Annoying piece of malware crap...

[Bungleau]

Okay... aside from the moronicas partying the other night, I spent Friday night and most of Saturday trying to eradicate spyware, malware, and viruses from my mom's computer. Spybot and AdAware found over 350 items when they first ran, and AVG has been popping up trojan and downloader viruses left and right. Even ran Trend Micro's new online virus and spyware scan, and it found a few more things.

Unfortunately, that wasn't enough. Something was really stuck, and I thought I finally had it licked when I put in an XP Home install CD just so I could boot from it, get to the dos prompt, and manually remove the crap that was in use in windows. At long last, there was finally success... the crap was gone.

That feeling of euphoria lasted a mere two days (since the computer wasn't used yesterday). One batch of shinola is back [img]graemlins/madhell.gif[/img]

And I can't find any way to remove it. I've told mom that if it were my PC at this point, I'd back up my important data, wipe the drive clean, and reinstall windows from scratch. And when she leaves tomorrow, that's what she claims she's planning to do (to have someone do for here, near where she lives).

However, I've got a couple of thoughts of something I may have missed, and before I resign entirely (and since I'm tired of googling tonight), I'm wondering if anyone has any thoughts on...

... this file (qvyaa.dat) which is the symptom of bad stuff. It and five other files reside in Windows\system32, and they come back from the dead every time I get rid of them...

... as well as the setting in Windows XP that tells it not to bring back any system files when you reboot (which may be the thing I'm missing)

... and any other thoughts on removing it. I've used Ad Aware, Spybot, HiJack This, Killbox, and I think a few other things, to no success.

Frickin' thing eliminated my chance for gaming tonight. I've got to get up at a decent hour in the morning, and it's now time to be getting to bed

Any thoughts or ideas are appreciated. Names and addresses of creators of this crap are also appreciated, so that I may return the favor in my own *special* way.... :Evilgrin:

[T-D-C]

1. Turn off System Restore.
2. Reboot into Safe Mode
3. Run Spybot/Adaware
4. Run your AV Software
5. Delete bad files if they are still there.
6. Reboot.
7. Turn on System restore

Bad Guy should be gone.

[Zink Whistlefly]

T-D-C has a good point regarding Safe Mode - it looks like the crapware is being re-initialised somehow on startup, and of course this can lead to problems such as the file then being used by windows - in which case it cannot be deleted. Booting into Safe Mode will not load any files other than the minimum necessary ones, which should allow you to remove the problem.

I had a similar problem like this once, and it turned out that something was sitting in my startup folder (a system file of some sort) which was then being used by windows and couldn't be deleted unless in Safe Mode.

If "qvyaa.dat" is definitely behind the problem (although if you do remove this file, chances are that it will come back as something else, since random filenames are common) you could try deleting it within Safe Mode, and then try copying any safe file into the same place and renaming it to "qvyaa.dat", and then making it "read only" in file properties. That way if it tries to re-initialise the file it already exists and cannot do anything to it.

Just a thought.

Jim

[Bungleau]

Thanks, guys. I will give that one last shot this morning. An update will be forthcoming later [img]smile.gif[/img]

[Cloudbringer]

How'd it go, Bugleau? Did you eradicate the pesky thing?

Your situation with your mom's pc sounds alot like what my husband and I found our a friends's machine. Took us several hours to dump all the garbage and spyware and we STILL had a virus we couldn't vanquish. Like you were contemplating, we ended up wiping the system and starting fresh. Only we got her to invest in a Norton antivirus and a firewall and then we set adaware and spybot to run routinely since she never remembers and her teen son uses the machine too (source of much ad/spyware we're sure!).

[Bungleau]

Thanks, TDC. Looks like that finally quashed it. I ran HiJack This in the mid-section as well, and got rid of a few other things that were hanging around in the registry.

The machine rebooted cleanly, and mom is gone. Peace can return to my life now... although I just realized I forgot to re-enable system restore after everything was done. I'll have to walk her through that... later.

[T-D-C]

That process is almost guaranteed to rid you computer of any crap. Mainly because you clear the restore points first so nothing can come back from a old restore.

The only time it didn't work for me was when a torrent download got stuck. I had the file half downloaded and the torrent wouldn't start it up again. I tried to delete the file but it was in use. I switched over to the admin account and it was still in use. Booted to safe mode and it was still in use. Had to go to the safe mode command prompt to delete it.

Glad that its all good for you!

[Bungleau]

It's all good, and much appreciated. And it goes into my memory banks for future use.

Still looking for contact information for the scum who generate this so I can pass along my warmest welcomes and well-wishes... [img]graemlins/madhell.gif[/img]

Ah, well. Time to get some gaming in before I turn into a [img]graemlins/sleeping.gif[/img]

[Elif Godson]

I run into these issues often and they really suck, especially when you need to go in and correct the registry. Just yesterday I had a store that had over 13000 malware adaware issues as well about 15 different trojans and half dozen viruses. At this point we basically reimage the computer, which is easy on a corporate level but personal sometimes you just have to muddle through it especially if you dont have an OS disk. I hate cleaning reg keys because it is all interwoven and the wrong one can be just as damaging as the existing issue. Well any who, glad you over came the issue.