• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How do I manually delete adware/trojans that won't delete?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
KurenaiYue
Just Arrived
Just Arrived


Joined: 12 Oct 2008
Posts: 0
Location: Texas

Offline

PostPosted: Sun Oct 12, 2008 10:35 pm    Post subject: How do I manually delete adware/trojans that won't delete? Reply with quote

I downloaded Spyware Doctor. I have the free version, which scans all your files and the difference is that you have to manually go into the registry or into folders to delete threats.

I have gotten rid of about 85% of all the things. I have rescanned several times...


These are what are giving me trouble (oh, by the way, I have everything set to "show hidden files/folders")


Adware.TV_Media_Display (2 infections)
-Description: A potentially unwanted adware program that could be used to display various pop-up advertisements
-Threat level: Elevated (4/5)
---FILE:
---C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\ TEMPORARY INTERNET FILES\Tvm.log
---C:\DOCUMENTS AND SETTINGS\DAVID\LOCAL SETTINGS\ TEMPORARY INTERNET FILES\Tvm.log
----------------Problem: I cannot locate Tvm.log, even with "show hidden" selected



Adware.DelfinProject (1 infections)
-Description: A potentially unwanted adware program that could be used to display various pop-up advertisements
-Threat Level: High (5/5)
---FILE:
---C:\keys.ini
-------------------I cannot locate it



Rootkit.Agent (76 infections)
-Description: A threat that relies on rootkit-specific techniques in order to hide its presence in the system. In addition, the detected sample contains the following characteristics:
--a program that can be used to hijack certain aspects of users' web browser functionality (such as homepage, search page, and security settings)
--a malicious trojan horse that may represent a security risk for the compromised system and/or its network environment
-Threat Level: High (5/5)
-----FILE:
-----C:\WINDOWS\SYSTEM32\drivers\core.sys
(It won't delete. Says it is being used, and refuses to let me delete it)
-----STARTUP PROGRAM:
-----HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core, ImagePath = system32\drivers\core.sys
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core, ImagePath = system32\drivers\core.sys
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core, ImagePath = system32\drivers\core.sys
-----REGISTRY KEY:
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ENUM\ROOT\LEGACY_CORE
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ENUM\ROOT\LEGACY_CORE
-----HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_CORE
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\SERVICES\CORE
-----HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\SERVICES\CORE
-----HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\CORE
-----------These will not allow me to delete them.



Trojan.Agent.AOY (10 infections)
-Description: A malicious program that may represent a security risk for your computer or network environment
-Threat Level: Medium (3/5)
-----REGISTRY KEY:
-----HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DOMAINSERVICE
--------------It will not allow me to delete this or anything in it.
-----REGISTRY VALUE TO BE REPAIRED:
-----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, SFCDisable
---------I do not know what I am supposed to do with this since it says "to be repaired." Is there anything I can do about this manually? I can't buy any programs right now



Adware.BHO.GEN (2 infections)
-Description: A malicious program that may represent a security risk for your computer or network environment.
-Threat level: Medium (3/5)
-----HKEY_CLASSES_ROOT\CLSID\e405.e405mgr
----------------I cannot find it in the registry.




Now, the items in the registry... I don't know why they aren't letting me delete them.
I have spent over 2 hours deleting threats from in the registry, so I know it's not some sort of protection for the computer. It is apparently some way for this crap to keep itself from being deleted.


Any help you can provide will be appreciated.
I am looking to do this MANUALLY, not by purchasing the software or downloading anything else.
Is there anything I can do?
Back to top
View user's profile Send private message AIM Address
judicandus
SF Mod
SF Mod


Joined: 21 May 2007
Posts: 0
Location: Milan, Italy

Offline

PostPosted: Mon Oct 13, 2008 3:05 pm    Post subject: Reply with quote

I guess ABdA's answer was already thorough enough Very Happy

http://answers.yahoo.com/question/index?qid=20081012131642AAm0gNp

About Spyware Doctor, I have also heard that
Quote:
"some of its malware (spyware) reports are false positive"
in some forums so I'm not sure up to which point it is trustable.

About running both AntiVirus and AntiSpyware:
Quote:
You should run both antivirus and antispyware in Safe Mode. Running only anti-virus application will not necessarily protect you from spywares or malwares; and the vice versa is also true. So to be on the safe side, RUN BOTH.

I believe most antivirus products nowadays include also protection for antispyware (check the product's website for details).

Could you remove those entries manually?

If not you can try and ask for help in the Malware Removal section. I'm sure somebody will give you a hand. Before posting please read: ~Before posting your thread, read this ~. And please do not multi-post
Quote:
"We reserve the right to close any thread where we believe muti-posting has occurred."

And, above all, do install an antivirus/antispyware solution (free or comercial). Not having one might make your computer a tad lighter but you never know when you're going to visit a page infected with a dll injection threat and get a Zlob variant Confused
Back to top
View user's profile Send private message
desinet1
Just Arrived
Just Arrived


Joined: 05 Dec 2008
Posts: 0


Offline

PostPosted: Tue Dec 09, 2008 5:41 am    Post subject: Reply with quote

Manual deletion of registry entries and malware files is always difficult and mostly incomplete.
There is always a risk of the malware re-surfacing again.
I would always recommend an automatic removal.
Back to top
View user's profile Send private message AIM Address
ron.vanza
Just Arrived
Just Arrived


Joined: 30 Oct 2008
Posts: 3


Offline

PostPosted: Tue Dec 09, 2008 9:43 am    Post subject: Reply with quote

spyware doctor itself creates some spyware it did this with me i am using avira from 2 years and life much easier Very Happy its free to either use avira antivirus or u can use avira bootable virus removal cd from here

http://www.avira.com/en/company_news/rescue_cd_.html
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register