-
zengrifter: Spy/Ad ware removal...
... is there a good FREE remover? zg
-
Jack Rabbit: Re: Spy/Ad ware removal...
Ad-aware does the job for me - and yes, it's free. Here's the website:
-
Parker: Also . . .
I've used Ad-Aware with good results. Another good one (also free) is Spybot Search & Destroy (link below). Unlike anti-virus programs, multiple anti-spyware programs can peacefully co-exist, so I recommend that anyone running Windows use both Ad-Aware and Spybot. As with anti-virus software, it is vital to keep their respective databases up-to-date.
Yet another useful program is Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html). This does not remove spyware, but rather prevents its being installed in the first place. Install and run this program after you have used Ad-Aware and/or Spybot S&D to remove spyware from your system.
-
zengrifter: Still stuck...
... with these spyware-bugs or whatever they are. Downloaded and used both AdWare and SpyBotS&D. They seemed to remove all the spyware-bugs, but then upon restart, I'm still being forced to this site - http://full-search.net/
and my homepage keeps being deleted.
Any ideas? zg
-
Parker: Browser Hijacks
> ... with these spyware-bugs or whatever they
> are. Downloaded and used both AdWare and
> SpyBotS&D. They seemed to remove all the
> spyware-bugs, but then upon restart, I'm
> still being forced to this site -
> http://full-search.net/
> and my homepage keeps being deleted.
> Any ideas? zg
You've been the victim of a browser hijack. You can try yet another anti-spyware program called CWShredder which is specifically aimed at browser hijacks. You can download it here:
http://www.majorgeeks.com/download4086.html
If that doesn't do it, you need to go here:
http://home.planet.nl/~kleyn080/Spywareinfoen.html
and download a program called Hijack This.
Hijack This is a powerful tool that can screw up your computer bigtime if you're not careful. So, you run the program, which will produce a log. Then go to this forum:
http://forums.spywareinfo.com/index.php?showforum=18
Here you can post your log and some experts can tell you what to do with it. Be sure to read the FAQ before posting.
If all this seems like a lot of hassle (it is), you might consider using another browser besides Internet Explorer, such as Mozilla Firefox, which is immune to hijacks, at least for the time being.
-
zengrifter: Re: Browser Hijacks
<>
--------------------
Thanks for all the leads. With regards to alternate browsers, I tried and liked Opera on my old PC (for this very reason) BUT I couldn't get it to properly default with my Outlook Express.
Now I'm using Outlook... would Opera or Mozilla (or...?) default to Outlook?
thanks again! zg (next time I go w/Linux!)
-
paranoid android: Re: Browser Hijacks
I believe (but am not certain) that Mozilla (and Mozilla-Firefox) will use whatever is registered with Windows as your default email client.
> Thanks for all the leads. With regards to
> alternate browsers, I tried and liked Opera
> on my old PC (for this very reason) BUT I
> couldn't get it to properly default with my
> Outlook Express.
> Now I'm using Outlook... would Opera or
> Mozilla (or...?) default to Outlook?
> thanks again! zg (next time I go w/Linux!)
-
Parker: Re: Browser Hijacks
>
> --------------------
> Thanks for all the leads. With regards to
> alternate browsers, I tried and liked Opera
> on my old PC (for this very reason) BUT I
> couldn't get it to properly default with my
> Outlook Express.
> Now I'm using Outlook... would Opera or
> Mozilla (or...?) default to Outlook?
You can set them to default to any e-mail client you want, although configuring Mozilla Firefox for this is a little tricky (although perhaps not in the Windows version).
That being said, I have to really, really strongly recommend using an e-mail client other than Outlook/Outlook Express. Viruses exploit the numerous security holes in Outlook/Outlook Expresss and not only entrench themselves in your computer, but replicate and send themselves to everyone in your address book. You've already had one of these.
Opera and Mozilla (the suite - not Firefox) both come with perfectly serviceable e-mail clients. Mozilla Thunderbird is a free stand-alone e-mail client. There are numerous others.
> thanks again! zg (next time I go w/Linux!)
Why wait? Order a copy of Knoppix for $1.99 from the link below. This is a "live" CD that you boot from, and it then installs a fairly complete Linux system completely in RAM. You can surf the Internet with Mozilla, do word processing or spreadsheets with OpenOffice.org, and use one of several e-mail clients.
When you're through playing, take out the CD and reboot, and everything is exactly as it was before -- you're back in the Windows world.
-
zengrifter: With the little that I know now...
... I am absolutely amazed that MSWindows is still the industry leader. zg
-
zengrifter: Re: Browser Hijacks MOZILLA!
That settles that! Mozilla works fine, no hijacking. This new hijack bugging is quite a scam - but anything that erodes Windows cant be all bad.
This system is an office PC and the company wanted the Windows, I'll go Linux from here out. zg
-
cikku: Re: Browser Hijacks
can any1 help with this. it is the log file of hijack this
Logfile of HijackThis v1.98.2
Scan saved at 21:40:59, on 23/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\STDSB.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
C:\WINDOWS\System32\golumm\services.exe
C:\WINDOWS\System32\twink64.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tavultesoft\Keyman-cimu\keyman.exe
C:\Documents and Settings\Ian\Application Data\cx???d.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\System32\ByhcR.exe
C:\WINDOWS\System32\AjcL.exe
C:\WINDOWS\system32\winip32.exe
C:\WINDOWS\Coffee Bean.bmp:tggdq
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ian\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tbdkc.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {28BEC1BE-16B0-4A71-8B1F-F46EC2E41DFC} - C:\WINDOWS\system32\ipsp.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe
O4 - HKLM\..\Run: [WinApp32] msapp.exe
O4 - HKLM\..\Run: [golumm] C:\WINDOWS\System32\golumm\services.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [delcab] C:\drivers\deltreew.exe C:\cabs
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [afI5] C:\documents and settings\ian\local settings\temp\afI5.exe
O4 - HKLM\..\Run: [R0TP] C:\documents and settings\ian\local settings\temp\R0TP.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [24BE6BN397HQ8B] C:\WINDOWS\System32\Zmg4.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winpya32.exe
O4 - HKLM\..\Run: [winip32.exe] C:\WINDOWS\system32\winip32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [keyman.exe-cimu] C:\Program Files\Tavultesoft\Keyman-cimu\keyman.exe
O4 - HKCU\..\Run: [sysinit] C:\WINDOWS\System32\golumm\services.exe
O4 - HKCU\..\Run: [Pldo] C:\Documents and Settings\Ian\Application Data\cx???d.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.co.uk/center
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: v2cab - http://15528.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...4f880889783bc3
O16 - DPF: {19287416-86DD-74C5-B48D-127A4C7D8497} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {221B14F2-F878-7FDA-7877-65FC048F7E2B} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {25336D80-D8B9-51C8-BA78-2EA771198E37} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {3318C611-3AB4-438D-D329-58A16A15DCE8} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
O16 - DPF: {45BE7EC2-C68C-4038-8C49-5C1142AE0AA7} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {4AD0E6C2-DE8B-2966-2F54-2EA92630AE4C} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {51269FFE-05F6-6F18-FE16-66845CD3CFFD} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {5B610444-4E1F-272B-8981-1EA854F6EC5A} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {61D10ED8-2737-4045-3258-38DA663F440C} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {70771893-0FD3-7E1A-CD3B-0C68471B63CA} - http://69.50.188.54/1/gdnMT208.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn851.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn851.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32813367-6AC5-4778-91D0-8DEAE6D8902D}: NameServer = 217.145.4.33,217.145.4.34
O21 - SSODL: SARU - {FF5D8CC8-DE01-4964-89F1-648E43271415} - C:\WINDOWS\System32\mssaru.dll
-
Parker: Re: Browser Hijacks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks