Further Topic Research:
Syntax help

Simple manual steps to insure a complete block on all of the bad processes:

Please do the following simple steps.  You might only need to do steps 1-6 and then SKIP to step #20:

 

1-  Press the control, alt and delete buttons on your key board.  (Ctrl, Alt and Delete)

2-  "Windows Task Manager" window will appear.  Click on the "Processes" tab.

3-  In the tab, you'll see a list of currently running processes and programs.  Click on the "User Name" column once or twice until you see all of the processes and programs that are currently running under your account listed first.  In other words, we want to sort all of the processes and programs with the ones running under your account listed on the top of the list.

4-  You can left-mouse-click on any process to highlight it, and then right-mouse-click on it to display a small list of options pertaining the process and what you wish to do with it shown in the following image:

windows_task_manager.jpg (22546 bytes)
Here I have highlighted the "fpeditor.exe" program and
right-mouse-clicked on it to display the menu that is displayed under
the "User Name" column.


5-  Now, you must make sure that the following unwanted programs and processes are terminated using the "End Process Tree" menu option as displayed in the image above:

Mcagent.exe
Bet.exe
Jusched.exe
Realsched.exe
mmgsvc.exe
Ivgkrm.exe
Cryptui.exe
TeaTimer.exe
WZQKPICK.exe
Downloadplus.exe
WUAUCLT.exe

****  Do not remove any process that is running under the "SYSTEM" account.   If you do, you might be forced to reboot your system.


6-  The above steps should be sufficient enough to end all of the abusive and unwanted internet popups.  There is, however, a program/processes called "adsrv.exe".   This one will not be terminated by the "End Process Tree" step above, because every time you terminate it, it brings itself back up again.  To terminate the "adsrv.exe" process, you must continue with the following steps.  You might want to skip to step #20 for another solution.

7-  On your desktop, click on "Start" (which is located in the bottom left hand corner of your screen), "All Programs", "Accessories", and then "Command Prompt".   The following screen should appear:

command_prompt_screen.jpg (16930 bytes)

 

8-  On the command prompt, type "cd\" without the double quotes and press enter.   This will take you to the root directory as shown below:

command_prompt_screen_2.jpg (16095 bytes)

 

9-  Type "dir *adsrv*.* /s" without the double quotes and press enter.   This will do a search on your entire "C:\" drive on every file that has the "adsrv" string in it, which are basically the files are that used by the "adsrv.exe" virus:

command_prompt_screen_3.jpg (16439 bytes)

 

10-  Write down the files and directories that are returned.  The directories should be:

"C:\windows\addins\"
"C:\windows\prefetch\"

You could get more directories.  Make sure you write them all down.

 

11-  Now since the operating system will not allow us to just delete those files inside those directories because the "adsrv.exe" program is using them, we will therefore reboot the machine and start it in "Safe Mode with Command Prompt" mode.  To do this, exit all of your programs, click on "Start", "Turn off Computer", and then "Restart".

****  I suggest you print this page before you do these steps.

 

12-  When your operating system completely shuts down, and as it begins to restart (when you see the Manufacturing Company's Logo on your black screen), press the "F8" button on your key board several times until you get a list of operating-system-start options.

13-  When you do get the menu, make sure you highlight, with your key board's upper arrow button, the "Safe Mode with Command Prompt" option above.  It could be named differently on your computer, but it should contain the words "Command", "Safe" and "Prompt".  After you highlight it, press enter.

14-  Your operating system will eventually take you to a command prompt screen.  In there, type "C:\" and hit enter to go to the root directory.

15-  You will now begin to delete the bad files that you wrote down.  To do this, type in "cd " (space after "cd"), and then the name of the first directory that you wrote down.  Then type in "del *adsrv*.*" without the double quotes and press enter.   This will delete the unwanted file in that directory.

16-  Type again "C:\" and hit enter to go to the root directory.  Do step #15 again and again for every directory and file that you wrote down.  This will remove all of the bad files that were created and used by the "adsrv.exe" program.  The name of this program, "adsrv.exe" should've been in the list of files that you wrote down and deleted.

17-  Congratulations, you're all done!   You now have to start your computer again.  To do this, click on the control, alt and delete buttons on your key board, as you initially did in step #1.   (Ctrl, Alt and Delete)

18-  Choose the "Shut down" option to completely turn off your computer.  It's much healthier for the computer to do it like this.

19-  Then using your power or start button on your computer, press it to start your computer back again, and everything should be running smoothly and normal.  Make sure that you check the bad processes above in step #5.  You most probably will see them again, but this time without the "adsrv.exe" program.   Terminate them as you did with steps 1-5 above, and enjoy using your computer again :).

20-  You might want to skip from step #6 above to this one here.  If the "adsrv.exe" program keeps coming back, even if you have done all of the steps 1-19 above, then steps #20 and below are the solution.  Create a new "User Account" on your computer with "Computer Administrator" option.  This will completely disable the bad program(s) from forcefully running on your machine if you log into and start using the new user account, because the "adsrv.exe" program is tied with your initial user account and it wouldn't run under the new one.   To create a new user account, please do the following simple steps:

Note:  My operating system is Windows XP.  If you have a different windows operating system, then the steps below might be slightly different.


21-
  Click on "Start" and then "Control Panel"  Click on "User Accounts".  Then click on "Create a new account".  Type in a name for the new user account, and then click on the "Next" push button.  Click on the "Computer Administrator" radio button, and then click on the "Create new account" push button.  This will create the new account. 

Important Note:  If you find yourself in the future creating too many accounts, then you can delete them by logging into the Main account, which is the infected one that has the Administrator privileges, and click on "Start" and then "Control Panel"  Click on "User Accounts".   Then click on an account's logo or icon.  This will be the account that you want to delete.  Then click on "Delete this account", and the operating system will remove the account for you.


22-  Now, to exit the infected account and to log into the new account, click on "Start", "Turn off Computer", and then "Shut Down" to completely turn off your computer.  It is best to do it this way since this will make sure that the operating system will kill any and all of the remaining of the bad processes that might be still running.  After your PC is completely turned off, turn it back up again and choose the new User Account.  Once you're logged in, you should not see the "Adsrv.exe" program running under it.

 

Please let me know if you need any help.


Back to the Main Page.

Stop the abusive and unwanted internet popups section.