste them into a new post at ONE of these forums:
    > http://forum.aumha.org/viewforum.php?f=30
    > (This is where experts you know, like Robear and Mow, hang out)
    > http://forums.spywareinfo.com/,
    > http://castlecops.com/forum67.html
    >
    thanks for the forum names... I'd forgotten where to post it.

    > In your post, please state your problem clearly and what you've done so far to fix
    > it.
    >
    > The folks there will tell you what to remove.
    >
    > See the "housekeeping" you should complete before you post your log:
    > http://aumha.org/forum/viewtopic.php?t=4075
    >
    > A tutorial for using Hijack This is located here:
    > http://tomcoyote.com/hjt/


    This is a 20 GIG HD that must be completely fragmented because DD
    doesn't have many programs installed, yet it's almost completely full.
    I tried defragmenting, but there are serious errors on the HD that.
    What do you think of WinFixer 2005? I'd love to reformat the HD, but
    I'm sure she doesn't have a clue where the software is.
  8. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "sf" <sf@gmail.com> wrote in message
    news:kno3d1ha3ldpq32pn4o9p8am2kebgl9rnm@4ax.com...
    > On Sun, 10 Jul 2005 22:17:41 -0400, glee wrote:
    >
    > > You've lost me.....If Ad-Aware is finding 31 items, just right-click an item
    and
    > > click Select All (or whatever the exact wording is in Ad-Aware), then click
    Next to
    > > quarantine or delete. If this is not your issue, please be more clear.
    > >
    > Ad Aware found over 1000 items, but it can't delete 31. That's the
    > list I'm talking about. There is no right click option and the list
    > goes off the page at the bottom with no way to scroll down.

    See if any of Gary's suggestions work, in his latest reply.

    > > Copy the log files and paste them into a new post at ONE of these forums:
    > > http://forum.aumha.org/viewforum.php?f=30
    > > (This is where experts you know, like Robear and Mow, hang out)
    > > http://forums.spywareinfo.com/,
    > > http://castlecops.com/forum67.html
    > >
    > thanks for the forum names... I'd forgotten where to post it.

    If you register and post at the first one:
    http://forum.aumha.org/viewforum.php?f=30
    Robear or Mow or the other regulars will help you, *and* I will drop in to read your
    log also.

    >
    > This is a 20 GIG HD that must be completely fragmented because DD
    > doesn't have many programs installed, yet it's almost completely full.
    > I tried defragmenting, but there are serious errors on the HD that.
    > What do you think of WinFixer 2005? I'd love to reformat the HD, but
    > I'm sure she doesn't have a clue where the software is.

    I wouldn't spend my money on it. What serious errors are you referring to, when you
    tried to defrag? I would not defrag till after I was sure all the malware was off.
    *After* the malware is gone, run Scandisk but do NOT let it automatically fix
    errors. If errors come up, cancel and post back with what they are.
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm
  9. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Right-click on one entry > choose 'Select all'
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    sf wrote:
    > Cutting a loooong story short... how do I handle deleting something
    > with 31 components? The list goes off the page, so I can't toggle
    > yes/no. This is driving me crazy. I've deleted over 1000 objects so
    > far, but can't get rid of these and they are causing popups like
    > crazy.
    >
    > TIA
    > I have hyjack this installed on that computer, but it lists the good
    > with the bad... so I'm not going there.
    >
    > TIA
  10. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Mon, 11 Jul 2005 16:52:25 -0400, PA Bear wrote:

    > Right-click on one entry > choose 'Select all'

    For some reason, right click wasn't doing it for me... nada. Maybe I
    didn't highlight. In any case, it looks like I've got them all now -
    but I'm running AdAware one more time to made sure it can't do any
    more for me. Malware programs were replicating themselves yesterday
    and fighting AdAware by making the computer freeze up. I know I've
    still got at least one hyjacker lurking in there somewhere because the
    evidence is in the browser's weird popups and one I recognize is
    listed in the Hyjack this log file. At least I was able to get my new
    MVP Hosts file installed, so it's redirecting some of the bad stuff.

    Yep... I ran AdAware off line and brought it down to zero (although
    Hyjack This said otherwise). I've reconnected, gotten way too many
    popups and this time AdAware says there 35 critical objects to remove
    - which incluces 12 registry keys and one registry value.
  11. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Aumha Forums are now found officially at http://aumha.net, Gary.
    --
    ~Robear

    Gary S. Terhune wrote:
    <snip>
    > Forums here:
    > http://forum.aumha.org/index.php?c=12
  12. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    OK... So perhaps Aumha.org's shortcuts should be updated, <sg>.

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "PA Bear" <PABearMVP@gmail.com> wrote in message
    news:%23VC836nhFHA.2484@TK2MSFTNGP15.phx.gbl...
    > Aumha Forums are now found officially at http://aumha.net, Gary.
    > --
    > ~Robear
    >
    > Gary S. Terhune wrote:
    > <snip>
    >> Forums here:
    >> http://forum.aumha.org/index.php?c=12
  13. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    1. Keep the machine /physically/ disconnected from the internet as much as
    possible.

    2. Post your HijackThis log to http://aumha.net/viewforum.php?f=30 after
    first completing all preliminaries here:
    http://aumha.net/viewtopic.php?t=4075.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security


    sf wrote:
    > On Mon, 11 Jul 2005 16:52:25 -0400, PA Bear wrote:
    >
    > > Right-click on one entry > choose 'Select all'
    >
    > For some reason, right click wasn't doing it for me... nada. Maybe I
    > didn't highlight. In any case, it looks like I've got them all now -
    > but I'm running AdAware one more time to made sure it can't do any
    > more for me. Malware programs were replicating themselves yesterday
    > and fighting AdAware by making the computer freeze up. I know I've
    > still got at least one hyjacker lurking in there somewhere because the
    > evidence is in the browser's weird popups and one I recognize is
    > listed in the Hyjack this log file. At least I was able to get my new
    > MVP Hosts file installed, so it's redirecting some of the bad stuff.
    >
    > Yep... I ran AdAware off line and brought it down to zero (although
    > Hyjack This said otherwise). I've reconnected, gotten way too many
    > popups and this time AdAware says there 35 critical objects to remove
    > - which incluces 12 registry keys and one registry value.
  14. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    PS And avoid rebooting.
    --
    ~PA Bear
  15. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Mon, 11 Jul 2005 21:14:01 -0400, PA Bear wrote:

    > 1. Keep the machine /physically/ disconnected from the internet as much as
    > possible.
    >
    I figured that out all by myself!!! LOL

    > 2. Post your HijackThis log to http://aumha.net/viewforum.php?f=30 after
    > first completing all preliminaries here:
    > http://aumha.net/viewtopic.php?t=4075.

    I'm still "cleaning". I found that when something contained 20-30
    objects, they would freeze the computer, so I had to figure out how to
    divide and conquer. I'm using Trend Micro right now and am down to my
    last 2. Tomorrow is Spybot S & D.

    When I can get all of my AdWare busters to read clean, I'll post my
    hyjack this log
  16. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Mon, 11 Jul 2005 21:14:25 -0400, PA Bear wrote:

    > PS And avoid rebooting.

    Thanks. Unfortunately, that's been impossible given the number of
    times the computer froze up on me and the fact that I needed to reboot
    it to remove items that can't be removed otherwise.

    Spybot search & destroy has been useless. It says everything is fine.
    Trent Micro and AdAware find "stuff". Not the same stuff, but they
    find it.

    The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
    part. It's small, but seems to be a BIG problem.
    Also, BookedSpace keeps coming back... it's a lot larger.

    Grrrr
  17. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "sf" <sf@gmail.com> wrote in message
    news:0oq6d111jdsbbgrit3ak9cadnsqmog34ri@4ax.com...
    > snip
    > The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
    > part. It's small, but seems to be a BIG problem.
    > Also, BookedSpace keeps coming back... it's a lot larger.
    >
    > Grrrr

    Try adding the VX2 Cleaner plug-in to Ad-Aware:
    http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    There are very difficult variants of VX2....now may be the time to post at the
    aumha.net HijackThis forums and get the expert advice of the folks there, such as
    Robear and Mow.

    re: BookedSpace:
    http://www.doxdesk.com/parasite/BookedSpace.html
    http://sarc.com/avcenter/venc/data/adware.bookedspace.html
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm
  18. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:

    > PS -- If you download and run the RootKit Revealer detection app from
    > Sysinternals, please don't post logs here. There are other forums
    > dedicated to that purpose.


    LOL... first you tell me about something I've never heard of before;
    then you tell me there's a way to "root" them out. After that you
    tell me not to post the "log" (which I didn't know it would produce
    here). OK, buddy... of the three things you just told me, at least I
    know enough not to post any logs here.

    :)
  19. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Tue, 12 Jul 2005 03:17:55 -0400, PA Bear wrote:

    > I'd also run Trend Micro Sysclean, sf. See
    > http://aumha.net/viewtopic.php?t=10610


    WOW, thanks! I didn't know that site/service existed. I've
    downloaded and am running it now. So far it has found TROJ_SMALL.AAL.

    Unfortunately, it hangs on a certain music file. I stopped the
    program, went to the specific file and waited way too long (10
    minutes) after the TSC stopped running for a result, so I stopped the
    program. A popup said words to the effect of "stopped by user" and
    every line in the log began with "unable". Do you think I should just
    delete the file and see if I can continue?

    This computer uses Nero (something I don't allow on my computer)
    primarily for burning purposes. Do you have another suggestion for a
    free burner?
  20. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Tue, 12 Jul 2005 07:06:03 -0400, glee wrote:

    > "sf" <sf@gmail.com> wrote in message
    > news:0oq6d111jdsbbgrit3ak9cadnsqmog34ri@4ax.com...
    > > snip
    > > The common problem is ADW_ABETTERINTERNET_VX2... actually the VX2
    > > part. It's small, but seems to be a BIG problem.
    > > Also, BookedSpace keeps coming back... it's a lot larger.
    > >
    > > Grrrr
    >
    > Try adding the VX2 Cleaner plug-in to Ad-Aware:
    > http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    > There are very difficult variants of VX2....now may be the time to post at the
    > aumha.net HijackThis forums and get the expert advice of the folks there, such as
    > Robear and Mow.
    >
    > re: BookedSpace:
    > http://www.doxdesk.com/parasite/BookedSpace.html
    > http://sarc.com/avcenter/venc/data/adware.bookedspace.html


    I don't know what I did, but the system seems to be clean now. I will
    post my new log for confirmation. Many Thanks to all for bearing with
    me!
  21. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    "sf" <sf@gmail.com> wrote in message
    news:gro7d15nhl9pmtv5hgkrcl25qgfq0g8v2m@4ax.com...
    > On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:
    >
    >> PS -- If you download and run the RootKit Revealer detection app
    >> from
    >> Sysinternals, please don't post logs here. There are other forums
    >> dedicated to that purpose.
    >
    >
    > LOL... first you tell me about something I've never heard of before;
    > then you tell me there's a way to "root" them out. After that you
    > tell me not to post the "log" (which I didn't know it would produce
    > here). OK, buddy... of the three things you just told me, at least I
    > know enough not to post any logs here.
    >
    > :)

    Heh, heh... I hadn't really looked into rootkits until recently. What
    little I do know is mostly what I learned from Mark Russinovich, et al,
    at http://www.sysinternals.com/utilities/rootkitrevealer.html Good
    explanation, and includes links to other rootkit info.

    In *some* cases, there *may* be ways to root them out, but the overall
    consensus is that most are as yet unfixable, leaving reformat as the
    only option. The same page I referred you to offers what is essentially
    an experimental program to find evidence of RootKits. If you run it, it
    creates a log that can be saved. If you want someone to look at that log
    and advise... Well, I'm fairly certain you can find people willing to
    examine such logs at the Aumha forums.

    I ran RootkitRevealer a week or two ago, and it definitely found
    evidence of rootkit-like behavior. Further investigation showed that
    these items were installed by Adobe when I upgraded to Creative Suite
    CS. Far as I can tell, the reason for these items is to make their
    licensing and anti-piracy measures more difficult (if not impossible) to
    mess with. However, seeing as how that installation has been nothing but
    a PITA since I did it, I have to wonder if the "rootkit" items were
    deliberate or were they accidental, maybe even at the root of my
    problems (pun intended this time, <s>.) I'll know when I get around to
    rebuilding this system and reinstalling Adobe

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm
  22. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Tue, 12 Jul 2005 11:25:54 -0700, Gary S. Terhune wrote:

    > "sf" <sf@gmail.com> wrote in message
    > news:gro7d15nhl9pmtv5hgkrcl25qgfq0g8v2m@4ax.com...
    > > On Mon, 11 Jul 2005 22:20:45 -0700, Gary S. Terhune wrote:
    > >
    > >> PS -- If you download and run the RootKit Revealer detection app
    > >> from
    > >> Sysinternals, please don't post logs here. There are other forums
    > >> dedicated to that purpose.
    > >
    > >
    > > LOL... first you tell me about something I've never heard of before;
    > > then you tell me there's a way to "root" them out. After that you
    > > tell me not to post the "log" (which I didn't know it would produce
    > > here). OK, buddy... of the three things you just told me, at least I
    > > know enough not to post any logs here.
    > >
    > > :)
    >
    > Heh, heh... I hadn't really looked into rootkits until recently. What
    > little I do know is mostly what I learned from Mark Russinovich, et al,
    > at http://www.sysinternals.com/utilities/rootkitrevealer.html Good
    > explanation, and includes links to other rootkit info.
    >
    > In *some* cases, there *may* be ways to root them out, but the overall
    > consensus is that most are as yet unfixable, leaving reformat as the
    > only option. The same page I referred you to offers what is essentially
    > an experimental program to find evidence of RootKits. If you run it, it
    > creates a log that can be saved. If you want someone to look at that log
    > and advise... Well, I'm fairly certain you can find people willing to
    > examine such logs at the Aumha forums.
    >
    I just finished posting a rather "good looking" log file... I think I
    beat BookedSpace and VX2 into submission.

    > I ran RootkitRevealer a week or two ago, and it definitely found
    > evidence of rootkit-like behavior.

    I'd like to run it, but I'm getting an error message about a missing
    DLL. PSAPI.DLL. Not sure what to do next. I'm pretty sure you're
    right about a rootkit problem because the Hyjack This log looked
    clean, but something is still causing unwanted popups and seems to be
    hyjacking IE every now and then.

    > Further investigation showed that
    > these items were installed by Adobe when I upgraded to Creative Suite
    > CS. Far as I can tell, the reason for these items is to make their
    > licensing and anti-piracy measures more difficult (if not impossible) to
    > mess with. However, seeing as how that installation has been nothing but
    > a PITA since I did it, I have to wonder if the "rootkit" items were
    > deliberate or were they accidental, maybe even at the root of my
    > problems (pun intended this time, <s>.) I'll know when I get around to
    > rebuilding this system and reinstalling Adobe

    At least you knew what you were looking at! LOL I'm not sure I will
    if I can ever get it up and running.
  23. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "sf" <sf@gmail.com> wrote in message
    news:t438d11pp5th5glkvmfp0egapp77ufjs14@4ax.com...
    > On Tue, 12 Jul 2005 11:25:54 -0700, Gary S. Terhune wrote:
    > I'd like to run it, but I'm getting an error message about a missing
    > DLL. PSAPI.DLL. Not sure what to do next. I'm pretty sure you're
    > right about a rootkit problem because the Hyjack This log looked
    > clean, but something is still causing unwanted popups and seems to be
    > hyjacking IE every now and then.
  24. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    Delete the problem file, download the latest Control Pattern Release file
    and then run Sysclean.com again per the instructions.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    sf wrote:
    > On Tue, 12 Jul 2005 03:17:55 -0400, PA Bear wrote:
    >
    > > I'd also run Trend Micro Sysclean, sf. See
    > > http://aumha.net/viewtopic.php?t=10610
    >
    >
    > WOW, thanks! I didn't know that site/service existed. I've
    > downloaded and am running it now. So far it has found TROJ_SMALL.AAL.
    >
    > Unfortunately, it hangs on a certain music file. I stopped the
    > program, went to the specific file and waited way too long (10
    > minutes) after the TSC stopped running for a result, so I stopped the
    > program. A popup said words to the effect of "stopped by user" and
    > every line in the log began with "unable". Do you think I should just
    > delete the file and see if I can continue?
    >
    > This computer uses Nero (something I don't allow on my computer)
    > primarily for burning purposes. Do you have another suggestion for a
    > free burner?
  25. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Tue, 12 Jul 2005 12:09:16 -0700, Gary S. Terhune wrote:

    > My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!

    The one in question is an ME... that's why you recommended it, I
    think.
  26. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    You may have assumed that I had ME in mind, but I'm pretty sure I
    didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems are
    Win95, 98, 98SE and ME. I simply forgot about that giant truth when
    previously discussing it. RKR only works on NT-based systems.

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "sf" <sf@gmail.com> wrote in message
    news:in3bd15covt7eu43vcqoknu16td8b3hrsp@4ax.com...
    > On Tue, 12 Jul 2005 12:09:16 -0700, Gary S. Terhune wrote:
    >
    >> My bad! RootkitRevealer doesn't run on Win9x systems. SORRY!
    >
    > The one in question is an ME... that's why you recommended it, I
    > think.
    >
  27. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Wed, 13 Jul 2005 15:08:47 -0700, Gary S. Terhune wrote:

    > You may have assumed that I had ME in mind, but I'm pretty sure I
    > didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems are
    > Win95, 98, 98SE and ME.

    Why did I think ME was "the next generation"? Oh, well.

    > I simply forgot about that giant truth when
    > previously discussing it. RKR only works on NT-based systems.

    You're not at sorry as I am! I posted my hyjack this log to the auhma
    forum and tried the first two suggested deletes... the first made IE
    inoperable and the second was "in use" - which is a ruse used by
    viruses, isn't it? Anyway, I restored item one and couldn't delete
    item two... so I quit. I wasn't familiar with the name of the person
    who responded and wasn't sure if he knew what he was talking about.

    I installed the AdAware Plugin that takes care of VX2, so it's not a
    problem anymore but BookedSpace keeps rearing it's ugly head along
    with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
    for that won't work. Now, the last of the last that won't even
    pretend to go away in spite of me telling AdAware to "quarentine" are
    two temp files in an imaginary folder... I can find them using their
    numbers, but again I can't delete them because "they are in use".
    BLAH.

    I just fininshed running Trend Micro for the umpteenth time and this
    is what it came up with after I got down the those last 2 with
    AdAware:
    40 Adware
    9 Cookies
    4 Browser helper objects
    19 Trackware
  28. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    You delete "in-use" files by restarting in Safe Mode or Command Prompt
    Only.

    I also recommend that you give Aumha.net another chance. Evaluate what
    you're being told, give feedback when something goes wrong, etc. In the
    long run, you're liable to get your best answers there.

    --
    Gary S. Terhune
    MS MVP Shell/User
    http://www.grystmill.com/articles/cleanboot.htm
    http://www.grystmill.com/articles/security.htm

    "sf" <sf@gmail.com> wrote in message
    news:r49bd1l7ndre7nsi73o133p8ditoogl6nh@4ax.com...
    > On Wed, 13 Jul 2005 15:08:47 -0700, Gary S. Terhune wrote:
    >
    >> You may have assumed that I had ME in mind, but I'm pretty sure I
    >> didn't. No, RootKitRevealer doesn't work on 9x systems. 9x systems
    >> are
    >> Win95, 98, 98SE and ME.
    >
    > Why did I think ME was "the next generation"? Oh, well.
    >
    >> I simply forgot about that giant truth when
    >> previously discussing it. RKR only works on NT-based systems.
    >
    > You're not at sorry as I am! I posted my hyjack this log to the auhma
    > forum and tried the first two suggested deletes... the first made IE
    > inoperable and the second was "in use" - which is a ruse used by
    > viruses, isn't it? Anyway, I restored item one and couldn't delete
    > item two... so I quit. I wasn't familiar with the name of the person
    > who responded and wasn't sure if he knew what he was talking about.
    >
    > I installed the AdAware Plugin that takes care of VX2, so it's not a
    > problem anymore but BookedSpace keeps rearing it's ugly head along
    > with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
    > for that won't work. Now, the last of the last that won't even
    > pretend to go away in spite of me telling AdAware to "quarentine" are
    > two temp files in an imaginary folder... I can find them using their
    > numbers, but again I can't delete them because "they are in use".
    > BLAH.
    >
    > I just fininshed running Trend Micro for the umpteenth time and this
    > is what it came up with after I got down the those last 2 with
    > AdAware:
    > 40 Adware
    > 9 Cookies
    > 4 Browser helper objects
    > 19 Trackware
  29. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    I read your log in the Aumha forum, and also the reply you received. If you " tried
    the first two suggested deletes", you did not follow the instructions given in the
    reply. Please go back, read the reply you received more carefully, and follow the
    instructions in the order they were given to you. You were told to download and run
    certain tools in a specific order, and use them, before any deletions were
    mentioned.
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm


    "sf" <sf@gmail.com> wrote in message
    news:r49bd1l7ndre7nsi73o133p8ditoogl6nh@4ax.com...
    > You're not at sorry as I am! I posted my hyjack this log to the auhma
    > forum and tried the first two suggested deletes... the first made IE
    > inoperable and the second was "in use" - which is a ruse used by
    > viruses, isn't it? Anyway, I restored item one and couldn't delete
    > item two... so I quit. I wasn't familiar with the name of the person
    > who responded and wasn't sure if he knew what he was talking about.
    >
    > I installed the AdAware Plugin that takes care of VX2, so it's not a
    > problem anymore but BookedSpace keeps rearing it's ugly head along
    > with an IMServer IEPlugin... IM isn't activated, so the AdAware plugin
    > for that won't work. Now, the last of the last that won't even
    > pretend to go away in spite of me telling AdAware to "quarentine" are
    > two temp files in an imaginary folder... I can find them using their
    > numbers, but again I can't delete them because "they are in use".
    > BLAH.
    >
    > I just fininshed running Trend Micro for the umpteenth time and this
    > is what it came up with after I got down the those last 2 with
    > AdAware:
    > 40 Adware
    > 9 Cookies
    > 4 Browser helper objects
    > 19 Trackware
  30. Archived from groups: microsoft.public.win98.gen_discussion (More info?)

    On Thu, 14 Jul 2005 23:23:30 -0400, glee wrote:

    > I read your log in the Aumha forum, and also the reply you received. If you " tried
    > the first two suggested deletes", you did not follow the instructions given in the
    > reply. Please go back, read the reply you received more carefully, and follow the
    > instructions in the order they were given to you. You were told to download and run
    > certain tools in a specific order, and use them, before any deletions were
    > mentioned.


    You're right I didn't follow the instructions proplerly... but it was
    the way to delete them that I didn't do correctly. It all came
    together tonight. I deleted them via HT <slapping head> and the
    others in Safe Mode. I still haven't posted my logs, but I will.

    Thanks for looking.
Ask a new question

Read More

Microsoft Components Windows