Hi,
I'm a new poster so please bear with me. I have XP Home edition SP2
installed and lately I've been plagued with spyware and malware. I use
Ad-aware and Xoftspy to try to get rid of it but it won't take all of it off.
It had only been a pain until today and now it bbots to the wallpaper and
freezes,the task manager is all I can get to come up and it shows
explorer.exe using 94-99% of the cpu. I've been trying to go in in safe mode
and the same thing happens.
I'm running Nortons 2004 Anti-virus all up to date ad-aware up to date and
Xsoftspy. I have been getting several exe files that would not let them
selves be deleted with anything(ffisearch.exe-ezulamain.exe) Any help would
be great.

Thanks,

Dave

DB G-Town wrote:

> Hi,
> I'm a new poster so please bear with me. I have XP Home edition SP2
> installed and lately I've been plagued with spyware and malware. I use
> Ad-aware and Xoftspy to try to get rid of it but it won't take all of
> it off. It had only been a pain until today and now it bbots to the
> wallpaper and freezes,the task manager is all I can get to come up and
> it shows explorer.exe using 94-99% of the cpu. I've been trying to go
> in in safe mode and the same thing happens.
> I'm running Nortons 2004 Anti-virus all up to date ad-aware up to date
> and Xsoftspy. I have been getting several exe files that would not let
> them selves be deleted with anything(ffisearch.exe-ezulamain.exe) Any
> help would be great.

If you have an earlier version of Xsoftspy, get rid of it. See the last
link (after malware removal steps below) to Eric Howes' rogue
antispyware tools site.

What do you mean you've been "trying to go into Safe Mode"? Does that
mean you can't get into Safe Mode at all? What happens? Unfortunately,
in order to kill malware, you must get out of Regular Mode because the
bad files are active then and you can't delete an open file.

Here are general malware removal steps. Try running through them,
perhaps with the different tools I mention. If you can't get into Safe
Mode then post back with more details for more help.

First delete all Temporary and Temporary Internet Files. Then:

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
The world is diminished without him.

Malke,

thanks for your reply. I finally got it to boot in safe mode so I'll follow
your instructions and hope for the best. Thanks for all the details.

Dave

"Malke" wrote:

> DB G-Town wrote:
>
> > Hi,
> > I'm a new poster so please bear with me. I have XP Home edition SP2
> > installed and lately I've been plagued with spyware and malware. I use
> > Ad-aware and Xoftspy to try to get rid of it but it won't take all of
> > it off. It had only been a pain until today and now it bbots to the
> > wallpaper and freezes,the task manager is all I can get to come up and
> > it shows explorer.exe using 94-99% of the cpu. I've been trying to go
> > in in safe mode and the same thing happens.
> > I'm running Nortons 2004 Anti-virus all up to date ad-aware up to date
> > and Xsoftspy. I have been getting several exe files that would not let
> > them selves be deleted with anything(ffisearch.exe-ezulamain.exe) Any
> > help would be great.
>
> If you have an earlier version of Xsoftspy, get rid of it. See the last
> link (after malware removal steps below) to Eric Howes' rogue
> antispyware tools site.
>
> What do you mean you've been "trying to go into Safe Mode"? Does that
> mean you can't get into Safe Mode at all? What happens? Unfortunately,
> in order to kill malware, you must get out of Regular Mode because the
> bad files are active then and you can't delete an open file.
>
> Here are general malware removal steps. Try running through them,
> perhaps with the different tools I mention. If you can't get into Safe
> Mode then post back with more details for more help.
>
> First delete all Temporary and Temporary Internet Files. Then:
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
> http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://aumha.net - forums
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://aumha.net - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
> The world is diminished without him.
>