Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Possible to remove spyware Windows registry files w/Knoppix?

  1. #1
    Junior Member registered user
    Join Date
    May 2003
    Location
    Sitting at my PC
    Posts
    10

    Possible to remove spyware Windows registry files w/Knoppix?

    Hi all-

    What I'm up against is some bad spyware that has defeated all attempts to remove. I see them in the registry but am not allowed access (locked out by the spyware itself).

    Can I access & delete them from a Knoppix CD?

    System is XP Home/NTFS, 1.8Ghz, 256mb DDR.

    It was brought to me by a college girl (what ARE they teaching?)- I have no CD's to reinstall it or I would have done that in the beginning...

    Tracy

  2. #2
    Junior Member
    Join Date
    Jan 2005
    Location
    The Bleak Plains of Canada, much akin to Hoth
    Posts
    2

    Re: Spyware removal with Knoppix

    Hi Tracy,

    I had a similar encounter with my computer. However my problem was not only spyware, but my the boot-sector of my hard-drive was pooched as well. I think your best strategy - and if I'm wrong I'm sure someone in more of the know will let us both know - is to use knoppix to back-up all your documents.

    This can be done quite easily, provided you have a CD-burner. Simply go to KDE(the k with gear behind it (right beside the penguin))>Multimedia>K3b on the tool-bar. K3b is a cdrecord front end - just open it and in the bottom click on new Data CD. Your documents will be stored on "likely" hda1 (you may have to mount it first by clicking the hda1 icon on the desktop). Now hda1 will contain what is on you C: drive under XP. To find your My Documents folders go to the folder called <Documents and Settings> and look for your username, with a little bit of searching in that directory, you should be able to find all your important documents. Drag the files or directories from the top pane to the bottom pane. There is a reference meter to ensure you don't over-fill the CD.

    If you don't have a CD burner, you may want to transfer the files to a web-based file-storage system i.e. http://www.xdrive.com/

    Anyway, to remove the Spyware. I suggest starting XP in safe-mode with Network support. And downloading the following free software for Windows:
    Adaware: www.lavasoftusa.com/software/adaware/
    Spybot Search and Destroy: http://www.safer-networking.org/en/spybotsd/

    Also make sure your Windows is uptodate.

    Update them, and run them. I found turning off system restore in Windows is often helpful for removal. You can turn it back on when your finished. Also there maybe some persistent malwares that have to be removed manually, if this is the case, you can usually find full directions using your friendly neighbourhood Google.

    If push comes to shove, you can just scrap Windows all together - you know join the rebels in fighting the evil empire. Anyway, If anyone knows of way to do the spybot removal in Knoppix, I for interest sake would be interested.

    Cheers and Best of Luck,
    BZ

  3. #3
    Administrator Site Admin-
    Join Date
    Apr 2003
    Location
    USA
    Posts
    5,441

    Re: Possible to remove spyware Windows registry files w/Knop

    Quote Originally Posted by adkmom
    What I'm up against is some bad spyware that has defeated all attempts to remove. I see them in the registry but am not allowed access (locked out by the spyware itself).
    You might want to give more details about the specific software in question. You're likely to get help for someone who knows about it that way.

    Once you know it's there I don't see how spyware would stop you from deleting the spyware files, even if it could stop you from removing the registery entries. Then, after the spyware itself is gone, on the next boot you should have no problem removing the registery entries. There are also programs like Start/Stop and StartUpCop that will let you control which progams start at boot time, even if there is a registery entry to start them.

  4. #4
    Junior Member registered user
    Join Date
    May 2003
    Location
    Sitting at my PC
    Posts
    10
    Many thanks to those replying:

    Here's what I see in the registry. MS/Giant beta has actually found MANY more.

    CoolWeb Search
    CB.UrlCatcher
    Ezula
    ATLEvents(1)
    Webcom.Webbar

    As I say, MS/Giant sees others but stalls at the Webcom one. At that point, it reports "low on virtual memory" & locks up.

    I have tried turning VM off & then restarting- turning it on & setting the max at 2000mb's. Plenty of room on this drive. It still locks up. It only has 256mb- I may drop another of my own sticks in if necessary. This is a favor for a friend's daughter.

    Had she brought along the CD's- I'd have done a reinstall from the get-go, you know it! It had 453 spyware & 89 viri to start!

    The ones now in the registry will not allow me to do anything with them...I was even hoping I could boot to a Knoppix CD & access/delete them from there.

    I will post a new HijackThis this evening to Castlecops. More to follow...

    Tracy
    PS- all the typicals followed: restore off/safe mode/etc...Adaware, Spybot, Housecall, Pest Patrol, a2,...makes no difference.

  5. #5
    Senior Member registered user
    Join Date
    Dec 2004
    Location
    Dublin, OH
    Posts
    342

    Get Regseeker

    I use Regseeker to strip unwanted registry items.

    A must have utility!!!

    It's a windows program. Hope you can run it.

    sakiZ

  6. #6
    Senior Member registered user
    Join Date
    Jan 2003
    Location
    Southern Indiana
    Posts
    110

    Try Nordahl's password hack disks

    Peter Nordahl has a boot floppy or boot cd using linux which can be used to edit any or all of the registry.

    If you know your way through the registry keys, it works quite well.

    I locked myself out of a friend's machine while changing the drive letter of the boot drive. I had to change HKML>Software>Microsoft>WindowsNT>CurrentVersion>w inlogon userinit to get back into windows.

    The registry editor worked like a charm, just follow the directions.

    The link is home.eunet.no/~pnordahl/ntpasswd/

  7. #7
    Junior Member
    Join Date
    Apr 2004
    Location
    C:\WINDOWS\SYSTEM
    Posts
    6
    They are programs that you can run them at boot to scan your computer for spyware and adware (mainly anti-virus programs). Whenver it becomes next to impossible to boot up windows and run a scan. I boot up in DOS and run the scan there..it generally takes 2 or even 3 full scan to fully remove all the infections. Then, after I'm able to at least boot up into Windows safe mode...run another spyware scanner until everything is clean. Sometimes..even with all the scanners you can do anything 'bout it..I had to reformat but thats always the last choice.

  8. #8
    Administrator Site Admin-
    Join Date
    Apr 2003
    Location
    USA
    Posts
    5,441
    Quote Originally Posted by dot.hack//infection
    .... Whenver it becomes next to impossible to boot up windows and run a scan......
    Perhaps you need to seriously rethink your security issues if you are having this many problems. It's bad enough that you say it becomes next to impossible to boot up windows, but to prefix this with the word Whenver implies that it has happened more than once, maybe even frequently. As a Windows user who now refuses to install the Microsoft "security updates" (see http://www.knoppix.net/forum/viewtop...er=asc&start=0
    and http://www.knoppix.net/forum/viewtop...er=asc&start=0 if you want to know why), and yet who has absolutely never had any virus instaled on his own computers (home or work), I think I can tell you that such things are not to be so accepted that you should be using words like "Whenever". I have knowingly installed ad-ware. I have many cookies and the like that some software lumps in the spyware category. And I've certainly had viruses show up in my in box (even though I never let any e-mail or virus scanner run in the background, I only scan files when I tell the program to scan a file), or even see files that I suspected were viruses and downloaded then and confirmed that they were. But I've never had (on my own systems) any virus that got installed.

    Beyond the simple common sense stuff (don't run it if you don't know the source, don't run or even open e-mail from strangers and don't trust e-mail that supposedly comes from your friends and so on), I would suggest that you consider two things: A hardware firewall (part of a common and inexpensive home DSL/cable router), and also a software firewall (and not that joke of a thing that comes from Microsoft, a software firewall that really works). I use an old copy of Tiny Personal Firewall 2.15 on my desktop and an old version of Kerio Firewall on my notebook and test systems (I like the old version much more than the new version, the new version added "features" that I don't see as being a valid part of a firewall), yet either of these old free software firewalls and the hardware firewall have both kept me safe and given me the comfort in knowing that if something did get into my system it likely would not get out again without my knowing it.

  9. #9
    Junior Member registered user
    Join Date
    May 2003
    Location
    Sitting at my PC
    Posts
    10

    Fixed (close enough for gov't work)

    I was stuck for a while- the spyware removers froze at removing these reg. files (hard freeze until all memory was used up). I couldn't manually get to them- locked out.

    I ended up using RegistrarLite to get the permissions set back- & then I was allowed to delete the files/folders.

    RegLite allowed me to delete the offending files/folders in the registry & to then get a full scan to complete by the spyware programs- that was a good start.

    I did the best I could- though this PC should be running better. It needs a reinstall of XP- but the college girl who owns it has other things on her mind- & I'm not going to waste my breath talking about antivirus/spyware/more RAM...I went over it all one time & left a text doc on the desktop to remind/guide her on how to keep up the maintenance. It's now out of my hands.

    Thanks for all of the replies,

    Tracy

  10. #10
    Senior Member registered user
    Join Date
    Oct 2003
    Location
    N42.41 W73 and change
    Posts
    401
    A couple of suggestions , even if it might be too late:

    Encourage college girrl to use mozilla firefox instead of ie, and perhaps mozilla thunderbird for email, maybe gaim for chat - all available and easily installable for windows. these apps are somewhat less vulnerable to some of the exploits out there..

    You might also try and try something like vnc to perform maintenance from home ( a long shot, I know).

Page 1 of 2 12 LastLast

Similar Threads

  1. Windows 2000 Registry & Restoring it with Knoppix
    By skronrod in forum MS Windows & New to Linux
    Replies: 5
    Last Post: 04-03-2006, 05:14 AM
  2. windows wont boot, trying to fix registry from knoppix
    By jl in forum MS Windows & New to Linux
    Replies: 6
    Last Post: 12-21-2005, 06:10 PM
  3. Accessing Windows Registry Through Knoppix
    By kaplan71 in forum MS Windows & New to Linux
    Replies: 5
    Last Post: 02-24-2005, 10:09 AM
  4. Using Linux to remove spyware from Windows partitions.
    By fairchdr in forum MS Windows & New to Linux
    Replies: 9
    Last Post: 11-06-2004, 03:40 AM
  5. Windows registry lost after running Knoppix
    By viggooo in forum General Support
    Replies: 10
    Last Post: 01-15-2004, 03:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Dell PowerEdge R640 NVMe Server 2.10Ghz 8-Core 96GB 10x 1.6TB NVMe SSD HBA330 picture

Dell PowerEdge R640 NVMe Server 2.10Ghz 8-Core 96GB 10x 1.6TB NVMe SSD HBA330

$3133.65



Dell Desktop Computer 16GB RAM 512GB SSD Intel Core i5 8th Gen. Windows 11 Pro picture

Dell Desktop Computer 16GB RAM 512GB SSD Intel Core i5 8th Gen. Windows 11 Pro

$250.00



Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4... picture

Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...

$364.99



Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ... picture

Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ...

$519.99



Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc... picture

Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...

$331.99



AMD Ryzen 7 5700X 8-core 16-thread Desktop Processor picture

AMD Ryzen 7 5700X 8-core 16-thread Desktop Processor

$140.00



Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc... picture

Intel - Core i7-12700K Desktop Processor 12 (8P+4E) Cores up to 5.0 GHz Unloc...

$236.99



Intel Core i7-7700 (SR338) 3.6GHz Intel Quad Core 8MB Socket LGA 1151 Processor picture

Intel Core i7-7700 (SR338) 3.6GHz Intel Quad Core 8MB Socket LGA 1151 Processor

$69.99



HP Z820 8-Core 2.60GHz E5-2670 128GB RAM No HDD No OS picture

HP Z820 8-Core 2.60GHz E5-2670 128GB RAM No HDD No OS

$214.82



HP RGB G3 Desktop Computer i7 32GB 2TB SSD 2TB HDD New 24

HP RGB G3 Desktop Computer i7 32GB 2TB SSD 2TB HDD New 24" LED Built-in Wifi Pro

$394.99