?
Solved

HELP!! Surf Sidekick 3 is screwing up my 200 server machine and I can't remove it! What should i do?

Posted on 2006-06-09
10
Medium Priority
?
338 Views
Last Modified: 2010-04-11
hey guys my boss's kids were looking at porn on the server computer which they have repeatedly been told not to use.  anyway they got some spyware on there called surf sidekick 3 and i can't get it off.  I even tried deleting the registry keys but they keep coming back.  Windows defender can't remove it either.  Now It is displaying error messages when it boots up.  It says one or more drivers or services failed to start check event log.  When i check the even log it says the lpd service failed to start and it also says something about the network adapter not working.  The internet has stopped working even though it is showing an open connection with the router and the device manager says the network adapter is working properly.  What should i do?
0
Comment
Question by:danielwebb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 2

Expert Comment

by:EECDML
ID: 16871235
If you can still use task manager, close every process that looks a bit sus', or that you know is not suppose to be running.  

If they keep loading when you close them, take note of the name of the process EXE file, locate it on the computer, then restart in safe mode and delete the file(s).

Find the process's location by checking the run keys in the registry, the startup folder in the start menu, or the file WIN.INI in the Windows folder.

Most of this scumware will not load in safe mode, allowing one to remove all traces of it from the computer.
0
 

Author Comment

by:danielwebb
ID: 16871720
how do i start windows 2000 in sagfe mode?
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16871777
I have booted most Windows to safe mode at one time or another, but not 2000...does F8 before the splash screen work?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:danielwebb
ID: 16871977
ok i booted in safe mode and it is still not letting me delete the file.
0
 

Author Comment

by:danielwebb
ID: 16872007
it says there has been a sharing violation and that the source or destination file may be in use
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16872026
Which file is it?
0
 
LVL 2

Accepted Solution

by:
EECDML earned 252 total points
ID: 16872965
Some spyware/viruses will take-over actual Windows files.

I have personally seen spyware take-over the Windows Automatic Update service on a computer.  When it happened...stopping, disabling, deleting files...all failed to remove it, even in safe mode, the spyware was still popping-up all over the place.  The more I attempted to remove it, the more the Windows installation became corrupt.  If a piece of spyware is still being ran in safe mode and cannot be closed or deleted; your best bet is to clear the drive (or partition) and reinstall Windows.

In your case, with a server, even if you do get the spyware removed, it could have left traces behind and could've caused damage in areas you don't know of, it would be the best option for Windows to be put on as a new installation, this will ensure no future problems arise from the spyware having been on the system.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 248 total points
ID: 16873214
If the Uninstaller via Add/Remove programs does not work then do this:

1. Download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C:) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.


2. Download sidekickFix.bat (rightclick on that link and choose save as)
http://downloads.subratam.org/Lon/sidekickFix.bat
Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question