ldbkutty
asked on
Changes in IE default pages, etc.. - Detected by SpySweeper.
Hai Experts,
I have 2 Questions:
(1)
With my SpySweeper activated, i get (everytime i restart i get this.)
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ----
Internet Explorer Hijack Shield
SysSweeper has detected changes in your IE default pages, such as the search page.
To Restore the new .................
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -----
(2)
If i enter invalid URL, along with 'Page not found' i get texts like: search on the web ......
If i deactivate some of my application in my SystemStart ( from 'msconfig' command), the problem is solved.
My Quetion is how i can permanently remove these unnecessary applications from my system.
Thanks
I have 2 Questions:
(1)
With my SpySweeper activated, i get (everytime i restart i get this.)
--------------------------
Internet Explorer Hijack Shield
SysSweeper has detected changes in your IE default pages, such as the search page.
To Restore the new .................
--------------------------
(2)
If i enter invalid URL, along with 'Page not found' i get texts like: search on the web ......
If i deactivate some of my application in my SystemStart ( from 'msconfig' command), the problem is solved.
My Quetion is how i can permanently remove these unnecessary applications from my system.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Normal Mode is that mode in which u are running ur system now, with all devices and background applications and services :)
and Safemode means there will be no additional devices, background services and applications... this mode is basically for troubleshooting windows problems..... and as most of the spywares and viruses run their files in background in normal mode, they can interrupt with the Removal tools and cannot be deleted easily.... so we run those tools in Safemode :)
How to get into safemode >> http://www.computerhope.com/issues/chsafe.htm
Also one more thing,,,,, in ur msconfig>Startup section, untick all applications, and just leave the ones which are for ur Antivirus and Firewall softwares.... :)
and Safemode means there will be no additional devices, background services and applications... this mode is basically for troubleshooting windows problems..... and as most of the spywares and viruses run their files in background in normal mode, they can interrupt with the Removal tools and cannot be deleted easily.... so we run those tools in Safemode :)
How to get into safemode >> http://www.computerhope.com/issues/chsafe.htm
Also one more thing,,,,, in ur msconfig>Startup section, untick all applications, and just leave the ones which are for ur Antivirus and Firewall softwares.... :)
ASKER
oh, yeah Ok...its system safemode and normal mode...
will back soon, thanks again.
will back soon, thanks again.
ASKER
Hi,
With Spybot, I removed some spywares and adwares.
but everytime, i scan with Spybot, it shows me 'DSO Exploit'. Even though i removed it, if i scan again, i get the same problem.
Pls tell me how i cna get rid of it.
Thanks.
With Spybot, I removed some spywares and adwares.
but everytime, i scan with Spybot, it shows me 'DSO Exploit'. Even though i removed it, if i scan again, i get the same problem.
Pls tell me how i cna get rid of it.
Thanks.
Now as u have scanned with the above tools... can u post here the LOG from hijakcthis scan :)
and these DSO Exploits are nothing but just a BUG in Spybot..... visit this page for some solutions to this problem.
Spybot keeps finding DSO exploit
http://www.computing.net/windowsxp/wwwboard/forum/104837.html
and these DSO Exploits are nothing but just a BUG in Spybot..... visit this page for some solutions to this problem.
Spybot keeps finding DSO exploit
http://www.computing.net/windowsxp/wwwboard/forum/104837.html
ASKER
I am getting the problem still....(i thought a spy toolbar went out if i disabled some things in SystemStart, but its still there) :-(
Please have a look at this:
http://jaggybala.clawz.com/CalendarTool/SpywareProblem.JPG
( A toolbar below 'Google' pop-up blocker and error page which is weird.)
Please have a look at this:
http://jaggybala.clawz.com/CalendarTool/SpywareProblem.JPG
( A toolbar below 'Google' pop-up blocker and error page which is weird.)
ASKER
This is my Log File.
Logfile of HijackThis v1.98.2
Scan saved at 02:28:45, on 08/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qtt ask.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\System32\hkcmd. exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\LAUNCH~1\CPLBC L53.EXE
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
D:\Backups\Phone-Applicati ons\hotfoo n4.exe
C:\Programme\Webroot\Shred der\spshre dder.exe
C:\PROGRA~1\EASYPH~1\Apach e\apache.e xe
C:\PROGRA~1\EASYPH~1\MySql \bin\mysql d.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\EASYPH~1\Apach e\apache.e xe
C:\WINDOWS\System32\ScsiAc cess.EXE
C:\WINDOWS\System32\svchos t.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.ex e
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw3 2.exe
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexpl ore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SmartFTP\Smar tFTP.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\jaggy\Deskto p\protect- computer\H ijackThis. exe
C:\Programme\Messenger\msm sgs.exe
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://www.ozpteqhxwdglyzw.com/Xb/Kg89Ik0_z_L8LKd0zYlU2DbYQOtVZohCG3GWNpFejqsT_mAZ30feuuBG0zMHQ.html
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\programme\google\google toolbar1.d ll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7 859DF00B1D 6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\programme\google\google toolbar1.d ll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qt task.exe" -atboottime
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\Ne tPumperIEP roxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr ay.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd. exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETM OUS.EXE
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBC L53.EXE
O4 - HKLM\..\Run: [OnlineCdrom] C:\PROGRA~1\ATOMDE~1\32thi rd.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [HOTFOON2] D:\Backups\Phone-Applicati ons\hotfoo n4.exe /h
O4 - HKCU\..\Run: [Spam Shredder] "C:\Programme\Webroot\Shre dder\spshr edder.exe" -tray
O4 - HKCU\..\RunOnce: [unPopUpWasher] unPopUpWasher.exe rm
O4 - Startup: WinMySQLadmin.lnk = C:\Dokumente und Einstellungen\jaggy\Deskto p\mysql4\m ysql-4.1.1 a-alpha\bi n\winmysql admin.exe
O6 - HKCU\Software\Policies\Mic rosoft\Int ernet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\programme\google\ GoogleTool bar1.dll/c msearch.ht ml
O8 - Extra context menu item: Backward Links - res://c:\programme\google\ GoogleTool bar1.dll/c mbacklinks .html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\ GoogleTool bar1.dll/c mcache.htm l
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\Add Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\ EXCEL.EXE/ 3000
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\ GoogleTool bar1.dll/c msimilar.h tml
O8 - Extra context menu item: Translate into English - res://c:\programme\google\ GoogleTool bar1.dll/c mtrans.htm l
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0 050045C3C9 6} - C:\PROGRA~1\YAHOO!\MESSEN~ 1\YPAGER.E XE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0 050045C3C9 6} - C:\PROGRA~1\YAHOO!\MESSEN~ 1\YPAGER.E XE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Programme\Messenger\MSM SGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Programme\Messenger\MSM SGS.EXE
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0 0805F499D9 3} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {BAC01377-73DD-4796-854D-2 A8997E3D68 A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-A BCDEFFEDCB A} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B 9FD0631E72 6} - http://www.bundleware.com/activeX/BM2/BM2.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0 0902743800 3} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O17 - HKLM\System\CCS\Services\T cpip\..\{1 805A68D-44 FB-49C5-A9 E6-1E9EE9A D81AF}: NameServer = 141.44.1.2,141.44.1.1
O17 - HKLM\System\CCS\Services\T cpip\..\{E B873E8C-D6 D6-4749-8F F7-93D8DD6 01200}: NameServer = 141.44.1.2,141.44.1.1
O17 - HKLM\System\CS1\Services\T cpip\..\{1 805A68D-44 FB-49C5-A9 E6-1E9EE9A D81AF}: NameServer = 141.44.1.2,141.44.1.1
Thanks.
Logfile of HijackThis v1.98.2
Scan saved at 02:28:45, on 08/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\QuickTime\qtt
C:\WINDOWS\system32\spools
C:\WINDOWS\System32\hkcmd.
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\LAUNCH~1\CPLBC
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
D:\Backups\Phone-Applicati
C:\Programme\Webroot\Shred
C:\PROGRA~1\EASYPH~1\Apach
C:\PROGRA~1\EASYPH~1\MySql
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\EASYPH~1\Apach
C:\WINDOWS\System32\ScsiAc
C:\WINDOWS\System32\svchos
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~1\navw3
C:\Programme\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexpl
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\SmartFTP\Smar
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\jaggy\Deskto
C:\Programme\Messenger\msm
R0 - HKLM\Software\Microsoft\In
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qt
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\Ne
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETM
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBC
O4 - HKLM\..\Run: [OnlineCdrom] C:\PROGRA~1\ATOMDE~1\32thi
O4 - HKCU\..\Run: [SpySweeper] "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [HOTFOON2] D:\Backups\Phone-Applicati
O4 - HKCU\..\Run: [Spam Shredder] "C:\Programme\Webroot\Shre
O4 - HKCU\..\RunOnce: [unPopUpWasher] unPopUpWasher.exe rm
O4 - Startup: WinMySQLadmin.lnk = C:\Dokumente und Einstellungen\jaggy\Deskto
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: &Google Search - res://c:\programme\google\
O8 - Extra context menu item: Backward Links - res://c:\programme\google\
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\Add
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\
O8 - Extra context menu item: Translate into English - res://c:\programme\google\
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-0
O16 - DPF: {BAC01377-73DD-4796-854D-2
O16 - DPF: {CAFEEFAC-0014-0000-0001-A
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
with Hijackthis, delete:
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant = http://www.ozpteqhxwdglyzw.com/Xb/Kg89Ik0_z_L8LKd0zYlU2DbYQOtVZohCG3GWNpFejqsT_mAZ30feuuBG0zMHQ.html
then run CWShredder again, and if that doesnt help, I suggest you use StartpageGuard ( http://www.webattack.com/get/startpageguard.shtml )
Happy (and safe) Surfing
R0 - HKLM\Software\Microsoft\In
then run CWShredder again, and if that doesnt help, I suggest you use StartpageGuard ( http://www.webattack.com/get/startpageguard.shtml )
Happy (and safe) Surfing
Extortioner15 ..... repeating what an Expert has already suggested is not Allowed :)
I did not repeat an answer, I suggested you were right and I said if that didnt work, he had to install Startpageguard!
Now lets stay ontopc shall we?
Now lets stay ontopc shall we?
>> I suggested you were right and I said if that didnt work, he had to install Startpageguard!
well u didn't mention abt me even there..... but never mind,,,, leave it !!!! :)
well u didn't mention abt me even there..... but never mind,,,, leave it !!!! :)
If you still can't solve the problem, try the SpyBot Search&Destroy. You can find it at http://beam.to/spybotsd
Good luck
Good luck
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>> After that reboot back in Normal Mode.
Could you please tell me what does SAFEMODE and Normal Mode here?
Thanks.