Quake3World

I have been raped by this adware ( no lube either )and I can't seem to pull it out of my ass. It's called SurfSideKick and I can't seem to get rid of it. I can't stop it from loading and it's not showing running in the background and I cant delete it from the program files cause it's being used by another program.

How can I delete this fag from my program files??
I tried to catch it in safe mode but thats a no go and spybot and other programs cant delete it.
I tried cmd/del Ssk.exe but the prompt can't find it.

safemode is your friend.

FragaGeddon wrote:safemode is your friend.

Read the last 3 lines in my 1st post, and it still loads in safemode

Have you attempted to clear anything suspectious from start > run > "msconfig" > startup?

try procexp from sysinternals.com for examining running processes. And hijackthis might be worth a look too.

another vote for hijack this, although it'd be wise to run in safe mode with that. it looks like this is a well-known spyware issue

http://www.google.com/search?q=surfside ... S:official

might want to hop in and nuke some registry entries:

http://vil.nai.com/vil/content/v_131112.htm

DiscoDave wrote:Have you attempted to clear anything suspectious from start > run > "msconfig" > startup?

I did that but it would still show as checked next time I rebooted.

+JuggerNaut+ wrote:another vote for hijack this, although it'd be wise to run in safe mode with that. it looks like this is a well-known spyware issue

http://www.google.com/search?q=surfside ... S:official

I ran hijackthis in safemode but whenever I selected it and fixed it. I would rescan and the damn thing was right back in their.

EDIT: I think I finally got rid of it now. M$ anti spyware was running and restoring stuff. I shut that down and let surfer reinstal intself then deleted it from everything. I still think something is hiding though, I get pop up's more then usuall now.

i'd still check your registry from my post above.

I got all but 1 file now. C:\WINDOWS\system32\browsela.dll

I keep getting that cannot delete because it's being used by windows crap. I jumped in the task manager and killed everything that wasen't critical, but I'm thinking it's tied to one of thoes.
Shouldn't I be able to end task on a critical process?

Tried safe mode but nothing either.

Didn't even budge it

killbox kills any process after which you can delete it. Might want to try procexp to find out which one is using it though.

Edit: linkzorz Killbox
procexp

Yeah, try those progs. Those should do the trick. procexp is a nice tool, not just for spyware removal purposes.

Lol the fun still ensues. I have finally rid my machine of everything. I have rebooted 6 times now and ran every safe spyware scan know to man. BUT...after my last reboot xp is telling me I have 1 day to activate/register windows.ffs Last month I just reformatted and had to call M$ cause my key wouldn't work and now it won't work again.....

Sigh guess I'ma have to call India again. :icon33:

Sorry but I still have 2 questions :icon25:

I have been trying to run procexp but I have been getting the following error. [lvlshot]http://img398.imageshack.us/img398/9223/untitled0qn.jpg[/lvlshot]
I have deleted all temp files and ran Ccleaner, then booted into safe mode but still nothing.


second question: I accedently deleted a file called WPA.DBL
it's M$ register/activation file that tells my pc that it registered and all. If I were to format again then boot into windows then replace that file would I have to regester it or do you think it would take it?

this sounds more and more like a reformat. you'd have been done by now. i'm not understanding your last question - if you format again you'll have a fresh copy of windows to boot into and you won't need be replacing any files, unless you're talking about a repair and not a reformat...

Never had that error, can't help you. Maybe try unzipping it before running it?

raw wrote:

I'm reluctant to tell you to just format because I've never come up a trojan and/or virus I couldn't remove.

me neither, but it's not you or me that's spending the time trying to remove it.

raw wrote:Have you looked to see if this trojan installed itself as a Windows Service? If so, it will be basically a manual removal of it but you have to audit your running services and make sure they are all legit Windows Services.

One way you can eliminate non-Windows services is to go to Start--Run-->type msconfig and hit [ENTER]

Once msconfig opens, go to the Services tab and at the bottom check off Hide All Microsoft Services and then click Disable All. This will disable all non-Windows Services.

Once you're done there click on the Startup tab and click Disable All to stop anything from running automatically.

Exit msconfig and reboot your machine and see if there is any change in the situation.

I'm reluctant to tell you to just format because I've never come up a trojan and/or virus I couldn't remove.

Just tried what you suggested and it's still not letting me remove it or rename it. Still being used by something.

boot into the recovery console,

delete [drive:][path] filename

-or-

del [drive:][path] filename

Godamn spyware... I can't stand it, it gets worse and worse and worse

btw when I get spyware I find all the "bad" files, boot up a knoppix live cd, and delete it from there, spyware has no power in linux!