Psst... Ready to join TalkBass and start posting, make new friends, sell your gear, and more?  Register your free account in 30 seconds.

PC help - removing a particularly stubborn spyware file.

Discussion in 'Off Topic [BG]' started by Petebass, Oct 28, 2004.


  1. Petebass

    Petebass

    Dec 22, 2002
    QLD Australia
    I'm a good boy because I regulary update my adaware/sypware detection software and I regularly scan for those nasty little buggers. A couple of times now, I've had a stubborn one which requires me to run the scan with windows is "safe mode" before it can delete it.

    Well for the first time, I've got one that can't be deleted this way either. It's called Npp.dll. Symantec's website suggests doing exactly what I've described above, but it didn't work. It also suggests deleting the file via Windows explorer. That didn't work either. It's tells me the file is either in use or is write protected.

    Any one got any ideas on how to remove this thing?
     
  2. JayAmel

    JayAmel Moderator Staff Member Supporting Member

    Mar 3, 2002
    Aurillac, France
    Norton is not very efficient against adware / spyware.

    I use Ad-Aware and SpyBot.
    The combination of both works quite well, IMO.

    Cheers,
    JL
     
  3. Oysterman

    Oysterman

    Mar 30, 2000
    Sweden
    Which OS do you have?
     
  4. Woodchuck

    Woodchuck

    Apr 21, 2000
    Atlanta / Macon (sigh)
    Gallien Krueger for the last 12 years!
    +1. I went through the same thing about a month ago, and this combo did for me. I also run my 'net through Mozilla Firefox now.
     
  5. JayAmel

    JayAmel Moderator Staff Member Supporting Member

    Mar 3, 2002
    Aurillac, France
    +1 :D

    The fact is, Norton only scans adware / spyware files (and mostly cannot repair them nor put them in quarantine).

    Ad-Aware and SpyBot also inspect the registry, and find many "interesting" things there. And yes, they can delete them all.

    About Firefox, the first "official" (non-beta) release will be available for download as of November 9th.
     
  6. Petebass

    Petebass

    Dec 22, 2002
    QLD Australia
    I also use Adaware. I only used Symantec's website to try and find info about the bug file.

    I also use Firefow where possible but certain websites don't work with firefox. For example, I pay all my bills using internet banking and my bank insists on IE.

    My OS is Windows 98. I've resisted the urge to update it because my music recording software won't run on a newer OS. It's an old version of Logic Audio which is probably garbage by modern standards, but I know it back to front and therefore get good results.
     
  7. Bryan R. Tyler

    Bryan R. Tyler TalkBass: Usurping My Practice Time Since 2002 Staff Member Administrator Gold Supporting Member

    May 3, 2002
    Connecticut
    'HiJack This' works when Spybot and AdAware do not. You just have to know which files to delete (it lists suspicious and malicious files and lets you choose which to delete). It's free from download.com.
     
  8. JMX

    JMX Vorsprung durch Technik

    Sep 4, 2000
    Cologne, Germany
    Reboot into safe mode and delete it.
     
  9. I'd be visiting Major Geeks with your problem if I were you, before deleting anything with Hi-jack this Pete. Let them analyse the log before taking any action.
     
  10. Oysterman

    Oysterman

    Mar 30, 2000
    Sweden
    He said that it didn't work, which is strange, because I feel it should! You could also try booting into a safe mode DOS prompt and delete it from the command line. Or use a boot disk. That way Windows shouldn't have any say in the matter whatsoever.
     
  11. You need to run highjackthis and then post the log on that site above. If that doesn't work and you cant get symantec/spybot/adawre to work I would reformat and reinstall if you're comfortable with that.
     
  12. Petebass

    Petebass

    Dec 22, 2002
    QLD Australia
    By-passing windows sound like a good idea. I don't know anythng about DOS. What do I do once I'm at the DOS prompt?

    I'll try "Hijack this" if deleting it from DOS doesn't work.
     
  13. you'll need a dos boot disk, www.bootdisk.com, I'd recommend dos 6.2. You'll download an app that you'll double click and it will create a boot disk for you. Reboot, then you'll need to go to the directory the virus is in, so write that down. type "cd c:\windows" or whatever the directory is and then "del nastyvirus.exe" (for example). But I doubt it will work, if it wont leave in safe mode then dos likely will give you the same problem.
     
  14. bassturtle

    bassturtle

    Apr 9, 2004
    Bingo. This has been the only way I've been able to get rid of really nasty buggers.

    Hijackthis + safemode = teh w1nn!!!!!
     
  15. Oysterman

    Oysterman

    Mar 30, 2000
    Sweden
    Anything should be deleteable in DOS.

    Pete, remember where this npp.dll file is, in which directory. Say e.g. it is in c:\windows\system. Use a boot disk or boot menu (press and hold F8 during boot-up to get it) to load some version of MS-DOS. You should get a prompt looking like this:

    C:\>

    This shows where you are at the moment - drive C, root directory (\). Now type "cd windows\system" (without the "'s) or whatever directory the file was in (cd = change directory). Then the prompt should look something like this:

    C:\WINDOWS\SYSTEM>

    Keep in mind that if any of the subdirectories have more than 8 letters, or contain any special characters such as spaces, it will in DOS be truncated to the first 6 letters followed by a ~ and a number, usually 1. So the directory C:\My Stuff would become C:\MYSTUF~1.

    When you're at the right spot just type "del npp.dll". The prompt should come up again without any message. Reboot into Windows. The file should be gone.
     
  16. Petebass

    Petebass

    Dec 22, 2002
    QLD Australia
    Oysterman, you're a genius. It's gone. The next beer is on me!

    Lots of good info here for future reference, so thanks to everyone for helping out.
     
  17. bassturtle

    bassturtle

    Apr 9, 2004
    :hyper:

    Now stay off the porn sites :D
     
  18. Oysterman

    Oysterman

    Mar 30, 2000
    Sweden
    Not at all - I just grew up with DOS on an old 286... 'twas v3.3 IIRC. Glad I could be of help! :)
     
  19. So why did you remove my instructions from your quote and then tell him the exact same method I did? :meh:
     
  20. Oysterman

    Oysterman

    Mar 30, 2000
    Sweden
    Because it wasn't exactly the same. And also because I thought your post was not as clear as I thought Pete would need it to be (better to explain too much than too little). I also seem to remember that if you type "cd c:\windows" at the prompt you will get an error message in older versions of DOS (the drive letter being the culprit). Not sure just how old it has to be though. :D

    You make it sound like I've stolen an invention of yours and claimed it to be my own, when this all should be elementary to anyone with intermediate Win9x/DOS knowledge. Having a bad day? :meh: