Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

coolwebsearch infection - or not?


  • This topic is locked This topic is locked
9 replies to this topic

#1 auntie

auntie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 November 2004 - 01:28 PM

According to the free download version of XoftSpy (ParetoLogic) - diagnoses but will not fix - my computer is infected with coolwebsearch. CWshredder however does not detect it.

I have visited your forums, done the Hijackthis tutorial, etc.
I have performed all the actions you suggest using CWshredder, Spybot, AdAware, and have eliminated 3 out 6 'bugs' from the XoftSpy diagnosis.
When I rerun XoftSpy I still get this diagnosis:

1.
Vendor: CoolWebSearch
Type: Registry Value
Category: Malware
Object: software\microsoft\windows\currentversion\run\quicktime task
Danger: potentially dangerous

2.
Vendor: Troj/AnaFTP-01
Type: Registry Key
Category: Worm
Object: [E6FB5E20-DE35-11CF-9C87-00AA127ED]InProcServer32
Danger: Miner

3.
Vendor: Troj/AnaFTP-01
Type: File
Category: Worm
Object: c:\windows\rundll.exe
Danger: Miner

Is my computer really infected with CWS? I'm beginning to wonder especially since I don't seem to have any 'symptoms'. I'm attaching the Hijackthis log. Many thanks.

Logfile of HijackThis v1.98.2
Scan saved at 17.28.16, on 11/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\MGACTRL.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\WINDOWS\SYSTEM\EN4060PT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\ESET\NOD32KUI.EXE
C:\WINDOWS\WAVDRIVER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\PROGRAMMI\XOFTSPY\XOFTSPY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\DEBUG PROGS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Control Center] C:\Programmi\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Programmi\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Programmi\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [EN4060P TaskBar] C:\WINDOWS\SYSTEM\en4060pt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [DigiD] "C:\WINDOWS\DigitalSound.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [netcom] C:\WINDOWS\netcom.exe
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Programmi\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Programmi\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Office Startup.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Programmi\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: CAMEDIA Master.lnk = C:\Programmi\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

BC AdBot (Login to Remove)

 


#2 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 November 2004 - 02:47 PM

Hi there auntie,

It does not appear that you have CoolWebSearch.
XoftSpy is on the Rogue list, I strongly recommend you uninstall it:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

There are a few signs of infection in your log. Please run HJT again and place a check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [DigiD] "C:\WINDOWS\DigitalSound.exe"
O4 - HKLM\..\Run: [netcom] C:\WINDOWS\netcom.exe
O4 - HKLM\..\Run: [wavdriver] "C:\WINDOWS\wavdriver.exe"

Close any open browsers and windows and click "Fix Checked".

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Show hidden files/folders:
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Find and delete the following files:
C:\WINDOWS\languard.exe
C:\WINDOWS\DigitalSound.exe
C:\WINDOWS\netcom.exe
C:\WINDOWS\wavdriver.exe

Reboot as you normally would and post a new log.
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#3 auntie

auntie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 November 2004 - 03:34 PM

Thanks for the megafast reply!

Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode

Hmm.. I'm running a foreign language version of windows. A black and white screen comes up when I click F8, offering 6 options, loosely translated below

1. Normal
2. With Registry file (\BOOTLOG.TXT)
3. Provisional mode
4. Confirm step-by-step
5. Command prompts with network (?) support
6. Command prompts in provisional mode

Nothing that looks like safe mode to me. Any suggestions?

auntie

#4 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 November 2004 - 03:35 PM

3. Provisional Mode
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#5 auntie

auntie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 November 2004 - 04:17 AM

I'm missing something somewhere... I think you'll need to take me step-by-step
.

Show hidden files/folders:
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

So, I rebooted into safemode, my desktop came up with huge icons on it, some of them off the screen.
Where do I find the 'Hidden files and folders?' heading you mention in the quote above?

Sorry if I'm being dumb :thumbsup:

#6 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 November 2004 - 12:03 PM

Not being dumb, I should have explained more.

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the View menu and then click Folder Options.
4. After the new window appears select the View tab.
5. Scroll down until you see the Show all files radio button and select it.
6. Press the Apply button and then the OK button and close the My Computer window.
7. Now your computer is configured to show all hidden files.
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#7 auntie

auntie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 November 2004 - 03:10 PM

Mission accomplished - I hope.

languard.exe did not show up under hidden files. Found and deleted Digitalsound, netcom and wavdriver exe files successfully.

I've rerun Spybot since the 'clean up', and it keeps showing up a thing called DSO Exploit, which I keep fixing, but which continues to appear. :thumbsup: Anyway, here goes with the new HJT log. Clean bill of health, or still some work to do?

Many thanks,
auntie

Logfile of HijackThis v1.98.2
Scan saved at 21.07.49, on 12/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ESET\NOD32KRN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\MGACTRL.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\WINDOWS\SYSTEM\EN4060PT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMI\ESET\NOD32KUI.EXE
C:\PROGRAMMI\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAMMI\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DEBUG PROGS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Control Center] C:\Programmi\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [Matrox Color Control] C:\Programmi\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Diagnostic] C:\Programmi\Matrox MGA PowerDesk\diag\mgadiag.exe -s
O4 - HKLM\..\Run: [EN4060P TaskBar] C:\WINDOWS\SYSTEM\en4060pt.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Programmi\Eset\nod32krn.exe"
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Programmi\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Office Startup.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Programmi\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Programmi\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: CAMEDIA Master.lnk = C:\Programmi\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

#8 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 November 2004 - 11:37 PM

Hi there auntie,

Don't worry about DSO Exploit, it's a bug in Spybot that should be fixed with their next version.

Log looks clean :thumbsup:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Edited by mpfeif101, 12 November 2004 - 11:38 PM.

Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |

#9 auntie

auntie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 13 November 2004 - 05:40 PM

Hi mpfeif101

Great! Many thanks for your help and advice - I've learnt a load of new stuff in the past few days, and I'll definitely be browsing these forums on a regular basis.
Keep up the good work guys!
:thumbsup:

auntie

#10 mpfeif101

mpfeif101

    Spyware Sucks


  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 13 November 2004 - 07:20 PM

Thanks for the kind words, and your welcome.

If you need this topic reopened, please PM me or another mod.
Spyware Aid - A guide and more to spyware

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums | Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to mpfeif101 |




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users