Okay, for those of you in the know, there is a common piece of spyware that runs WebRebates0.exe and WebRebates1.exe which monitor each other and restart each other upon disconnect. I have been able to kill both tasks quickly and then remove the folder for "Program Files" succesfully. Spybot cannot remove this spyware for some reason. I don't think AdAware can either.
There is another type of spyware that does the same thing, only much, much, better. I can't kill WebClt.exe and WebAd.exe at the same time. (Although I can erase the .dll that I believe is used to start them.
So, my question is this:
Does anyone have any freeware or other tool that they can give me that will kill a process by process id? I'm preferably looking for something that can kill two processes basically simultaneously. If someone *does* have such a thing, I will make a simple tool to remove both kinds of spyware and upload it all over the web. I'll also credit you and you'll be famous in the anti-spyware community, I assure you.
Full Version: Killing Spyware
wouldn't kill or pskill do exactly what you want?
ahh.. perhaps. I'll do a google search thanks. I used to have pskill come to think of it.
omg it worked. here's the code!
| CODE |
| taskkill /T /F /IM WinClt.exe erase WinClt.exe taskkill /T /F /IM WinAd.exe erase WinAd.exe erase WinClt.exe |
Put that in a batch file and run it in the directory the program is in. Awesome!
are those files regenerated after a reboot (sometimes there are sourcefiles in the winroot or system32, which generate a new, fully functional and working exe of that spyware but with a different bytecode - means that not only the file is copied with an file-extension change) or does this command erase all content of this spyware ?
Yorn, thre should be still a problem in your registry, something like :
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
U can use Hijack This to have a dump of your registry and clean what is not okay : http://www.spychecker.com/program/hijackthis.html
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
U can use Hijack This to have a dump of your registry and clean what is not okay : http://www.spychecker.com/program/hijackthis.html
okey, here is a list of removal tool links I put together the other day, all links work at time of posting.
Free Online Virus Scan
House Call Online Scan
Kaspersky File Check
Free Anti Virus Prog
AVG
AVAST
SpyWare Cleaners
AdAware
SpywareBlaster
Spybot - Search & Destroy
RegSeeker
HijackThis 1.97.7
SpyCop
GoodBye Spy 3.12
Browser Hijack Blaster
HijackThis 1.97.7
And another 50 odd:
Free Online Virus Scan
House Call Online Scan
Kaspersky File Check
Free Anti Virus Prog
AVG
AVAST
SpyWare Cleaners
AdAware
SpywareBlaster
Spybot - Search & Destroy
RegSeeker
HijackThis 1.97.7
SpyCop
GoodBye Spy 3.12
Browser Hijack Blaster
HijackThis 1.97.7
And another 50 odd:
Another tool to remove spyware is BHO Demon
Here is a download link.
http://ftp.pcworld.com/pub/new/utilities/s...0-0-18Setup.exe
Here is a download link.
http://ftp.pcworld.com/pub/new/utilities/s...0-0-18Setup.exe
Runn these tools in safe mode and log in using the admin account. The subsequent reboots shouldn't undo your removal.
plenty of tools to kill processes just need look on google and search
Safe Mode with no network support worked for me.
........Aspire to Inspire before you Retire or Expire
........Aspire to Inspire before you Retire or Expire
It looks like you've been infected by some brower attack and i recommend using Hijackthis for this one.
Im not sure if your spyware is gone now, you can better post the log of hijackthis here, maybe some other stuff which doesnt belong there is in it or some remains of the spyware.. (not that i am a master @ hijackthis )
// edit:
You can delete files and stop processes with this very small programm called The KillBox, try it, you'll like it !
// edit (it even has a GUI
)
http://www.short-media.com/download.php?d=319
Im not sure if your spyware is gone now, you can better post the log of hijackthis here, maybe some other stuff which doesnt belong there is in it or some remains of the spyware.. (not that i am a master @ hijackthis )
// edit:
You can delete files and stop processes with this very small programm called The KillBox, try it, you'll like it !
// edit (it even has a GUI
)http://www.short-media.com/download.php?d=319
Intriguing, Can I have some info about these two files perhaps we can make a stand alone removal tool (that removes the registry entries too) Might be good educational for anyone learning a language if they interested (learn how to add / remove reg entries, manipulate files and kill proccesses).
For what it's worth I'll suggest ProcessExplorer. I've found this to be a nifty tool at finding processes that are otherwise hidden from TaskManager.
| QUOTE (MsMittens @ Sep 24 2004, 06:48 PM) |
| For what it's worth I'll suggest ProcessExplorer. I've found this to be a nifty tool at finding processes that are otherwise hidden from TaskManager. |
Oh, nice tool, i got something that's just like it, also very small. I used it a lot of times on school
(in order to stop the stupid Netop-School programm )Easy Task Manager
QUOTE(chris105 @ Sep 24 2004, 12:09 PM)
Intriguing, Can I have some info about these two files perhaps we can make a stand alone removal tool (that removes the registry entries too) Might be good educational for anyone learning a language if they interested (learn how to add / remove reg entries, manipulate files and kill proccesses).
I agree. this can be done, I started working on it but gave up after I realized that killing the programs was "good enough".
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
