A worthwhile warning as many “antispyware” programs are indeed spyware themselves (or made to fix a problem the writers created in the first place and are otherwise useless).
That said there are more than the five programs listed in your link that are legitimate spyware removers. Heck, Symantec and McAfee provide spyware removers that are not on that list. I have not seen reviews of how good they are but I am willing to bet they are legitmate.
I am becoming a believer in the bought spyware removers (and no, I do not work for or own stock in any of these companies). I think it is great that AdAware and Spybot and (so far) Microsoft provide free scanners but by being free one has to wonder how much effort they really put into making their products top notch. The legitimate companies that hope you will drop $30+ on theor product presumably can be expected to go the extra mile to make their product better. Certainly my experience so far has been that they do indeed perform noticeably better (at least the ones I have do).
What’s more is savvy spyware programmers know most people opt for the free stuff so while the free stuff may be well made the guys trying to hijack your PC know their efforts are best rewarded when programming to dodge the free scanners. As I mentioned before I even had one malware that specifically disabled AdAware (I was kind of impressed despite being pissed off).
In short definitely run more than one anti-spyware program simultaneously. If you do not mind spending the money run two paid for anti-spyware programs (research them to be sure they are legit) or one paid and one free. If nothing else run two free ones (I’d say Spybot and MS-Defender…just my $0.02).
Antivirus companies are starting to add antispyware functionality, so that’s a plus. The list is for standalone antispyware programs, not those that are part of general security suites.
Well, anyone who’s been involved in fighting spyware the past several years know that these three are as good or better than paying for spyware. OTOH, many bits of spyware that require payment put spyware on your computer. Up to now, the free scanners have always been as good as any commercial product. It’s the same with free antivirus like AVG or Avast!, which, when independently tested, provide the same degree of protection as McAfee and Symantec (i.e., 100%).
The operational word is “presumably.” That is an untrue assumption. Indeed, nearly all virus cleaning tools are free software. I don’t see McAfee or anyone commercial company creating vundofix; it was done by a programmer. Hijackthis – the essential tool in the spyware fights – was created by one guy on his own. Same with CWshredder.
My experience is the opposite; or, rather, there is no appreciable difference between free and commercial antispyware, and none of the tools needed to remove spyware were created by commercial companies.
So? There were also viruses, for instance, that were specifically designed to remove McAfee. Malware writers target the most popular software, whether it’s freeware or not.
Not really a good idea to run two at a time, due to conflicts. Better to have one running (like Microsoft Defender), and run something like AdAware from time to time to see what it may have missed.
And Killbox (which is something the Hijack This software also recommends trying), when specifying C:\Windows\System32\iniwin32.dll, says “This file cannot be deleted,” using the oprion “Standard File Kill.” If I use the “Delete on Rebbot” option, it doesn’t seem to do anything.
An additional data point I just discovered. The file iniwin32.dll is timestamped 4/21/06 12:11pm. Doing a file search for all other .dll’s on this machine with a 4/21/06 date reveals an additional .dll in the folder C:\System Volume Information_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP402 with the name a0068710.dll which also says it was created at 12:11pm.
This is something contained in the Windows Restore Point which was created at the last reboot 10 minutes ago. Is there a possibility that this thing is regenerating itself out of a Restore Point?
If all else fails, and if you can identify the problem files, you can delete them by booting into the recovery console; (assuming you have a proper WinXP install CD, not a ‘recovery disc’ or some such.
You stick the CD in the drive, hit F12 while it boots and tell it to boot from the CD; you have to pay careful attention to the instructions on the screen, but it’s usually that you press R when prompted, then you might have to choose the installation of Windows that you want to log on to.
After that, you’ll get a command prompt; it’s a bit like DOS, except the range of options is very pared-down (type HELP to get a list of commands), but you can delete files and as nothing much is loaded or running, nothing will stop you.
Actually, if it comes to that, you might be better off just renaming them from .dll to .xyz - it will stop them working at the same time as leaving you an undo option if it turns out the file wasn’t actually a bad guy.
Here’s some more info garnered from Kill This. iniwin32.dll has insinuated itself into the following critical Windows processes (and these are just the ones running in Safe Mode - I dunno how many non-critical ones it has invaded). According to Kill This, the follow processes all call the evil iniwin32.dll
Every spyware and adware scanner will fail you at some point. Not every scanner will catch everything, not every program can remove everything.
When you go out and pay for many of these programs, you are paying for a name, not for any kind of uber support or service after the sale. In many cases the support emails you do recieve are difficult for novice users who are the ones most likely to have the problem. I constantly see virus and spyware trashed machines running any number of paid spyware apps.
If the quality freebies (like ewido, AVG, Windows defender, spybot, ad aware, etc) are not pulling it out and manual removal is not an option, reload time. If you have to go out and spend money on it, pay for a shop to do it and let them pull their hair out. Many shops, myself included do flat rate AV work. Even pretty heavily infected machines 2/3 or so can get good results from skilled help IME.
I’ll second Mangetout with trying to do it from recovery console.
You might also try running SFC /SCANNOW from the command line in windows. You may be asked to insert your Windows CD. It will check all your Windows system files and replace any that have gone bad. Sometimes all you need is one file deleted or replaced/renamed, and the whole protection scheme of the virus falls apart allowing you to remove it.
This is good advice; SFC (System File Checker) will restore the important stuff back to the way it was when first installed; I mention this because you may need to repeat some updates and/or service packs when you’re done.
Do you have access to a second machine an external HD unit that you can install your HDD in.
I have also had good results on a few occasions pulling the drive from a virused machine and plugging it in via USB to another working machine and using that machine to run the scans or delete the files. That way the files you are trying to delete are not the files in use by windows, nor will the launchers in the registry or startups have been triggered since it was not part of the boot process or operating system startup for that machine.
Thanks guys. That last one of yours, drachillix, sounds pretty clever - and even promising if I may be so optimistic at this point. I’ve got access to pretty much everything hardware and software related in this entire building. And admin access to every box, including the servers.
But, I’ve really gotta get some billable work done now. I’ll try those suggestions on Monday. I really appreciate all the suggestions.
I’m not sure whether it’s a big deal to you, but you might want to consider seeing if you can get a mod to “sanitize” those emails. I’m pretty sure I have a map and directions to your workplace now.
Thanks for the suggestion, Mr. Squishy. I’m not too worried about it. I’ve been around here long enough that lots of people know who I am. And the e-mail address I’ve made public (which is my work e-mail) on these boards is the same one I accidently posted up there. I also used that address for the several years I was a moderator here. And my company homepage is public here, too.
But most and best of all, lots of people here know I’m well armed.
In other news, I think I’ve gotten rid of this bastard finally. I know it’s unbelieveable, but the e-mails with the e2give “support” team actually paid off. They sent me a small script to unregister both of those malicious .dll’s. After running it, which believe you me I was way, way, way, waaaaaaay leary of doing, I was able to delete the fuckers. And I got a full Spyware Doctor scan running right now. That should help clean up the remaining crap in the registry.
Once again, thanks much to everybody for the ideas. And what the hell, I learned a few useful things, too
Dead and gone. A first full scan with Spyware Doctor turned up a few things in the registry, all of which it was able to remove. Additional scans with Kill This, Spyware Doctor and the MS Anti-Spyware show no traces of anything - none of the e2give shit they were detecting yesterday and nothing else either. Plus, the active Spyware scanners I have running MS & Spy Doc have ceased their continual flagging of an e2give reinstall. No randomly named process running either on boot.
Or Google for results…I have yet to see the freebies beat out the best paid for products or even come very close (Microsoft’s seems to be best but as implied above it is free while in beta and may go to a pay scheme).
