Posted 03 August 2005 - 05:30 PM
I've read through the 11 pages of instructions of removing this adware. Before I start the process, I have some Q's:
1. Under "Tools Needed for this fix:" there are 3 websites with downloads listed. Since I already have a new version of Spy Sweeper on my pc, can I omit the download from lavasoftusa.com that cotains the Ad-aware program to scan after the removal process is completed?
2. Re: Step 2 of the Removal Process which is to "Identify the file name and name of the malware service" Instructions are to go to Start-Control Panel-Administrative Tools-Services and then look for one of 3 services that are installed on my pc. Actually, I don't see any of these with the exact name listed in the instructions. The closest thing I have is as follows:
NT LM Security Support Provider (Note: the start-up type is Manual and path to executable field is C:\WINDOWS\System32\lsass.exe)
Workstation (Start-up type is Automatic and path to executable is C:\WINDOWS\System32\svchost.exe tc netsvcs) Actually, not sure that is a tc--it looks a little like a peculiar k??
Remote Procedure Call (RPC) Locator (Start-up type is Manual and path to exe is C:\WINDOWS\System32\locator.exe)
Remote Procedure Call (RPC) (Start-up type is not hightlighted and so cannot be changed, but is dim and says automatic. Path to exe is C:\WINDOWS\system32\svchost tc rpcss) Again, not sure this is a tc??
So, which of these is the file being used as the service and which we are to delete in Step 6?
Thanks for your help!