Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SurfSideKick 3 et al


  • Please log in to reply

#1
Peter1234

Peter1234

    New Member

  • Member
  • Pip
  • 2 posts
Hi Everyone,

I'm in a spot of bother. Looking at my g/fs brothers computer (XP Pro), it was clear it had been compromised beyond belief. I should've left it alone! I installed and ran avg and adaware, and cleaned the thousands of virii and malware on the computer. now it's having trouble booting/functioning. this ssk remains, and resists all the methods that i've found on the internet to clean it.

xp loads, but takes an extra 3 minutes in the starting up screen, then one minute without a desktop, then finally the desktop arrives but no taskbar. there is a toolbar (right-click taskbar, toolbars) that has no name, which seems to hide the taskbar. no internet access either, so i can't post hijack logs.

i have disabled all but system (and ssk) programs at startup, and have removed the vlcclient, and the ati2evxx.exe that has been linked with the malware.

it would seem ssk is causing most of my grief
http://www.geekstogo...533;entry242597

same as this post, the program has no open processes, but seems to be able to undo any changes to registry or files that I might want to make. this users solution doesn't work either, as the windows folder is <immediately> replaced upon renaming. unlocker quotes the debug problem, but those changes to local policy always revert as well.

kilbox was no good, and is now giving me a system error &h800706b5

i can't delete the repairs or ssk files, nor can I stop them from running on startup.

I've never come across malware this nasty or persistent, and it's not on a computer of mine!

Any help would be most appreciated.

Thanks,
Pete.
  • 0

Advertisements


#2
fleamailman

fleamailman

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,383 posts
Welcome to the world of malware removal then, sounds like a welintentioned but messy clean up of malware so here is the link to our malware removal forum. Follow all the steps mentioned and if there is still malware after that please post the hjt log there. Good luck then.


http://www.geekstogo..._Log-t2852.html

Edited by fleamailman, 04 April 2006 - 12:20 AM.

  • 0

#3
Peter1234

Peter1234

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi,

Thanks. I'm not new to malware removal - I just never suspected anything this nasty or persistent!
This guy had been to some real dodgy sites; I'm surprised he could use the computer at all.

the whole hjt routine wouldn't be easy here. no net access, and the burner is giving a COM/OLE error.

So i'll change my approach on this one.

THE QUESTIONS:

*Is it true the XP CD has a dos prmpt i could use to delete files?
I tried to boot DRDOS, but access was read-only on the NTFS partition for some reason

*Can i take the (dual partition) hard drive out and stick it in an external enclosure or other computer??
I've done this before, but never with a dual partition (NTFS/FAT32) hard drive

Thanks,
Pete.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP