First you might need to use the ATTRIB command to remove the System, Hidden,
and Readonly flags
attrib -s -h -r spyware.dll
attrib does accept wildcards...so attrib -s -h -r *.dll works too.
When dealing with the "in use" or "access is denied" issue, I write a batch
file that loops on deleting the executable.
:top
del spyware.dll
goto top
Then I go to the Task Manager and kill the process. I've seen processes
relaunch themselves on exit - but there is a window of opportunity that the
tight batch file loop takes advantage of.
To start in Safe Mode tap the F8 key just before and during the Window's
Startup Splash. If done correctly, you will get a text based selection
screen - Safe Mode is one of the options. Use the cursor keys to pick the
option you want and press Enter. If the system booted normally - then you
missed with the F8 tap. Reboot and keep trying.
Since you are using Windows 2000 - see if you can find an XP system and copy
the msconfig program to the corresponding folder on the 2000 box - ie.
system32 to system32.
If you do not have XP at your disposal contact me off line or go to this
link I found via Google.
http://www.perfectdrivers.com/howto/msconfig.html
Good Luck - Ho Ho Ho
Charles
cpaluska@...
and Readonly flags
attrib -s -h -r spyware.dll
attrib does accept wildcards...so attrib -s -h -r *.dll works too.
When dealing with the "in use" or "access is denied" issue, I write a batch
file that loops on deleting the executable.
:top
del spyware.dll
goto top
Then I go to the Task Manager and kill the process. I've seen processes
relaunch themselves on exit - but there is a window of opportunity that the
tight batch file loop takes advantage of.
To start in Safe Mode tap the F8 key just before and during the Window's
Startup Splash. If done correctly, you will get a text based selection
screen - Safe Mode is one of the options. Use the cursor keys to pick the
option you want and press Enter. If the system booted normally - then you
missed with the F8 tap. Reboot and keep trying.
Since you are using Windows 2000 - see if you can find an XP system and copy
the msconfig program to the corresponding folder on the 2000 box - ie.
system32 to system32.
If you do not have XP at your disposal contact me off line or go to this
link I found via Google.
http://www.perfectdrivers.com/howto/msconfig.html
Good Luck - Ho Ho Ho
Charles
cpaluska@...
----- Original Message -----
From: "Mitchell Kirby" <m.kirby@...>
To: <vantage@yahoogroups.com>
Sent: Wednesday, December 22, 2004 4:55 PM
Subject: RE: [Vantage] OT: Browser Hijack
>
> It is not CWschredder. The OS is Win2K, Norton doesn't find anything,
> spybot doesn't find anything. SpySubtract finds stuff but it reinstalls
> itself when you reboot. How do I boot in safe mode? I found some suspect
> files but I can't delete them, they are either in use or access is denied.
>
> Mitchell Kirby
> Riten Industries, Inc.
>
> 740-333-8719 Direct
> 800-338-0027 Sales
> 800-338-0717 FAX
>
>
> -----Original Message-----
> From: Charles Paluska - HPN [mailto:cpaluska@...]
> Sent: Wednesday, December 22, 2004 4:02 PM
> To: vantage@yahoogroups.com
> Subject: Re: [Vantage] OT: Browser Hijack
>
>
>
> What OS are you running ?
>
> What virus software are your using ?
>
> If possible, remove any "strange" process from starting up using
MSCONFIG -
> available on everything but NT & W2K.
> (you can add the xp version of msconfig to W2K and it will work.)
>
> Check what processes are running and kill the ones that seem out of place.
> Track down the strange executables and rename them ( I usually replace the
> last character with a hyphen i.e. spyware.dll => spyware.dl-).
>
> You might have to boot in Safe Mode or Command mode.
>
> Worst case is removing the drive and added it to another system as a slave
> so that you can rename the stubborn buggers.
> I use an external USB drive for this type of problem.
>
> Good Luck & Merry Christmas
>
> Charles
>
>
> ----- Original Message -----
> From: "Paul Lipham" <pml@...>
> To: <vantage@yahoogroups.com>
> Sent: Wednesday, December 22, 2004 3:32 PM
> Subject: RE: [Vantage] OT: Browser Hijack
>
>
> >
> > Try CWshredder, you can get it from www.majorgeeks.com. Also, search
> their
> > site and see if there is any information on coderz
> >
> > Paul L.
> > -----Original Message-----
> > From: Mitchell Kirby [mailto:m.kirby@...]
> > Sent: Wednesday, December 22, 2004 1:43 PM
> > To: Vantage (E-mail)
> > Subject: [Vantage] OT: Browser Hijack
> >
> >
> > Does coderz ring a bell with anyone? I have a laptop that has a
> hijacked
> > browser to the point that it is almost unusable. Of course it has no
> > backups and the information on it is mission critical. It seems to be
> > hiding on the machine and reinstalls itself on boot up. Spybot
doesn't
> > touch it.
> >
> > Mitchell Kirby
> > Riten Industries, Inc.
> >
> > 740-333-8719 Direct
> > 800-338-0027 Sales
> > 800-338-0717 FAX
> >
> >
> >
> > Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
> > have already linked your email address to a yahoo id to enable access. )
> > (1) To access the Files Section of our Yahoo!Group for Report Builder
> and
> > Crystal Reports and other 'goodies', please goto:
> > http://groups.yahoo.com/group/vantage/files/.
> > (2) To search through old msg's goto:
> > http://groups.yahoo.com/group/vantage/messages
> > (3) To view links to Vendors that provide Vantage services goto:
> > http://groups.yahoo.com/group/vantage/links
> >
> >
> > Yahoo! Groups Sponsor
> >
> > Get unlimited calls to
> >
> > U.S./Canada
> >
> >
> >
> >
>
> --------------------------------------------------------------------------
> --
> > --
> > Yahoo! Groups Links
> >
> > a.. To visit your group on the web, go to:
> > http://groups.yahoo.com/group/vantage/
> >
> > b.. To unsubscribe from this group, send an email to:
> > vantage-unsubscribe@yahoogroups.com
> >
> > c.. Your use of Yahoo! Groups is subject to the Yahoo! Terms of
> Service.
> >
> >
> >
> > [Non-text portions of this message have been removed]
> >
> >
> >
> >
> > Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
> have already linked your email address to a yahoo id to enable access. )
> > (1) To access the Files Section of our Yahoo!Group for Report Builder
and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> > (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> > (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
> > Yahoo! Groups Links
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
> already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>