Thought I'd share this with you since this stuff rarely happens to me thought you might enjoy it.
I got careless and lazy...stopped running antivirus/anitspyware/firewall....hell the list of security programs just goes on and on that u could run on your machine.

Anyway I got something nasty called, "surfsidekick 3"....HOW did it get installed u might ask? well it was installed through the installation of EDONKEY2000. I got the version with crack from EMULE of all places and I don't believe the crack worked...it might even have been a virus.

Gone were the days when I would scan each and every executable before running it...my catch was..how do I know the pirated antivirus I'm using is in fact uncompromised its self and luring me into a false sense of security when the very patch for it could have disguised or enabled a trojan.

Anyway I digress...whatever the surf thing is has downloaded about a dozen other appz which have installed themselves automatically without my knowledge or permission.

My startup file is riddled with mysterious processes.

Here's three to wet ur taste buds:

Ssk.exe

SskBho.dll

SskCore.dll

These three are in this folder:

'C:\Program Files\SurfSideKick 3'

and I tried deleting ssk.exe but can't do it...not even with move on boot.

What I need to know is there way to reboot into dos mode with windows xp and remove these files manually?

Seems like there was one more question here that I needed or wanted to ask but can't think of it

atm. (still very tired)

if anyone wants to help with this...please do...i refuse to format and want this problem solved.

Edit: oh yes, How do u boot into safe mode with windows xp professional and service pack 2 installed (dell branded if that matters).

Durning startup press F8 and select safe mode, you can delete those files manually though I would suggest you let an Antivirus do that for you (you can do that while your system is in safe mode if you want). My suggestion is to scan first with BitDefender and then with Ewido. Other good scanners include Kaspersky's, and NOD32s.

Easy, use HijackThis and enter the advanced configuration and select the "delete file on reboot" option.

I'll try those suggestions...I forgot to mention there were 2 programs installed surreptitiously that had a listing in control panel under add remove programs..i forgot to document what they were...but they had a really weird uninstall routine that forced u to enter in a numerical code first before it would continue with the uinstall....it reminded me of the procedure u would use for signing up for a vbulletin website and having to enter the code generated to confirm u weren't a bot...anyway here's the latest part of this mess I found this in my control panel under add/remove programs:

'C:\Program Files\OpenWebScope'

I removed it of course because I think I remember reading on another security related site that whenever something has an option or feature to remove it from the control panel that it was considered something you Should do...so I did.

Edit:

I did the f5, f8, ctrl f5, ctrl f8, alt f8, atl f5, and no joy in getting any type of dialogue concerning safe mode.

Edit #2: Think I got rid of surfsidekick...yes there was an option in add/remove control panel for surfsidekick but it would error on shutting down explorer.exe so when u forced explorer.exe to close...it would crash it and not remove surfsidekick repeating this process endlessly.

this time I ended explorer.exe in ctrl+alt+del (task manager) and selected to restart from the shutdown properties in task manager..when it rebooted surfsidekick was gone..but what of the 'the other 13 ghosts of Scooby-doo' (in reference to the other malware that got downloaded and installed as a result of this being on my machine?)

programs such as 'weather.exe' which I was able to delete manually with 'eraser'.

There's other shit I ain't found yet..some I've found and forgotten...moral of the story don't install edonkey2000 kids and if u do u're fucked.

I saw no way to opt out of the crap.

There are still a lot of wanna be virus writers or hackers out there , so be carefull always!

Ssk.exe

SskBho.dll

SskCore.dll

end those process(how ever u spell it) then delete them

Nod32 / AdAware SE + VX2 / Ewido Anti-Malware / Outpost Firewall Pro

(Keep this kind of thing from happening a second time)

I had some wierd trojan from when my nephew was over.

I wouldn't have noticed at all, my avg didn't pick it up, adaware didn't pick it up. It really only reared it's head when I tried to play Wolfenstein.

I finally had to get a startup manager to dig it out. Nothing else would detect the bugger.

The lattest version of eDonkey2000 is riddled with spyware, but you can still install it without the spyware.
Just unplug your internet connection while installing it. The eDonkey2000 installer has to download the installers for the spyware from the internet. eDonkey2000 made a bad mistake by adding this crap back to their program. It wasn't that long ago that they removed all bundles, now they go and even add more.

The spyware is downloaded from http://install.overnet.com/ through the eDonkey2000 installer, you can also block this website with your firewall.


Thanks.:icon_sunn

Dark Messenger, will you post up your HijackThis log please?

..




This Was Deleated By Me.






..

I had some wierd trojan from when my nephew was over.

I wouldn't have noticed at all, my avg didn't pick it up, adaware didn't pick it up. It really only reared it's head when I tried to play Wolfenstein.

I finally had to get a startup manager to dig it out. Nothing else would detect the bugger.
AVG isint a very good antivirus and ad-aware though incredibly popular dosent have a very high detection either (ad-aware also only detects spyware).

Dark Messenger, will you post up your HijackThis log please?

have a look at this log, auggie...it was done with spybot search and destroy and was the very first scan I did to detect this stuff.

AVG isint a very good antivirus and ad-aware though incredibly popular dosent have a very high detection either (ad-aware also only detects spyware).

why is avg no good? facts please! It has worked for me for several years without one virus slipping by. You tell me what's wrong with those %? You come across as some sort of expert, so may I ask what your creditials are? Just because something doesn't work for you doesn't mean that it doesn't work at all or it's no good. I agree about ad-aware sucking, but I do whole heartedly disagree with you on AVG.

why is avg no good? facts please! It has worked for me for several years without one virus slipping by. You tell me what's wrong with those %? You come across as some sort of expert, so may I ask what your creditials are? Just because something doesn't work for you doesn't mean that it doesn't work at all or it's no good. I agree about ad-aware sucking, but I do whole heartedly disagree with you on AVG.

Well apart from the fact that he is correct, I'm unsure as to his credentials.

AVG only offers basic detection, for some users that is good enough if you don't visit unknown websites like crack websites, porn websites, or click on ad banners and open spam or unknown emails.

AVG just is real popular because it is FREE. Want some proof of it's basic detection. Try the eicar online virus tests. http://www.eicar.com/anti_virus_test_file.htm go down the page and try to save all 8 files to your computer. The first 4 tests, if you have an excellent Anti-Virus software it should notify you and block these files. The zipped files will download if you don't have zipped folder detection on your software, but should get detected when you try to open them.

http://www.eicar.com/download/eicar.com

http://www.eicar.com/download/eicar.com.txt

http://www.eicar.com/download/eicar_com.zip

http://www.eicar.com/download/eicarcom2.zip

The next 4 tests are secure, SSL enabled protocol https because your Anti-Virus software can't detect them while they're getting downloaded, but if you have a resident shield enable on your Anti-Virus software, it should detect them after they are downloaded to your computer. Just go to the folder you saved them to and try to open them. Then you should get notified. If not then your Anti-Virus software is crap.

https://secure.eicar.org/download/eicar.com

https://secure.eicar.org/download/eicar.com.txt

https://secure.eicar.org/download/eicar_com.zip

https://secure.eicar.org/download/eicarcom2.zip

These files are not real viruses and they can't harm your computer because if your Anti-Virus software fails to detect them, then you can just delete them.

In the past AVG failed the eicar tests.

Norton, NOD32, McAfee, BitDefender, Avast, Kaspersky, Trend Micro PC-cillin are some on the ones that passed all of these eicar tests. Test your software and see how it does.

Avast was the only FREE Anti-Virus software that passed all of the eicar tests in the past.



Thanks.:icon_thum

I have used other Av, nod32 for one. It was fine except it deleted hacking software without the option to ignore. It came up with more false positives. I didn't like that, so it was uninstalled shortly thereafter. I have tried other ones such as, Norton (resource hog), Mcafee, avast, and Panda, which was also a resource hog. So I have stuck with AVG after a few years of 100% protection. It uses very little resources. It works for me.

why is avg no good? facts please! It has worked for me for several years without one virus slipping by. You tell me what's wrong with those %? You come across as some sort of expert, so may I ask what your creditials are? Just because something doesn't work for you doesn't mean that it doesn't work at all or it's no good. I agree about ad-aware sucking, but I do whole heartedly disagree with you on AVG.
As littlebits already said, AVG offers basic protection and is good for the average user who does not visit porn/warez websites and other places that might contain virus material. AVG might have worked for you because you do not visit porn/warez sites or maybe just because you have some common sense over what is safe and not safe to download. Or maybe your computer is infected you just dont know it. Not all viruses destroy your computer and have effects that are immediatly noticable.
AVG's heuristics are not worth mentioning, its options very limited, as well as its signatures. Its On-demand scanner is also pretty bad.

Here is a website that tests various Antiviruses: http://www.av-comparatives.org
Also try wilderssecurity.com and the eicar test file littlebits was talking about.

I have used other Av, nod32 for one. It was fine except it deleted hacking software without the option to ignore. It came up with more false positives. I didn't like that, so it was uninstalled shortly thereafter. I have tried other ones such as, Norton (resource hog), Mcafee, avast, and Panda, which was also a resource hog. So I have stuck with AVG after a few years of 100% protection. It uses very little resources. It works for me.
NOD32 is an excellent antivirus, much much better in every possible aspect than AVG. It has the best heuristics of any AV today and barely uses any resources. And you configure NOD32 to ask you if you want an infected file to be deleted. I find it very strange that NOD32 came up with more false positives than AVG.

have a look at this log, auggie...it was done with spybot search and destroy and was the very first scan I did to detect this stuff.
I'd much prefer if you showed me the Hijack This log file, its more concise.

http://www.hijackthis.de/

I'd much prefer if you showed me the Hijack This log file, its more concise.

http://www.hijackthis.de/


okay, here it is.

Ok, there are a few things that are nasty, that surfsidekick program has to go so use HijackThis to delete it.

http://www.hijackthis.de/logfiles/8b46898801cbad8a4b7d964aab21cf00.html