Can somebody please tell me how to get rid of this irritating piece of spyware? It's been bothering me for days now, and constantly pops up ads; also, it doesn't seem to show up in Ad-Aware.
It's located in my C:/Windows folder, but if I delete it (after shutting down the process), it shows up again later on when it decides to boot again. Any help would be greatly appreciated.
>Ad-Aware.
That fucking software!
>That fucking software!
What about it?
>>1
delete everything off your hard drive and reinstall.
OP here. I was able to get rid of the pesky file once and for all by deleting both the file itself and a related file. I should have thought of this earlier tbh
Thanks a lot to >>4 for trying to help, though.
For what it's worth, "HijackThis!" is pretty useful for these situations. :3
Reinstall and quit running everything with admin privileges. Get a good antivirus program as well. That or you could just keep running your compromised operating system like nothing ever happened.
>you could just keep running your compromised operating system like nothing ever happened.
Probably this, because my PC's old as fuck and starting to go to shit anyway.
You need to find out how it keeps reloading itself. Search for it in the registry (run\regedit). It's usually something like local_user\software\microsoft\windows\run or runonce or runservices. Delete any references to it there.
There's also one called AppInit_DLLs which is the most evil thing Microsoft ever did to its own software. Just search for it in the registry and delete anything suspicious (there really shouldn't be anything there).
Now tell us: Did you see anything suspicious in these areas? Tell us what you did see even if you don't think it's suspicious. Remember, real men don't use antivirus software. Ever. Antivirus software = worse than crying.
>>9
OP here.
I looked in the Run, RunOnce, RunServices, and RunServicesOnce keys, and found this; RunServices and RunServicesOnce are empty, RunOnce has a string named FFTI, and Run has lots of strings, but they're all for programs I recognize (e.g. Google, BitComet, Vidalia, etc).
>>10
For the record, no, I do not use BitComet anymore (and haven't for a while now). I use uTorrent.
FFTI is likely legit. You use skype, yes? If not, write down what it says in case you need it and then delete it.
Did you check appinits? Also what version of windows are you using exactly?
Is the symptom that you kill the process, delete program, restart the computer, and it's there again?
Check all instances in the registry (local_machine, etc.) where there's a software/microsoft/windows/run* for a reference to this program. Check to make sure it's not something really stupid like the startup section on the start menu.
All popups are IE, right? Did you check to make sure that you don't have any IE add-ons that might be causing it?
>>12 here
You really need to check appinit_dlls. This is important. There may be a gibberish.dll to match your gibberish.exe. This may be how it's respawning.
Malwarebytes' Anti Malware
Spybot search and destroy
Hijack this
If none of the above report anything, your operating system is no longer under your control and it needs to be wiped. You're probably part of a botnet as well.
If you can find the actual file, scan it to see what it is:
http://virusscan.jotti.org/
http://www.virustotal.com/
>>14 Garbage. Everything can be saved. Also, read the thread.
>>15
yes, it can be saved by overwriting it with a clean copy of windows.
just like on unix/linux/whatever, if someone gains full control of the system, you should start over from scratch, because any executable on the system could potentially let the bad guys back in.
>>16 Whatever.
This is probably like the most recent one I came across. It's especially evil. It loads itself as part of explorer using appinit_dlls. You can't delete the DLL because it's always in use (no, always, even in command line use, you can't delete it using an alternate operating system because linux sucks when dealing with NTFS). Its main purpose in life is to continually rewrite itself into the registry, so you can't just delete the reference and restart. In order to get rid of it, you have to make a looping batch file that tries to delete it (it won't, but wait). Run the batch file, kill all processes except it, shut down windows... in the dying gasps of shutdown, the DLL will briefly not be in use and will be deleted thanks to the batch file. Clean up any remaining references to the DLL and any executables it may have spawned.
>>15
With kernel mode rootkit, all bets are off.
Eh... he hasn't posted in awhile, so no telling. Probably messed up his system trying to fix it.