Fedora Linux Support Community & Resources Center
  #1  
Old 31st January 2008, 08:11 PM
LT72884 Offline
Registered User
 
Join Date: Nov 2007
Posts: 418
win xp hosed

ok so a client brought in his pc yesterday and told me that all these weird errors keep popping up. so i did a search and destroy on it for spy ware. found over 200. then i did 5 virus scans all in safe mode and it has found over 250 viruses. now im on the 5th scan and it only finds one virus. i have healed it and deleted it many times but i do a scan after scan and the same one keeps comming back. i cant find it on google any where. I could use some tips because i fear its time to wipe clean and flush. its the d?dplay.exe adware generic2.AAHZ.
it is som where in her my documents folder. any ideas before it gets flushed or is that the BEST thing to do? thanx guys
__________________
I really need to get a gurl whos last name doesnt end with .jpg.

yours truely,

A substitute for human interaction AKA LT72884
Reply With Quote
  #2  
Old 31st January 2008, 08:20 PM
FriedChips Offline
Registered User
 
Join Date: Jul 2007
Location: Indiana USA
Posts: 1,715
this may sound funny but, try a program called HiJackThis. I will post a link in a moment. It checks registry entries and all kinds of things, it was designed for the Cool Web Search thing that was a big deal a few years ago, but works for a lot of things. I'll post a link in a moment.


EDIT: Here it is
__________________
The answer to all of lifes questions are buried somewhere in the Google search engine.

Code:
[Stephen@localhost ~]$ whatis this?
this?: nothing appropriate

Last edited by FriedChips; 31st January 2008 at 08:22 PM.
Reply With Quote
  #3  
Old 31st January 2008, 08:25 PM
Seve Offline
Retired Community Manager
 
Join Date: Oct 2004
Location: The GTA, Ontario, Canada
Age: 56
Posts: 12,371
Hello:
Just from googling around
It appears to be associated with PurityScan/Clickspring adware ?
Some manual removal instructions located here
http://www.spywaredb.com/remove-clickspring-purityscan/

Edit:
I think FriedChips may have the answer for you.

Seve
__________________
Registered Linux User: #384977
.................................................. ............
See the Links below for more Help and those much wanted extras ... :)
Reply With Quote
  #4  
Old 31st January 2008, 08:27 PM
Gnafu the Great Offline
Gideon Mayhak
 
Join Date: May 2007
Location: Wisconsin Rapids, WI, USA
Age: 27
Posts: 771
Do 'em a favor and install Fedora instead .
__________________
Something new coming to this space soon...
Reply With Quote
  #5  
Old 31st January 2008, 08:31 PM
blitzo Offline
Registered User
 
Join Date: May 2007
Location: /home/US/PA
Posts: 151
Quote:
Originally Posted by Gnafu the Great
Do 'em a favor and install Fedora instead .
+1 Fix it for good!
__________________
www.erielug.org

Registered Linux User #360152
Reply With Quote
  #6  
Old 31st January 2008, 08:31 PM
FriedChips Offline
Registered User
 
Join Date: Jul 2007
Location: Indiana USA
Posts: 1,715
Quote:
Originally Posted by Gnafu the Great
Do 'em a favor and install Fedora instead .
Good answer
__________________
The answer to all of lifes questions are buried somewhere in the Google search engine.

Code:
[Stephen@localhost ~]$ whatis this?
this?: nothing appropriate
Reply With Quote
  #7  
Old 31st January 2008, 08:42 PM
LT72884 Offline
Registered User
 
Join Date: Nov 2007
Posts: 418
LOL, yeah but i dont think PAF will work with fedora. ok here is something interesting. in her doc folder there were over 5800 TMP files and on her C: there are 5751 TMP files. its like the virus is touching blank files and sucking up inodes. ill tyr out those tips. the regedit command is busted to. i cant even run that any more. lol.
__________________
I really need to get a gurl whos last name doesnt end with .jpg.

yours truely,

A substitute for human interaction AKA LT72884
Reply With Quote
  #8  
Old 31st January 2008, 08:47 PM
LT72884 Offline
Registered User
 
Join Date: Nov 2007
Posts: 418
also there is no ndrv process running. the processes that are running seem to be the normal ones
__________________
I really need to get a gurl whos last name doesnt end with .jpg.

yours truely,

A substitute for human interaction AKA LT72884
Reply With Quote
  #9  
Old 31st January 2008, 09:17 PM
FriedChips Offline
Registered User
 
Join Date: Jul 2007
Location: Indiana USA
Posts: 1,715
http://forums.fedoraforum.org/forum/...d.php?t=179946

wow, don't brick that system just yet.. Does that happen to have a creative labs card in it? Just happened to stumble across the above link... Maybe this is related? Maybe not.

EDIT: maybe I'm naive, and he is not meaning virus literally....
__________________
The answer to all of lifes questions are buried somewhere in the Google search engine.

Code:
[Stephen@localhost ~]$ whatis this?
this?: nothing appropriate
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DB4 still hosed? rpr Using Fedora 0 18th May 2004 05:41 PM


Current GMT-time: 13:10 (Saturday, 26-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat