Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unable to run any spyware removal tools

  • Please log in to reply
2 replies to this topic

#1 shadow zero

shadow zero

  • Members
  • 3 posts
  • Local time:08:09 PM

Posted 07 August 2009 - 02:23 PM

I have worked as a PC tech for 3 years, and i have come up against a problem that i am unable to solve on my wife's computer. She has a piece of spyware that is disabling any scan software i run, and making it a hidden, read-only file that even the admin account of the machine does not have access to. It has disabled:
Spybot S&D
Symantec Corporate Edition
Windows Defender
Lavasoft Ad-Aware
and HijackThis

I have found braviax.exe on the machine and got rid of that in addition to a group of processes that call themselves debug.exe, win.exe, notepad.exe, login.exe, lsass.exe, amd csrss.exe. manually deleting all of these files in safe mode has had little effect. in addition there is a dns hijack that causes all google search results to go to other pages. finally, it disables viewing of hidden files, and registry editing, though i have found ways around those restrictions.

Any help would be greatly appreciated.

ps. smitfraudfix has been slightly effective. (it does not shut down and lock up), but it says that the process list and the dns fix tools are access denied.

BC AdBot (Login to Remove)


#2 shadow zero

shadow zero
  • Topic Starter

  • Members
  • 3 posts
  • Local time:08:09 PM

Posted 07 August 2009 - 02:38 PM

pps. DDS.scr that this site uses as a scanning tool just hangs when it should scan. i let it run for over 10 mins and it did nothing.
i actually had to use cmd in order to open it because it would only open in notepad otherwise.

#3 rigacci



  • Members
  • 2,604 posts
  • Gender:Male
  • Local time:08:09 PM

Posted 07 August 2009 - 03:17 PM

This really belongs in the HijackThis forum but I can give you a suggestion. Try MBAM, available at http://www.malwarebytes.org

Download it onto a different machine, burn it to a CD and then plop it on the desktop of the dirty computer. That one tool is great and might help.

You can also try renaming the programs and try running them with the computer unplugged from the network.

If you can get HijackThis or RSIT to run I would advise you to do so and post the log in the HijackThis Forum here.

Good luck. :thumbsup:


Edited by rigacci, 07 August 2009 - 03:18 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users