Solved

HELP!! Surf Sidekick 3 is screwing up my 200 server machine and I can't remove it! What should i do?

Posted on 2006-06-09
10
336 Views
Last Modified: 2010-04-11
hey guys my boss's kids were looking at porn on the server computer which they have repeatedly been told not to use.  anyway they got some spyware on there called surf sidekick 3 and i can't get it off.  I even tried deleting the registry keys but they keep coming back.  Windows defender can't remove it either.  Now It is displaying error messages when it boots up.  It says one or more drivers or services failed to start check event log.  When i check the even log it says the lpd service failed to start and it also says something about the network adapter not working.  The internet has stopped working even though it is showing an open connection with the router and the device manager says the network adapter is working properly.  What should i do?
0
Comment
Question by:danielwebb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 2

Expert Comment

by:EECDML
ID: 16871235
If you can still use task manager, close every process that looks a bit sus', or that you know is not suppose to be running.  

If they keep loading when you close them, take note of the name of the process EXE file, locate it on the computer, then restart in safe mode and delete the file(s).

Find the process's location by checking the run keys in the registry, the startup folder in the start menu, or the file WIN.INI in the Windows folder.

Most of this scumware will not load in safe mode, allowing one to remove all traces of it from the computer.
0
 

Author Comment

by:danielwebb
ID: 16871720
how do i start windows 2000 in sagfe mode?
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16871777
I have booted most Windows to safe mode at one time or another, but not 2000...does F8 before the splash screen work?
0
Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

 

Author Comment

by:danielwebb
ID: 16871977
ok i booted in safe mode and it is still not letting me delete the file.
0
 

Author Comment

by:danielwebb
ID: 16872007
it says there has been a sharing violation and that the source or destination file may be in use
0
 
LVL 2

Expert Comment

by:EECDML
ID: 16872026
Which file is it?
0
 
LVL 2

Accepted Solution

by:
EECDML earned 63 total points
ID: 16872965
Some spyware/viruses will take-over actual Windows files.

I have personally seen spyware take-over the Windows Automatic Update service on a computer.  When it happened...stopping, disabling, deleting files...all failed to remove it, even in safe mode, the spyware was still popping-up all over the place.  The more I attempted to remove it, the more the Windows installation became corrupt.  If a piece of spyware is still being ran in safe mode and cannot be closed or deleted; your best bet is to clear the drive (or partition) and reinstall Windows.

In your case, with a server, even if you do get the spyware removed, it could have left traces behind and could've caused damage in areas you don't know of, it would be the best option for Windows to be put on as a new installation, this will ensure no future problems arise from the spyware having been on the system.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 62 total points
ID: 16873214
If the Uninstaller via Add/Remove programs does not work then do this:

1. Download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C:) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.


2. Download sidekickFix.bat (rightclick on that link and choose save as)
http://downloads.subratam.org/Lon/sidekickFix.bat
Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question