Reappearing Spyware

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

Post Reply
User avatar
Dalton
For Those About to Rock We Salute You
For Those About to Rock We Salute You
Posts: 22637
Joined: 2002-07-03 06:16pm
Location: New York, the Fuck You State
Contact:
Contact Dalton

Reappearing Spyware

Post by Dalton »

There's a particularly annoying piece of spyware on my aunt's computer that keeps showing up every time I reboot. It's called bett.exe and the program is identified as Noha. Now, no matter how many times I delete the registry keys and program files, it shows up on the next reboot.

Also, probably not coincidentally, on every reboot Windows gives me the standard setup thing - i.e. "Please wait while Windows configures your setup files". I'm convinced this is what's causing the thing to constantly reappear.

My question is...how to remove it? Nothing I've tried has worked.
Image
Image
To Absent Friends
Dalton | Admin Smash | Knight of the Order of SDN

"y = mx + bro" - Surlethe
"You try THAT shit again, kid, and I will mod you. I will
mod you so hard, you'll wish I were Dalton." - Lagmonster

May the way of the Hero lead to the Triforce.
Top
User avatar
Sharpshooter
Jedi Master
Posts: 1081
Joined: 2004-08-31 10:59pm

Post by Sharpshooter »

Did you try taking a crack at any other mysterious mysterious little files tht suddenly showed up from nowhere? A good, long while ago, I had a piece of shit that was doing the very same thing you describe now (minus the Windows setting up bit) and I think that what happened was that I found that another file that had buried itself in my hard drive was re-installing the thing every time I started up the computer. Once I took care of that, the program dissipeared.
This has been another blunder by you friendly local idiot.
Top
User avatar
Uraniun235
Emperor's Hand
Posts: 13772
Joined: 2002-09-12 12:47am
Location: OREGON
Contact:
Contact Uraniun235

Post by Uraniun235 »

Try running your favorite spyware removal programs under Safe Mode.

You might also try googling up the spyware in question and see if there are any specific guides to removing it out there.
Top
User avatar
Tokaji Kyoden
Padawan Learner
Posts: 165
Joined: 2005-07-31 10:11pm
Contact:
Contact Tokaji Kyoden

Post by Tokaji Kyoden »

Actually, just deleting it in safe mode usually does the trick. Also, make sure that there are no other files associated with it. Run a search of your hard drive for the spyware, then open the file that contains it to check. And for future reference, I'd recommend using exclusively Mozilla Firefox, or really anything other than IE as a web browser from now on.
C:\DOS
C:\DOS\RUN
RUN\DOS\RUN
Top
User avatar
Dalton
For Those About to Rock We Salute You
For Those About to Rock We Salute You
Posts: 22637
Joined: 2002-07-03 06:16pm
Location: New York, the Fuck You State
Contact:
Contact Dalton

Post by Dalton »

Tokaji Kyoden wrote:Actually, just deleting it in safe mode usually does the trick. Also, make sure that there are no other files associated with it. Run a search of your hard drive for the spyware, then open the file that contains it to check. And for future reference, I'd recommend using exclusively Mozilla Firefox, or really anything other than IE as a web browser from now on.
I've already instructed them to strictly use Firefox, but a computer used by three teenagers can be unpredictable.
Uraniun235 wrote:Try running your favorite spyware removal programs under Safe Mode.
Already tried that. No dice.
Uraniun235 wrote:You might also try googling up the spyware in question and see if there are any specific guides to removing it out there.
Google didn't get a lot of dings either.
Sharpshooter wrote:Did you try taking a crack at any other mysterious mysterious little files tht suddenly showed up from nowhere? A good, long while ago, I had a piece of shit that was doing the very same thing you describe now (minus the Windows setting up bit) and I think that what happened was that I found that another file that had buried itself in my hard drive was re-installing the thing every time I started up the computer. Once I took care of that, the program dissipeared.
Yep. Found and deleted a couple other files. Also found and deleted other bits of spyware that both I and Spybot/Adaware missed. And AVG didn't kick up anything.

I recall getting it out once before (or seeming to get it out). I'll have to retry a full scan in the future and see what it turns up. It doesn't help that I have a 16 year old cousin with a tendency to download mounds of garbage off of Kazaa and AOL.
Image
Image
To Absent Friends
Dalton | Admin Smash | Knight of the Order of SDN

"y = mx + bro" - Surlethe
"You try THAT shit again, kid, and I will mod you. I will
mod you so hard, you'll wish I were Dalton." - Lagmonster

May the way of the Hero lead to the Triforce.
Top
User avatar
Tokaji Kyoden
Padawan Learner
Posts: 165
Joined: 2005-07-31 10:11pm
Contact:
Contact Tokaji Kyoden

Post by Tokaji Kyoden »

It may be embedded or hidden in another program, like a game download(simple little game), or a borwser tool bar.
C:\DOS
C:\DOS\RUN
RUN\DOS\RUN
Top
User avatar
Naaman
Redshirt
Posts: 16
Joined: 2005-07-07 08:02am
Location: 20 minutes in the future

Post by Naaman »

Tokaji Kyoden wrote:It may be embedded or hidden in another program, like a game download(simple little game), or a borwser tool bar.
Or somewhere in the temporary internet files.

Have you tried using HijackThis scan and fix in safe mode? That can often work as an extra source of Spy\Malware eradication.
The only other bit of advice I can offer is to get a full version of Adaware and then run it as a background process, quite often it'll identify the source program that's spawning these bastard things and from there it's just a case of making a note of these files, rebooting in safe mode and deleting them.
Top
User avatar
Dalton
For Those About to Rock We Salute You
For Those About to Rock We Salute You
Posts: 22637
Joined: 2002-07-03 06:16pm
Location: New York, the Fuck You State
Contact:
Contact Dalton

Post by Dalton »

Naaman wrote:Have you tried using HijackThis scan and fix in safe mode? That can often work as an extra source of Spy\Malware eradication.
Friggin' yes, man. Still comes back.
Naaman wrote: The only other bit of advice I can offer is to get a full version of Adaware and then run it as a background process, quite often it'll identify the source program that's spawning these bastard things and from there it's just a case of making a note of these files, rebooting in safe mode and deleting them.
I think it's about time to do a nuke job.
Image
Image
To Absent Friends
Dalton | Admin Smash | Knight of the Order of SDN

"y = mx + bro" - Surlethe
"You try THAT shit again, kid, and I will mod you. I will
mod you so hard, you'll wish I were Dalton." - Lagmonster

May the way of the Hero lead to the Triforce.
Top
User avatar
Alyeska
Federation Ambassador
Posts: 17496
Joined: 2002-08-11 07:28pm
Location: Montana, USA

Post by Alyeska »

Nuke their computer, setup Firefox (Thunderbird even if thats what it takes) and do your best to hide IE from them.
"If the facts are on your side, pound on the facts. If the law is on your side, pound on the law. If neither is on your side, pound on the table."

"The captain claimed our people violated a 4,000 year old treaty forbidding us to develop hyperspace technology. Extermination of our planet was the consequence. The subject did not survive interrogation."
Top
User avatar
General Zod
Never Shuts Up
Posts: 29211
Joined: 2003-11-18 03:08pm
Location: The Clearance Rack
Contact:
Contact General Zod

Post by General Zod »

A quick search turns up this thread reagarding it. It seems you -might- not need to nuke the system completely after all.
"It's you Americans. There's something about nipples you hate. If this were Germany, we'd be romping around naked on the stage here."
Top
Post Reply

Return to “Gaming, Electronics and Computers”