Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Tenacious Spyware Problem (Vanity)
6/16/04 | Me, Myself, and I

Posted on 06/16/2004 10:42:22 AM PDT by Born Conservative

Please excuse the vanity (this is my first vanity post). I am having a problem with spyware. It started when my 11 year old son installed a "really cool" screensaver on the computer (running XP Home) from "screensaver.com". As soon as he told me he did that, I knew that I was up the creek without a paddle. So, I ran Spybot, and then Ad Aware, and "fixed" my Spyware problems. Right. Needless to say, my computer is still infested.

I then did some searching on the web,and downloaded Hijack This, since my browser was hijacked to a different home page (msn.com). Since I wasn't sure which programs were spyware, and which were not, I haven't "fixed" them with Hijack This yet. I also downloaded Aluria's free spyware scanner, and it shows 17 spyware files. The files include Wild Tangent, IWon, Cydoor, 2020Search, Comet Cursor, WhenUSave, and MyWay Speedbar. I did re-run the SpyBot and AdAware, as well as CWShredder (run in Safe Mode), but the spyware persists. I am also up to date on all Windows updates. Any help would be appreciated. I do have a log file from the Hijack This if that would help.


TOPICS: Miscellaneous; Your Opinion/Questions
KEYWORDS: help; spyware
Navigation: use the links below to view more comments.
first 1-5051-100101-106 next last

1 posted on 06/16/2004 10:42:23 AM PDT by Born Conservative
[ Post Reply | Private Reply | View Replies]

To: Born Conservative

Get your son his own computer, then when he's "stuck" by his "really cool" junk he will learn ............


2 posted on 06/16/2004 10:45:31 AM PDT by Red Badger (Semper Fidelis.......To God, Corps and Country..........................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
Bump for later. I may be able to help when I get home tonight.

I had a similar problem a few weeks ago, and I ended up re-installing some components of Windows 2000. There's a great website I came across where you can post your registry file directory, and someone will provide advice on how to deal with your problem.

3 posted on 06/16/2004 10:45:38 AM PDT by Alberta's Child ("Ego numquam pronunciare mendacium . . . sed ego sum homo indomitus")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Try running your anti-spyware with system restore off.


4 posted on 06/16/2004 10:46:16 AM PDT by Bluntpoint
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Are you sure that you have the latest version of SpyBot? Also, SpyBot has a spot where you can set it so that your homepage can no longer be hijacked.


5 posted on 06/16/2004 10:46:23 AM PDT by Clara Lou
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

btttttt


6 posted on 06/16/2004 10:47:17 AM PDT by dennisw ("Allah FUBAR!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

btttttt


7 posted on 06/16/2004 10:47:23 AM PDT by dennisw ("Allah FUBAR!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

I am going through the same crap right now. Post your log file.


8 posted on 06/16/2004 10:47:55 AM PDT by Eagle of Liberty (Integrity is Doing the Right Thing When Nobody is Looking)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

CWShredder usually works for my friends. Havn't used it myself. I just did a clean wipe on my OS system yesterday. Just took me 2hrs. I do this once a year. If you havn't done it in a while you might consider this.


9 posted on 06/16/2004 10:48:26 AM PDT by mlbford2 (Sorry for spelling errors, I'm a product of a state university)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

I can't help much, but I can tell you that if you get rid of those files you listed, it will help. Also, did you make sure that you had the most recent version of Adaware? Don't forget to run your virus scanner program, too.


10 posted on 06/16/2004 10:49:12 AM PDT by Blood of Tyrants (Even if the government took all your earnings, you wouldn't be, in its eyes, a slave.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

There's a program called Spyware Blaster. It prevents spyware from being installed on your PC in the first place. Get it going, then try another spyware scan. If the spyware scanners get rid of the spyware, Spyware Blaster should prevent them from coming back.

Spybot has a feature like this, called Inoculation, but it's not as extensive as Spyware Blaster's. It's definitely worth using, however.


11 posted on 06/16/2004 10:49:22 AM PDT by Terpfen (Re-elect Bush; kill terrorists now, fix Medicare later.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

It could be one of those "Messenger ads", which are really annoying because they don't appear as spyware. Try this advisory:

http://www.microsoft.com/windowsxp/using/security/learnmore/stopspamv45.mspx


12 posted on 06/16/2004 10:49:46 AM PDT by Martijn Janssen
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Post the results of Hijack This! here so we can see it.


13 posted on 06/16/2004 10:49:57 AM PDT by Freemeorkillme (Strike at the heart of the enemy! Support your conservative media now by picking up the pen!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Sounds like you need to do system restore to a prior point. Many times the spyware programs are the worst. I'd get a good anti-virus program (Norton, Trendmicro, etc) and download the recent patches from microsoft. In the end once everything is stripped it often gets into the registry and you may have to restore your whole system to a known safe earlier date. Some people have to wipe the whole system clean and startup disc from the beginning.

Sometimes the cure is worse than the fix with spyware.


14 posted on 06/16/2004 10:50:01 AM PDT by Liberals are Evil Socialists!
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bluntpoint

Good idea; I didn't think of that (although I did run in Safe Mode; not sure if System Restore is on during Safe Mode).


15 posted on 06/16/2004 10:50:30 AM PDT by Born Conservative ("Nothing wrong with shooting as long as the right people get shot" - Dirty Harry)
[ Post Reply | Private Reply | To 4 | View Replies]

To: mlbford2

"...clean wipe on OS..."

Clean wipe means defrag right? no?


16 posted on 06/16/2004 10:51:02 AM PDT by eleni121 (Mt. Rushmore welcomes the Gipper!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Born Conservative

Oops-- I have both SpyBot and Spyware Blaster. It's Spyware Blaster that has the ability for you to lock your homepage setting so that it can't be hijacked.
By the way, I found this morning that my Internet Explorer homepage had been hijacked to MSN. I can't figure out how it happened-- and I didn't have it protected from hijack, either. It is now, though.


17 posted on 06/16/2004 10:51:11 AM PDT by Clara Lou
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clara Lou

I downloaded the latest SpyBot (I think it's 1.3; I'm not at my home computer now).


18 posted on 06/16/2004 10:51:13 AM PDT by Born Conservative ("Nothing wrong with shooting as long as the right people get shot" - Dirty Harry)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Born Conservative
Turn off the system restore do your corrections then. Reboot and run the hijackthis software.see if the registry changes have taken place.

btttttt
19 posted on 06/16/2004 10:51:52 AM PDT by jokar (On line data base http://www.trackingthethreat.com/db/index.htm)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
Try downloading Spyware Zapper. It is good for only 5 days but at least it will clean up what ever is currently infesting your machine. I used it to remove some spyware that Ad-Aware and Spybot wouldn't find. After that, I paid for a copy and haven't had a spyware problem since.

I would also run a full virus scan and make sure your anti-virus program is up to date as well.

20 posted on 06/16/2004 10:52:02 AM PDT by COEXERJ145
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
"since my browser was hijacked to a different home page (msn.com). "

Same problem here, Bump for solutions.

21 posted on 06/16/2004 10:52:14 AM PDT by No Blue States
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Try running AdAware with the "Deep Scan" option activated (or something like that). It takes alot longer because it goes through 120,000+ files instead of 35,000 or so, but I do this every couple of weeks and I haven't had a problem since my last disaster in early May.


22 posted on 06/16/2004 10:52:27 AM PDT by Alberta's Child ("Ego numquam pronunciare mendacium . . . sed ego sum homo indomitus")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Terpfen

The problem with your suggestion is that when little Tommy voluntarily downloads the spyware file nothing can be done by "immunization" feature on Spybot S&D or SpyBlaster.


23 posted on 06/16/2004 10:52:45 AM PDT by mlbford2 (Sorry for spelling errors, I'm a product of a state university)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Kerretarded

Log File:

Logfile of HijackThis v1.97.7
Scan saved at 6:26:02 AM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ClipCache\clipc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PORTMA~1.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PORTMA~1.EXE" -Run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ClipCache] C:\Program Files\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E-&mail Page - C:\WINDOWS\Web\Mailto_URL.HTM
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Control Pad (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {288451AE-BE24-4216-B946-8600E0498584} (DASWebShop Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {84818113-96C5-11D2-BE39-006008BF4DD5} (ViewDirector Object) - http://subscribers.scotlandspeople.gov.uk/php/globals/tif_viewer/activex/viewdw32.ocx
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs6b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37848.8200578704
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/shockwave/blasterball2Remix/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab


24 posted on 06/16/2004 10:52:54 AM PDT by Born Conservative ("Nothing wrong with shooting as long as the right people get shot" - Dirty Harry)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Bluntpoint; Born Conservative; Clara Lou
Try running your anti-spyware with system restore off.

Indeed. Also try the free version of SpywareBlaster. And as Clara Lou pointed out, SpyBot Search and destroy has an option to protect your home page.

Yuo can spend 25 or so for History Kill and it does great at a lot of things.

25 posted on 06/16/2004 10:53:33 AM PDT by Principled
[ Post Reply | Private Reply | To 4 | View Replies]

To: eleni121

No, I meant a total system restore to factory condition(if you have a cable conection it will go to the manufacturer website and update any new and better drivers). then go straight to window update for patches, 2nd install virus/firewalls, and then just reload everything else (ie java runtime, word, etc.)


26 posted on 06/16/2004 10:56:20 AM PDT by mlbford2 (Sorry for spelling errors, I'm a product of a state university)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Born Conservative

Went through the same thing with my wife's PC. We had it loaded with Norton AntiVirus, Ad-Aware, Spybot, et. all. Nothing worked. Many of these invasive lines of code hit your registry and make it next to impossible to remove without professional help. I ended up installing Windows XP Home Edition on her PC, formatting the entire hard drive to get a fresh start. Since then, it's been fine.

Someone else suggested getting your child his (her) own PC.. a good idea. Keep them off your unit! Good luck!


27 posted on 06/16/2004 10:56:31 AM PDT by Spottys Spurs
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

bump for later


28 posted on 06/16/2004 10:57:20 AM PDT by Snardius
[ Post Reply | Private Reply | To 1 | View Replies]

To: COEXERJ145

bump for later read


29 posted on 06/16/2004 10:58:47 AM PDT by plain talk
[ Post Reply | Private Reply | To 20 | View Replies]

To: Born Conservative

I had my computer hijacked also.

HiJack This! saved my butt.

Please see
http://tomcoyote.com/hjt/

They have a forum there staffed with experts.
Post your HiJack This! output (they tell you how to do it) - and you might have to go back and forth about 3-4 times. Its important (apparently) that you take certain actions after running anti-spyware programs.

But they will tell you exactly what to do to fix your computer. If you have something new, they will know it. Good Luck.


30 posted on 06/16/2004 10:59:36 AM PDT by kidd
[ Post Reply | Private Reply | To 1 | View Replies]

To: Principled
"You can spend 25 or so for History Kill and it does great at a lot of things."

Im about ready to fork over a few bucks for a good program, the trial periods keep expiring.

31 posted on 06/16/2004 10:59:47 AM PDT by No Blue States
[ Post Reply | Private Reply | To 25 | View Replies]

To: Born Conservative

I'd recommend what others have: System Restore to an earlier point.


32 posted on 06/16/2004 10:59:54 AM PDT by FourtySeven (47)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mlbford2

OK I have heard of others doing full system restore. How do you handle the files accumulated? Do you have any neat tricks besides just moving them to disks?


33 posted on 06/16/2004 11:00:39 AM PDT by eleni121 (Mt. Rushmore welcomes the Gipper!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Born Conservative


I suspect you have the peper trojan.

http://www.kephyr.com/spywarescanner/library/pepertrojan/index.phtml

or some varient. You can only kill it in safe made.

The instructions above aren't complete enough.

I've found recent investations that require you to remove the associated BHO using Hijack this, as well as removing the run entries either by editing the registry or using msconfig.

Then go into C:\windows\system32 (or whatever your system root is) and sort the files by date. Chances are you will find 6-8 files all recent dates with the hidden and system bits set.(which means you have to turn on show hidden files and folders in windows explorer options). These files will be randomly named and nonsensical.

So to recap, if you have this one.

1. Start in safe mode.
2. Make sure show hidden files and folders are ticked in folder options in the windows explorer (not to be confused with internet explorer)
3. Run Hijack this and delete all BHO's listed of unknown origin. Or just delete them all, you can always install stuff back.
4. Use msconfig or regedit to delete the run entries for anything oddball.

If you have peper or a varient, and you miss a step, it's right back again next time you reboot normally.

I've been seeing peper ALOT lately and this from people who don't surf anywhere odd. It comes in on a malicious script on a popup as far as I can tell. Once in, it drags in others. cydoor, gator, keenvalue, wintoolsA etc and worse.

-Mal


34 posted on 06/16/2004 11:01:10 AM PDT by Malsua
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
You might want to go to www.lavasoft.com and download their Ad-aware 6 program. This is great for deleting bots.
35 posted on 06/16/2004 11:01:21 AM PDT by reagandemo
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Get a Mac - problem solved


36 posted on 06/16/2004 11:02:10 AM PDT by SengirV
[ Post Reply | Private Reply | To 1 | View Replies]

To: No Blue States

This happened to a co-workers machine and the techs said it was the Guardian virus.


37 posted on 06/16/2004 11:03:35 AM PDT by rintense (Screw justice. I want revenge.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: mlbford2
The problem with your suggestion is that when little Tommy voluntarily downloads the spyware file nothing can be done by "immunization" feature on Spybot S&D or SpyBlaster.

Spyware Blaster prevents little Tommy from ever seeing the temptation to download spyware.

38 posted on 06/16/2004 11:04:21 AM PDT by js1138 (In a minute there is time, for decisions and revisions which a minute will reverse. J Forbes Kerry)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Born Conservative
I hate it for you.

There really ought to be a law, I guess.

39 posted on 06/16/2004 11:05:07 AM PDT by Glenn (The two keys to character: 1) Learn how to keep a secret. 2) ...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

You've got FReepmail....


40 posted on 06/16/2004 11:05:37 AM PDT by b4its2late (Hillary, it is bad to suppress laughter; it goes back down and spreads to your hips.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: eleni121

Its pretty simple. Make a master Folder on your desktop and just drag everything into that and dump it on your disk (F drive). Diskette won't work well (it will, but it might take a few hundred of them). Then go to your email program and make sure nothing will be missed because that will be wiped clean. Next check any of your setting that you made in Start/Run (msconfig)/startup. After all that just do a full system resore from D drive of disc.


41 posted on 06/16/2004 11:05:44 AM PDT by mlbford2 (Sorry for spelling errors, I'm a product of a state university)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Born Conservative

Set up Ad-aware like this - before scanning click on "check for updates now" to make sure you have the latest reference file. Then click the gear wheel at the top and check these options:

General> activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal"

Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file"

Tweaks > Scanning Engine> activate this: "Unload recognized processes during scanning."

Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot."

Click "Proceed" to save your settings, then click "Start", make sure "Activate in-depth scan" is ticked green then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done.


42 posted on 06/16/2004 11:06:13 AM PDT by Codie
[ Post Reply | Private Reply | To 24 | View Replies]

To: mlbford2

b


43 posted on 06/16/2004 11:06:26 AM PDT by MoralSense
[ Post Reply | Private Reply | To 23 | View Replies]

To: Born Conservative

If the homepage of IE was changed, go into Control Panel/Internet Options and change the default home page to blank.


44 posted on 06/16/2004 11:06:33 AM PDT by etcetera
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Spy Bot may also zap some registry files that might screw up your internet connection, so be ready to do a restore if that happens. Then pick and chose what to zap on each run until you can tweak it out...


45 posted on 06/16/2004 11:08:15 AM PDT by b4its2late (Hillary, it is bad to suppress laughter; it goes back down and spreads to your hips.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Born Conservative
This, since my browser was hijacked to a different home page (msn.com).

I ran into a problem using Lavasoft’s Ad-aware, it hijacked my browser to MSN.com. It took me a long time to figure out what was happening. Lavasoft says coming versions of Ad-aware won’t do this.

If your home page is set to “about blank“ you might run into the same problem I had.

It seems that some hacker is using “about blank” as a way to get around spyware removal programs. So when you run Lavasoft’s Ad-aware it shows a “possible browser hijack” when you have set your home page as “about blank”. If you allow Ad-aware to fix this, it resets your browser to the Windows default of MSN.com.

If this is the problem you are having, instead of allowing Ad-aware to fix the problem, select the “possible browser hijack” and mark it to be ignored.

If you are worried that your system is infected, first run Ad-aware with your home page set to MSN.com, if it runs clean, then change your home page to “about blank” and run Ad-aware again, then mark the “possible browser hijack” to ignore.

46 posted on 06/16/2004 11:08:20 AM PDT by RJL
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative


Upon looking at your hijackthis log, it looks clean enough to me. You're running some stuff I wouldn't but none of it appears to be spyware.


47 posted on 06/16/2004 11:08:20 AM PDT by Malsua
[ Post Reply | Private Reply | To 24 | View Replies]

To: rintense
Thanks, probably it. I can edit my home page back in but a boot changes it back to msn..ill try system restore from an earlier date tonight. And buy a stinking program if need be.

One has to wonder how many of these are created by the people selling the fix..

48 posted on 06/16/2004 11:09:06 AM PDT by No Blue States
[ Post Reply | Private Reply | To 37 | View Replies]

To: Born Conservative

A Spy Bot file restore, not a complete computer hard drive restore, that is......


49 posted on 06/16/2004 11:09:21 AM PDT by b4its2late (Hillary, it is bad to suppress laughter; it goes back down and spreads to your hips.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: mlbford2

of=or


50 posted on 06/16/2004 11:09:27 AM PDT by mlbford2 (Sorry for spelling errors, I'm a product of a state university)
[ Post Reply | Private Reply | To 41 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-106 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson