"adm.exe" spyware removal help needed

[dareutwo]

Ok, I'm baffled by this one.
This trojan basically makes whatever you click on become a search.
Ad Aware doesn't find it
Norton can't delete it.

(try reviewing - it doesn't work at all - so I'm dead in the water)

It's called adm.exe - I've deleted the folder and all the files, yet it continues to hijack my browser.
1.) How the hell do I get rid of this thing?
2.) How do I find out how I got it in the first place so I can blacklist them?

Any and all help Greatly Appreciated!!

And Happy Fucking Holidays!!!

[MrMaryLou]

Try this http://www.safer-networking.org/en/index.html

[HC-Majick]

yep, that one is a pain to get rid of. found this link; at the bottom of the page is a link..."click here to download scanner"
http://www.spywareremove.com/removeadmexe.html

maybe that will be of some help

[quest]

HiJackthis may help clean out reg files.


Ben

[RedCherry]

MadHatter had his desktop hijacked by something (can't remember) and the only thing he found to that removed it was http://www.paretologic.com/products.aspx XSoftSpy. He went crazy, tried everything and couldn't get rid of it, but that did. You can run a free scan with it, or you can purchase it.

Good luck! Know how much a pain the butt that is.

[MadMax]

if you're getting coolwebsearch you can use cwshredder.

Usually if norton can't remove something but CAN detect it then there's an active registry key. Write down the path to the trojan and reboot in safe mode so only critical keys are active, then use windows explorer to delete it. Also, if you aren't already using windows antispyware beta (free) you can give that a try...does a nice job of getting rid of stuff with active reg keys since its a MS product

[RawAlex]

http://www.iamnotageek.com/a/342-p1.php

That would appear to do it. You can do it all in safe mode with your network disconnected, and you have much more chance of it actually working out.

Alex

[SirMoby]

The Microsoft tool works pretty well and when you think about, it's all thier holes so it should. You can always do a system restore

[cosmiccat]

This page has a link that will remove it: http://process.networktechs.com/adm.exe.php

Good Luck.

[MrYum]

Lots of good advice already Dare so I'll just toss in another thumbs up for the MS product and say Good Luck!

Oh, and a suggestion to go to Firefox if you're not already using it

[dareutwo]

A six pack, system restore a month back , a pack of smokes and 39.95 later...
Still no luck.

Thanks all for the suggestions though, I've tried them all.
As for firefox, I use it, but don't review with it. I want to see what they (90% of them) see.

This thing is a bastard.
Thinking it's time for a complete HD reformat. No biggy, all Real files are on a seperate HD.

[SirMoby]

Something is fishy. I've never heard of system restore not solving such an issue before. I'm sure you've done the Google thing and found pages like this http://www.iamnotageek.com/a/342-p1.php

You may want to check and see what applications you're running. The terms for some shareware applications is that you install crap like this and they'll do it every time you load them.

[CelticTiger]

Quote:

Originally Posted by dareutwo

Thinking it's time for a complete HD reformat. No biggy, all Real files are on a seperate HD.

That sucks....I'm suprised none of the above worked for you. When I run into a tough one that I can't fix within a reasonable amount of time I find a reformat saves time and ones' sanity

[ClickBuster]

OK, here're a few things I would do to.

1. I would log off and start Windows in Safe mode + Networking

2. Run regedit and check for strange things in:
HKLM > Software > Microsoft > Windows > Current Version > Run
HKLU > Software > Microsoft > Windows > Current Version > Run

3. Check C:\WINNT\win.ini for a [load] or run=something. If I see something like that pointing to a suspicious .exe I remove the line and try to delete the file

4. Go to C:\WINNT\system32\ and sort the files by date (newest on top) and delete all strange .exes and similar (things like asdzx123.exe usually)

5. Go to http://www.definitivesolutions.com/bhodemon.htm and download BHODemon - tricky simple tool that cleans/blocks IE toolbars - much better than any spyware out there, when it comes to hidden IE toolbars.

6. Go to http://www.pandasoftware.com/products/activescan.htm. On the right side you'll see "Free online virus scan". Use this to check your system, just in case.

If you think that you're ready to go, reboot the system in normal mode.

I hope this helps

[RawAlex]

System restore often gives viruses and scumware a place to hide (they know how to write themselves in there) so you may find that restore just makes it worse instead of better.

Alex

[f69j69b]

hi dareutwo
I had something like that once check your dns

Fred

[plateman]

mostly when trying to get rid of these things you gotta prep for it first..

turn off system restore, start in safe mode and run about 6 or so programs...

dareutwo the way I figured some of it out was after I ran hijackthis and I read the log, anything that looked like it shouldn't be there I would google it.. also I found a site that told you what most .exe and dll were and if they were scum or not... another good program is ewido,

another thing you probably know is that once you get infected with spyware and tojens there are very good spyware sites out there that has steps to follow to get rid of the shit...

like my last bout with the stuff I had I completely got rid of the shit, but a few days later I noticed when going on certain sites I would get redirected, so I did some research and didnt find anything, so I ran everything again and reread my hijack log and found some strange ip's in it.. and when I checked were the ip's were from I knew it was crap and I deleted them and never again had anymore redirects, and no spyware program would take that stuff out...

[dareutwo]

Update on this one.
Thanks for all the info and links!!!!
Well, it's not completely gone, Raw Alex was correct it simply changed names and went missing again.
Anyway, with the addition of the 3 new programs, they have found and deleted most of the crap. My comp is running a lot faster. I thought I had decent protection before, but now I know I do.

Whatever the big one was, it's apparently gone, as I'm able to review again.
Planning on getting new comp in Feb, so for now, I'll just leave this one alone. I get the new one, transfer stuff over, then reformat the HD's and give it to one of the kids. That'll take care of it for sure.

Thanks again for all your help and recommendations!

Happy New Year in advance!

[Mattinblack]

Quote:

Originally Posted by SirMoby

Something is fishy. I've never heard of system restore not solving such an issue before. I'm sure you've done the Google thing and found pages like this http://www.iamnotageek.com/a/342-p1.php

You may want to check and see what applications you're running. The terms for some shareware applications is that you install crap like this and they'll do it every time you load them.

Too true but there is actually quite a lot of things system restore wont fix because you can mark things to be 'restore proof' ... PSguard and Searchextender being a case in point. It took me six weeks to get rid of em! There are also (mercifully few) programs that mod your restore configuration so that they are re-installed by system restore when it restores which is why microsoft spyware now scans all your restore data in its latest incarnation. Its also good to be aware of the black-hat anti spywares out there (like PSguard!) which remove other folks spyware and install their own which keeps telling you that you need to download various paid for anti spyware programs...! My solution is that I run two laptops that I synchronise every week. I just swap over when I hit problems. All my sites are on a half-gig memory stick.

[Surfn]

I just got rid of some piece of scum ware that started slowing down internet connection yesterday morning and by last evening it was slower than my old 1200 connection. I did finally kill the sucker |slice