1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ad-ware not working need replacement spyremoval

Discussion in 'Virus & Other Malware Removal' started by Camlee98, Sep 8, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    I've tried everything to get adware working and no luck. I used spyware doctor and found many things left that s and d didn't catch. So I need to know if I buy a different spyware removal tool what is the best to buy. I can't seem to find any other free ones that remove the stuff it finds. I'm into a 22 post thread with cookie and feel that this is the last step at cleaning this computer. So if I have to pay then I have to pay. You can review all my problems and what I've done so far in my other thread. So any suggestions would be great!!! THanks for your input!!
     
  2. joe2cool

    joe2cool

    Joined:
    Feb 7, 2002
    Messages:
    5,994
    Hi Adaware & Spybot are the best, wouldn't use spyware doctor..........also spyware blaster & spyware guard are Good. All FREE

    What version of 'Adaware' are you using? Latest ?
     
  3. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, It's a combination of using Hijackthis, AdAware, SpyBot and some manual safe mode deletion for leftover files> and yes, even working with Registry entries that nails this stuff...
    The junk we are seeing posters affected by is getting a bit harder to remove. Right now, AdAware as you know has released a new version of the free personal edition> IF you want to buy anything, buy the Premium or whatever version you want, of AdAware! It alone, will NOT remove everything, you need help with finding all the files or BHOs to remove and that is where HJT and a helper comes into play> I think your solution is around the corner and am wishing you good luck with your present hijack's removal!

    The next good thing to do of course is improve security on your side of the Net, by using browser security settings for Internet Explorer, Windows Updates, a firewall, some ActiveX blocking software perhaps, or XP's SP2, and so on, as well as following some basic good computer maintenance practices> removing temp and Temp Internet Files, on a regular basis.
     
  4. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Yes I understand what you guys are saying I use all of those products you mentioned. I know adware is the best and I love using it on my computer(I'm working with my sisters it was in bad shape). My problem is that adware just won't work with it it keeps freezing. I've tried the earliest version of adware that I had tucked away. I've tried 1.02 1.03 and 1.04 the lastest version all with the same results. I've tried it in safe mode, uninstalled and reinstalled searched the registry for all items named lavasoft or adware. I think I've covered it all but something in this computer is not allowing me to use adware(the best product). So I'm kinda be forced to use or buy something else which in turn will hopefully remove whatever is causing the issue with adware. Here are the steps I've been taking to take care of the isssue http://forums.techguy.org/t269177.html and if you read through you can see I've been following instructions but just can't shake whatever is in this thing. So if you have an other suggestions please let me know I'm out of ideas.
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, It sounds like your problem would not be just the new release of AdAware that has the reported freezing up problem ((that was solved by a NEW new release, just a day or so ago, of the SE 1.4...I advise getting the download from Lavasoft, as well as the plugins, I have had trouble twice with the downloads from Majorgeeks...as far as plugins anyway...the one from Majorgeeks did not display the License agreement! Lavasoft's did...and worked fine.

    have you tried an online scan? There are some malwares that can stop security or antispyware programs from running.

    http://housecall.trendmicro.com/

    Set the AUTOCLEAN button setting. It's a very good scanner.

    There are many more as you may know. If that doesnt run, get back.
     
  6. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Yes I used trend, panda, Rav and I'm running AVG all clean now. I'll try the download from lavasoft and see if that works. Here's what spydoctor found (I know adware finds these to because it totals up to about 60 items before it freezes). Mabey there's something in here that conflicts with adware and mabey I could delete that one manually??

    StoolBar (multiple) general malware *
    E2Give (HKLM\software\e2g) registry key *
    eAcceleration (HKCR\directory\shellex\contextmenuhandlers\eac_virusscanner) registry key *
    WildTangent (HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}) registry key *
    WildTangent (HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}) registry key *
    WildTangent (HKCR\wt3d.wt) registry key *
    WildTangent (HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\clsid\{ecfbe6e0-1ac8-11d4-8501-00a0cc5d1f63}) registry key *
    WildTangent (HKCR\wt3d.wt.1) registry key *
    WildTangent (HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}) registry key *
    WildTangent (HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}) registry key *
    WildTangent (HKCR\clsid\{fa13a9fa-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\wtvis.wtvisreceiver) registry key *
    WildTangent (HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}) registry key *
    WildTangent (HKCR\wtvis.wtvisreceiver.1) registry key *
    WildTangent (HKCR\wtvis.wtvissender) registry key *
    WildTangent (HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}) registry key *
    WildTangent (HKCR\wtvis.wtvissender.1) registry key *
    WildTangent (HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}) registry key *
    WildTangent (HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}) registry key *
    WildTangent (HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}) registry key *
    WildTangent (HKCR\clsid\{7f23e6e5-0e79-4aee-b723-b1463805d5a9}) registry key *
    WildTangent (HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}) registry key *
    WildTangent (HKCR\clsid\{8ecf83a0-1ac9-11d4-8501-00a0cc5d1f63}) registry key *
    WildTangent (HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}) registry key *
    WildTangent (HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}) registry key *
    WildTangent (HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}) registry key *
    WildTangent (HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}) registry key *
    WildTangent (HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}) registry key *
    WildTangent (HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}) registry key *
    WildTangent (HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}) registry key *
    WildTangent (HKCR\clsid\{b9ba256a-075b-49ea-b9e2-7dbc2ef021d5}) registry key *
    WildTangent (HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}) registry key *
    WildTangent (HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}) registry key *
    WildTangent (HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}) registry key *
    WildTangent (HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}) registry key *
    WildTangent (HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}) registry key *
    WildTangent (HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}) registry key *
    C-Dilla (HKLM\SOFTWARE\C07ft5Y) registry key *
    dialer (HKLM\software\diallerprogram) registry key *
    SlimFTP (C:\WINDOWS\system32\msrev21.dll) file *
    AdDestroyer (C:\WINDOWS\system32\popoops.dll) file *
    AdDestroyer (C:\WINDOWS\system32\popoops2.dll) file *
    AdDestroyer (C:\WINDOWS\system32\swlad1.dll) file *
    AdDestroyer (C:\WINDOWS\system32\swlad2.dll) file *
    WildTangent (C:\WINDOWS\wt\wt3d.dll) file *
    WildTangent (C:\WINDOWS\wt\wtvh.dll) file *
    StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\defscan_setup2.exe.chk) file *
    StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\spyware.cnr) file *
    StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\vclnr.cnr) file *
    StopSign (C:\Documents and Settings\Owner\Local Settings\Temp\EAC00000000\vclnr2.cnr) file *
    2nd-thought.com (C:\WINDOWS\SYSTEM32\msxml3.inf) file *
    2nd-thought.com (C:\WINDOWS\SYSTEM32\SWRT01.dll) file *
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I know you have tried a lot of things (I read the other thread)

    The things Spyware Doctor is "finding" can be leftover entries...or false positives...or the "backups" inside your other removal progam...there really is nothing in your HJT logs that shows any of these files...


    Try the temp and Temp Internet Files cleaning up once more...you can do this from Safe Mode, also:


    Can you try these directions:

    Take note and write down any filename that gives any error message about "in use by- blah".

    LOOK FOR that file as a running process> CTRL+ALT+DEL, End Task on that one,you may have to wait a minute for the next End Process(or Task) box to come up, and end it again. IF and only if...it is one of those that Spyware this or that...says it "found" and is definitely a suspicious, not-normal System file> try deleting it.

    Then, run a scan with SpyBot and see if it finds anything.
    Use AdAware again...what happens?

    Keep trying to get updates for AdAware.

    I would try the stand alone removal tool, Stinger by McAffee

    http://vil.nai.com/vil/stinger/


    Be sure the Preferences button for Actions to take is set at "Repair"

    Now- I would stick with Cookiegal> keep trying when you have time and I bet sooner or later you will end up fixing it!

    There is one other thing you could try:

    http://www.majorgeeks.com/download4113.html

    I don't think that is the same Look2me removal tool Cookiegal had you try...
     
  8. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Hey thanks for the stinger info it removed this one
    C:\WINDOWS\SYSTEM32\TFTP260
    Found the W32/Blaster.worm.a virus!!!
    C:WINDOWS\SYSTEM32\TFTP260 has been deleted.

    Not sure if this affects adaware but I'm gonna try it again now!
     
  9. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Wow...Blaster is one that will terminate programs, good luck with this! See my re-re-redited post above too for some tips.

    If the computer is connected to any others, like a small home network> disconnect it and try running this Blaster fix:

    http://www.sophos.com/support/cleaners/blastgui.com

    open BLASTGUI
    run it
    then click GO.



    ""How did my computer become infected?
    W32/Blaster-A scans the internet and local networks looking for computers vulnerable to Microsoft's DCOM RPC security exploit. When it finds one it causes the remote computer to use TFTP to download a copy of the worm. This is saved as msblast.exe in the Windows system folder and the registry on that computer is changed so that the worm will be run when the computer restarts.""

    There may be some other things to do...

    Get this patch immediately:

    http://www.microsoft.com/downloads/...53-65EC-4851-886C-5A412438D6D4&displaylang=en


    Definitely: Visit Windows Updates with that computer and get all the critical updates, later on.
     
  10. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Ran the above program and it found no trace of the blaster worm I hope that's a good thing thanks for the info. I've tried adaware again and still freezes up at system32/microsoft and if I run it so it doesn't scan microsoft it freezes at the very end when it says busy and the bar fills about half way. Again thanks for all your help.
     
  11. Camlee98

    Camlee98 Thread Starter

    Joined:
    Mar 21, 2004
    Messages:
    184
    Update........ I took some advice from cybertech and ran ad-aware until it came up with about 30 hits then hit cancel and fixed those. I was able to fix the rest of the problems although ad-aware would still hang at c:\windows\system32\microsoft I was able to bypass this file and run a scan on everything else. Thanks to all who helped!!!!!
     
  12. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Good> Hopefully an update or a reinstall of AdAware takes care of this problem. After the original SE came out, pretty much the same thing happened> a NEWER new release of 1.03> and now, v.1.04, so we never know what will happen!


    I would guess that your manual removal in the Registry of Lavasoft items...may have done something that caused your freezeup, even after a reinstall...that is ONLY a guess! At least you are able to workaround the hang for now. You do not need to reply here unless you have a question or something> will consider it fixed/closed but feel free to post if need be.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/271665

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice