Hi
I'm sure this is a most often asked question here. But this is a bit different.
Now this is what is happening, Since the last 2-3 months whenever I go online(through dialup)after about 5-10 mins, I see a a red install like box come which dissappers very rapidly and then this seperate IE page comes up (not a popup window, a full page), which is full of XXX rated pics and links. I can close this page and it goes away but then it will come up again after every 5-10 mins.
I have seen that the first couple of pages always point out to the same IP address (not a domain name) like http://216.131.84.28/tout.
Now these are the things I have done about it.
1) Scanned the whole hard drive with Spybot S&D and Adaware. They did find some things and removed them but then the page still comes up. An interesting thing thats happening now is that after scanning about 50,000 odd files, adaware locks up and I have to close out of it. So I removed and installed the new version (SE) with updates but that also does the same thing...doesn't happen with spybot though.
2) I have also used CWsheredder but no go.
3) Went into IE properties and changed everthing to default settings. Also disabled active x controls and third party browser extensions. No go.
4) Removed all junk from the hard drive like temp files, temp internet files, cookies, history etc. no go.
5) Also tried system restore in despeartion but again no go.
So if anyone can help me get rid of this annoyance (I have contemplated formatting the hard drive!!), I'll be most thankful. Just that its a big annoyance and its making me go slightly crazy.
Thanks
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Browser Hijacking/Spyware/Adware/M
Full removal and Prevention instructions are available on my website,
http://www.petenetlive.com
Please don't "Gum up" the TA's here by posting Hijack This Logs
go here and have it analysed.
http://www.hijackthis.de/i
The EE Official Link to info is,
http:Q_20975384.html#10973
constantly filling th EE PAQ with hijack this logfiles bloats the EE PAQ and provides little or no help to people searching the PAQ
if the poster can analise his/her own log, then
a they will know what to do in future and will save points
b will be happy in the knowledge thry fixed it themselves and can get a refund.
Pete
that can be ur thought.... i think that we are sitting here to do this..... we can share our knowledge and experience with them and can help them with that..... and giving a site can cure the problem for once or twice..... but what is the guarantee that this particualr site will be there always and will not get down.... and what if it will close ??
sites are not fore ever,,, but knowledge is fore ever and that's what i want to use with hijackthis logs :)
that will also tell him to Fix the lines.... actaully i dont trust that site...... i tried it with my LOG when i first discoverred that site... and it Labelled my DSL modem software as NASTY..... lol i cannot trust it anymore.... it can label anything as NASTY if its unknown to it..... atleast i dont do it :)
raghunaj,
Please follow Pete's suggestion at http:#11985323
Just posting a hijackthis log without even scanning with either Ad-aware or Spybot S&D will give you a very messy hijackthislog which is terrible to search through, and is in no-way even close to a fix-all. A lot will be left on your system when following only SheharyaarSaahils advice.
Thanks,
LucF
>>it labelled my DSL software as nasty
possible but not as bizarre as telling a poster to disable their firewall
http://www.experts-exchang
it was not his firewall..... read his comment where he said that he never Installed any Sygate firewall >> http://www.experts-exchang
more over he didn't have any C:\Program Files\Sygate type of thingy on his system,,,,,,, read the whole question Pete.... even after removing those lines,,,,, no harm was made to his system...... those were all unwanted entries and were not at all related to any kind of firewall....... ur behaviour is disappointing me today =\
Im sorry my behaviour is dissapointing you - I have spent the last two years calling EE my home Ive worked to keep it the outstanding site it was when I found it.
this site survives as a business entity on the quality of its PAQ - its the site most marketable quality - filling it with dirge, debases the quality of this site.
My GOD..... is it the first time we are asking for LOG files...... we are doing it from quite a long time.... and only becoz of another site has put a so called log file analysis which can label anything as nasty..... we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u...... come on guysssss, Cant we deal with LOG files..... we dont need an Extra or Automatic site..... EE's community is enough for us !!
ok wait a min.....whats going on guys!!???
I followed PeteLong's suggestion and removed couple of entries.....I'm no total greenhorn and can understand a few things. The log analysis sytem on that website is probably setup to scan common things but its helpful in scanning those registries that I have no clue about but still am suspicious. So far I haven't seen new windows coming up, so good!!
but this problem may return after I reboot my box. So will get back to you after rebooting....and no it won't take days!! ;)
This is what I thought was nasty and removed.
O17 - HKLM\System\CCS\Services\T
O16 - DPF: {62475759-9E84-458E-A1AB-5
O4 - HKLM\..\Run: [SysInit] C:/Program Files/Common Files/svchost.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
LucF.... how many times i have to ask u to keep ur thoughts abt me to urself..... i dont want ur opinions abt me..... plzz for GOD sake.... leave me ALONE !!!
>> well sorry squire but your behaviour has been dissapointing me for months.
hmmmmmmm so one more on the list...... never mind.... i will take this issue as closed coz now i know the reason of all the above comments..... still good luck to u from me Pete !!!
yes, that 04 line there is a nasty one:
http://www.sophos.com/viru
Please also check your favorites, some links could have been added by that trojan.
LucF
>>My GOD..... is it the first time we are asking for LOG files......
no this is probably the thirtyeth log file you have asked for today
>>we are doing it from quite a long time....
We? show me one post in the nearly 17 thousand posts Ive made where I ask to see someones logfile
in fact see my comments on my website
--------------------------
OK If the above software didn't solve the problem then your next step is to download the following piece of software.
Run this little doohickey, and it will list registry entries and running processes that it considers suspicious (NOTE a lot of innocent entries will be listed). OK now you have a list of what's running you need to analyzed it (Gulp!) Don't panic the good thing is, if you haven't got a clue, DONT go posting your hijack list to a forum like EE It just gums up the message boards go here and have it analysed for you CLICK HERE
To Learn how to analyse the logs for yourself CLICK HERE
--------------------------
>>and only becoz of another site has put a so called log file analysis which can label anything as nasty.....
Do you presume to offer the opinion that YOU can't label something as NASTY? If it were me asking the question I think I'd be more respondant to Luc's approach of dont try to do things manually.
>>we are asking users to not to use EE's experts' knowledge or help but instead goto blah blah site and that will do the job for u......
in my first post I believe that I posted the EE official link to information regarding hijacking correct me if I am in error
>>come on guysssss, Cant we deal with LOG files....
Yes, In fact im willing to be i pretty much know my way round the registry as well if not better than any expert on this site - the fact of the matter remains HJ is as the publisher admits - the tool to use when nothing else works.
your approach is no different to looking at engine oil to cure all automotive problems.
>>we dont need an Extra or Automatic site..... EE's community is enough for us !!
we need it more than looking at thousands of HJ log files in our PAQ, and if as you say EE is enough for you why are you not posting the link to EE's official information page.
you sir are a buffoon! I would not trust you with the health of my toaster.
hey all ,
It was not a pleasure to see all the comments here before posting my suggestion on this .
Bottomline is I would agree with what Petelong has suggested. First let the site determine what all the bad entries, let the user delete those and will reduce half of our work. To start with we have to trust websites like that . Nobody has said so far that the site is bad.
Secondly , it has become new (may be i should say default) for all questions in almost all the major TA to see a Hijackthis log. Personally , I donot have that much time to see through every line in hijackthis and say fix this etc. Why cant the user do that when there is resource available.
Thirdly , there are already questions coming up in EE where the user says
" Well I posted my hijackthis log last time and fixed my issue but now again it has come back". I am not saying the expert who helped in fixing the issue didnot do a good job , it is because Hijackthis is always not a perfect solution
Business Accounts
Answer for Membership
by: SheharyaarSaahilPosted on 2004-09-05 at 12:11:27ID: 11985321
Hello raghunaj =)
Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.c