got rid of bad spyware but it's killed a bunch of stuff

vibe666 · 05-10-2006 9:26pm #1

had a bit of a bad spyware attack on a pc, and with the help of hijackthis!, spybot and ad-aware i've got rid of it, but it was a real hooer of a thing and has left untold damage in it's wake.

the following things are now completely disabled:

task manager
regedit
msconfig
gpedit
right click
system restore

and probably more besides, but that's pretty much bad enough.

anyone have any ideas as to how i can un-fcuk this god aweful mess without a re-install?

challengemaster · 05-10-2006 9:31pm

ehm... eh.. sorry, reinstall is all i can think of.. maybe some others will have better help.

Ruu_Old · 05-10-2006 9:34pm

Run an anti-virus scan in safe mode, also check the msconfig.exe Startup tab while you are there and see if theres anything unusual.

Cuddlesworth · 05-10-2006 10:11pm

A reinstall would be quicker and less painless.

calex71 · 06-10-2006 5:30am

you could try and restore the files that got messed up from the scans from quarintine assuming your not like me and just get rid of them right after the scans, this will probably put you back in spyware central but after this you can scan to find out what you have and try and figure out hwat system file sare effected and maybe research manually fixing the issuses once you know exactly what your dealing with. Spybot would be my suspect with this problem, they dont show that when you start it up for nothing. Maybe try scanning with windows defender and ad-aware and your normal anti- virus and leave out spybot for this scan, (all assuming you can put back files the 1st round of scans altered/removed from quarintine.)

As said though a rebuild would be best and would definately be the way id go about it.

vibe666 · 06-10-2006 9:50am

haha!

got it.

smart as it was, it hadn't disabled remote regedit functionality.

managed to get in and fix the reg entries stopping everything from working. figured it was messing with group policies to stop me from removing it, so i figured that was the best place to start and it paid off.

all fine and dandy now. thanks anyway for the help.

i have to say, i'm quite impressed with it's self preservation tricks from a professional/technical point of view anyway.

from a BOFH point of view it'd almost be worth it to roll it out on-site to stop users from messing.

realblackstuff · 06-10-2006 11:10am

Before you get in a mess like that next time, get Ewido now and install/run it. www.ewido.net
It's amazing what that program can clean up for you.

vibe666 · 10-10-2006 9:51pm

ah, interesting. just noticed ewido has just become avg anti-spyware. might just be tempted to give it a go.

oh, and i wouldn't have gotten into the mess in the first place if i'd been keeping my eye on the ball. i was installing nero in the background and took a popup for a reg entry allow/deny request as being from the nero installer but it seemingly wasn't.

a schoolboy error that cost me quite a bit of time and effort to put right.

note to self: read dialog boxes before clicking.

got rid of bad spyware but it's killed a bunch of stuff

Comments