Way of Removing Crap Malwarebytes Can't?

Martynt74 · 20 Oct 2010 at 16:22

My mrs laptop seems to have a fair bit of crap on it thats making it very slow (especially on bootup) and also sometimes in IE when you click a link it'll take you to some random page, click back and reclick the link and it works.

I think the link it initially takes you to is something called Doubleclick and i'm sure i've seen something like this before.

I've downloaded Malwarebytes, Spybot, AVG and avast and scanned the whole thing and whilst it had found quite a bit of stuff these problems seem to still be occuring.

Is there anything else i can run to try and sort it out before i have to re-install windows?

On a side note its a Sony laptop, are there any programs which gets rid of all the crap Sony install by default without me going in uninstalling things at random?

SiriusB · 20 Oct 2010 at 17:00

If it is Windows XP or Vista, you can try Combofix.

Failing that, you could try finding instructions on manually removing DoubleClick or whatever it is. Odd that nothing has found it though.

You could also give Autoruns a go from Sysinternals. It shows just about anything that loads with Windows. It is nicely divided up into categories too so you don't just have one massive list. It will allow you to disable any start up item - so if something looks suspicious, disable it, then reboot and see if things improve.

5tephen · 20 Oct 2010 at 17:30

Number 1 rule is always boot the computer into safe mode before running these tools. A lot of these programs have ways of detecting when they have been removed, and have some sort of background service of planting themselves right back in again. Safe mode will stop these sort of things running in the background.

Start with something like ccleaner - clean up the temp directories, then go to the startup tool and remove/disable things there that look dodgy - a lot of them run from c:\users\username\appdata\local (or appdata\roaming or appdata\temp).

Malwarebytes is 90 - 95% effective for me in safe mode. I think I've had 3 cases where it maybe hasn't removed something, and I've had to get a specific removal tool for the job.

Your particular case sounds like that Alureon virus that's been doing the rounds - download this :
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Again run it in safe mode to be sure.

The Mad Rapper · 20 Oct 2010 at 19:34

Spybot S&D offers a Boot CD.

Neolink · 20 Oct 2010 at 20:12

I mostly agree with the posts above, so I won't echo them. But recently we have been using SuperAntiSpyware to get rid of the things that malwarebytes and combofix have missed, it is incredibly good alongside the aforementioned programs

Run these from safemode if possible, quite a lot of malware can detect you trying to remove it and stop you. Also important, make sure these programs have up to date definitions! It can make all the difference.

div0 · 20 Oct 2010 at 21:59

As above, plus turn off system restore so as to delete any existing restore points.

Martynt74 · 21 Oct 2010 at 09:32

I've ran the things in safemode and it seems to have tidied up what may have got missed before. I seemed to have quite a few dll files missing when it was trying to startup which its stopped looking for which is a result.

Thanks guys