Solved

HELP!! Surf Sidekick 3 is screwing up my 200 server machine and I can't remove it! What should i do?

Posted on 2006-06-09
10
331 Views
Last Modified: 2010-04-11
hey guys my boss's kids were looking at porn on the server computer which they have repeatedly been told not to use.  anyway they got some spyware on there called surf sidekick 3 and i can't get it off.  I even tried deleting the registry keys but they keep coming back.  Windows defender can't remove it either.  Now It is displaying error messages when it boots up.  It says one or more drivers or services failed to start check event log.  When i check the even log it says the lpd service failed to start and it also says something about the network adapter not working.  The internet has stopped working even though it is showing an open connection with the router and the device manager says the network adapter is working properly.  What should i do?
0
Comment
Question by:danielwebb
  • 4
  • 3
10 Comments
 
LVL 2

Expert Comment

by:EECDML
ID: 16871235
If you can still use task manager, close every process that looks a bit sus', or that you know is not suppose to be running.  

If they keep loading when you close them, take note of the name of the process EXE file, locate it on the computer, then restart in safe mode and delete the file(s).

Find the process's location by checking the run keys in the registry, the startup folder in the start menu, or the file WIN.INI in the Windows folder.

Most of this scumware will not load in safe mode, allowing one to remove all traces of it from the computer.
0
 

Author Comment

by:danielwebb
ID: 16871720
how do i start windows 2000 in sagfe mode?
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16871777
I have booted most Windows to safe mode at one time or another, but not 2000...does F8 before the splash screen work?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:danielwebb
ID: 16871977
ok i booted in safe mode and it is still not letting me delete the file.
0
 

Author Comment

by:danielwebb
ID: 16872007
it says there has been a sharing violation and that the source or destination file may be in use
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16872026
Which file is it?
0
 
LVL 2

Accepted Solution

by:
EECDML earned 63 total points
ID: 16872965
Some spyware/viruses will take-over actual Windows files.

I have personally seen spyware take-over the Windows Automatic Update service on a computer.  When it happened...stopping, disabling, deleting files...all failed to remove it, even in safe mode, the spyware was still popping-up all over the place.  The more I attempted to remove it, the more the Windows installation became corrupt.  If a piece of spyware is still being ran in safe mode and cannot be closed or deleted; your best bet is to clear the drive (or partition) and reinstall Windows.

In your case, with a server, even if you do get the spyware removed, it could have left traces behind and could've caused damage in areas you don't know of, it would be the best option for Windows to be put on as a new installation, this will ensure no future problems arise from the spyware having been on the system.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 62 total points
ID: 16873214
If the Uninstaller via Add/Remove programs does not work then do this:

1. Download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C:) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.


2. Download sidekickFix.bat (rightclick on that link and choose save as)
http://downloads.subratam.org/Lon/sidekickFix.bat
Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question