StarDestroyer.Net BBS

Alright, so I regularly check my computer with Spybot, a program designed to find and eliminate spyware from my PC. Spybot recently told me that my computer had succumbed to "TSCash: 0190 Dialer." Usually, Spybot can eliminate anything like this. The problem is that this ingenious little program has embedded itself into my Windows files, so that everytime I turn on the machine it automatically runs the TSCash program, and continues running it non-stop. Thus, Spybot is rendered ineffective since it can only delete inactive files. I have tried manually halting TSCash using my Taskmanager, but it apparently has a feature so that if you stop it from running it automatically starts itself over again, rendering my attempts to manually delete the file ineffective. Does anyone know of a way to manually quarantine files on a WinXP machine and THEN delete them, so it doesn't get a chance to start running itself, again?

Have you used AdAware?

Montcalm wrote:Have you used AdAware?

Yeah, but it doesn't even FIND the TSCash thing.

How did it get in you computer,did you click something you shouldn't have or did it enter attached to a website?

BTW Window XP seems to attract lots of bugs.

Search for Knoppix on Google, download and burn to CD. Boot off of this CD and you can delete whatever the hell you want.

Hopefully you know what the file is called that you must kill.

Montcalm wrote:How did it get in you computer,did you click something you shouldn't have or did it enter attached to a website?

I don't know. I only check for spyware about once every week or ten days. I don't think I've been downloading anything unusual, in that time.

BTW Window XP seems to attract lots of bugs.

It does. I don't remember having all these issues with my old Windows 2000 machine. Maybe I was just lucky enough to get a really stable computer, last time.

Google it, bro. In any case, I think the homesite it reports to is dead (at least according to one site I checked).

Its probably got another program running in the background (not showing up on the task manager list....yes, this is possible) re-launching it. I suggest you go into your services list and check for any odd listing that isn't supposed to be there. If you don't find anything, download this and kill it from there. Then rename the executable to something else (so it won't get re-launched) and then kill it via spybot.

If you have FAT32 as your filesystem, you can boot off any old Win9x floppy or CD-ROM and delete whatever files you want. If you have NTFS, it might be trickier. One brute-force solution would be to stick the drive into another Windows machine on the secondary IDE channel, so it shows up as D:. None of its files will be executed by the new host machine, which will then be able to run whatever spyware detection/elimination software you want on it with no conflicts.

Victory is mine!

I rebooted off the disk to get around the spyware, then terminated it with extremely satisfying prejudice!

Thanks for all your help, everyone!

For valor in battle against malicious spyware, we award you the Hacker's Cross, for computer skills above and beyond the call of duty. *Pins medal on MoO's shirt.*

Rogue 9 wrote:For valor in battle against malicious spyware, we award you the Hacker's Cross, for computer skills above and beyond the call of duty. *Pins medal on MoO's shirt.*

Sigged!

Yay! I've been sigged!

Safe mode, I have a user thats completely clean that I use to clean out shit.

Shouldn't this have been into Games and computers?

MoO, download and run HijackThis, then post the log. I might be able to see if you have anything else possibly untoward.

Howedar wrote:Search for Knoppix on Google, download and burn to CD. Boot off of this CD and you can delete whatever the hell you want.

Hopefully you know what the file is called that you must kill.

I though NTFS write on Linux was dangerous (except if you just want to overwrite a file... which might suffice).

The OSS NTFS driver is dangerous for writing. However, there is a loader which can use the OSS NTFS driver for reading the local Windows NTFS driver.