Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP cannot get rid of Trojan.startpage


  • Please log in to reply
11 replies to this topic

#1 crazykats4

crazykats4

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 28 January 2005 - 10:06 PM

Hello.

Please help. I can't seem to get rid a trojan on my pc called trojan.startpage. It is taking over my internet capabilities and slowing down my pc. Norton will not detect, fix or delete it. included below is my hijackthis log. Thank you. crazykats4@adelphia.net

ThanX a bunch,
Kathy



Logfile of HijackThis v1.99.0
Scan saved at 9:39:31 PM, on 1/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CFGWIZ.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: QPHlprObj Class - {EFD440C0-0943-11d3-9D65-00A0CC22CBC4} - C:\WINDOWS\QPHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {19AC6009-B44B-06C4-8753-60550DA67E48} - C:\WINDOWS\SYSTEM\HUPNPJ.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {7AFDEA50-DD59-4FCB-8169-86B92C9DA483} - C:\WINDOWS\SYSTEM\MHJIMH.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [OEMCLEANUP] C:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb00141US
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/234c92aefb6dbf3c8c01/...ip/RdxIE601.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter: text/html - {51517254-272E-412F-923D-3D97295E36F6} - C:\WINDOWS\SYSTEM\MHJIMH.DLL
O18 - Filter: text/plain - {51517254-272E-412F-923D-3D97295E36F6} - C:\WINDOWS\SYSTEM\MHJIMH.DLL

BC AdBot (Login to Remove)

 


m

#2 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 28 January 2005 - 11:38 PM

Hello crazykats4 and Welcome! :thumbsup:
Sorry you're having malware trouble.

1.) First, we must move your Hijackthis.exe tool into its own folder and place it at the root of the C:\drive. Double-click on My Computer, double on your Hard Drive (usually the C:\drive), right-click and select New, then select Folder, name this new folder Hijackthis. Now cut and paste the hijackthis.exe tool into the Hijackthis folder. This is a good parking place for this program.

2.) Please make sure that you can view all hidden files. Instructions on how to do this can be found here

3.) Please download DLLCompare from here:
DLLCompare

4.) After the download is complete, run the program and click on the Run Locate.com button. When that has completed, click on the Compare button. When that has completed, click on the Make Log button. Please post the contents of that log in your next reply to this post.

Edited by SirJon, 28 January 2005 - 11:41 PM.


#3 crazykats4

crazykats4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 January 2005 - 05:37 PM

Hi SirJon,

Thank you so much for your prompt reply. The following was all I got after running DLLCompare.

ThanX,
Kathy

* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found :thumbsup:"
________________________________________________

994 items found: 994 files, 0 directories.
Total of file sizes: 178,332,542 bytes 170.07 M

--------------------End log---------------------

#4 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 29 January 2005 - 06:58 PM

OOPS! :thumbsup:
My apologies, you have Windows 98 not XP. Even though the tool you used will work on 98, I want to run this other tool just to make sure we're not dealing with a hidden DLL file.

Please download: "StartDreck", from here

Unzip to its own folder, name it StartDreck, double-click on StartDreck.exe and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Now click the Save button to save the log.

Copy and Paste the contents of that log here for review.

Edited by SirJon, 29 January 2005 - 07:01 PM.


#5 crazykats4

crazykats4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 January 2005 - 08:14 PM

No problem SirJon! I certainly appreciate your help. The StartDreck log is below. ThanX, Kathy

StartDreck (build 2.1.7 public stable) - 2005-01-29 @ 20:12:09 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Default at COMPUTER

舞egistry
舞un Keys
翟urrent User
舞un
*Weather=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
舞unOnce
聞efault User
舞un
*Weather=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
舞unOnce
腿ocal Machine
舞un
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*EM_EXEC=c:\mouse\system\em_exec.exe
*CPQEASYACC=C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
*EACLEAN=C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
*OEMCLEANUP=C:\windows\OPTIONS\oemreset.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
*mdac_runonce=C:\WINDOWS\SYSTEM\runonce.exe
*SISERVICE.exe="C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
*Symantec Core LC=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*NAV CfgWiz=C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
*Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
舞unOnce
舞unServices
*ConfigServices=
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
*TrueVector=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
*ScriptBlocking="C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
*ccEvtMgr="C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
*ccSetMgr="C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
+FFEFD521=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFFAF29=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF91B9=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF89F1=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE2AB5=C:\WINDOWS\SYSTEM\MSTASK.EXE
+FFFE1E05=C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
+FFFED3F1=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
+FFFEDED5=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
+FFFEC921=C:\WINDOWS\EXPLORER.EXE
+FFFC5811=C:\WINDOWS\TASKMON.EXE
+FFFD4429=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFC728D=C:\MOUSE\SYSTEM\EM_EXEC.EXE
+FFFCA0CD=C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
+FFFB55F5=C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
+FFFB5F2D=C:\WINDOWS\SYSTEM\STIMON.EXE
+FFFB39A5=C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
+FFFBE63D=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
+FFFBCF65=C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
+FFFA6E09=C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
+FFFA0DB1=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFAA6A1=C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
+FFF96CAD=C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
+FFF92679=C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE
+FFF98995=C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
+FFF8E6D5=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FD180785=C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
+FD16E641=C:\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#6 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 29 January 2005 - 10:03 PM

I don't see anything rogue in that log, good deal. Let's move on. :thumbsup:

Please TAKE YOUR TIME and follow ALL these steps:

(You might want to print these instructions out ahead of time)

Step 1:
Please enable all hidden files and folders in Windows. For instructions click here

Step 2:
Download CWShredder 2.1 and save it to the desktop.

Please do not run a scan with the CWShredder utility yet.

Step 3:
Download the latest version of Ad-Aware SE (Ad-Aware SE Build 1.05) Please configure the program by following these instruction here. Before scanning click on "Check for updates now" to make sure you have the latest reference file.

Please do not run a scan with the Ad-Aware SE utility yet.

Step 4:
Download and install CCleaner here.

Please do not run a scan with CCleaner utility yet.

Step 5:
Download the eScan Antivirus Toolkit here. Save it to the desktop. Before running the program, we need to update the signature files first.

Step 6:
Updating the eScan Antivirus Toolkit with the latest files:
1.) Double-click on the mwav.exe file saved to the desktop; it will extract the program files to new folder called Kaspersky at the root of the C:\drive in Windows, C:\Kaspersky.
2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file.
3.) Double-clicking on the kavupd.exe file open the command prompt (DOS screen) and update the program with all the latest signature files. By default, the update process creates a folder on the root of the C:\drive called Downloads. This is where the updated files are placed.
4.) After the update is complete, copy and paste these new updated signature files (from the C:\Downloads folder) to the C:\Kaspersky folder where eScan originally extracted the antivirus program files.

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

NOTE: Today, Kaspersky has been having trouble with their servers. It might be a long, slow download to get the most recent database files, but be patient, you'll need this updated database in order to complete a thorough scan.

Step 7:
Please reboot into Safe Mode. For instructions click here

Step 8:
From Safe Mode, please close ALL open windows AND browsers, open HijackThis and put checks next to all the following, then click "Fix Checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {19AC6009-B44B-06C4-8753-60550DA67E48} - C:\WINDOWS\SYSTEM\HUPNPJ.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3.BIN\MWSSRCAS.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O2 - BHO: (no name) - {7AFDEA50-DD59-4FCB-8169-86B92C9DA483} - C:\WINDOWS\SYSTEM\MHJIMH.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSBAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb00141US
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/234c92aefb6dbf3c8c01/...ip/RdxIE601.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O18 - Filter: text/html - {51517254-272E-412F-923D-3D97295E36F6} - C:\WINDOWS\SYSTEM\MHJIMH.DLL
O18 - Filter: text/plain - {51517254-272E-412F-923D-3D97295E36F6} - C:\WINDOWS\SYSTEM\MHJIMH.DLL


This is not malware, but an unneeded resource hog; it is safe to delete in HJT.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Step 9:
Please delete the following files and/or folders:
Go to Start, Search, For Files or Folders, and type in each file or folder name.

C:\WINDOWS\SYSTEM\MHJIMH.DLL <---Delete this file
C:\PROGRAM FILES\MYWEBSEARCH <---Delete this folder
C:\PROGRAM FILES\MYSEARCH <---Delete this folder

Step 10:
From Safe Mode, double-click on the CWShredder.exe program you downloaded earlier to run the program. By default when opening CWShredder 2.1, it loads the program in the Program Files folder and places a shortcut on the desktop for future use. Now, click the 'Fix->' button (not 'Scan Only') and let it run completely.

Step 11:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:
1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.
2.) Double-click on the mwavscan.com file; this will open the eScan program.
3.) With the eScan interface on your desktop, make sure that the boxes under Scan Option, Memory, Registry, Startup Folders, System Folders, Services, are checked.
4.) Check the Drive box, this will create a another Drive box below it, check this second Drive box as well, now a large window across from the second Drive box appears. In this window use the drop-down arrow and choose the drive letter of your hard drive, usually C:\.
5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.
6.) Click the Scan Clean (or Scan) button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed.

Step 12:
From Safe Mode, run the Ad-Aware SE program you downloaded and configured earlier. Let it scan the hard drive and delete all entries it finds. Run this program twice!

Step 13:
From Safe Mode, open CCleaner, click on Options, Settings, uncheck the box "Only delete files in Windows Temp folders older than 48 hours", click OK. Using the default settings, click Run Cleaner and let it scan for all files and folders. (You'll see the results in the large Progress window.) Click Exit and reboot the PC. Now all the temp files and folders are clean, even your index.dat files are gone.

Step 14:
Copy the contents of the Quote Box to Notepad. Name the file as O18fix.reg. Change the Save as Type to All Files, Save this file on the desktop. Please DO NOT include the word QUOTE when saving the file.

REGEDIT4

[-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/html]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/plain]


Then double-click on the O18fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Step 15:
Reboot PC back into Normal Mode (Windows), open HijackThis, click "Do a system scan and save a logfile", copy and paste the contents of the new logfile here for review.

Edited by SirJon, 29 January 2005 - 11:34 PM.


#7 crazykats4

crazykats4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 29 January 2005 - 11:15 PM

Hi! Again, thank you for your prompt response. Wow, it seems that I've got a lot of work to do...LOL! But if it gets me out of this mess, I will be so happy!! I have downloaded all of the programs needed but I have Windows 98 and cannot complete steps 1 or 3. Also, when I tried to execute the microsoftantispywareinstall, it wasn't for Win 98 either & wouldn't let me install. Is there another program I can use in its place?

ThanX again!
Kathy

#8 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 29 January 2005 - 11:39 PM

Thanks, as you can see my instructions are canned and bias towards 2000 and XP. :thumbsup:
You can't use Microsoft Antispyware either. It'll only work on NT versions of Windows. :trumpet:

At least there are fewer steps now. :flowers:

Edited by SirJon, 29 January 2005 - 11:46 PM.


#9 crazykats4

crazykats4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 January 2005 - 04:42 PM

Hi Sirjon!

Well, so far it looks really promising. YAY!!! I don't see any symptoms so far! :thumbsup: THANK YOU!!!!! Here is the current HiJackThis log report:

Logfile of HijackThis v1.99.0
Scan saved at 4:38:15 PM, on 1/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISPAMFILTERENGINE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SIMAILPROXYSERVER.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: QPHlprObj Class - {EFD440C0-0943-11d3-9D65-00A0CC22CBC4} - C:\WINDOWS\QPHELPER.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SISERVICE.exe] "C:\PROGRAM FILES\SUNBELT SOFTWARE\IHATESPAM\SISERVICE.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: AltaVista Home - http://jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - http://jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate this Web Page - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate Selection - http://jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: (no name) - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra 'Tools' menuitem: &AltaVista Home - {06FE5D00-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/linksearch (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

#10 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 30 January 2005 - 05:53 PM

Good Work!
Congratulations! Your log is clean. :thumbsup:

I didn't have you uninstall Weatherbug, I'll leave it up to you. However this program has been associated with spyware in the past and I am sure it was responsible for MyWebSearch being installed on your PC. There are alternatives out there, you might try WeatherWatcher here. It's a nice little utility that gets its information from the Weather Channel.

#11 crazykats4

crazykats4
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 January 2005 - 07:39 PM

Thank you, Thank you, Thank you!

YAY!!!! :thumbsup: I am so thrilled! It didn't even take long and was easy to do! I want to thank you so much for your time, effort and diligence! It is much appreciated! :flowers: This is an awesome website! ThanX again and take care!

Kathy

#12 SirJon

SirJon

    Malware Prevention


  • Malware Response Team
  • 230 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 30 January 2005 - 08:29 PM

A few friendly :flowers: tips to tighten security:

1.) Keep your Norton Antivirus and all your spyware utilities up to date daily and run a hard drive scan with them once a week.

2.) STOP using Internet Explorer. Malware has gotten smarter these days and has the ability to change your IE security settings behind your back. Download and install Mozilla Firefox here. Firefox weathers the storm of spyware better than IE because it is not integrated into Windows and does not use Active X controls or Browser Helper Objects (BHOs). (These are known targets of malware writers) If you’ve got a few dollars to spare, purchase Opera, you won’t be sorry.

3.) Be prudent when installing freeware programs. Most of them come bundled with other programs installed behind your back despite reading their license agreement prior to the install.

4.) Keep your ZoneAlarm firewall up to date and configured properly. For proper configuration click here. Configured correctly, this program acts as a security gate and can help prevent the penetration of malware onto your system and prevent malware already present on your system from phoning home.

5.) Always make sure you have the latest Windows critical updates installed on your PC. Go to the Start menu, and click on 'Windows Update', it will take you to the Microsoft Windows Update site. If there are new critical updates to install, download them immediately. Once the installation process has completed, reboot your computer.

6.) Are you wondering how you got infected in the first place? For information click here.

Glad I could help you Kathy, Good Luck. :thumbsup:

Edited by SirJon, 30 January 2005 - 08:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users