Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

PesrPatrol cleans up  system but cydoor keeps installing

Posted on 2004-11-15
10
Medium Priority
?
271 Views
Last Modified: 2010-04-11
Everytime I go to theage.com.au my PestPatrol goes wild and cleans up all the rubbish that is put on my pc (running Windows 2000 Professional).

But now, even though I no longer visit theage.com.au cydoor keeps installing itself. PestPatrol detects and deletes it but

a: Where is it coming from now.

b: Can some securiry guru load theage.com.au and tell me what is going on with this site?

Thanks in advance.
0
Comment
Question by:kjuliff
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 8

Expert Comment

by:mugman21
ID: 12583350
Let me take a guess....

You have some P2P software installed, kazza, imesh, bearshare, grokster, ect....

A lot of free P2P application will detect if you delete the spyware, and then will download and install new copies.

Do you have P2P software installed, or any other freeware programs?

Mugman
0
 
LVL 8

Expert Comment

by:mugman21
ID: 12583391
Just finished examining the source to the page you specified and it's clean.... no activex controls, no dll's, no .cab files, and the .js files look harmless. I don't know why you are getting any popups or messages from this page....

Mugman
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 1600 total points
ID: 12583796
Hello kjuliff =)

There must be some other thing which is going wrong on your system, so try this, get msconfig for Win2000 from here >> http://www.perfectdrivers.com/howto/msconfig.html
Then use msconfig to untick unwanted progrmas as described here >> http://netsquirrel.com/msconfig/
Then Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger
========================================================

Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ?? :)

If still the same, then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 1

Author Comment

by:kjuliff
ID: 12584272
Thanks for the responses so far especually SheharyaarSaahil 's. I will do those things as suggested tonight.

There is a new development. I can NOW access theage.com.au from my work. I am not getting blocked. I suspect something has changed on that site in the last few days!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12584292
sure, good luck and keep us informed :)
0
 
LVL 1

Accepted Solution

by:
CharlyPhilly earned 400 total points
ID: 12591913
Go to www.giantcompany.com and download the Giant AntiSpyware free trial. If you run that program, you should be able to find alot more crap than most of the other programs (has larger database).

Here are the basic registry keys created:

              Open regedit

              Navigate to and delete the keys (if they exist):

                           HKEY_USERS\.DEFAULT\Software\Cydoor
                           HKEY_USERS\.DEFAULT\Software\Cydoor Services
                           HKEY_CURRENT_USER\Software\Cydoor
                           HKEY_CURRENT_USER\Software\Cydoor Services
                           HKEY_LOCAL_MACHINE\Software\Cydoor


Exit the Registry Editor.
0
 
LVL 1

Author Comment

by:kjuliff
ID: 12610779
I meant to split the points the other way around!  I wanted most points to go to SheharyaarSaahil

Don't know what happened. Can this be corrected?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12610790
lol.... never mind.... you still have given me the most points.... 400 to Me and 100 to CharlyPhilly.... is it Ok :)
0
 
LVL 1

Author Comment

by:kjuliff
ID: 12611092
Yes that's what I meant but I got confused with the Assisted Answer thing ...
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12618031
no problem with that..... Cheers ^_^
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question