win xp hosed

LT72884 · #1 31st January 2008, 08:11 PM

ok so a client brought in his pc yesterday and told me that all these weird errors keep popping up. so i did a search and destroy on it for spy ware. found over 200. then i did 5 virus scans all in safe mode and it has found over 250 viruses. now im on the 5th scan and it only finds one virus. i have healed it and deleted it many times but i do a scan after scan and the same one keeps comming back. i cant find it on google any where. I could use some tips because i fear its time to wipe clean and flush. its the d?dplay.exe adware generic2.AAHZ.
it is som where in her my documents folder. any ideas before it gets flushed or is that the BEST thing to do? thanx guys

FriedChips · #2 31st January 2008, 08:20 PM

this may sound funny but, try a program called HiJackThis. I will post a link in a moment. It checks registry entries and all kinds of things, it was designed for the Cool Web Search thing that was a big deal a few years ago, but works for a lot of things. I'll post a link in a moment.

EDIT: Here it is

Seve · #3 31st January 2008, 08:25 PM

Hello:
Just from googling around

It appears to be associated with PurityScan/Clickspring adware ?
Some manual removal instructions located here
http://www.spywaredb.com/remove-clickspring-purityscan/

Edit:
I think FriedChips may have the answer for you.

Seve

Gnafu the Great · #4 31st January 2008, 08:27 PM

Do 'em a favor and install Fedora instead

.

blitzo · #5 31st January 2008, 08:31 PM

Quote:

Originally Posted by Gnafu the Great

Do 'em a favor and install Fedora instead

.

+1 Fix it for good!

FriedChips · #6 31st January 2008, 08:31 PM

Quote:

Originally Posted by Gnafu the Great

Do 'em a favor and install Fedora instead

.

Good answer

LT72884 · #7 31st January 2008, 08:42 PM

LOL, yeah but i dont think PAF will work with fedora. ok here is something interesting. in her doc folder there were over 5800 TMP files and on her C: there are 5751 TMP files. its like the virus is touching blank files and sucking up inodes. ill tyr out those tips. the regedit command is busted to. i cant even run that any more. lol.

LT72884 · #8 31st January 2008, 08:47 PM

also there is no ndrv process running. the processes that are running seem to be the normal ones

FriedChips · #9 31st January 2008, 09:17 PM

http://forums.fedoraforum.org/forum/...d.php?t=179946

wow, don't brick that system just yet.. Does that happen to have a creative labs card in it? Just happened to stumble across the above link... Maybe this is related? Maybe not.

EDIT: maybe I'm naive, and he is not meaning virus literally....