My friend is having a bit of probs with his computer. If anyone can suggest where I should start looking would be a great help!
His computer is running windows XP with 3GB's of Ram and a 2GHz processor. He recently install Spywarebot accidently, then removed it - However its left an icon in the control panel, and a entry in the add/remove program list that wont budge.
Every time the PC is booted into XP. It loads the usual screen and just before the "preparing network connections" dialog it reboots. Same issue if booted into safe mode. The only way to gain access is to press F8 on boot and go to "last good known configuration".
However it doesnt keep that configuration once rebooted. And to top it off, windows restore is about as helpful as a brick.
My first instincts was to see what was booting to see if it's a file so i used the msconfig and the startup control panel from mlin.net. Cant see anything that would cause this. Tried adware etc... and it found nothing.
Where would you suggest me to look next in this mission?
that's not a interesting problem
wether to grab the left or right boob first, or both at once - that's an interesting problem
see to 'program files' if the program still has files there
also check if it has made a service of itself
see system32 folder and sort by creation date and see if any of the dates match around the time he installed it and delete
worse that could happen would be a permanent bsod on startup, but windows is fairly tolerant of missing files
you could also try run a registry mechanic kind of application if nothing else helps
but after that it's reinstall time
There's some additional files/processes associated with this pos that you need to weed out. The icon in CP and add/remove entry are minor probs. Can be solved by editing a registry key. This is malware but you'd be surprised how many 'valid' progs have shitty uninstallers.
Interesting, the contol panel and add/remove list is solvable i see. Thanks.
The main problem however is still at large. It still reboots on a normal startup before it gets into windows. I have checked all the services and theres nothing of concern. And when the computer is started up with diagnostic start up, still reboots.
Maybe the only logical way forward is to produce a Hijack this log. Is there any sort of application that will reset the windows boot back to the default to avade this problem?
This is from someone else's log and luckily the shitware appears under it's own name.
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
See if it shows up on your friend's log.
Funny how if you google this crap it appears as a legitimate adware remover.
XP keeps most of the system files in its restore folder. Unfortunately most of the annoying crap writes its files into the restore folder aswell. The folder should be inaccessible but because of a security bug in XP they have found a way to create automatically restoring copies of itself. So if you remove or modify something in your system folders XP copies the "original" files back.
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Had to do a clean install - repair didn`t work; well nothing i tried worked...
