Adaware Causing Reboot

[shanenin]

I just had a customer drop off a computer. Whe has a problem with spyware. I have not yet taken a look but I thought I would see what you guys thought. She mentioned something to do with winfixer; is this a legitmate program, or spyware itsself?

Also when she runs adaware it is rebooting during the scan. Have any of you heard of spyware causing that problem?

Edited March 28, 2006 by shanenin

[sethook]

Winfixer..... You may want to fire up the PC and see what indications are present before jumping to conclusions or going on customer statements. That will allow you to put forth more accurate info here.

[shanenin]

You may want to fire up the PC and see what indications are present before jumping to conclusions or going on customer statements.

You are probably correct. I would not have to to hook it up to later today, but I was curious to what you guys had to say.

I thought maybe someone had something to offer on the adaware causing reboots. I guess I was just looking for a handout :-)

Edited March 28, 2006 by shanenin

[TheTerrorist_75]

I think you are going to need to run HJT and psot a log to get rid ofthe Winfixer problem. It very well could be why AdAware is rebooting.

[garmanma]

I've caught Winfixer a few times. Adaware won't catch it but Spybot will. It shows up on your machine then wants you to buy their program to get rid of spyware

Mark

[xxkbxx]

Get ready for some heavy spyware removal. I do believe it worked by disabling EVERYTHING in startup items (I used MSConfig - it worked so I don't really want to hear that I should use some other startup program ) Rebooted, ran Spysweeper - most likely spybot too for Winfixer, then slowly turn back on items. Just remember worst case scenario - Backup and Reload

[Matt]

There are tools specially designed to get rid of WinFixer. Google may be your friend there. However, the authors of the tools may or may not allow their use commercially.

As for BT, we would not be able to assist in a HJT log coming from your customer:

From the ToU:

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

[shanenin]

We offer free computer help and tech support for home and personal use. We are not here to support others that work for profit, or to support/replace your company's IT department.

sure that is fine.

In all honesty, a large chunk of the questions here are probably people working on other peoples computers. This seems like a place where people(both amature and professional alike SHARE(both ways) their knowledge.

edit added later//

sorry, I took a little offence to the previous post. You are just trying to keep the forum nice :-) If something was not said, other people would be coming here just to get their professional questions answered.

Edited March 28, 2006 by shanenin

[Dragon]

Hi shanenin,

Matt jumped the gun a little bit as I could tell you weren't asking us to fix the problem but were rather asking for input in regards to what your customer was making the primary complaint about.

Winfixer is classified as malware, to the extent that it is a Rogue product which uses deceptive advertising to make the computer user/owner buy the software. It also does what is commonly called a drive by download, even though the computer user doesn't click on a link to install the trial software, it can download it's adverts via google ad-sense and other routes.

This is a very undesireable program and should be removed using specialized tools.

Even though we don't help commercial companies fix customers machines, I would suggest that you go through one of the multitude of Hijack This training camps to help you understand malware and how to get rid of it. This will also help you further your knowledge by being able to help on the occasional logs here at besttechie and learn how this malware can get on someone's computer.

[Matt]

Hi shanenin, I did not mean to imply that help and conversation wouldn't be allowed, I just was informing you that HJT logs can't be analyzed for commercial purposes. Many forums have had issues where users would post new logs many times a week; and it turned out they were taking advantage of the forums for their own personal gain. I wouldn't imply that you were doing this, just threw it out there.

As for what Dragon said, I agree, going through a malware training program would really benifit you and your business. If I might suggest one I'd say GeekstoGo's GeekU is a very good program.

Sorry for any confusion, didn't mean to send a mixed message.

Matt

[shanenin]

I would suggest that you go through one of the multitude of Hijack This training camps to help you understand malware and how to get rid of it. This will also help you further your knowledge by being able to help on the occasional logs here at besttechie and learn how this malware can get on someone's computer.

I agree, I even am a "slyware cadet" at tomcoyote, but I have such a hard time staying interested in it. For the business I am in, this is a needed skill I need to make better.

I was just reading at tomcoyote the selfhelp section on winfixrer.

[martymas]

i agree with mat

isnt asking and suggesting the same thing

i dont work to fix other peoples compts

so i hope you dont include me in that catergory

many of you join these boards to make cash on the side

if your a compt fixer,

shouldnt you know the answer instead of comming here,

instead of picking the brains of the poster so you can increase your greed

in this case shouldnt you have learned to read a hjt

in stead of leaning on others

to fix this problem.

and you get paid

marty

Edited March 28, 2006 by martymas

[shanenin]

Hi shanenin, I did not mean to imply that help and conversation wouldn't be allowed, I just was informing you that HJT logs can't be analyzed for commercial purposes. Many forums have had issues where users would post new logs many times a week; and it turned out they were taking advantage of the forums for their own personal gain. I wouldn't imply that you were doing this, just threw it out there.

As for what Dragon said, I agree, going through a malware training program would really benifit you and your business. If I might suggest one I'd say GeekstoGo's GeekU is a very good program.

Sorry for any confusion, didn't mean to send a mixed message.

Matt

no offense taken :-) You are just doing your job

[Dragon]

i agree with mat

isnt asking and suggesting the same thing

i dont work to fix other peoples compts

so i hope you dont include me in that catergory

many of you join these boards to make cash on the side

if your a compt fixer,

shouldnt you know the answer instead of comming here,

instead of picking the brains of the poster so you can increase your greed

marty

At the rate malware is currently being introduced to society, sometimes it is hard to keep up with what is going on. So coming to the forums like this one, is a necessary evil. There is no harm in asking questions to help understand an infection you are not familiar with.

as for the asking and suggesting part, sorry Marty you got me confused on that one.

[martymas]

hi dragon

my post was aimed at the original poster

tom coyote has a tutor for hjt

and it would be wise for any one to learn the craft

.

i know what matt was referring to

i belonged to a board where ir got cluttered up with

hjt posters trying to get a fix for their client

so it had to be stopped.

take a look at g4 5-6 posts every day

on hjt and now many of the hjt helpers by pass those posts

because they cant cope

my answer to shanenin

is go there and post your Q

if you went to world start they wont allow these sort of posts

because they havent time to attend other problems

so as i said my post wasent aimed at your answer

it was the for the original poster

marty

[Dragon]

shanenin posted here because it's the forum he calls home. He is one of our Linux Experts and he trusts the answers that our community can give him in regards to these type of topics.

Since we don't have our own HJT training program here, everyone who does HJT logs get's their training from either tomcoyote, SWI, or Geekstogo. I am a member at all three, I went to through my training at TC and SWI. then I helped make Geekstogo training the way it is now.

As I see it there is no harm in the question being asked here versus asking at TC. We have people who are members of most of these types of boards and they will go get their questions answered at the forum they are most comfortable asking them at.

This is no offense to you, or your comments. We would never consider turning a question away. I'm glad to see that Shanenin is taking a proactive route to learning this type of info. And he can feel free to ask any of us here for our input on something he isn't familiar with, just like anyone else.

As Matt stated, we won't diagnose HJT logs for a commercial business but if the computer owner wants us to take a look at it, by posting it here themselves, then we will be happy to help with that.

[martymas]

thanks dragon

i have had adaware reboot when it is deleting malware

and some times it takes 2-3 reboots to fix the problem

but normally it will ask the user.

but this is new to me which makes me think it is

hjt

or highjacker

when i posted, yours and my post must

have been sent at the same time.

as i didnt get to read yours til mine had been sent

marty