Ad-aware : removing a certain spyware messes up the internet connection...

[Didou]

OK, here goes.

After installing ad-aware 6 & updating the reference file, I launched a standard scan & it found about 40 spywares objects.

I simply selected all of them & quarantined/deleted them. After rebooting, the PC was completely unable to connect to the net.

The PC has WinXP ( no Service Pack installed ) & the connection is via a cable modem, connected to the network card. I looked in the Event Logs & it seems the DHCP client is unable to start.

I simply went back to Ad-aware, restored the last quarantined files & rebooted. The connection worked fine.

Any suggedtions ?

 

[Phantasm66]

Oh, that's nasty! I don't like that one bit!

I especially don't like you finding 40 spywares on your machine. That really is a lot. Usually I only find 1 or 2.

This may sound a bit mental, but you might be well quaranting each spyware one at a time, and then testing. That would isolate the problem.

The DHCP client service seems to have no dependencies, so maybe it itself is being replaced with a spyware infected version. I've never heard of this, and its nasty if its true.

I have, however, found something that may shed a little light on the situation....

The reason I said "in most cases" above, is because this spyware has evidently been upgraded to modify your Windows Sockets configuration, binding itself to Winsock so that all packets are passed through WebHancer. Because of this, some readers are reporting an inability to connect to the web after removing the app, and if you should experience this problem you may need to reinstall Winsock 2 from Microsoft's website.

The Winsock 2 file can be found here.

I found this information from here - http://sitebilder.com/hosting/privacy/webscum.php

ANYONE USING AD-AWARE TO REMOVE SPYWARE SHOULD READ THIS PAGE. IT CONTAINS SOME IMPORTANT INFO. RUNNING AD-AWARE CAN CRIPPLE YOUR SYSTEM.

As always, I recommend that people make regular backups of their system partitions with software such as Norton Ghost or Powerquest Drive Image.

 

[Didou]

Oh Lord no !!!!!

Me with 40 spyware on my machine ??? Heck no.

It's on a friend's PC ( I don't use XP & if I did, I'd prolly install the SP1 ).

Plus I don't have a net connection so I'd prolly be a masochist freak to have that much spyware installed.

Thanks for the tip, I'm gonna try to quarantine the spyware files & immedialty reinstall the Winsock.

I thought it might be such a problem because UD is installed on this machine & at every boot it kept giving a message that it couldn't use the network services & that it was prolly due to a winsock error.

I'll post my findings as soon as I can.

Thx again man.

 

[StormBringer]

Check this thread https://www.techspot.com/vb/showthread.php?s=&threadid=4393

 

[poertner_1274]

Man that is some crazy stuff. I didn't think AAW uninstalled some important informatoin such as WinSock.....even though it was infected with spyware. You figure if it found something that was important or system related it would red flag it for further looking into.

 

[Nodsu]

You should only remove the stuff adaware marks as red, everything else is pretty paranoid.

I broke my internet connection when adaware was kind enough to offer removing .net framework..

 

[poertner_1274]

Wow I just htought of this, but that might be why my IE donsn't work anymore while opening new windows that use javascript.........and I don't have the quarantined files anymore. CRAP!!!!

 

[iss]

Hehe I can see the next version of adaware now.

"Adaware has detected the following spyware on your system"

C:/Windows

Would you like to remove this file?