Adware, Spyware, Trojan horse combo

General Questions
#1

I have picked up a nasty little file called “tv media” that won’t go away. It has two drivers associated with it that apparently allow the file/virus? “BroadcastPC” and the lovely Trojan horse “Downloader.cx” to infiltrate my computer.

I have tried AdAware, Spybot, and Panda Software’s Active Scan to eliminate the problem to no avail, even at startup. They all recognize the files, but are unable to delete them. Attempting to delete the folder manually gives me a message that it is in use, and in the prior to full startup scans, the file is not recognized as a problem, so there is no opportunity to delete before it becomes active.

I am at a total loss on this. I have disabled the file in the systray, so it shouldn’t become active at all, yet it does. Any suggestions as to how to get rid of this? FTR, I’m running Windows XP.

#2

I have the same problem and am also using Windows XP. Even when I use the “Add/Remove Program” function, it will say that it is deleted, but then it’s right back there again.

#3

You might try booting into command-line safe mode and deleting from there, if XP will let you do that.
RR

#4

As far as I know, XP won’t do that. Actually, I can’t get XP to boot in safe mode at all. There are directions for doing so in its help menu, but they appear to be from an earlier version of Windows; the words do not correspond to what actually happens at any step in the process, and F8 accomplishes nothing at any point during booting.

#5

Run msconfig at the Start, Run prompt. In the Boot.ini tab, select the /Safeboot option.

#6

You need to press F8 immediately after the BIOS information loads and before the Windows XP screen (the one with the black background and the green progress bar) comes up. If necessary, repeatedly press F8 as soon as the bootup starts until you get the “Safe Mode” menu.

#7

Hmmm. I’ve never heard of a situation where XP won’t startup in safe mode. If that is true, then this might be a new malware variant.

To become educated with all this stuff, I HIGHLY recommend the www.spywareinfo.com forums. (Go to the Malware Removal forum) They are swamped with requests for assistance, but just by reading threads you can get a lot of help. I was able to fix my difficult issues just by reading.

Try rebooting again, continually tapping the F8 key. This should allow you to choose Safe Mode.

Before you do that, make sure you have the latest version of AdAware and Spybot, with the latest version of it’s spyware/malware/adware definitions. There is an “update” button. Then make sure AdAware is configured to catch everything, as follows…


    
* Launch the program, and click on the Gear at the top of the start screen.
    * Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
          o "Automatically save logfile"
          o Automatically quarrantine objects prior to removal"
          o Safe Mode (always request confirmation)
          o Prompt to update outdated confirmation) - Change to 7 days.
    * Click the "Scanning" button (On the left side).
    * Under Drives & Folders, select "Scan within Archives"
    * Click "Click here to select Drives + folders" and select your installed hard drives.
    * Under Memory & Registry, select all options.
    * Click the "Advanced" button (On the left hand side).
    * Under "Shell Integration", select "Move deleted files to Recycle Bin".
    * Under "Log-file detail", select all options.
    * Click on the "Defaults" button on the left.
    * Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.
    * Click the "Tweak" button (Again, on the left hand side).
    * Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
          o "Unload recognized processes during scanning."
          o "Obtain command line of scanned processes"
          o "Scan registry for all users instead of current user only"
    * Under "Cleaning Engine", select the following:
          o "Automatically try to unregister objects prior to deletion."
          o "During removal, unload explorer and IE if necessary"
          o "Let Windows remove files in use at next reboot."
          o "Delete quarrantined objects after restoring"
    * Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"
    * Click on "Proceed" to save these Preferences.
    * Click on the "Scan Now" button on the left.
    * Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".

Also download HijackThis and CWShredder. (I don’t have the links handy, but I could provide them if necessary).

-Empty your trash.
-Delete everything in your temp folder.
-Reboot in Safe Mode.
-Run AdAware.
-Run Spybot.
-Rename first, and then move to the trash anything related to “tv media”. (This is the only way I could get rid of this on my daughter’s machine. I believe there are a couple .exe files inside the tv media folder).
-Run CWShredder.
-Run a HijackThis scan. Delete (“Fix”) anything that you can easily tell is related to your malware/trojans. (Be careful here though. You could really screw up your machine if you delete things indiscriminately. Make sure you put it into a separate folder before you run it so that it can backup changes. If in doubt about what you are doing, post your log to the spywareinfo forums and wait for assistance.)
-Reboot in normal mode.

Good luck.

#8

Here ya go: http://www.doxdesk.com/parasite/TVMedia.html

Complete removal instructions. I love doxdesk!!

#9

Hmm, More or less, Symatec is keeping the one trojan homepage hijaker at bay. But now, when i run Spybot, my computer crashes.