Jump to content

Spyware Doctor cannot remove


Boz

Recommended Posts

My Spyware Doctor found some malware (a hijack) while running a 'deep scan', but it could not remove it. The matter has been reported and followed up with their tech support for a couple of weeks... but no results yet.

The malware does not show up in a regular scan. And now when I run a 'deep scan', my computer freezes.

Associated problems:

1- slow startup

2- Spyware Dr. starts even slower

3- Firefox acts funny, slow, and loses one open window from the previous session

Thanks for your help.

Link to post
Share on other sites

Thanks for your patience. The forums have been flooded with requests and the volunteers have been working as time permits. If you are still in need of assistance, please post back a fresh HijackThis log. Thanks!

Link to post
Share on other sites

My Spyware Doctor found some malware (a hijack) while running a 'deep scan', but it could not remove it. The matter has been reported and followed up with their tech support for a couple of weeks... but no results yet.

The malware does not show up in a regular scan. And now when I run a 'deep scan', my computer freezes.

Associated problems:

1- slow startup

2- Spyware Dr. starts even slower

3- Firefox acts funny, slow, and loses one open window from the previous session

Thanks for your help.

Thanks for your reply. You guys must be very busy.

I had posted a later version of this issue the next day. It said:

"1- the mbam-log and

2- the Panda log. However the Panda interface was not the same as in the illustration, and now they only allow access to level-1 threats log (included). Level-2 threats showed:

cookie/Adv. Tracking latent

Adware/cws adware latent

but would not allow me to save it.

3- HJT is freezing my computer when I try to install it (tried several times). I also had installed a earlier copy the program on my machine a couple of weeks ago when I started noticing problems. And I could not remove it. It freezes my computer every time I try to remove it. I think (?) this is part of the problem.... please advise."

It included some logs, but I am having a particluar problem w/ HJT. I cannot remove the earlier version, and cannot install a fresh one. Any suggestions ??

Link to post
Share on other sites

Thanks for your reply. You guys must be very busy.

I had posted a later version of this issue the next day. It said:

"1- the mbam-log and

2- the Panda log. However the Panda interface was not the same as in the illustration, and now they only allow access to level-1 threats log (included). Level-2 threats showed:

cookie/Adv. Tracking latent

Adware/cws adware latent

but would not allow me to save it.

3- HJT is freezing my computer when I try to install it (tried several times). I also had installed a earlier copy the program on my machine a couple of weeks ago when I started noticing problems. And I could not remove it. It freezes my computer every time I try to remove it. I think (?) this is part of the problem.... please advise."

It included some logs, but I am having a particluar problem w/ HJT. I cannot remove the earlier version, and cannot install a fresh one. Any suggestions ??

Done.

mbam_log_2008_12_05__17_42_07_.txt

mbam_log_2008_12_05__17_42_07_.txt

Link to post
Share on other sites

The log shows a clean machine. Are you still having issues?

Yes, the last I looked.

1- My Spyware Dr. freezes my computer when I run a Full Scan.

2- I cannot remove or run HJT.

3- my computer acts funny: slow startup and surfing; quick flashing and disappearing windows, etc.

Link to post
Share on other sites

eMule, BitTorrent, Azure,...

Boot to safe mode:

Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.

A notepad file will open. Copy and paste the content of that text file back here on your next reply. Thanks!

Link to post
Share on other sites

eMule, BitTorrent, Azure,...

Boot to safe mode:

Open HijackThis. Click-->Open the Misc Tools section-->Open Uninstall Manager-->Save list...and save the list to your Desktop, then close HijackThis.

A notepad file will open. Copy and paste the content of that text file back here on your next reply. Thanks!

here we go:

4X UltraSaver

Ad-Aware

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.2

AI RoboForm (All Users)

Anonymizer Software

Anonymizer Software

AnyTV 2.12

Apple Software Update

avast! Antivirus

Brain Builder

CCleaner (remove only)

Comcast High-Speed Internet Install Wizard

Comcast Toolbar

Compatibility Pack for the 2007 Office system

Desktop Doctor

GearDrvs

getPlus® for Adobe

GoodSync V6

HijackThis 2.0.2

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

IE7Pro

IE7Pro

Java 6 Update 7

Logitech Audio Echo Cancellation Component

Logitech CallCentral

Logitech Video Enumerator

Logitech

Link to post
Share on other sites

1- why did we remove Spybot ? It is highly recommended tool by everybody.

We didn't remove Spybot...we removed Spybot - Search & Destroy 1.5.2.20...a different version entirely than the 1.6.0 version you now have.

2- I find Skype useful, and I only turn it on when I use it. Is it reasonable to re-install it after we 'clean up' the computer ?

It's free...you can...but while you are having issues, please remove it. Once you are determined to be cleaned up, reinstall it if you like to see if you begin to have issues again...then uninstall it again later after you use it. You may only turn it on when you use it, but depending on your skills and knowledge of security practices, others may find a way to exploit your setup and turn your computer into their machine to use at will. It's your choice.

3- My Spyware Dr. and Registry Mechanic are licensed. Are they harmful and useless ?

What I said was:

"Spyware Doctor 6.0

Registry Mechanic 8.0...are trial versions. Unless you have a license for these programs, they will operate in a reduced functionality mode after the trial period."...and I only mentioned it because of your original complaint that Spyware Dr. found malware that it would not remove which is a typical response from a "reduced functionality mode" program. You can read more about registry cleaning software Here. Most often, any benefit at all is negligeble.

4- I saved the '.bat' file you suggested and then tried to open it. It did not open. It just 'flashed' a window that immediately disappeared... do you think there is a problem ?

Yes. You obviously have more problems with either the registry (Registry cleaning software removed items that it should not have) or file association problems.

Thnx again, now I will go cleanup and defrag.

Great Thanks!

Link to post
Share on other sites

Great Thanks!

Thank you for your explanations.

My Spyware Dr. is licensed and supposedly fully functional. I have reported the problem (inability to remove hijacking malware) to their support, but I am not getting much in the way of a resolution yet.

I just tried to open the '.bat' file, but it won't open... still 'flashing' a window and disappearing. What do you want me to do next ?

Link to post
Share on other sites

My Spyware Dr. is licensed and supposedly fully functional. I have reported the problem (inability to remove hijacking malware) to their support, but I am not getting much in the way of a resolution yet.

If you have your license key safely tucked away, you can certainly uninstall the product and reinstall it later. I have found most often, uninstalling then reinstalling software resolves most problems.

As for your computer "acting funny...slow startup and surfing" issue, there is just a myriad of possibilities. You mentioned that Spyware Doctor finds a Hijack but fails to remove it. That could be one of the problems...but I really have serious doubts about that.

I suspect that what Spyware Doctor found is a false positive...by the way, the hijack that it found wasn't by chance, "HijackThis" was it? ...naw...that would be too simple.

Other programs you have installed that could be part of this problem are listed below:

Ad-Aware

Desktop Doctor

Avast

GearDrvs

...is your copy of Ad-Aware also licensed or are you running the free version? None of those are considered bad by any means. However, they can contribute to the slow response that you report. Avast has a web shield that is very temperamental and has in fact caused problems for users that also have ZoneAlarm installed. If you already had ZoneAlarm installed when you installed Avast, you should have received a pop up window informing you that there is compatibility problem concerning Web Filtering.

ZoneAlarm's primary function is to act as a firewall, but also perform web filtering and act as an antivirus (If you have that feature). As for Avast, it is an antivirus also capable of performing web filtering. In order to prevent any conflicts be sure that ZoneAlarm and Avast are not performing the same tasks otherwise, you WILL notice a considerable slow performance both with your boot time and web surfing.

The Desktop Doctor is fine too but keep in mind, this too takes snapshots (just like Windows does) of your system's connection and email settings so that you can recover those in the event of connection or email problems. This feature, although just fine, is redundant in my opinion and unnecessary but it's your choice.

And lastly...the GearDrvs By Symantec is also fine. It comes with Norton 360 which also requires a license. Did you have this installed at one time? I don't think this is necessary either since you already have Avast installed. If you aren't sure of how to manage two antivirus applications on board, it is best then to have only one. Two will conflict...but if you know what you are doing, you can certainly keep others around just to have a second opinion handy should your active guard a/v software complain of something.

I would prefer that you just use any one of the excellent free reputable online scanning web sites for your second opinion. If you insist on keeping two antivirus programs, please be aware of the risk that it creates. Running more than one antivirus application in real time causes system instability, slow performance, and could result in data loss when the system crashes from the instability that it can cause.

I just tried to open the '.bat' file, but it won't open... still 'flashing' a window and disappearing. What do you want me to do next ?
  • Click Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    • Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. When the scan completes, click "OK" and answer "Yes".

    • When the disk manager completes it's removal, it will just disappear.

Next, click Start-->My Computer...then right-click on your local hard drive and select Properties.

  • In the Windows Properties box click the "Tools" tab. Under the Error-checking section, click the Check Now button.

  • Click both options to put a check mark there, then click the Start button.

  • You will receive the following message:

    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed only by restarting Windows. Do you want to schedule this disk check to occur the next time you restart the computer?

  • Click Yes...then click the Apply button and "OK" your way out.

Close down everything you had open and reboot the system. The disk check will commence and Windows will repair any file system errors it finds and try to recover any bad sectors. The scan may take quite a while to complete...when it does, Windows will reboot automatically. When that happens, please try to run HijackThis and post back the log.

If HijackThis will still not perform for you then please make note of exactly what happens and what error messages you receive. Make certain that there are no other protective programs that may have blocked HijackThis from functioning. In addition to this, also advise WHERE you actually downloaded the copy of HijackThis that you have. Thanks!

Link to post
Share on other sites

If you have your license key safely tucked away, you can certainly uninstall the product and reinstall it later. I have found most often, uninstalling then reinstalling software resolves most problems.

As for your computer "acting funny...slow startup and surfing" issue, there is just a myriad of possibilities. You mentioned that Spyware Doctor finds a Hijack but fails to remove it. That could be one of the problems...but I really have serious doubts about that.

I suspect that what Spyware Doctor found is a false positive...by the way, the hijack that it found wasn't by chance, "HijackThis" was it? ...naw...that would be too simple.

Other programs you have installed that could be part of this problem are listed below:

Ad-Aware

Desktop Doctor

Avast

GearDrvs

...is your copy of Ad-Aware also licensed or are you running the free version? None of those are considered bad by any means. However, they can contribute to the slow response that you report. Avast has a web shield that is very temperamental and has in fact caused problems for users that also have ZoneAlarm installed. If you already had ZoneAlarm installed when you installed Avast, you should have received a pop up window informing you that there is compatibility problem concerning Web Filtering.

ZoneAlarm's primary function is to act as a firewall, but also perform web filtering and act as an antivirus (If you have that feature). As for Avast, it is an antivirus also capable of performing web filtering. In order to prevent any conflicts be sure that ZoneAlarm and Avast are not performing the same tasks otherwise, you WILL notice a considerable slow performance both with your boot time and web surfing.

The Desktop Doctor is fine too but keep in mind, this too takes snapshots (just like Windows does) of your system's connection and email settings so that you can recover those in the event of connection or email problems. This feature, although just fine, is redundant in my opinion and unnecessary but it's your choice.

And lastly...the GearDrvs By Symantec is also fine. It comes with Norton 360 which also requires a license. Did you have this installed at one time? I don't think this is necessary either since you already have Avast installed. If you aren't sure of how to manage two antivirus applications on board, it is best then to have only one. Two will conflict...but if you know what you are doing, you can certainly keep others around just to have a second opinion handy should your active guard a/v software complain of something.

I would prefer that you just use any one of the excellent free reputable online scanning web sites for your second opinion. If you insist on keeping two antivirus programs, please be aware of the risk that it creates. Running more than one antivirus application in real time causes system instability, slow performance, and could result in data loss when the system crashes from the instability that it can cause.

  • Click Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    • Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. When the scan completes, click "OK" and answer "Yes".

    • When the disk manager completes it's removal, it will just disappear.

Next, click Start-->My Computer...then right-click on your local hard drive and select Properties.

  • In the Windows Properties box click the "Tools" tab. Under the Error-checking section, click the Check Now button.

  • Click both options to put a check mark there, then click the Start button.

  • You will receive the following message:

    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed only by restarting Windows. Do you want to schedule this disk check to occur the next time you restart the computer?

  • Click Yes...then click the Apply button and "OK" your way out.

Close down everything you had open and reboot the system. The disk check will commence and Windows will repair any file system errors it finds and try to recover any bad sectors. The scan may take quite a while to complete...when it does, Windows will reboot automatically. When that happens, please try to run HijackThis and post back the log.

If HijackThis will still not perform for you then please make note of exactly what happens and what error messages you receive. Make certain that there are no other protective programs that may have blocked HijackThis from functioning. In addition to this, also advise WHERE you actually downloaded the copy of HijackThis that you have. Thanks!

(1) The 'possible hijack' infections Spyware Dr. had found were (all at 127.0.0.1):

engine.awaps.net

aj.daniweb.com

dl.jingmin.com

ads.techguy.org

ar.atwola.com

wdcs.trendmicro.com

metrics.experts-exchange.com

a.networkworld.com

(2) I had managed to remove the old (troublesome HJT) while I was in safe mode yesterday. I downloaded a fresh one this morning (after performing the other procedures you asked) at:

http://www.download.com/Trend-Micro-Hijack...4-10379544.html

Same problem. I hit 'install' and my computer freezes. I turn it off and on again and try to start HJT from the desktop, but it freezes again. I can't get to to my Task Manager or even my task bar at the bottom. What do you think ?

(3) I have some questions about what you advised in the beginning of your reply, but that'll have to wait. I got to leave now.

Thanks for your help.

Link to post
Share on other sites

Boot to safe mode and install it there. Is your Avast working? If so, update that too and run a complete system scan while in safe mode. Let us know your results. Thanks!

Thnx, I did what you asked.

(1) Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:45:54 PM, on 12/8/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191179581135

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe

O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: g7bs_device - - C:\WINDOWS\system32\g7bscoms.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 8150 bytes

***************

(2)

Avast found 52 items. One Trojan ( in 'User Dumps' inside pctsSvs.exe, I think that is a Spyware Dr. file) which I deleted. And 51 items it could not scan because they were password protected: Ad-Aware skin files; Spybot recovery files; Thunderbird profiles; and System restore. Sounds OK to me, what do you think ??

*******************

(3)

Spyware Dr. support (after looking at the scan results that I couldn't send you) thought I had Hosts file problems and I refreshed that file.

Link to post
Share on other sites

That log looks fine. What issues are you still having?

Sorry that I couldn't get back faster.

1- current issues

Things seem to be a little better (?) after I replaced the Hosts file. What I still have is mostly slow performance issues, like:

*startup

*web pages load too slow,

*email msgs. hesitate before deleting in Thunderbird,

*Firefox takes a while to start,

*and sometimes it seems to lose one (only one) of the windows (web pages) left open in the previous session.

2- Old Stuff

You had written:

"Other programs you have installed that could be part of this problem are listed below:

Ad-Aware

Desktop Doctor

Avast

GearDrvs"

Desktop Doctor is a Comcast prog. and it says it is not working properly in Add/Remove. Shall I repair it or remove it ?

GearDrvs, I don't know and I cannot find it in Add/Remove. I used to have Norton, but I uninstalled it a long time ago.

3- Suggestions

You know what programs I have on my machine. If you can see any conflicts or problems, I am wide open to your recommendations. Any suggestions for substitutions or other tips are very much appreciated... and may save you from having to deal with me again in the future. :angry:

Thanks for all your help.

Link to post
Share on other sites

You should be able to remove Desktop Doctor with no ill effects.

Remove a failed Symantec installation or damaged product using their Removal Tool.

Computer and browser slowness are not always malware related

Poor performance and other problems can be the result of disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Listed below are a few things you can do to improve speed and system performance. Many of the these suggestions will apply if you're using Windows Vista but may be done a bit differently. Near the bottom of this thread there is a section specifically devoted to Vista Users.

For browser problems, see:

If your having connectivity issues or errors such as Page cannot be displayed see

If you're using Vista or Internet Explorer 7, see

If you have a lot of toolbars and add-ons attached to Internet Explorer, you could try improving performance by disabling those which are unecessary. See:

[*]Control Internet Explorer Add-ons with Add-on Manager

[*]Troubleshooting and Internet Explorer

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.