hijack this

and a hijack this web analyzer
e.g.


this will make darn sure the thing is not starting up again by itself, check the locations of the files and manually delete them. I am sure there are automated programs to do all this, but I find that malware tends to be updated more than the anti spyware /anti malware softwares

You should try this before running "Hijack This":



I run "Hijack This" as the last tool, let the automated cleaners do whatever they can first.

Guess who's been looking at pron then.

have you been to the same sites then TP?

Everybody who hasn't been to one of those sites on the internet raise your hands.

liars!

I know AVG Free Edition will run on Win2K Adv. Server.

Thanks for the suggestions so far.

I thought I was unsuccessful with this before but I'll try again. Do I need to get a license via E-Mail first for the 30 day trial versions? I see it requests that info as part of the download process. I only run my E-Mail on the W2KAS box so I have a chicken and egg scenario there.

I'm thinking of just canning the W2KAS install in favor of W2KWS as I don't need the server functionality now. I just don't think I can ever trust this box again. It's a shame since I've had this install for nearly five years now. It's a royal PITA to save off all my data and figure out what all I've got installed on this system. I've got to get the system up quick too since I do all my secure work on that box (its also tax time). I don't know how the malware managed to plant itself since I browse w/o ActiveX or JavaVM. I was only at SP2 (with tons of hotfixes) on that box so that may have contributed. I didn't want MSFTs active download features of the newer SPs so I stuck with SP2. I guess I'll bring the WS install completely up to date this time. I'll run AVG free edition and Ad-Aware on the new install but will that stop this sort of instant attack? This attack installed trojan downloaders and was parsing out my IE auto complete fields apparently to report back. Who knows what else was going on. I don’t want this hassle again.

P.S. Looks like my IE 6 was only at SP1 with a few fixes. That probably didn't help.

http://free.grisoft.com/doc/1

It has limited shceduling and it says that it only works on server operating systems but that seems to refer to Win2K3. I tried it once due to a minor emergency on 2K Adv. Server and it functioned fine. It's worth a shot.

Thanks High_Jumbllama. Are you referring to this download? ... http://free.grisoft.com/softw/70free...ee_375a716.exe

I need to finish backing up the data and install info before I try and clean out what Ad-Aware flagged. I've only booted up in SafeMode so far since I've got to still purge the malware processes that kick off at startup. I'll try AVG free after I can manage a decent boot.

Yes.

AVG Free ran fine on the W2KAS box. It warned me about the Adaptec/Roxio CD burning SW on that box but I trudged along. This reminded me that I had installed a 30 day trial version before in the last year or so and I recall it never found anything. This scan found various trojans and a virus which all matched from what I had already surmised (looking at the Ad-Aware report, Registry entries, and last modified file dates). I haven't yet run the other spyware utilities mentioned on the castlecops site. I still don’t think I can rely on the system so I think I'll just spend my time building a new install on an old swappable boot drive (haven't used that old Win98 install in years anyway). I'll leave this W2KAS swappable boot drive as a backup in case I have a problem restoring the data on the new install.