Windows Windows SpyWare Fun / Killing processes from command line ?

Howdy all,

Just got back from Uni, and have the privaledge of trying to clean the home pc from the delights my little brother has managed to install while I'm away. Seems to have got a corker on there...

This particular one manages to kill a command prompt as soon as you start one, along with firewall, antivirus, spyware, taskman and anything else useful. Searching for adaware and similar terms in IE causes the window to close.

A quick glance reveals some suspicious files: wincrtad.exe and wincrtalt.exe, but unable to remove as they're in use by system... grrr

So questions: Are there any system commands to kill processes from the command line, and does anyone have any experience/ideas? Should I just give up and format?

Cheers !

 

you shouldn't need to format, spybot search & destroy for example will ask to run at startup if it needs to get in before other programs (i.e. spyware).

what anti-spyware apps have you used?
i recommend MS AntiSpyware; Ad-aware.

what anti-virus app(s) you using?
(i recommend Avast)

 

antivirus: AVG free edition (version 7 i think - up to date)
Firewall: Sygate Personal

The problem is that it appears that the spy/ad/mal(?)ware closes any windows before I get to do anything useful - even tried to cancel the installation of spybot routinely, but it brings up a dialog before quitting so was able to work around- but starting spybot normally just leads to it being closed instantly, before you're able to alter any settings (for example to configure start-up scan). I've never seen anything like it before- imagine my surprise as I fired up a command prompt to test network using ping, and have it closed immediately... May even by a virus, I have no idea what the family have been upto while I'm away lol.

So the question is: how to stop a process/run spyware progs when have no access to progs or command line, or taskmanager?

 

If you want to see what is running on startup try:

http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

You can right click and google a process if you dont know what it is, which comes in handy.

------

By the sounds of the symptons you described it may well be a MSN virus, possibly a Serflog variant as its relatively common around this time. Symantec have a good removal tool: http://securityresponse.symantec.com/avcenter/venc/data/w32.serflog.a.removal.tool.html

 

Thanks a lot Atomic, will try that out.

ps: immense avatar!

 

You can aways Press F8 to boot into Safe mode with networking. That way you can safely go online and download the anti spyware software. run the programs in safe mode then reboot into normal mode and run them again. It never fails.

 

Was it any help?

ps: thx

If its Serflog that wont work, itll close almost all AV/anti-spyware EVEN in safemode.