Question

IE not opening with 'about:blank' or any other settings i make + spyware

Asked by: Adonis24

Hi,

I am working with windows XP OS.  Currently IE does not opens with the home page i set.  Instead it opens with "search for.." and lists various categories to locate from websites.
*  Also a pop up windows opens up with the message 'spyware detected' and gives the IP address when iam connected to the internet.

* IE takes nearly 15 - 20 seconds to open up.

During the day when i start the computer for the first time, the desktop items (mydocuments/mycomputer/recyclebin/nortonantivirus etc,.) does not gets opened up immediately when i double click.  Instead a window opens up with the title "Network Connections" with the message "You [or a program] have requested  information from directx.ak47.be" and which connections do you want to use?  When i cancel it again a window opens up with the message "You [or a program] have requested  information from online.refer.cn".  It repeats 2 more times (i.e totally it asks 4 times ) before the particular item gets opened up.

In the Norton Antivirus Log Viewer section the following virus Alert had been reported.

Feature      :  Script Blocking
Virus Name :  Suspicious Script
Action Taken:  Blocked
Item Type  :  Script
Target    :  N/A
Suspicious Action: FileSystemObject : GetSpecialFolder

I want to restore my PC to its original working condition.  Need help.


This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2004-06-26 at 16:01:33ID21039278
Topic

Anti-Virus Applications

Participating Experts
5
Points
200
Comments
34

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Spyware?
    Hi, I have a Laptop that keeps coming up with what looks like a spyware virus. I have used spybot to try and remove but with no joy. Have any of you encountered this error message before??? You ( or a program ) have requested information from Ausgipiceclt.us.dell.com and th...
  2. spyware
    i have spyware that just wont go away!! .. I've used spybot .. ad-aware .. it detects it but it keeps coming back ... i've changed options in msconfig/starup.. the offending object is DSO exploit? IE6 is opening up new windows but because I've installed spyware blaster it's n...
  3. Problems with spyware - Norton
    I have a Toshiba Satellite 2805 which has become infected with some nasty spyware. What is most annoying about this is I was "protected" with Norton antivirus autoprotect at the time. It would seem the spyware has hijacked my Internet Explorer. It multiplies to the ...
  4. SPYWARE
    SPYWARE DETECTED OHPE 4.12 23 HOW TO A GET RID OF THIS

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: wulliecPosted on 2004-06-26 at 16:33:33ID: 11407840

Disable system restore then run CWshredder

 http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

After fixing all, reboot the machine and check if this fixed your problem.. Worked for me.

Good Luck

 

by: securitywonksPosted on 2004-06-26 at 20:07:21ID: 11408411

I feel, the first step you need to do is to scan your system with the following Online AV Scanners:

Panda:  http://www.pandasoftware.com/activescan/
Bitdefender:  http://www.bitdefender.com/scan/licence.php

Then, Download HijackThis tool from :

Official Site:  http://www.spywareinfo.com/~merijn/downloads.html

Mirror:  http://hijackthis.securitywonks.net

Then, You need to put HijackThis into its own folder. It makes backups and they need to be kept all in one place.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

1) Click SCAN button to scan your system with Hijack This (HJT) Tool
2)Click SAVE LOG button to save the HJT log
3)Copy and Paste the contents fo the Hijackthis (HJT) log file and paste that here, so we can analyse and tell you what to do & How to remove that Spyware/Adwares
---------

then Scan your system with the following anti-spyware tools:

Spybot:  http://spybot.securitywonks.net

Bazooka:  http://bazooka.securitywonks.net


Post your HJT log and also tell us how your system works now.




 

by: LoboPosted on 2004-06-26 at 21:14:51ID: 11408550

Hi Adonis,

In addition to the previous posts. It seems you have two different problems: a browser hijacker and one or several other spyware.

Make sure your antivirus is updated. An antivirus will not protect you from spyware but it's a good policy to keep it updated at all times. Scanning online for viruses as SecurityWonks suggests is also a good idea. You can check a comprehensive list of anti-spyware software and other related info at:

http:Q_20975384.html#10973785

My favourites are Spybot S&D, AdAware, and CoolWebShredder.

I am guessing you'll find a whole bunch of spyware in your machine, but after running these tools your computer should be back to health.

Good Vibes!

Lobo

 

by: Adonis24Posted on 2004-06-27 at 11:40:33ID: 11411076

I downloaded SpyBlocs v2.o and scanned for spyware and adware.  It recognised 6 spywares(3 infected folders and 3 spyware files)

Here is a part of the log report of SpyBlocs v2.o

Started folder scan
====================
BDE            Trial Version
Adware - SEVERE

BDE            Trial Version
Adware - SEVERE

BDE            Trial Version
Adware - SEVERE

Folder scan result:
Folder processed: 0
Suspicious folders found: 3

Started file scan
====================

File scan result:
Suspicious files found: 3

Scanning finished
====================
Suspicious modules found: 0
Suspicious keys found: 0
Suspicious folders found: 3
Suspicious files found: 3
====================

 

by: Adonis24Posted on 2004-06-27 at 11:54:51ID: 11411110

As SpyBlocs is a trial version i could not clean those infected files.

To wulliec:
-------------
I downloaded CWshredder and runned it. It removed CWS.Searchx  and then i rebooted the machine and opened IE.  Now it opens with 'about:blank'.  No 'search for..' item even in the GoTo menu.

* still IE is bit slower in opening up.

--->  Your answer have worked.You have given me 1 part of the solution  

Then i scaned with Spyblocs v2.0 and the same 6 spywares that i have mentioned above were still present.

 

by: akbossPosted on 2004-06-27 at 12:51:06ID: 11411304

 

by: rossfingalPosted on 2004-06-27 at 12:54:32ID: 11411317

Hi!

Take  securitywonks' advice from above, and post a HijackThis log here.
Someone will take a look at it.

Good luck!

 

by: akbossPosted on 2004-06-27 at 12:58:52ID: 11411336

Here is how another guy fixed his system.

about:blank resolved
Download and run.
http://www.net-sources.com/download...-aboutblank.exe

I then ran CWShredder (latest version 1.59.0)

http://www.net-sources.com/download.../CWShredder.exe

After execution of CWShredder, I rebooted the system and the problem was gone.
 Reset your home page in IE after doing the above.

I did this on 6/19/04 and as of this time/date (09:35 DST 06/24/04) the system has been clean.

Added 6/25/02:

 

by: Adonis24Posted on 2004-06-27 at 14:03:28ID: 11411636

Hi Lobo,
you have guessed right - a bunch of spywares -- sofar 6 detected by SpyBlocs v2.0

To  securitywonks:
---------------------
I scanned my system with Panda and Bitdefender online scanners.

Panda detected 1 infected file and disinfected it.  Here is the Activescan report.

Incident                              Status                         Location  

Virus:Trj/StartPage.CM        Disinfected                   C:\WINDOWS\win.exe

BitDefender detected 2 trojan files and deleted it. But it ignored the below infected file.

E:\NAV2003\I Hate You Antivirus Software\setup.exe=>(Inno Installer o)=>(Inno Module 1) infected: BAT.Revenge
             ***************            ******************

And here is the content of the 'Hijack This' log file.


Logfile of HijackThis v1.97.7
Scan saved at 2:24:01 AM, on 6/28/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\System32\RunDll32.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\WINDOWS\System32\carpserv.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\WINDOWS\System32\ctfmon.exe
D:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\notepad.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpyBlocs] D:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1374C11-3700-4816-A011-37694D4ED23F}: NameServer = 61.1.192.65 61.0.0.5

 

by: LoboPosted on 2004-06-27 at 14:50:36ID: 11411782

Hi AkBoss,

Please check the link you posted. I get a 404 and when I try www.net-sources.com I get redirected to:

http://www.trmi-direct.com/oc/index.php

Adonis,

Give CoolWebShredder a try, it's supposed to cover all variations of about:blank plus a whole bunch of other spyware and adware baddies.

Good Vibes!

Lobo

 

by: wulliecPosted on 2004-06-27 at 15:05:16ID: 11411837

Hello Adonis24,

Did You Disable System Restore before you ran CoolWebShredder.

 

by: Adonis24Posted on 2004-06-27 at 16:38:29ID: 11412036

Hello everyone,

what i intended to say to wulliec's comment(1st comment) is after running CoolWebShredder, the IE is working normally and fine as before.  As i have not set homepage, IE opens with the Use Blank settings with address 'about:blank' and the title 'about:blank' and a very clear white page with no contents inside.(This is what i meant in my answer to Wulliec)
And the homepage settings are working as usual.

COOLWEBSHREDDER  has removed CWS.Searchx  but the 6 spywares were still present.

Hope now i have written clearly.

 

by: akbossPosted on 2004-06-27 at 18:19:36ID: 11412289

remove these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\karthik\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1374C11-3700-4816-A011-37694D4ED23F}: NameServer = 61.1.192.65 61.0.0.5

 

by: securitywonksPosted on 2004-06-27 at 19:36:50ID: 11412536

Hello Adonis,

Fix all the entries pointed out by Akboss except the following 3 entries,
Akboss, if You donot mind, I like to make few corrections,

--------------
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
---------------
All these four entries belong to DAP (Download Accelerator Plus Software, and unless we pay, to get our license, we have to bear the ads (when we continue to use their Free Version).

08 entries are shortcuts of DAP that occur in right click menu, while 09 entries are buttons on IE browser.

while you FIX the ABOVE R1 entries, follow the procedure I write here, it is given by a friend by name Subratam,

----------
New Method :

1. Get Ad-Aware. Check for
updates.

2. Close all windows. Do NOT open Internet Exlporer in between.

3. Run HijackThis and fix the random dll (BHO - 02 ) and the random exes'

4. Close other windows again and dun Ad-aware complete scan. Let it fix what it finds.

5. Killbox the "dll" that showed in HijackThis. (If not found, leave it)

6. Reboot and Run HijackThis again. Fix any random entry ( dll or exe ) if still found with
random exe

7. Run Ad-aware again complete scan.

8. Reboot and post a fresh log.
-----------------

Apart from what our Friend AKBOSS recommended (excluding the ones I specified), you have to FIX these following entries too:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Try to use more standard malware fighting Applications like SPYBOT, BAZOOKA, ADAWARE etc.

Spybot:  http://spybot.securitywonks.net

Bazooka:  http://bazooka.securitywonks.net

Adaware:  

Hijack this: http://hijackthis.securitywonks.net

CWShredder:  http://cwshredder.securitywonks.net

CWSHREDDER to be used only for few types of CWS varants, and the new variants inCWS are becoming much more harder if CWS is used just like,

CWS is a specialised tool anyhow, toclean prviosuly reelased CWS infections, and there were new methods to deal CWS variants on the wild (latest ones)


Hijack This si oe tool which wil e compime ntary to the above said spyware removing applications:)

Moreover all those I recommended were FREEWARE:)

they are more professional spyware fighters than many shareware products in the field, and donot want to make much more exlanations  to make you understand about sharewares especially in this area.

Hope you understand my point know:)

Cheers




 

by: akbossPosted on 2004-06-27 at 21:30:19ID: 11412944

not a problem...I havent had to use an accellarator in 4 years so it get past me at time.

 

by: securitywonksPosted on 2004-06-27 at 22:02:56ID: 11413047

I can understand, you all, have broadband net lines know:)

 

by: rossfingalPosted on 2004-06-28 at 06:12:27ID: 11415260

Hi!
Just some information - the following is a list of "questionable" spyware tools researched by the people at
spywareinfo.com:

AdProtector
AdwareHunter (adwarehunter.com/browser-page.com)
AdWareRemoverGold (adwareremovergold.com)
BPS Spyware & Adware Remover (bulletproofsoft.com) -- AdAware knockoff,
InternetAntiSpy (internetantispy.com)
NoAdware (noadware.net/netpalnow.com)
Online PC-Fix SpyFerret
PurityScan (purityscan.com/puritysweep.com)
Real AdWareRemoverGold (adwareremovergold.com/sg08.biz)
Spybouncer (spybouncer.com)
SpyAssault (spyassault.com)
SpyBan (spyban.net) -- noadware clone
SpyBlast (spyblast.com/advertising.com)
Spyblocs/eBlocs.com (eblocs.com)
SpyDeleter (spydeleter.com/209.50.251.182)
SpyEliminator (securetactics.com) -- dead?
SpyFerret (onlinepcfix.com) -- also Lop Uninstaller, Xupiter Uninstaller
SpyGone (spygone.com) -- SpyBot S&D ripoff
SpyHunter (enigmasoftwaregroup.com\spywareremove.com\spybot-spyware.com\
SpyKiller (spy-killer.com/maxionsoftware.com/spykiller.com/spykillerdownload.com/
SpyKillerPro (spykillerpro.com)
Spyware Annihilator (solidlabs.com)
SpywareBeGone (spywarebegone.com\freespywarescan.org)
SpywareCleaner (»www.checkforspyware.com/ - »www.spw2a.com/sc/)
SpywareCrusher (spywarecrusher.com)
SpywareInfoooo.com
SpywareKilla (spywarekilla.com)
SpywareNuker (spywarenuker.com/trekblue.com/trekdata.com/spyware-killer.com/
SpywareRemover (spy-ware-remover.com/spywareremover.com)
SpywareThis (spywarethis.com)
SpywareZapper (spywarezapper.com) -- looks like it may be TZ Spyware Adware Remover
SpyWiper (mailwiper.com)
ssppyy pro (ssppyy.com)
TZ Spyware Adware Remover (trackzapper.com)
VBouncer/AdDestroyer (spywarelabs.com/virtualbouncer.com)
Warnet (warnet.com)
XoftSpy (download-spybot.com/paretologic.com/downloadspybot.com/no-spybot.com) - this may be a SpyHunter clone
ZeroSpyware (zerospyware.com/zeroads.com)

Suspect
Spyware X Terminator

PopupsNuker is a baddie (popupsnuker.com) that claims to block adware.

Note the presence of  Spyblocs !
After you have HJT fix whatever you have choosen; clean out all your temp files : including all on your C:\ drive --
# D:\Windows\Temp - delete ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# D:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents)
  <=This will delete all your cached internet content including cookies.
  This is recommended and strongly suggested!
# D:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# D:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# D:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
Reboot your computer and post a new HijackThis log here.
Good luck!

>Quote (from Lobo)
Hi AkBoss,

Please check the link you posted. I get a 404 and when I try www.net-sources.com I get redirected to:

http://www.trmi-direct.com/oc/index.php
>Unquote
I got the same result, too!?!

 

by: rossfingalPosted on 2004-06-28 at 06:16:16ID: 11415299

Also, I strongly suggest that you update Win Xp and Internet Explorer to Service Pack 1 !!
Make sure you update all the latest patches/fixes!

 

by: Adonis24Posted on 2004-06-28 at 15:49:39ID: 11421013

I fixed R1 entries.

Then i ran spybot - search & destroy .  It detected some problems and i fixed it.
Then i ran bazooka spyware scanner.  It detected nothing. (How come it finishes the scanning process in just 2 or 3 seconds).
I updated those freewares before scanning.
Then i rebooted the system and run HijackThis.  And here is thecontent of the log file of the latest HijackThis scan.  I dont know which are the random dll and random exes that should be fixed. So iam posting here.

****************
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpyBlocs] D:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
**************


 

by: akbossPosted on 2004-06-28 at 17:42:18ID: 11421803

remove these.


O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll

( note what rossfingal
 said about spybloc in his post above.)
O4 - HKLM\..\Run: [SpyBlocs] D:\Program Files\SpyBlocs\SpyBlocs.exe
(this one is up to you. It is an updater for a logictech mouse.If you dont need it running then fix it.)
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe






 

by: securitywonksPosted on 2004-06-28 at 20:07:55ID: 11422482

Hello Adonis, this is not COMPLETE HIJACKTHIS log,

Please give the complete Hiajck This Log after you save the log with Hijack This tool.

then, in the entries you wrote, please donot remove ro fix 010 entries direclty,

you have to fix them with LSPFIX  or any other WinSock Repair tools only, otheriwse, your internet connection wil go in mess,

you can download LspFix from:  http://lspfix.securitywonks.net

as our friends (akboss & rossfingal) told, SPYBLOCS.EXE is not a true spyware remover,

yo ucan Uninstall it from Add/Remove programs, and still if some entries of it remains, then you can directly fix thsoe through Hijack  This tool.

Coming to bazooka, it is one of the effective and nice tools.

Procedure to make and Post a complete Hijack This Log Report:
--
You need to put HijackThis into its own folder. It makes backups and they need to be kept all in one place.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

1) Click SCAN button to scan your system with Hijack This (HJT) Tool
2)Click SAVE LOG button to save the HJT log
3)Copy and Paste the contents fo the Hijackthis (HJT) log file and paste that here, so we can analyse and tell you what to do & How to remove that Spyware/Adwares

Then, select the following with HijackThis. With all windows (including this one!) closed, please select "fix.” If all windows are not closed the fix may not "stick".


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://in.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s

I will confirm, if something more to be fixed too, to make your system clean, once you give the complete HijackThis Log Report.






 

by: Adonis24Posted on 2004-06-29 at 01:23:44ID: 11423768

I have uninstalled spyblocs.

Hi securitywonks,

I fixed the 3 entries you have listed with HijackThis.Then i ran the following applications:
Here is the report.[yesterday i updated these 3 applications]

Tool                  Report
--------------------------------------------------------------------

CWShredder            Your system was completely clean.

Bazooka                  Nothing detected.

Spybot                  DSO Exploit                       5 entries
                  Dowload ACcelerator Plus Ads                 7 entries

                  DSO Exploit was fixed.
                  But when i fixed DAPA, it reported warning as "some problems
                  could not be fixed; the reason could be that the associated
                  files are still in use(in memory). This could be fixed after
                  a restart. May spybot-S&D run on your next system startup?".
                  I clicked yes. It reported as 1 problem fixed and 6 problems
                  could not be fixed. And asked to restart the computer.
                  After restart it reported the same two problems with 12 entries
                  as before. And when i fixed it, the same message appeared again.

                  What to do now?


Then i rebooted the system and scaned with HijackThis and saved the log file.
Here is the complete HijackThis log report.

******************************

Logfile of HijackThis v1.97.7
Scan saved at 1:46:39 PM, on 6/29/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\igfxtray.exe
D:\WINDOWS\System32\hkcmd.exe
D:\WINDOWS\System32\RunDll32.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\DAP\DAP.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\WINDOWS\System32\carpserv.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Hijack This\HijackThis.exe
D:\WINDOWS\System32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [DownloadAccelerator] D:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] D:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll

******************************

 

by: securitywonksPosted on 2004-06-29 at 03:18:27ID: 11424326

Dear Adonis

That is nice, you had uninstalled that spyblocs,

Then inregard to the DSO EXPLOIT & DAP entries,

you neednot worry about DSO EXploit, as that will be sometimes reported by SPYBOT and leave that which si of no problem.

Coming to the DAP entries, I know, you have Free version of DAP installed, and it will show up few ads and that way. You donot worry about DAP entries also,

If you are very much paranoid and want to get rid of DAP ads, also want to continue using that download manager software, then you need to subscribe to their Pay Version.

Personally, I too use DAP downlaod manager, and these will be found in my system too, it is quite normal in any system using DAP Free version:)

Hope you are satisfied now:)

Coming to your Complete Hijack this log,

Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed, please select "fix.”

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


you are running multiple softwares for similar purposes, due to whcih unnecessarily, your Physical RAm will be consumed more and it has it'seffect on your system performance too (unless and otherwise you have higher amounts of Physical RAM)

In case of  Download Managers, you have DAP & Internet Downlaod Manager both installed.

DAP is the #1 tool in the area of Download Managers (I myself tried to fid betetr one manay tiems by researching on many tools), it came with OUTSTANDING Performance.

UNINSTALL Internet Download Manager using Add/Remove programs and then fix the 010 entries using LSPFIX if they are still there, after you uninstall the Internet Downlaod Manager Tool.

--------------------------
Then Download the LSPFIX from:  http://lspfix.securitywonks.net

or use the copy you have downloaded before.

Run LSPFIX and repair winsock problems with that tool.

you have to fix the folowing 010 Entries using LSPFIX :

O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\idmmbc.dll

----------------------------------

Coming to your AV software, you have both NAV & AVG, basically NAV is very heavy onresources, and it has higher amounts fo problems too as you also may have observed that.

AVG is very low on Resources, so, you can happily use AVG and uninstall the NAV software, and by doing thatway, not only your system performance increases, but also you can relax better with no more Norton problems,while AVG can really perform better than Norton.

If yo uare concerned about, you can try BitDefender, and you can out of experience decide yourself which tool to continue using in the future.

Periodically Doing Online Scans will inform you about any infections at an early stage.

Periodically Scanning with Panda & BitDefender Online Scanning engines is more than enough to give prior warnings about possible infections:

Panda:  http://www.pandasoftware.com/activescan/
BitDefender:  http://www.bitdefender.com/scan/licence.php


http://housecall.trendmicro.com/
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp?affid=294

Hope you got my point know:)

Tell us how your system is working after implementing al the things

Hope it helps:)

Cheers




 

by: Adonis24Posted on 2004-06-29 at 11:17:30ID: 11428826

Hi  securitywonks,

I booted into safe mode and fixed those 2 R0 entries with HijackThis.
I uninstalled Internet Download Manager.  Then i found no 010 entries to fix.

Now i have uninstalled Norton Antivirus.  I will check periodically with the
online AV scanners.

Definitely my computer is now working better.

More doubts:
---------------

1) rossfingal had strongly suggested to do the following.

************************

After you have HJT fix whatever you have choosen; clean out all your temp files : including all on your C:\ drive --
# D:\Windows\Temp - delete ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# D:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents)
  <=This will delete all your cached internet content including cookies.
  This is recommended and strongly suggested!
# D:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# D:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# D:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
Reboot your computer and post a new HijackThis log here.

************************
Now should i carry out this?

2) When i start(boot) the computer, the processor details are not getting displayed.  Instead
it goes straight to the operating system.  Why?  Does any virus or malicious script still present.

3) When i uninstalled Get Right software some days back, the add/remove programs gave an error
message that the hard disk had bad sectors or virus.  So it could not be uninstalled.

So i went to the Program Files folder and deleted the GetRight folder there.

Now in the HijackThis logfile what does these 2 entries suggest.

O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm

----------------
cheers.

 

by: LoboPosted on 2004-06-29 at 23:20:56ID: 11432814

Hi Adonis,

I would not recommend to anyone to rely solely on online scanners. You're risking getting bombarded with viruses. If you don't want to use Norton then consider other options, including some of the free antivirus software available, but I can't stress this strong enough. Get an antivirus and keep it updated at all times.

Cleaning up your cache and TEMP files won't harm your machine. You may have to re-register to some websites you use that rely on cookies (make sure you write down you username/password combinations somewhere safe).

>>2) When i start(boot) the computer, the processor details are not getting displayed.  

You sure you didn't change anything in your BIOS regarding displaying the POST routine? IF the machine is booting then I would not worry much about that part.

>>3) When i uninstalled Get Right software some days back,

Proper procedure would have been to try a reinstallation of Get Right. You can still do that. Try reinstalling it and then uninstalling it again.

After you're done with the cleanup process it would be a good idea to install something like GoBack. It's a good way to keep track on changes to your machine and to reverse any bad installations.

Good Vibes!

Lobo

 

by: securitywonksPosted on 2004-06-30 at 00:09:08ID: 11433045

Mr.lobo gave a nice answer, anyhow, I like to cover up the things in a more clear way,

1)what ROSSFINGAL suggested you is to Cleanup and clear all files and folders that are in the "TEMP" & "Temporary Internet Files" folders in All the User profiles created in your OS installation.

You can happily carry out that operation, and the advantages you get are:

a)Like all different general softwares, most of the infections get downloaded and unarchived into the temp folder and runs from there, so cleaning that folder periodically,
is always a good measure to do, and ofcourse it is also wiping of unused space too.

b)then in case of Temporary Internet Files folder, you wil find all website cache, periodically cleaning that will help download the latest version of the websites you visit,

2)It happens that way (with some motherboards, and the otherway with some) and it is not any problem and you can stay cool about it.

3)Ingeneral, when we uninstall any software, it will not only remove files and folders but also remove the registry entries related to that.

What happens when we Delete the Folder from the "Program Files" is, the files & folders get removed and not the registry entries, and tha tsi the reason why you find the getright related registry entries there.

then, when we come to the particular entries shown in the Hijack this Log, it signifies the following:

"08 entries" of Hijack This log shows the "Extra items in IE right-click menu "

By deleting those two "08 Entries" you wil find two options removed from your IE Right_Click Menu,

i.e. Download with GetRight
and
Open with GetRight Browser

You can Happily Fix those Two 08 Entries using Hijack This Tool.
---------------------------------------
Hope I had answered all your questions,

Feel Free to come back, if you have any more doubts or questions in this regard.

Hope to hear you soon:)

Cheers

 

by: securitywonksPosted on 2004-06-30 at 00:16:51ID: 11433088

I bymistake wrote in error the LAST LINE , in the answer to your 3rd question,

i.e. 3)Ingeneral, when we uninstall any software, it will not only remove files and folders but also remove the registry entries related to that.

What happens when we Delete the Folder from the "Program Files" is, the files & folders get removed and not the registry entries, and tha tsi the reason why you find the getright related registry entries there

-----------------

which I amcorrecting here:

Since you had DELETED the folder from the "Program Files" without uninstalling it, there will be ORPHAN ENTRIES left there in the registry (in regard to the GETRIGHT software) which is the reason why you found those entries there in the hijackthis log (those getrighted related 08 entries).

-----------------

Hope you are clear now:)

Hope to hear from you soon:)

Cheers

 

by: securitywonksPosted on 2004-06-30 at 00:23:53ID: 11433110

I think, you presently have AVG Anti-Virus software on your system ?????

If so, and if you are comfortable, then ok,

incase, you want tochnage your AV software, BitDefender can be a better choice :)

I donot mean toreply totaly upon Online AV scans, while I said, you use BitDefender Resident AV program (or some other of your choice), and run Online AV scans periodically (once or twice a week). Doing in this way will ensure and protect your system in a more better way.

You can use Panda & BitDefender Online AV Scans for the purpose.

Panda:  http://www.pandasoftware.com/activescan/
BitDefender:  http://www.bitdefender.com/scan/licence.php




 

by: Adonis24Posted on 2004-06-30 at 12:23:11ID: 11439541

I have AVG in my system.
During the time i found viruses and  spywares in my system, I also found that the processor details are not getting displayed.  Before that it used to display those details whenever i boot the computer.

Hi Lobo,
I havent changed anything in the BIOS settings.  Thanks for concise answer and for some vital information on antispyware softwares (in your previous comment). Thanks for the helping hand.

Hi  securitywonks,
I have fixed those 2 '08'  entires.  Now it doesnot appear in the IE right click menu.  Detailed clear answer -- thankyou very much.  You have answered all my questions.

You have guided me brilliantly throughout -- and have helped me eliminate those unnecessary spywares and adwares. :)
Now my computer is working better. You have helped me in regaining the health of my system.
Thanks again.

Hi  rossfingal,
Thanks for the information on quesionable spyware tools.

Hi  akboss,
Thanks for your posts. Good luck next time.

wulliec - thanks for the posts.

How often i have to use these applications?
CWShredder
Bazooka
Spybot s&d

I think to use HijackThis i need some help for some time { before i can handle myself :).}

cheers.

 

by: LoboPosted on 2004-06-30 at 12:35:33ID: 11439693

Hi Adonis,

Thanks for the kind comments.

As a safety measure you can run your anti-spyware once every two weeks or so. Make sure you Update them all before running them for better results. And also run your Windows Update regularly.

Good Vibes!

Lobo

 

by: securitywonksPosted on 2004-06-30 at 12:50:39ID: 11439860

yeah, lobo said correct :)

anyhow, these days, spywares and all malwares are being released and propagated well at a higher level, I feel ,better scan with spyware scanners minimum around 2 to 3 times a week, to ensure elimination of bad things in the early stages whatever may be the malware.

Spyware Scanners: (twice or thrice a week)

1)Spybot
2)Adaware
3)Bazooka

Online AV scanners: (twice a week)

1)panda
2)Bitdefender

Resident AV Scanner: Minimum once in two days and when inserting floppe or in similar cases)

1)BitDefender
2)AVG (as you said you have this in your system)

you can Configure DAP Download Manager to scan all files that will be downloaded using your AV scanner, and that will be one useful preventive setting:)

based on requirement we use, and deploy the particualr scanners( insome other categories too )

Hope it helps:)

Cheers




 

by: securitywonksPosted on 2004-06-30 at 12:53:37ID: 11439890

forgot to say,

CWSHREDDER is one which you donot use everytime, unless and untill some expert identifies CWS infection and recommends to use it,

Hiajck This tool si one veryeffective tool,and you make and post the logs here sosome expert willanalyse that and tell you what to fix,

Fixing HijackThis entries unknowingly, may acuse your OS to become unstable (with a single msitake), and your internet connection lost.

There is every possibility, so just come here and post your problem, we care here to guide you:)

ALl the best with your system:)

Cheers

 

by: wulliecPosted on 2004-06-30 at 13:53:52ID: 11440661

Hello Adonis24,

Thanks very much for the points and to all the other comments thanks i learned a lot.

 

by: Adonis24Posted on 2004-07-01 at 14:16:46ID: 11451775

Definitely i will ask experts advice for using HijackThis tool and post problems at EE for solutions.

Adonis24

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...