• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

How do i get rid of this

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
T

ToiletDuck

Member
Joined
Aug 17, 2002
ok guys i have a few things that are in my processes list that i'm pretty sure are ad based programs or something. Can someone tell me how to get rid for them? They are:

Winad.exe <--pretty obvious there
msbb.exe <--no idea what that is
WinClt.exe
Slave.exe<--don't remember this one
 
adaware and spysweeper just look for stuff like cookies other things. I've ran them both and they didn't do anything about the executables.
 
ToiletDuck said:
adaware and spysweeper just look for stuff like cookies other things. I've ran them both and they didn't do anything about the executables.
Click to expand...
did you try hijack this?
 
Spybot Search and destroy should get rid of them

yes those are spyware

You should educate yourself on how to configure your browser so that it prompts you to download things, also keep whatever browser you are using updated with security packs. Then stop going to sites that are less than reputable.
 
Ok you know what the bomb is. THE BEST AD REMOVAL PROGRAM IS SPYHUNTER! write that down. I ran adaware pro 6.0, then Spysweeper(which both of these were rated as the best out there when used in conjunction with each other), and now running spyhunter and it has found over 50 additional things. Not bad at all. I'd say run all 3 together becuase of the different methods of searching.
 
ToiletDuck said:
Ok you know what the bomb is. THE BEST AD REMOVAL PROGRAM IS SPYHUNTER! write that down. I ran adaware pro 6.0, then Spysweeper(which both of these were rated as the best out there when used in conjunction with each other), and now running spyhunter and it has found over 50 additional things. Not bad at all. I'd say run all 3 together becuase of the different methods of searching.
Click to expand...

But the real problem is preventing it from happening again. Otherwise you are doing all that for no reason and will just download more malware.

I get to clean coworker's machines at work weekly. SpyBot, Adaware(free), and Hijack This(when you know what you are doing) takes care of everything I know of.

Amazingly, my PC at work is spyware free. Some tips: when using Google search for things, try to click on the 'cached' link first before going to the actual site. If using IE, make sure you have IE 6 and set your privacy levels at 'medium high' or above.
 
Hijack this looked more like it was a tracer or something that prevented the stuff from getting to the computer and not so much as a remover. I rarely get adaware but for some reason I was having problems and found out that was why. Don't know where i got it from.
 
how come no one has just searched the files on google?

Winad.exe definition, relationships, removal:
winad.exe definition
Startup entry for winad.exe: WinAd

winad.exe description: File winad.exe is a related to adware WinAD from TwistedHumor company. It shows commercial advertisements. From time to time it connects to the Internet and downloads instructions and files. File winad.exe is related to adware WinAD.

Files related to winad.exe: winad2.dll, WNAD.EXE, WNAD.DAT, WNAD-UPDATE.EXE

File winad.exe removal: WARNING!!! File winad.exe is related to adware. This is serious violation of your privacy, your system is under security threat.
We advice you to scan your computer and eliminate possible threats.
Click to expand...


msbb - msbb.exe - Process Information

Process File: msbb or msbb.exe
Process Name: MSBB Web3000 Spyware Application
Description: MSBB Web3000 spyware application that is included with some adware products and is started from the registry when Windows is loaded.
Company: 180Solutions.com
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A
Click to expand...

WinClt.exe is part and related to winad.exe get rid of that will remove Winclt.exe

Remacc.RAServer

Last Updated on: October 01, 2003 07:36:06 PM



Type: Remote Access

Name: Remote Anything

Publisher: TWD Industries
Systems Affected: Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX

Removal: Low
Damage: Low

detection
# Intelligent Updater Definitions*


September 19, 2003
# LiveUpdate™ Definitions **


September 24, 2003

*


Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**


LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.

This threat can be detected only by Symantec products that support expanded threats. For more information on expanded threats, please go here.

summary

Behavior
Remacc.RAServer is a component of the remote control software, Remote Anything.

Remacc.RAServer can be used for malicious purposes, as it allows a hacker to control a user's computer. And therefore, Remacc.RAServer constitutes a security threat.

Symptoms
The existence of the file, Slave.exe, is usually in the %System% folder.

Note: %System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).


technical details

File names: Slave.exe

Remacc.RAServer can be run in stealth mode. When Remacc.RAServer is executed, it performs the following actions:

1. Copies itself as %System%\Slave.exe.

2. Opens a port and listens for remote commands. Examples of opened ports are TCP 2639 and UDP 5048.


removal instructions

1. Update the virus definitions.
2. Run a full system scan and delete all the files detected as Remacc.RAServer.

For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

* Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
* Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


2. Scanning for and deleting the infected files

1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
2. Run a full system scan.
3. If any files are detected as infected with Remacc.RAServer, click Delete.
Click to expand...
 
I did, which is why I said they are spyware. I don't like copying and pasting info for people into a message board that they could easily find themselves.
 
I just find that spyware is tricky to fix, and yeah people are lazy, and at the time, I was bored, so I figured I'd give him a hand.
 
To do it right, reboot in SAFE MODE, TURN OFF System Restore, then run all the scans with the latest updates... Spywareblaster rules too, it is not a removal tool or a scanner but a PROTECTOR. Download it, update it, and enable all protection.
 
Everybody runs some sort of get rid of things.
QUESTION! What can we have on board to stop from getting it in the first place.
 
To do it right, reboot in SAFE MODE, TURN OFF System Restore, then run all the scans with the latest updates... Spywareblaster rules too, it is not a removal tool or a scanner but a PROTECTOR. Download it, update it, and enable all protection.
Click to expand...

If you don't do it this way, you WILL end up with the same problems in a short while.

As for cleaning up stuff those programs are missing:
I google the offending exe's listed in my taskmanager.
Find out what they are.
Delete associated registry values. (Very time consuing to search through the whole registry)

Its a much more complicated way of doing things, and has the potential for massive damage, but it works. (Particularly for the wtools branch of spyware.)
 
The google search did provide me with what they were but did not provide me as to where i pick them up from nor did I find how to get rid of them and keep them gone. However an easy way to keep your comments to a minimum and helpful manner would be only to post things relative to the subject. Anyway aside from those with lack of manners I have found all of these to be good ideas. One thing else i'd like to know is if Virus scanners use different methods of finding viruses as well. I had two trogans slip in and found it odd that AVG didn't stop them.
 
You must log in or register to reply here.

Similar threads

don256us
#7 still. Making progress still. Doing well still. Making a still.
Replies
1
Views
54
Flamethrower1972
Flamethrower1972
xarzu
How do I ensure I properly get text alerts on my Android phone?
Replies
3
Views
203
Zuzzz
Zuzzz
don256us
Lost internet for a day. I think it was my fault.
Replies
4
Views
704
jiminalex3
J
AnEEsO
ZOTAC GTX 1080 TI AMP EXTREME CORE EDITION 139mhz Clock bug after Bios flash
Replies
5
Views
294
Kenrou
Kenrou
antonio112
Thought on new build I am looking into
Replies
15
Views
386
antonio112
antonio112
Back