Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie 6.0 Suddenly Generating Pop Up Screens


  • This topic is locked This topic is locked
9 replies to this topic

#1 Gatorboy1979

Gatorboy1979

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 March 2006 - 02:25 AM

Hello - I run XP Home edition and IE 6.0. The system was running fine using standard Norton Antivirus 2006, Zone Alarm Basic firewall, and SpyBot Search and Destroy. I do not have SP2 patch downloaded as it messed up my system back when it first came out - I do have SP1a and the other security patch updates. No issues at all with my system for 1.5 years.

This morning I noticed system running very slowly, generating Pop up screens (I had not had those in a while), and when I closed those pop ups my IE ceased to respond and had to be manually closed, taking me back to my main desktop. At times I would click on a site listed in my IE favorites folder and be switched instead to a gaming or porn site - again, when I closed that site the system became unresponsive.

I do notice that many of these pop ups are for a "winantiviruspro" site and an amaena.com software site. I get a pop up screen (very official looking) saying I may have been infected by the "blackworm" virus - I "x" out of it and it tries to take me to a software site. I also checked in at PC Pitstop to make sure my hardware was fine (it seemed within normal limits).

Suspecting that I had been "hijacked" or infected, I followed moderator Grinler's 9 step recommended program, cleaning out my temp files, running Spybot and Ad-aware SE (just some tracking cookies which I deleted), Bit defender and Panda software, McAfee AVERT Stinger, updating and running my Norton 2006 antivirus. All I came up with besides tracking cookies was a program called (if I recall properly - it's been a long day) Winfixer - which I did not knowingly load in and so removed using the software. No other virus infections or spyware came up from the scans.

I just completed all the precursor steps and ran HijackThis - The Notepad text is below - any information as to files I sould remove to improve performance and get rid of these undesired sites would be appreciated. Right now my IE is very haphazard and becomes unresponsive 50% of the time. I have read that switching to Firefox might solve the issue, but if this infection is within my program files I would still worry about it cropping up again.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 12:35:19 AM, on 3/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScreenMates\Cat.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\awtss.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\Cat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143324603514
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3718.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:19 AM

Posted 26 March 2006 - 07:25 AM

Hello and welcome.. Lets get started. :thumbsup:

1) Through -> Control Panel -> Add/Remove programs, uninstall the following entry if present:

ScreenMates

==

Next:

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract Avenger.exe to your desktop.
2. Copy all the text in bold contained in the quotebox below to a blank notepad file:

Files to delete:
C:\WINDOWS\System32\awtss.dll
C:\WINDOWS\System32\sstwa.ini
C:\WINDOWS\System32\sstwa.bak1
C:\WINDOWS\System32\sstwa.bak2
C:\WINDOWS\System32\sstwa.ini2
C:\WINDOWS\System32\sstwa.tmp

Folders to delete:
C:\Program Files\ScreenMates\


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to the notepad file into this window
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it briefly opens a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste all the contents of avenger.txt into your reply along with a fresh HJT log by using AddReply. :flowers:
Hi there, stranger!

#3 Gatorboy1979

Gatorboy1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 March 2006 - 09:43 AM

As requested:

ScreenMates did not show up on the "add/remove programs" list.

Contents of avenger.txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xopwsonx

*******************

Script file located at: \??\C:\WINDOWS\System32\rtuhlvxj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\awtss.dll deleted successfully.
File C:\WINDOWS\System32\sstwa.ini deleted successfully.
File C:\WINDOWS\System32\sstwa.bak1 deleted successfully.
File C:\WINDOWS\System32\sstwa.bak2 deleted successfully.
File C:\WINDOWS\System32\sstwa.ini2 deleted successfully.
File C:\WINDOWS\System32\sstwa.tmp deleted successfully.
Folder C:\Program Files\ScreenMates deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Contents of fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:53 AM, on 3/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\awtss.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\Cat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143324603514
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax3718.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O17 - HKLM\System\CS1\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O17 - HKLM\System\CS2\Services\Tcpip\..\{35B42FC4-03C3-4A91-A958-2C23491FEA77}: NameServer = 204.127.203.135,216.148.225.135
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:19 AM

Posted 26 March 2006 - 10:28 AM

Hi, run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\awtss.dll (file missing)
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\Cat.exe
O20 - Winlogon Notify: awtss - C:\WINDOWS\System32\awtss.dll (file missing)


Close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :thumbsup:

Hi there, stranger!

#5 Gatorboy1979

Gatorboy1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 March 2006 - 12:49 PM

A quick question - as of right now there is still a read only file folder (containing 1 file and no folders and 4KB in size) under the Docs & Settings\Start Menu\Programs\ScreenMates pathway. It contains the shortcut to the "Cat walking accross the monitor screen" program - it used to run at start up and now does not. I assume that program was removed by the Avenger program when you recommended removing the Program Files\ScreenMates folder - should I remove this shortcut file as well, since it does not lead anywhere?

As requested, after removing the recommended objects via HijackThis and then running ActiveScan, here are the ActiveScan report results. I see cookies, quarantined cookies, and one Adware BHO at the bottom of the list. I recognize some of the cookie names from when our IE was getting all those pop-ups. Is the next step some improved anti-spy software? I currently use Spybot S&D, Yahoo Anti-Spy, and recently added two new programs - AD Aware SE Personal and SpywareBlaster.



ActiveScan Report results:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dana\Cookies\dana@ad.yieldmanager[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dana\Cookies\dana@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dana\Cookies\dana@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dana\Cookies\dana@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dana\Cookies\dana@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dana\Cookies\dana@clickbank[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dana\Cookies\dana@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Dana\Cookies\dana@go[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Dana\Cookies\dana@microsofteup.112.2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dana\Cookies\dana@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Dana\Cookies\dana@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dana\Cookies\dana@target[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Dana\Cookies\dana@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dana\Cookies\dana@www.burstbeacon[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.zedo.com/]
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.www.web-stat.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.target.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.rightmedia.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.overture.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.did-it.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.com.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.go.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dana\Application Data\Mozilla\Firefox\Profiles\kya68seu.default\cookies.txt[]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dana\Cookies\dana@ad.yieldmanager[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Dana\Cookies\dana@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Dana\Cookies\dana@apmebf[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dana\Cookies\dana@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dana\Cookies\dana@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Dana\Cookies\dana@clickbank[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dana\Cookies\dana@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Dana\Cookies\dana@go[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Dana\Cookies\dana@microsofteup.112.2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dana\Cookies\dana@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Dana\Cookies\dana@stats1.reliablestats[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Dana\Cookies\dana@target[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Dana\Cookies\dana@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dana\Cookies\dana@www.burstbeacon[1].txt
Adware:Adware/BHO Not disinfected C:\Documents and Settings\Dana\Local Settings\Temporary Internet Files\Content.IE5\09QR4D63\w[1].php
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp
Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp
Spyware:Cookie/Bilbo.counted Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B3.tmp
Spyware:Cookie/Gator Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp
Spyware:Cookie/Atwola Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp
Spyware:Cookie/Dbbsrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp
Spyware:Cookie/SpyLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq72.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq74.tmp
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp
Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp
Adware:Adware/BHO Not disinfected C:\WINDOWS\system32\ssttq.dll

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:19 AM

Posted 26 March 2006 - 12:58 PM

Yes, please do remove it. :thumbsup:

Please also empty your Yahoo!'s quarantine.

==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\ssttq.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==

Let me know how's the system running now. :flowers:
Hi there, stranger!

#7 Gatorboy1979

Gatorboy1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 March 2006 - 01:49 PM

Hello,

I just went and ran some diagnostics at the PCPitstop site - things appear to be back to normal... download speed has increased ~8x and no popups or non-responsive IE. I cannot thank you enough for walking me through this process!! This forum will, in the future, be visited often so I may continue to learn (and hopefully not because I have another significant issue).

A few last questions:

The programs/links I have downloaded onto my system - HijackThis, Avenger, Panda's ActiveScan, Killbox, and ATF Cleaner - would you recommend that I keep them "stored away" in case of a future need? I can see using ActiveScan and ATF Cleaner on a regular basis, and also running HijackThis if I once again have this type of pop-up/unresponsive IE problem, but I am not savvy enough with the other applications to use them with confidence (my first goal is to do no harm!). I would instead contact this forum again.

Based on your replies, my perception is that the ScreenMates program (which appeared to run at startup even before my Zone AlarmFirewall and Norton Anti-virius were up) may have been the avenue for the various infection and hijacking - the infection entered my system that way. I am also presuming that the WINDOWS\SYSTEM32\ssttq.dll was the location of this problem file. Am I correct in these perceptions?

Is there any other behavior (such as not using these "run at start up" programs) or software that you might suggest to minimize the chance of this occuring in the future? Should I increase the default security settings (cookies, java, script) on my IE set up?

ATF cleaner and ActiveScan appear to have "caught" items that were not captured by my other anti-spyware and anti-virus software - is my perception correct that these items might be a bit more advanced compared to what I am using now, or did this infection enter my system through another means independant of the quality of my software?

Again, many thanks!

#8 Gatorboy1979

Gatorboy1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 26 March 2006 - 04:47 PM

One more quick question. The deleted Windows\System32 files and the Program Files\ScreenMates folder that are currently in c:\avenger\backup.zip - should I open that file (unzip it) and then go in and delete these files, or just delete the avenger\backup.zip directly without opening?

Deleting the backup.zip directly without opening seems safer to me.

Thanks again...

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:19 AM

Posted 26 March 2006 - 11:40 PM

ATF cleaner and ActiveScan appear to have "caught" items that were not captured by my other anti-spyware and anti-virus software - is my perception correct that these items might be a bit more advanced compared to what I am using now, or did this infection enter my system through another means independant of the quality of my software?

I'd suggest keeping ATF Cleaner for temp files/cookies/java cache etc..

You don't need Panda scan if you have an full-time anti-virus software. Do go ahead and delete Avenger's backup.zip..

I am also presuming that the WINDOWS\SYSTEM32\ssttq.dll was the location of this problem file.

Yes, it also was an problem file.

You don't need the other programs, go ahead and uninstall them. Glad I was able to help :thumbsup:

==

First priority: Install Service Pack 2 by visiting WindowsUpdates. After you have installed it, reboot, download & install ALL the available critical updates. Then some more preventive maintenance:

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)
Hi there, stranger!

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:19 AM

Posted 31 March 2006 - 10:15 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member with the address of this thread. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users