StarDestroyer.Net BBS

There's a particularly annoying piece of spyware on my aunt's computer that keeps showing up every time I reboot. It's called bett.exe and the program is identified as Noha. Now, no matter how many times I delete the registry keys and program files, it shows up on the next reboot.

Also, probably not coincidentally, on every reboot Windows gives me the standard setup thing - i.e. "Please wait while Windows configures your setup files". I'm convinced this is what's causing the thing to constantly reappear.

My question is...how to remove it? Nothing I've tried has worked.

Did you try taking a crack at any other mysterious mysterious little files tht suddenly showed up from nowhere? A good, long while ago, I had a piece of shit that was doing the very same thing you describe now (minus the Windows setting up bit) and I think that what happened was that I found that another file that had buried itself in my hard drive was re-installing the thing every time I started up the computer. Once I took care of that, the program dissipeared.

Try running your favorite spyware removal programs under Safe Mode.

You might also try googling up the spyware in question and see if there are any specific guides to removing it out there.

Actually, just deleting it in safe mode usually does the trick. Also, make sure that there are no other files associated with it. Run a search of your hard drive for the spyware, then open the file that contains it to check. And for future reference, I'd recommend using exclusively Mozilla Firefox, or really anything other than IE as a web browser from now on.

Tokaji Kyoden wrote:Actually, just deleting it in safe mode usually does the trick. Also, make sure that there are no other files associated with it. Run a search of your hard drive for the spyware, then open the file that contains it to check. And for future reference, I'd recommend using exclusively Mozilla Firefox, or really anything other than IE as a web browser from now on.

I've already instructed them to strictly use Firefox, but a computer used by three teenagers can be unpredictable.

Uraniun235 wrote:Try running your favorite spyware removal programs under Safe Mode.

Already tried that. No dice.

Uraniun235 wrote:You might also try googling up the spyware in question and see if there are any specific guides to removing it out there.

Google didn't get a lot of dings either.

Sharpshooter wrote:Did you try taking a crack at any other mysterious mysterious little files tht suddenly showed up from nowhere? A good, long while ago, I had a piece of shit that was doing the very same thing you describe now (minus the Windows setting up bit) and I think that what happened was that I found that another file that had buried itself in my hard drive was re-installing the thing every time I started up the computer. Once I took care of that, the program dissipeared.

Yep. Found and deleted a couple other files. Also found and deleted other bits of spyware that both I and Spybot/Adaware missed. And AVG didn't kick up anything.

I recall getting it out once before (or seeming to get it out). I'll have to retry a full scan in the future and see what it turns up. It doesn't help that I have a 16 year old cousin with a tendency to download mounds of garbage off of Kazaa and AOL.

It may be embedded or hidden in another program, like a game download(simple little game), or a borwser tool bar.

Tokaji Kyoden wrote:It may be embedded or hidden in another program, like a game download(simple little game), or a borwser tool bar.

Or somewhere in the temporary internet files.

Have you tried using HijackThis scan and fix in safe mode? That can often work as an extra source of Spy\Malware eradication.
The only other bit of advice I can offer is to get a full version of Adaware and then run it as a background process, quite often it'll identify the source program that's spawning these bastard things and from there it's just a case of making a note of these files, rebooting in safe mode and deleting them.

Naaman wrote:Have you tried using HijackThis scan and fix in safe mode? That can often work as an extra source of Spy\Malware eradication.

Friggin' yes, man. Still comes back.

Naaman wrote: The only other bit of advice I can offer is to get a full version of Adaware and then run it as a background process, quite often it'll identify the source program that's spawning these bastard things and from there it's just a case of making a note of these files, rebooting in safe mode and deleting them.

I think it's about time to do a nuke job.

Nuke their computer, setup Firefox (Thunderbird even if thats what it takes) and do your best to hide IE from them.

A quick search turns up this thread reagarding it. It seems you -might- not need to nuke the system completely after all.