E-Liam
17th Jan 2004, 03:51
Hi there,
You'll see a thread starter on the list called noblues, and he linked to you from TechSupportForums (http://www.techsupportforum.com/index.php?s=), one of the sites along with TechSupportGuy (http://forums.techguy.org/index.php?s=) where I help deal with Internet Security.
Just thought I'd register, introduce myself, and pass on some advice if I may.
For general cleanups, I'd recommend Adaware and Spybot. This is my C+P of where to get them and how to configure them, if it helps.
You can download AdAware 6 181 from here (http://www.lavasoftusa.com/support/download/).
Before you scan with AdAware, check for updates of the reference file by using the "web update". Then ........
Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan". Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favourites for banned URL" and "Scan my host-files". Then.........
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognised processes during scanning". Then........"Cleaning engine" and uncheck "Automatically try to unregister objects prior to deletion" and check "Let windows remove files in use at next reboot" Then......
Click "proceed" to save your settings.
Now to scan it’s just to click the "Scan" button.
When scan is finished, mark everything for removal and get rid of it.
You can download Spybot - Search & Destroy, from here (www.tomcoyote.org/spybot): if you haven't already got the program.
Now press Settings, and Settings again. Go to the Webupdate section, and check "Display also available beta versions".
Now press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.
If you have a homepage hijacker, then there's a chance that it's CoolWebShredder, especially if you get redirects to porn pages. If this is the case go here (http://www.merijn.org/files/cwshredder.zip) and download, unzip then run CoolWebShredder.
CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here (http://v4.windowsupdate.microsoft.com/en/default.asp), click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.
You could also have a virus or two. To check, go here (http://housecall.trendmicro.com/housecall/start_corp.asp) and run the online scan. Set to Autoclean when prompted.
If you've ever been on a tech forum, you'll see that we use a utility called Hijack This (http://www.merijn.org/files/hijackthis.zip) to identify scumware.
It basically gives us a pretty good idea of what's going on inside your machine. The problem with using HJT is that you need a pretty good idea of what you're looking at, as fixing entries incorrectly could result in a screwed up machine.
Do all of the above, and if you still have problems, then I'd be happy to check out your HJT log.
Download 'Hijack This!' from here (http://www.merijn.org/files/hijackthis.zip), unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.
I can't promise to have the time to do more than a few, but I'll do as many as I can.
Hope that lot helps.
Cheers
Liam
You'll see a thread starter on the list called noblues, and he linked to you from TechSupportForums (http://www.techsupportforum.com/index.php?s=), one of the sites along with TechSupportGuy (http://forums.techguy.org/index.php?s=) where I help deal with Internet Security.
Just thought I'd register, introduce myself, and pass on some advice if I may.
For general cleanups, I'd recommend Adaware and Spybot. This is my C+P of where to get them and how to configure them, if it helps.
You can download AdAware 6 181 from here (http://www.lavasoftusa.com/support/download/).
Before you scan with AdAware, check for updates of the reference file by using the "web update". Then ........
Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan". Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favourites for banned URL" and "Scan my host-files". Then.........
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognised processes during scanning". Then........"Cleaning engine" and uncheck "Automatically try to unregister objects prior to deletion" and check "Let windows remove files in use at next reboot" Then......
Click "proceed" to save your settings.
Now to scan it’s just to click the "Scan" button.
When scan is finished, mark everything for removal and get rid of it.
You can download Spybot - Search & Destroy, from here (www.tomcoyote.org/spybot): if you haven't already got the program.
Now press Settings, and Settings again. Go to the Webupdate section, and check "Display also available beta versions".
Now press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all it finds marked RED.
If you have a homepage hijacker, then there's a chance that it's CoolWebShredder, especially if you get redirects to porn pages. If this is the case go here (http://www.merijn.org/files/cwshredder.zip) and download, unzip then run CoolWebShredder.
CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here (http://v4.windowsupdate.microsoft.com/en/default.asp), click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.
You could also have a virus or two. To check, go here (http://housecall.trendmicro.com/housecall/start_corp.asp) and run the online scan. Set to Autoclean when prompted.
If you've ever been on a tech forum, you'll see that we use a utility called Hijack This (http://www.merijn.org/files/hijackthis.zip) to identify scumware.
It basically gives us a pretty good idea of what's going on inside your machine. The problem with using HJT is that you need a pretty good idea of what you're looking at, as fixing entries incorrectly could result in a screwed up machine.
Do all of the above, and if you still have problems, then I'd be happy to check out your HJT log.
Download 'Hijack This!' from here (http://www.merijn.org/files/hijackthis.zip), unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. Don’t fix anything yourself yet, as a lot of the stuff on that list will be harmless or required.
I can't promise to have the time to do more than a few, but I'll do as many as I can.
Hope that lot helps.
Cheers
Liam