Have I got a spyware problem
Thread Starter
Join Date: May 2002
Location: UK
Posts: 217
Likes: 0
Received 0 Likes
on
0 Posts
Have I got a spyware problem
Hi All
I think we managed to download virus/spyware or something. We ended up with pc live guard which disabled my antivir, I managed to get it back up and running.
When I run a scan on adaware I keep getting 12 entries referring to hijacking. redirect/../le entry, everytime I try to get rid of it on adaware it tells me to reboot but after rebooting and running another scan its still there and cant be removed.
Does anyone have any idea what it could be or how I can get rid of it, I am worried that my computer is not safe to use
Logfile created: 30/12/2009 18:05:04
Lavasoft Ad-Aware version: 8.1.3
Extended engine: 49820800
Extended engine version:
User performing scan: Administrator
*********************** Definitions database information ***********************
Lavasoft definition file: 149.124
Genotype definition file version: 2009/12/28 15:05:15
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 186866
Objects detected: 12
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 12
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Thanks in advance.
topdog1
I think we managed to download virus/spyware or something. We ended up with pc live guard which disabled my antivir, I managed to get it back up and running.
When I run a scan on adaware I keep getting 12 entries referring to hijacking. redirect/../le entry, everytime I try to get rid of it on adaware it tells me to reboot but after rebooting and running another scan its still there and cant be removed.
Does anyone have any idea what it could be or how I can get rid of it, I am worried that my computer is not safe to use
Logfile created: 30/12/2009 18:05:04
Lavasoft Ad-Aware version: 8.1.3
Extended engine: 49820800
Extended engine version:
User performing scan: Administrator
*********************** Definitions database information ***********************
Lavasoft definition file: 149.124
Genotype definition file version: 2009/12/28 15:05:15
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 186866
Objects detected: 12
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 12
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Thanks in advance.
topdog1
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
Try downloading the free version of superantispyware and see what that tells you:
SUPERAntiSpyware.com - Downloads
SUPERAntiSpyware.com - Downloads
Spoon PPRuNerist & Mad Inistrator
The "type detected" is 12 Hostfile entries.
That is 12 static IP address to domain name mappings in your hosts file.
It's a simple text file in Windows\system32\drivers\etc.
You can open it with notepad - just be aware that it has no file extension, and should be Read-only, so you will need to change the properties if you want to edit it.
Why not copy the contents and paste them in here so we can see what the entries are, and if they are something to be concerned about.
It might be worth doing a full search of your system to see if there are any other copies of the file tucked away somewhere that are being copied back at startup.
SD
That is 12 static IP address to domain name mappings in your hosts file.
It's a simple text file in Windows\system32\drivers\etc.
You can open it with notepad - just be aware that it has no file extension, and should be Read-only, so you will need to change the properties if you want to edit it.
Why not copy the contents and paste them in here so we can see what the entries are, and if they are something to be concerned about.
It might be worth doing a full search of your system to see if there are any other copies of the file tucked away somewhere that are being copied back at startup.
SD
Join Date: Jan 2007
Location: Tracey Island
Posts: 1,496
Likes: 0
Received 0 Likes
on
0 Posts
Run Malwarebytes.....Malwarebytes.org
and install...Spyware Terminator. Free spyware removal and spyware protection - Spyware Terminator
This has kept me totally free from any adware etc. for a long time now...Can't recommend it enough....It acts like an antivirus programme and runs in the background to protect you.
and install...Spyware Terminator. Free spyware removal and spyware protection - Spyware Terminator
This has kept me totally free from any adware etc. for a long time now...Can't recommend it enough....It acts like an antivirus programme and runs in the background to protect you.
Thread Starter
Join Date: May 2002
Location: UK
Posts: 217
Likes: 0
Received 0 Likes
on
0 Posts
Hi saab and everyone
thanks for the info. Sorry I am a novice when it comes to computers.
When you say for me to copy the contents and paste them in here, do you mean from the adaware scan?
Step by step instructions would be most helpful.
thank you
thanks for the info. Sorry I am a novice when it comes to computers.
When you say for me to copy the contents and paste them in here, do you mean from the adaware scan?
Step by step instructions would be most helpful.
thank you
Courtesy "my bleeping computer", here is a removal guide for this pest.
Must say I'm not a huge fan of SpywareTerminator. If you do elect to install it, I'd suggest opting out of the "WSG" (web security guard, which installs the Crawler toolbar) and also the Clam AV. Think twice before activating the HIPS, also, it can produce popups that the average user may not know how to correctly deal with.
MBAM and SAS are the current "rock stars" of the antispyware world. AdAware (BTW, your defs are pretty old) is, in my opinion, not worth the disk space nor resources it uses.
Must say I'm not a huge fan of SpywareTerminator. If you do elect to install it, I'd suggest opting out of the "WSG" (web security guard, which installs the Crawler toolbar) and also the Clam AV. Think twice before activating the HIPS, also, it can produce popups that the average user may not know how to correctly deal with.
MBAM and SAS are the current "rock stars" of the antispyware world. AdAware (BTW, your defs are pretty old) is, in my opinion, not worth the disk space nor resources it uses.
Hi saab and everyone
thanks for the info. Sorry I am a novice when it comes to computers.
When you say for me to copy the contents and paste them in here, do you mean from the adaware scan?
Step by step instructions would be most helpful.
thank you
thanks for the info. Sorry I am a novice when it comes to computers.
When you say for me to copy the contents and paste them in here, do you mean from the adaware scan?
Step by step instructions would be most helpful.
thank you
Navigate to the folder Windows\system32\drivers\etc and double click the file simply named "Hosts". Use notepad if it doesn't automatically open. Copy and paste the entire text within (use "select all", then "Ctrl C" keys together, then when pasting it here, select the posting area and press "Ctrl" and "V" to paste it. You'll end up with something that looks a bit like this (part hosts file only posted) but different, mine is a custom hosts file.:
127.0.0.1 localhost
# This MVPS HOSTS file is a free download from: #
# A Troubleshooting Guide to Windows XP #
#
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# *********************************************************#
# ---------------- Updated: Dec-22-2009 -------------------#
# *********************************************************#
#
# Entries with comments are all searchable via Google. #
#
# Disclaimer: this file is free to use for personal use #
# only. Furthermore it is NOT permitted to copy any of the #
# contents or host on any other site without permission or #
# meeting the full criteria of the below license terms. #
#
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# Creative Commons — Attribution-Noncommercial-Share Alike 3.0 Unported #
#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 [url=http://www.accuserveadsystem.com]Accuserve Online Ad Delivery Systemurl] a
and so on.
[edit] malicious link castrated.
Join Date: Jan 2007
Location: Tracey Island
Posts: 1,496
Likes: 0
Received 0 Likes
on
0 Posts
Courtesy "my bleeping computer", here is a removal guide for this pest.
Must say I'm not a huge fan of SpywareTerminator. If you do elect to install it, I'd suggest opting out of the "WSG" (web security guard, which installs the Crawler toolbar) and also the Clam AV. Think twice before activating the HIPS, also, it can produce popups that the average user may not know how to correctly deal with.
MBAM and SAS are the current "rock stars" of the antispyware world. AdAware (BTW, your defs are pretty old) is, in my opinion, not worth the disk space nor resources it uses.
Must say I'm not a huge fan of SpywareTerminator. If you do elect to install it, I'd suggest opting out of the "WSG" (web security guard, which installs the Crawler toolbar) and also the Clam AV. Think twice before activating the HIPS, also, it can produce popups that the average user may not know how to correctly deal with.
MBAM and SAS are the current "rock stars" of the antispyware world. AdAware (BTW, your defs are pretty old) is, in my opinion, not worth the disk space nor resources it uses.
Thread Starter
Join Date: May 2002
Location: UK
Posts: 217
Likes: 0
Received 0 Likes
on
0 Posts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 132.com
127.0.0.1 132.com
127.0.0.1 toyota owners manual landcruiser tundra at 136136.net
127.0.0.1 136136.net
127.0.0.1 Öйú»¥Áª--ÓòÃûÉêÇë|ÓòÃû×¢²á|¿Õ¼äÉêÇë|ÐéÄâÖ÷»ú|Ö÷Ò³¿Õ¼ä,ÉϺ£¶¥¼¶ÍøÂç·þÎ ñÉÌ
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 Directsearchzone.com
There are hundreds of others that I cannot cut and paste onto here as too large, the list just goes on and on
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 132.com
127.0.0.1 132.com
127.0.0.1 toyota owners manual landcruiser tundra at 136136.net
127.0.0.1 136136.net
127.0.0.1 Öйú»¥Áª--ÓòÃûÉêÇë|ÓòÃû×¢²á|¿Õ¼äÉêÇë|ÐéÄâÖ÷»ú|Ö÷Ò³¿Õ¼ä,ÉϺ£¶¥¼¶ÍøÂç·þÎ ñÉÌ
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 Directsearchzone.com
There are hundreds of others that I cannot cut and paste onto here as too large, the list just goes on and on
Spoon PPRuNerist & Mad Inistrator
Start of entries inserted by Spybot - Search & Destroy
So far so good.
It then lools like AdAware is choking on something that Spybot has done to the hosts file - but since Spybot is benign, I would suspect that AdAware is just flagging a false positive.
It does look like the 12 entries might be like the
Öйú»¥Áª--ÓòÃûÉêÇë|ÓòÃû×¢²á|¿Õ¼äÉêÇë|ÐéÄâÖ÷»ú|Ö÷Ò³¿Õ¼ä,ÉϺ£¶ ¥¼¶ÍøÂç·þÎñÉÌ
I suggest you edit the file to remove any such corrupted? entries - especially if there are 12.
SD
SD
Join Date: May 2007
Location: Europe
Posts: 1,416
Likes: 0
Received 0 Likes
on
0 Posts
I hope that this is on thread....
I just got the following, and deleted it. I wouldn't be interested anyway, but I'm assuming that acting as requested will give me a nasty case of spyware, which Avast may or may not stop. (BTW I have corrupted the link by changing a few characters.)
Any experts to comment out there? Is it harmful?
info,
Антон StiXy Козлов has added you as a friend on the website VK.com
You can log in and view your friends` pages using your email and automatically created password: OAbVoEmv
VK.com is a website that helps dozens of millions of people find their old friends, share photos and events and always stay in touch.
To log in, please follow this link:
[URL="http://vkontakte.ru/login.php?#OAbVoEmv[/URL]
You can change your password in Settings.
Attention: If you ignore this invitation, your registration will not be activated.
Good luck!Best regards,
VK Administration
I just got the following, and deleted it. I wouldn't be interested anyway, but I'm assuming that acting as requested will give me a nasty case of spyware, which Avast may or may not stop. (BTW I have corrupted the link by changing a few characters.)
Any experts to comment out there? Is it harmful?
info,
Антон StiXy Козлов has added you as a friend on the website VK.com
You can log in and view your friends` pages using your email and automatically created password: OAbVoEmv
VK.com is a website that helps dozens of millions of people find their old friends, share photos and events and always stay in touch.
To log in, please follow this link:
[URL="http://vkontakte.ru/login.php?#OAbVoEmv[/URL]
You can change your password in Settings.
Attention: If you ignore this invitation, your registration will not be activated.
Good luck!Best regards,
VK Administration
Spoon PPRuNerist & Mad Inistrator
I took out some of the URL above to avoid disclosure of the actual email address to which it was sent, the business being presumably one with which Capot is associated in some way.
SD
SD
Capot,
Try doing a Google search for the name
and you will see it is a simple spam message. And no, it would be a good idea to not go to the site. I can't comment as to whether the site is likely to harbour malware, but there is probably a good chance it does.It would be a good idea to delete the message unopened.
As it stands you probably don't have a problem, just that your address has made it onto a spammers list somehow.
Try doing a Google search for the name
Антон StiXy Козлов
As it stands you probably don't have a problem, just that your address has made it onto a spammers list somehow.