Posted on 06/05/2004 8:06:55 PM PDT by Long Cut
One thing I found to get around the merjin stuff is that where I was finding problems (wanting to double check the random thing that I find once in awhile before removing from hijack) was that the links to the other sites of lists (like bho lists, etc.) were not allowing for anything to be searched or came up with no responses...I explored long enough that I found that there lists you can download and just 'ctrl f' for whichever you are questioning...
Did that make any sense? In any case, I was glad to find an alternative cause all the problems on his site were getting annoying! LOL!
Mozilla is the full featured browser, firefox is just the browser. I have both and use firefox the most. Thanks for all the info, I have had many problems with the wifes PC off/on for months, reinstalled win98 3 times
Do 'save log' and you can put it in a private message to me (the contents of the log) and I'll help you if you'd like
Okay, just so's I'm clear...I download Mozilla, and Firefox et. al. comes with it, correct? There's several versions of Mozilla on the site...which ones do you recommend?
I've also found tds-3 (free eval. version you can use) is helpful, as is a2 http://www.emsisoft.com/en/
Both found things that I hadn't been able to fix on hijack adaware and spybot...all of which I run (and update) very often.
Might be worth trying just to be sure, too...
Anyone contemplating trying Mozilla or Firefox needs to bookmark this page!
Note that "user forums" are open. In other words, you don't have to register. (The sections down the page you do, however).
http://forums.mozillazine.org/index.php
//I'm no expert (but there are certainly some on this thread), however, I'd assume that the files it found are "hidden" somehow from your "search" function. In my case, they were in the "restore" system folder, and I had to disable it before I could begin deleting the offenders. If it's enabled, it won't allow you to mess with it.//
Well, I use 'dir /a' as my file finder; I suppose something could tamper with it, but I don't know that spyware thingies tamper with DOS.
You can go to this page:
http://tomcoyote.com/hjt/
Look around a little and then register if it looks good to you. If you register you will be able to post your log and the gurus there will tell you what to delete. I have not used them but I have heard about it. I think they will be of help.
As for HiJackTHIS!, you'll have to go line-by-line and check each...it will give details about each, as well as tell you if any are really bad. Anything with "about:blank", for instance, should be deleted forthwith. Read each carefully...if it's something you know, or remember downloading deliberately by the name, just put it on the "ignore" list.
HiJackTHIS! has a guide to its ratings, and so does Merjin. Refer to them before deleting anything.
It'll be a pain, but after you're done, anything else will be easy.
Firefox 0.8.
It's a browser only.
Mozilla 1.6 is okay. It has an e-mail client and even a web page maker. But go with Firefox until you get a little used to the changes.
My opinion....
Why Windows is a Security Nightmare
Security in all mainstream operating systems is non-existent; however, things are especially bad for Windows. Windows happens to be the favorite target of worm and virus writers. Conventional wisdom suggests that the huge installed base of Windows helps spread the worms and viruses, and also makes it a highly attractive target for worm/virus writers. The installed base of Windows certainly has an undeniable effect on the prevalence of malware on Windows, but this is not all there is to it.
The Blaster worm attacks Windows XP, and Win2K systems. In order to infect a system the worm needs to send the correct payload for the respective OS. The worm is not able to differentiate between the XP and Win2K so it randomly guesses the OS type; however, if it guesses wrong the RPC service crashes, and Windows reports it as a crash of svchost. The Blaster attack was quite a surprise as the major outbreak of the worm occurred back in August 2003, and I was expecting all infections of the worm to be fixed by now.
I was in no position to do anything about the Blaster attack, so I continued downloading the 35 MB service pack 4 over my dialup connection. It took me a couple of hours to download it, but Windows Update refused to install it; Windows Update probably needed some functionality provided by the crashed svchost.exe.
I rebooted and connected to the internet, which was a mistake as I was giving the worm a second chance to infect my system. Anyway, I proceeded to Windows Update, and tried the same download again. Alas, Windows Update had forgotten all about the 35 MB it had downloaded previously, and started downloading the same stuff all over again. Worse, the Blaster worm crashed svchost again, and I had to discontinue the download.
I knew about the existence of a standalone security update to patch the vulnerability Blaster exploits, so I decided to bypass Windows Update and download it directly. The download was small less than 1MB, but as soon as I tried running it I learned that it requires at least service pack 2 to install, which I didn't have.
Microsoft provides a separate download for service packs as well, and I decided to download the latest service pack, service pack 4. Well, the standalone service pack 4 distribution turned out to be a mammoth 129 MB download. This is about the maximum I have ever downloaded over a dialup connection; a download of this size can easily take 10 or more hours to complete.
Downloading a large file over dialup requires the ability to resume downloads which Internet Explorer does not provide, so I downloaded Wget to acquire that ability. Wget is a commandline tool and is invoked by calling it with the URL name. I tried pasting the URL on the command line, but it turns out that the cut and paste functionality disappears after a blaster attack, so I was forced to manually type the URL.
Normally, typing a URL is not a big deal. Everyone types URLs all the time, and I do too, but I do mind typing gibberish strings of 95 characters like the following:
http://download.microsoft.com/download/E/6/A/E6A04295-D2A8-40D0-A0C5- 241BFECD095E/W2KSP4_EN.EXE
To cut a long story short I managed to download and install the service pack, and the Blaster security update. Finally, the Windows Update started working and after another 30-40 MB of downloads, and 3 or so reboots, I managed to installed the 18 security updates available there (another 5 have been added to that number as of now).
After this experience I cannot help but laugh at the 'usability' problems Windows users are reporting about GNOME and KDE. It has become pretty clear to me that Windows users are so accustomed to usability problems that they don't even recognize them as usability problems. But, as soon as these people move to a different environment they start complaining simply because the new environment does not replicate the features and bugs of Windows exactly.
The other big lesson from all this is that most Windows users are incapable of 'securing' their systems. This is precisely why an unprotected system gets attacked in a matter of seconds, and spammers are still sending out Messenger service spam. Worse, Microsoft is directly responsible for this state of affairs. Windows encourage users to reinstall it every once in a while, and when they do, Windows Update actively prevents users from updating their systems.
The whole idea of Windows Update is a joke. Using an unreliable and insecure network as the primary means of distributing security updates is simply idiotic. This is like asking people to walk through a minefield to get to a shelter. I was able to download security updates off the internet only because the current generation of worms are not particularly malicious; they are just minor irritants.
If Microsoft is serious about Windows security it needs to fix Windows Update, and get rid of the damned Registry for good. Unfortunately, Microsoft's approach is to layer half baked fixes over utterly broken things to keep them going for as long as possible. Microsoft knows that there is a problem with the Registry, but the way it is dealing with it is by offering Registry rollbacks, and similar worthless functionality.
Thanks to ALL the experts who offered their valuable advice and help. I'm sure there were MANY lurkers who found it as useful as the posters did.
If enough people get the word, maybe we can stop these jerks from ruining people's machines and lives.
Signing off for tonight, back tomorrow.
The Best and only programs I have found that work are spy bot search and destroy and regrun. Regrun is awesome because it can do three things to a malware file like ncase, isolate destroy and block all variations of it from working on my computer sweet a** program.
People work full time creating these threats making it a full time job to stay ahead of them.
Please note!!! While Norton (Symantec) does have an on-line, web based virus scan, Norton (or Symantec) Anti-Virus is NOT freeware!
Mark
Every one of those DNS records has their address record set you your system (127.0.0.1 AKA "localhost").
If you're running XP ( which it appears that you are ), check to see what's in your hosts and lmhosts files. These are both text files in the C:\WINDOWS\SYSTEM32\DRIVERS\ETC directory.
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.