Bay 12 Games Forum

Please login or register.

Login with username, password and session length
Advanced search  
Pages: 1 [2] 3

Author Topic: PC Chemotherapy, or Adbots Galore  (Read 8434 times)

A_Fey_Dwarf

  • Bay Watcher
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #15 on: December 28, 2008, 12:49:43 am »

I don' frequent many webites.
Bay 12
TV tropes
Google image (for picture fight)
hotmail
wikipedia
My school's site

Same as me except with no TV tropes and Gmail instead of hotmail. Oh, I also frequent an auction site, but that is pretty secure. Then again I do use utorrent (piratebay) every so often. I think it's best if I leave my virus protection on thank you very much.
Logged

Makrond

  • Bay Watcher
  • Like fuzzy dice, only more slicey
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #16 on: December 29, 2008, 09:31:05 am »

Man, I go all OVER the internet. I haven't had a virus since... well, ages ago, really. And it's been even longer since I've needed to reformat due to virus-related issues (stupid hard-drive deaths...).

As far as malware protection, I use Javacool's SpyWareBlaster; it uses mostly in-browser protections to prevent malicious code from running in the first place. For removal, I use Spybot: Search and Destroy and AVG. I also once used ewido - an excellent program in the case of emergencies, and now part of AVG funnily enough.

The trick is not to go searching all over the place for antivirus software - there's a fair amount of what's known as "rogue antivirus software"... which basically means it's almost as bad - if not worse - than the stuff you're trying to get rid of in the first place. It's getting a little rarer nowadays, and it all tends to be at the back of the Google listings, but the main idea is, don't download something unless you trust the company offering it.

Something I keep backed up on a disk somewhere at all times is SmitFraudFix. It's not that I expect to GET Smitfraud.C at any point, but I'd rather not take the chance. Plus it comes in handy when idiot friends of mine get it (it's ridiculously easy to detect, even Spybot can find it for you, though it struggles to actually REMOVE it) and ask me to fix their computers.
Logged
Quote from: Jusal
Darwinism? Bah! This is Dwarvinism!

Kashyyk

  • Bay Watcher
  • One letter short of a wookie
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #17 on: December 29, 2008, 01:36:08 pm »

you hae Norton crashalot? Remove it. Do it now! replace it with something good like Avira.
Logged

Cthulhu

  • Bay Watcher
  • A squid
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #18 on: December 31, 2008, 04:09:03 pm »

I have Vundo.  It's on every computer in my house, and I think it's just reinfecting computers that kill it.  I tried disconnecting all of them from the internet and each other and running VundoFix, but it survived.  It sucks, too, constantly getting Antivirus 2009 messages, ads, and such.  I think it's done with my computer, because the only thing I've seen in a while is this weird thing where a window pops up and never loads anything.  Annoying, but not a serious problem.
Logged
Shoes...

woose1

  • Bay Watcher
  • Yay for bandwagons!
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #19 on: December 31, 2008, 06:59:18 pm »

I have Vundo.  It's on every computer in my house, and I think it's just reinfecting computers that kill it.  I tried disconnecting all of them from the internet and each other and running VundoFix, but it survived.  It sucks, too, constantly getting Antivirus 2009 messages, ads, and such.  I think it's done with my computer, because the only thing I've seen in a while is this weird thing where a window pops up and never loads anything.  Annoying, but not a serious problem.
I HAD THAT TOO!

I tried vundo fix, but it just re-spawned at the edge of the map.
Ahem.. anyway ...

Really, to only way to get rid of this thing is to get a new hard-drive. really.
I tried re-imaging my computer, it was still on there.

Go to circut city or some other place were they sell computers, and get new hard-drives. And maybe re-install your connection thingy. (Easier with linkyseys.)

Vundo is really one of those programs that are nearly impossible to get rid of, and if you dont get rid of it soon, it can do all sorts of nasty things, like preventing you from downloading anything.  :'(

By the way, were did you get it from? Some third part key-logger generator? Or maybe when you were feeling foxy......  :-* (Just kidding)
Logged

Cthulhu

  • Bay Watcher
  • A squid
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #20 on: December 31, 2008, 07:02:38 pm »

No idea, I don't pirate or anything, so it wasn't from unscrupulous dealings.  Interestingly, it attacked right after my sister started playing The Sims again, and I know she's been downloading addons for it.
Logged
Shoes...

woose1

  • Bay Watcher
  • Yay for bandwagons!
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #21 on: December 31, 2008, 07:17:40 pm »

Offer your sister to the blood god to appease the mighty Vundo.
Logged

G-Flex

  • Bay Watcher
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #22 on: December 31, 2008, 07:28:20 pm »

I know it's the fake rundll32.exe program, and it came with something called gadcom.exe.

If you know what some of the bad processes are, just find those programs and get rid of them.

Search your Windows directories (\windows and \windows\system32 are good bet) for them.

One thing I do is arrange all the files in those folders by date modified; usually new bogus DLLs and crap will appear at the end. It helps a lot.

And yeah, Spybot: Search & Destroy and Ad-Aware are decent. I usually keep more than one on hand; it never hurts, since some will miss some that others might catch. Spybot's resident protection can also catch things like registry changes that you might not want.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Aqizzar

  • Bay Watcher
  • There is no 'U'.
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #23 on: December 31, 2008, 07:44:30 pm »

I know it's the fake rundll32.exe program, and it came with something called gadcom.exe.

If you know what some of the bad processes are, just find those programs and get rid of them.

Search your Windows directories (\windows and \windows\system32 are good bet) for them.

That's what I would do, except it doesn't work here.  The original programs are constantly running, so they can't be deleted because they're permanently flagged as in-use.  Plus, I think they're using that nasty trick of generating new initializer programs with random file names.

Spybot S&D failed to stop my adware problem.  It certainly says it caught a lot of unwarranted browser helpers, but I'm getting the same pop-ups.  And since I installed it, now anytime I try to open website from a Google search I get redirected to some shopping page.  So, no noticeable improvement anywhere, and I'm worse off in a new way.  I'll try the other ones next.
Logged
And here is where my beef pops up like a looming awkward boner.
Please amplify your relaxed states.
Quote from: PTTG??
The ancients built these quote pyramids to forever store vast quantities of rage.

G-Flex

  • Bay Watcher
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #24 on: December 31, 2008, 07:47:45 pm »

If you know what some of the bad files are, you can delete them. You just have to try extra-hard. :P

Try stopping their process then deleting them.
Try starting in Safe Mode and deleting them.

Spybot S&D might have a method to delete stuff on startup, so that might help too. Hell, you might even be able to make a batchfile yourself and put that in the startup folder.

If that fails, you can start using some other OS, like a boot CD with a linux live-CD or DOS on it, or something, and delete them on a commandline.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

Aqizzar

  • Bay Watcher
  • There is no 'U'.
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #25 on: December 31, 2008, 07:59:34 pm »

If you know what some of the bad files are, you can delete them. You just have to try extra-hard. :P

Try stopping their process then deleting them.
Try starting in Safe Mode and deleting them.

Windows just doesn't let me do that.  The programs aren't listed in the process manager, they're just flagged as running.  Didn't occur to me to try safe mode though.

Quote
If that fails, you can start using some other OS, like a boot CD with a linux live-CD or DOS on it, or something, and delete them on a commandline.

If I was going to that much trouble, I'd just reformat like I always have.  I'm tired of having to try that hard and I want an easier solution.

What I could use is some kind of "nuke this" program to just delete anything no matter what.  Or some way to tell Windows to never start a certain program no matter what.  Why is it this hard for a normal user to mess with files anyway?  Computers don't have to be sorcery.  This could be a lot more user operable.
Logged
And here is where my beef pops up like a looming awkward boner.
Please amplify your relaxed states.
Quote from: PTTG??
The ancients built these quote pyramids to forever store vast quantities of rage.

Duke 2.0

  • Bay Watcher
  • [CONQUISTADOR:BIRD]
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #26 on: December 31, 2008, 08:03:00 pm »


 I remember a program called 'unlocker' that could delete any file. Any file, no matter what the computer thinks. Got rid of a few virii that way.

 Too bad it is so difficult to get rid of. I would also like to know a program that only allows specific processes to run under my command.
Logged
Buck up friendo, we're all on the level here.
I would bet money Andrew has edited things retroactively, except I can't prove anything because it was edited retroactively.
MIERDO MILLAS DE VIBORAS FURIOSAS PARA ESTRANGULARTE MUERTO

G-Flex

  • Bay Watcher
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #27 on: December 31, 2008, 11:12:23 pm »

If a process is running, it sure as hell should be listed in Task Manager. Try downloading Process Explorer and looking in that.

And trust me, booting up with a live-CD and deleting a few files is a lot less trouble than reformatting, unless you like going through the major headache of reconfiguring everything and dealing with backups.
Logged
There are 2 types of people in the world: Those who understand hexadecimal, and those who don't.
Visit the #Bay12Games IRC channel on NewNet
== Human Renovation: My Deus Ex mod/fan patch (v1.30, updated 5/31/2012) ==

qwertyuiopas

  • Bay Watcher
  • Photoshop is for elves who cannot use MSPaint.
    • View Profile
    • uristqwerty.ca, my current (barren) site.
Re: PC Chemotherapy, or Adbots Galore
« Reply #28 on: December 31, 2008, 11:51:16 pm »

They could have loaded themselves into one of the many svchost zombies. Those things NEVER die, unless you hit the leader, and then it takes windows with it. It is a good thing that they are not viruses. (For the less informed, svchost runs DLL files). Oh, and watch out for HAL.SYS, it's another "normal"(it comes with windows) file out to get you, especially if your name is dave.
[/MASSIVE SARCASM QUOTES]
Logged
Eh?
Eh!

Makrond

  • Bay Watcher
  • Like fuzzy dice, only more slicey
    • View Profile
Re: PC Chemotherapy, or Adbots Galore
« Reply #29 on: January 01, 2009, 05:42:51 am »

The other thing to do would be to use Spybot's Secure Shredder (accessed by turning on Advanced mode in the Mode menu, then expanding the Tools tab on the side - make sure the box for it is ticked) after killing the process (also with Spybot) and removing the startup entry (again, Spybot).

Spybot will even tell you most of the time if a startup entry is safe or if it's potentially dangerous (the trick is to check whether the entry has a different filename or path to what you would expect).

And Secure Shredder will delete a file for you, no matter what. It will even overwrite the sector a specified number of times, just to be absolutely sure the data is gone.
Logged
Quote from: Jusal
Darwinism? Bah! This is Dwarvinism!
Pages: 1 [2] 3