Sign in to follow this  
Guest Ali

Cannot remove certain spyware, please help.

Recommended Posts

Hey guys,Recently I have been bogged down with spyware and it has started slowing down my resources.I have SpyBot, Adaware, Microsoft Anti Spyware and the rest but this one spyware/virus in particular cannot be removed. I have run numerous anti virus scans to be sure.It's in my running processes and called "dvdplay.exe". It uses about 30mb of memory and uses some CPU power. It only ever launches when I open Internet Explorer. I have tried rebooting in safe mode to delete it, but to no avail.Is my only option to reformat?Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post
Help AVSIM continue to serve you!
Please donate today!

It's not a virus as I have done numerous anti virus scans.Does anyone have any suggestions?Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

Firstly, go download spybot search and destroy,then download lavasoft ad aware.Update both of them using their automatic updaters, then run full scans on your system, with both of them. Reboot your computer if it says it's found something it can't delete without a reboot.After this, follow these directions please-start-run-regeditfinddvdplay.exedelete any entries that are found referring to that item.start-searchsearch all local hard drives for all files and foldersdvdplay.exepermanently delete any files that come up, including hidden or socalled 'system files'.start-run-msconfigclick the startup tab at the far top rightdisable any entries that mention dvdplay.exe in them

Share this post


Link to post

Many thanks I will get back to you soon.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

After successfully removing the dvdplay entry from registry and all the files found relating the file on my computer, it still seems to have produced itself again when I launched Internet Explorer.Anymore tips? This must be some kind of worm.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

When you say that you have done numerous virus scans has it been with different scanners or always the same one? If you have used more than one which ones have you used? I have noted on numerous occasions that Norton has missed various items allowing a computer to become infected and remain infected and only scanning with another scanner has picked up the offending virus. I am not picking on Norton because others will allow things through on occasion too. Philip Olsonhttp://www.precisionmanuals.com/images/forum/supporter.jpg

Share this post


Link to post

Alexander,You may wish to try this.Do a Google search for "Hijackthis.exe" space "+ download".Follow the instructions.This program will eleminate all superfluous, unnecessary andspyware links in your registry.Regards, JAH - Los Angeles.

Share this post


Link to post

I already have hijack this and in the report it identifies the malicious dvdplay.exe but it is not on the fix list to remove.Somehow it is not there to be ticked.I have used AVG, Norton, Housecall, Panda etc.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

>I already have hijack this and in the report it identifies>the malicious dvdplay.exe but it is not on the fix list to>remove.>>Somehow it is not there to be ticked.>>I have used AVG, Norton, Housecall, Panda etc.>>Regards,>Alexander Martin.>----------------------------------->TMPRADIO DJ>Onair Monday - Friday 1900GMT @>http://www.tmpradio.comThis is more likely a 'worm' then a virus and therefore, an antivirus program can't necessarily detect, never mind remove it.I suggest you d/l a copy of the MS antispyware program and use it. You can also try a Google search with dvdplay.exe in the search bar which will lead you to removal instructions.The methods you have employed thus far are merely taking you in circles; this 'bug' is replicating itself after your so-called cleaning and it's time to adopt a more aggresive approach.

Share this post


Link to post

It may be overkill - but formatting is a great way to clean things up. Only problem is if it infects your backups you'll just get it back again.

Share this post


Link to post

Have you tried Jozef K's advice?

Share this post


Link to post

I followed his instructions in safe mode but it didn't find anything malicious.I have Microsoft Antispyware anyway, which didn't find it.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

Beware that some of these worms will modify the files used by various spyware "catcher" programs. Hijack this for instance uses a file which contains entries marked as "safe" by the user. Some of the spyware hacks this file, making it appear that no malicious entry is present. The only sure fire way to remove spyware is to find out which processes are spawned by spyware, boot into safe mode, and delete the process exe's and dll's and registry entries. That, and remove the Hijack exploits from IE which will redirect a user to an infected page as soon as they reopen IE, causing a new infection. It is also best to disable "Active Scripting" in IE until one is sure the spyware is gone.We have a rule of thumb on our WAN--if someone (an "unlocked" user) manages to infest their laptop or workstation and it takes more than fifteen minutes to research, we reimage their workstation and lock them down.-John

Share this post


Link to post

Nothing I've done has worked.Is my only option to reformat.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

One last thing you can try to tip the odds in your favor..Most spyware includes an uninstall program available in add/remove programs. You need to answer the prompts VERY closely--you get asked questions where you would expect "No" means "No", but instead you agree to load more spyware.But I've observed that if you answer the questions carefully, you can usually reduce the number of spyware programs running to the point where you can eliminate the rest in safe mode.It isn't easy work--sometimes a reformat is easier unless you have risk of losing lots of data.And regardless of the way you fix the problem, you need to look at how spyware got on your system in the first place.Spyware uses a few means of infecting most systems. A webpage designed to lure you, infected with the scripts needed to load spyware. A webpage you might hit by "mistyping" a URL., and last, through being part of something you download. In my shop, number one cause of spyware? Mistyped URL's. And it's hard to get people to type perfectly, all the time.The best means of preventing future spyware is by enabling active scripting in IE only for "Trusted Sites". You can do that by going to "Tools", Internet Options, Security, then highlight "Internet". Choose "Custom Options", and disable all three scripting options. Input the URL's of any sites you trust, such as Avsim, in the trusted sites zone.Or, for many sites, the newer browser alternatives work very well. Firefox is top notch, and reduces your exposure many-fold.Hope this helps. Just remember one rule of spyware--it requires a process, and something to launch the process--and that something is almost always a registry entry launching the process. If you can get to a truly safe mode where the process in question isn't running, then you can delete it, rename it, and delete the registry keys that are launching it.-John

Share this post


Link to post

Removed IE and now on Mozilla Firefox. Really liking it, the tabs are really cool and I recommend this browser to anyone.No more dvdplay running in the processes, so I've kind of solved the problem thanks to your help guys.Appreciated.Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

While you might be safe I would not assume that you are completely safe since the possibly infected files still reside on your hard drive and can still cause damage. Have you tried doing a search on Google for something like "DVDPlay virus" or something similar? There are several articles that could be of help to you, look for other files that are created on your hard drive by whatever virus or worm listed in the article and if you find them you have found the cause and can get rid of it. Please do not just think that since you have installed Mozilla you and others are safe, it could still act against you or send copies of itself out to others. Yes, it is possible that you will be ok but please do not assume this, the only way to be safe is to remove the offending files completely. Maybe over the weekend I can offer you some more help with this but this week I am swamped with calls, most of them from people who are infected with a virus. Ah, the joys of working on computers for a living. Good luck!Philip Olsonhttp://www.precisionmanuals.com/images/forum/supporter.jpg

Share this post


Link to post

Would appreciate your help over the weekend.Please send email or add me to msn alexmartin_uk@hotmail.com when you have a free moment.Cheers,Regards,Alexander Martin.-----------------------------------TMPRADIO DJOnair Monday - Friday 1900GMT @ http://www.tmpradio.com

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this