OK, so I have been trouble shooting my moms pc. Getting porn pop ups left right and center ...... and, for the past 2 days was locking up when she clicked on IE6 or e-mail.

After clearing about 5 viri, and countless adware/spyware, I have pretty much fixed it. I have been stable all day without any porn pop ups, but I have one problem left unfixed. This little gem has survived all of the following:

AdAware (about 6 times)
SpyBot (twice)
CWShredder
Hijack This
AVG (4X)
Trendmicro (3x)
Panda

The focker is still there taunting me.
Her default web page is a search portal (www.on-search.com) and I am powerless to fix it.

I have even found the little bastard in the registry, and deleted it twice. Which seemed to fix the trouble, until reboot!

Any suggestions?

Quote: Originally Posted by putwig OK, so I have been trouble shooting my moms pc. Getting porn pop ups left right and center ...... and, for the past 2 days was locking up when she clicked on IE6 or e-mail. After clearing about 5 viri, and countless adware/spyware, I have pretty much fixed it. I have been stable all day without any porn pop ups, but I have one problem left unfixed. This little gem has survived all of the following: AdAware (about 6 times) SpyBot (twice) CWShredder Hijack This AVG (4X) Trendmicro (3x) Panda The focker is still there taunting me. Her default web page is a search portal (www.on-search.com) and I am powerless to fix it. I have even found the little bastard in the registry, and deleted it twice. Which seemed to fix the trouble, until reboot! Any suggestions?

I find I have better luck running adaware in safe mode - have you tried that, sometimes that will get rid of a particular nasty one that lingers.

I haven't run into that one. Tell your mom to stop going to those porn sites though.

one word!! FORMAT!

Search Google and D/L a little utility called "autoruns.exe". Us it to look for anything suspicious in any of the startup entries... I've had a couple occasions where there was an installer hiddin on my HD which would run at startup.

Simple answer, either use the program u have already used, but in safe mode, or using the hacked version of k-lite - download norton system works '03, and run full update, then full system scans of every variety, and if you still have no luck, youre gonna have to format and reinstall everything.....

I have had better luck removing the inital components of spyware with the offered removal tools from
the actual spyware maker. This SearchPortal site however does not offer one, which is illegal. Assholes.

I'm looking for manual removal guides...

Combined with the virii and other related malware, it's enough to warrant a format, even after "successful"
removal I am yet to believe that you can completely remove and repair after being hit by a well made virus.

Installation of resident protection afterwards is obviously a wise decision, if you go the format route.
e.g. Norton Internet Security 2004, McAfee Internet Security Suite 6.0, etc.

I am sure this is a silly question Putwig, but did you make sure you tried updating all of those programs before each individual scan?
If all of those do not work in safe mode you may want to try a utility called Ewido Security Suite available here:

http://www.ewido.net/en/

Thanks for all the suggestions guys.

I have the most recent updates for all those scanners, I will try in safe mode tonight. I am not sure why I never thought of that.

I agree that a format is in order ....... but my mom has no burner or extra HDD to back up all her stuff. So, I would like to avoid a format if possible.

You all having good luck with Norton? I used just the AV portion a couple times in the past, and found it to be such a resource hog that I uninstalled it. That would have been 3-4 years ago.

Thanks again.

Put

Quote: Originally Posted by putwig You all having good luck with Norton? I used just the AV portion a couple times in the past, and found it to be such a resource hog that I uninstalled it. That would have been 3-4 years ago. Thanks again. Put

I found the same thing...went McAfee Enterprise, never looked back (free license from work)

Try this handy guide from MajorGeeks:

http://forums.majorgeeks.com/showthread.php?t=38772

It's extremely thorough...

Quote: Originally Posted by pimp_joose I found the same thing...went McAfee Enterprise, never looked back (free license from work) Try this handy guide from MajorGeeks: http://forums.majorgeeks.com/showthread.php?t=38772 It's extremely thorough...

i'd say so! wow!

OK check this out...I had the same problems with popups coming out of the wood work even after I ran Spybot and Adaware to no avail. Then I had to start thinking outside the box. Everytime I saw a popup Ctrl+Alt+Del to see what could be causing the popups and then I started to notice that it was coming from rundll32.exe which is a windows file...

I found this program called Tcpview that lets you see what connections are being made. So, Bam-Popup-TcpView-opened the properties to the Rundll32 and found the DLL and deleted it....NO MORE POPUPS!!!