ahhhhh cursed popups and spyware

[gmoney]

ahhhhhhhhhhh.... ive had it with this shi* i cant take it no mo im bout to do a reinstall of windows but i dont wanna reinstall all the software on my rig.
i have run ad aware 6.0 professional, spybot search and destroy, norton anti virus.
and i found literrally hundreds of problems but those shi**ty softwares wont remove these active programs.
wsup.exe
dhsvr.exe
dwwin.exe
webrebates1.exe
ctfmon.exe
wtoolsa.exe
webrebates0.exe
iexplorer.exe
wtoolsS.exe
this all occured cuz my stupid as* brother got onto my rig and started doin shi*.
he is absolutely computer illeterate and the xaser from hell just plain old is too much for him it slapped his pus**. so i got this thing on lock down now. password to turn it on and a password to get into windows.
but that dont matter how do i get rid of this pesky craaape
gmoneyhobbhit
p.s. thanx
_________________
I finally got an award=OFFICIAL ROCKSTEADY AWARD and then one time... at tweaknews dene gave me a A+++++++....
and then...
i got a couple josh awards too
an' den one of those too -->... Ж award

[Google]

[Ham_fisT]

have you tried cwshredder ?

I think it will kill those webrebates.exe things
http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
_________________
Yeah....... ok

[JayDubya]

ALWAYS password protect your pc. Enable the password after the screen saver comes on too.

Try CW shredder like Ham said.
Also, iexplorer.exe is actually internet explorer and should be running if you have the browser open.
_________________
JayDubya aka JW Jay JD ^> ﺵ

[2old2care]

I feel your pain....you need two things...1) Norton Ghost.... 2) brother shredder V1.0
Ö
_________________
.
Liquid-Cooled Q9450 and an EeePC
.

[gmoney]

[gmoney]

_________________
I finally got an award=OFFICIAL ROCKSTEADY AWARD and then one time... at tweaknews dene gave me a A+++++++....
and then...
i got a couple josh awards too
an' den one of those too -->... Ж award

[2old2care]

[66lemieux67]

I did surgery on a computer running some of those. Webroot and Ad Aware as well. I'm not sure but I THINK I "end process"'ed Web Rebates so many times it quitm maybe not. There were around 4 iexplorer.exe's running, definately MASKED ____ware. How long have you had your computer? Maybe a nice reinstall would do it worlds of benefit.
_________________
-Brandon

[gmoney]

it seems that i have to reinstall windows and the dozens of app's i have every month
_________________
I finally got an award=OFFICIAL ROCKSTEADY AWARD and then one time... at tweaknews dene gave me a A+++++++....
and then...
i got a couple josh awards too
an' den one of those too -->... Ж award

[JayDubya]

I didn't realize that you used mozilla. You are right . . . it does make you wonder. The only thing I can suggest is put in some popup blockers, run the 3 or 4 above mentioned programs on a weekly basis and try to avoid alot of those "others" (not-trustworthy) sites.
_________________
JayDubya aka JW Jay JD ^> ﺵ

[Silicon Skum]

I just had to do a little spyware killing and I got some similar probs, also noticed running progs iexplorer.exe (2 in memory) and some questionable .DLL, and some other file running in memory from the Wintools directory on the HD. no matter what I have ran (even tried to kill the tasks) the little blighters keep re running imediatley. I'm using most of the listed software, just cant get rid of it.
However I have a plan, I'm gona compress the files with winzip, from that directory one at a time until the problems go away or the system gets an error. I found the directory to be in C:\Program Files\Common Files\WinTools in case you want to try this for your self ( I would'nt delete the folder in case windows needs somthing in there)

I also got the DSO exploit that reapears straight after removal, obviously somthing in memory. I have even run spyware progs in safe mode, get more or less the same result.

To top it all off, I got one big pain now, explorer can no longer use the "favorites" menu, click on anything and explorer just takes a dump!

I think I will just let the damn stuff install and block the out going connections, maybe do a little packet sniffing on the outgoing web connections (port 80 etc).

I'm wondering what the legality of altering these spyware progs to send out Viri in large numbers every time they make a connection (see how they like it!) I think it could be done quite easy, just monitor the port, wait for connection, block it and send own data instead. a standard spoofing attack
I would need a non self-spreading virus, but somthing that will give 'em hell. after all I only want the viri to go to the host of these progs. Bet they got a firewall and antivirus!. Maybe a simple exploit to crash the server? Or a DOS attack?

§

[JayDubya]

I wish we could take some legal action against this spyware crap.
_________________
JayDubya aka JW Jay JD ^> ﺵ

[gmoney]

WAIT SILICON SKUM before you do that go into add remove programs and look for all those apps. i did once and they werent there but after running some utilities i found them and uninstalled them
now thankfully i only have one spybot left and guess what it is calledd
msexcl.exe *curses brother*
gmoneyhobbit
_________________
I finally got an award=OFFICIAL ROCKSTEADY AWARD and then one time... at tweaknews dene gave me a A+++++++....
and then...
i got a couple josh awards too
an' den one of those too -->... Ж award

[Silicon Skum]

just spent the last few hours sorting out the spy / malware on this machine, I got ridd of all, apart from the DSO expolite from hell.

I've looked every where, I don't know where it is or what it's infecting, only spybot can detect it, it cleans the reg, but it re-infects as soon as it's cleared.

Anyone know a good way to get rid of the DSO?

I found a LOAD of progs, files etc all of which had not been removed, only their effects were (so they just came back). GRRRR!

untill the DSO is cleared, I'm going to be doing this a lot more

§

[racing87stang]

yep add/remove programs in control panel usually doesthe trick if the software checks dont locate them. just look for anything that YOU didnt install. I had about 5 today. I check at least 2 times a week... i also use Google.toolbar. so i dont get popups. also mcaffee popup blocker and even xp with sp2 has a darn popup blocker. so its like triple threat protection that doesnt work worth anything. I never let anyone on my computer unless its for a SPECIFIC reason that i know they can handle. other than that. I'll do it for them.
_________________
Remember When Sex was safer than racing???