Evil spyware death!

I’ve sadly gotten spyware installed on my PC; Ad-Aware hasn’t taken care of everything. I’ve deleted a lot of stuff, but little bits keep appearing. Moreover, I keep getting pop-up ads that connect to the internet. How can I remove them?

Here’s a list of a lot of the programs I think are suspicious.

prutmct.exe
alg.exe
agrsmmsg.exe
vmss.exe
ccevtmgr.exe
ccapp.exe
ccsetmgr
wsxscv.exe
xhrmy.exe
vttimer.exe
wscntfy.exe
lsass.exe
csrss.exe
alcxmntr.exe
alcwzrd.exe
kbd.exe
hpsysdrv.exe
jusched.exe
mmups.exe

Anyone have some hints? Another program?

No single anti-spy program has been proven to work all the time with all known spyware. Instead, the general recommendation is to install several different anti-spy tools and runn all of them consecutively. Read Fred Langa’s latest newsletter where he talks about this very problem and the freeware tools he recommends to keep your spyware in check.

One more thing. Dump IE for Mozilla or Firefox, and dump Outlook for Thunderbird.

Go here and click on “Task List”. It has a detailed list of programs that run in the background. It will tell you they are legit or not.

Compare the list you gave to the entries.

Don’t use outlook or any email program. I use webmail.

I’ve considered moving browsers before, but i dislike the idea. In any event, I’ve never had any spyware problems from the browser itself, only because I foolishly trusted the wrong program.

Give the Microsoft program a try.

Got four program now. Hopefully one of them will get it! :slight_smile:

I’ve got 5 things that help keep spyware off my computer:

  1. Firefox rules. I’ve gotten maybe 4 tracking cookies installed on my 'puter since I started using Firefox, as opposed to dozens with IE.

  2. Spybot and Adaware, working together. And be sure you check regularly for updates.

  3. The Google Toolbar has a nifty popup blocker, which you won’t need if you have Firefox installed, as it blocks popups itself.

  4. Javacool’s Spywareblaster, which is also free, and which blocks spyware from installing itself on your computer in the first place. Ditto on checking for updates regularly.

  5. You can Edit Cookies to block malware if you run into something that Firefox can’t handle.
    I would also recommend that you go over to http://www.spywareinfo.com/, where they have a nifty, very helpful forum where you can post results for your hijackthis log (they’ll explain it over there), and they will help you get the worst stuff off your computer.

Thank.s I’m really worried about prutmct.exe ; this one can mess with my anti-spyware tools, and I think it may be preventing me from getting rid of them all. It won’t go away, thogh the microsoft version did pick it up and try to erase it. WHat’s the command to edit the programs that start up with your PC and run only in the background manually?

Don’t tell me “the startup folder” or I’ll slap you!

msconfig

Spybot also lets you edit what programs are automatically run (when you use the advanced mode) BTW, in the recent version of spybot the DSO exploit doesn’t get fixed due to a bug but they’re going to fix it. You can make spybot ignore the problem, and recent Windows updates aren’t vulnerable to that exploit anyway. Spybot also lets you “immunize” against lots of spyware/malware/etc.

BTW, you can do google searches for individual files e.g.
“prutmct.exe”
Also you can search and find the files on your computer and right-click and go to properties and the “Version” and “Digital Signatures” tags. In “Version” there are lots of sections such as “Company”. You can also disable programs and entire directories in a crude way - just rename them. e.g.
c:\Program Files\TheFolder
becomes
c:\Program Files------TheFolder
(that’s a simple way of stopping msmessenger starting up when outlook or your computer starts up).
Of course, you should try and uninstall programs if you don’t want them though sometimes that is difficult to do.

Before you start puttering around with msconfig, I’d really strongly urge you to go over to spywareinfo.com, register at their forums, and drop your problem in their lap. They really have some phenomenally dedicated people there who really can help.

If you delete the wrong thing using msconfig, you screw your entire computer, lose all your daughter’s Dollz and your son’s Harry Potter fanfiction, and have to leave home forever.

John Clay (or anyone). What is the Win2000 equivalent of msconfig? I’m switching all my '98 machines to W2K and the install removes it. I can get msconfig to run on W2K (with some errors), but I’m sure there must be an equivalent.

This is not as dangerous as you make it sound. Modifying the startup folder from msconfig merely tells Windows to not start the programs you deselect. Nothing is deleted, and if you accidentally turn off something you later find is necessary, you can go back into msconfig and turn it back on just by selecting it again. You can turn off everything in the msconfig startup folder, and Windows will run. That is essentially what happens when you boot into Safe Mode (among other things like device drivers that are not loaded).

Surprisingly, there isn’t. However the msconfig program from WinXP runs well under Win2000. You can download it here.

I know how to use it; I just couldn’t remember th darn command name. It’s been a while since I was in tech supp.

I’ve tried. This damned program just won’t quite. I’ve deleted its registry key, shut it out of startup, and tried to close it. Nada. I can’t force it to end running because it keep auto-respawning as a process. Anyone know a sure-fire way to force a program to stop runnng? I bet if I delete it, the reg key, and cancel the startup file it will be gone. And three separate anti-spy programs have mised it. I’m running few things as I type this, to try and eliminate any underlying flaws, too.

“escan” is picking out any viruses that Norton missed.

Spybot’s advanced mode tools will allow you to do anything that msconfig will do and will also indicate the functions of various progs to help you in your selection of which ones to prevent from starting, when you are satisfied that they are of no use to you or are actually harmful, you can delete them there too.

Fear Itself
Thanks for the link!

myglaren Thanks! Who knew?