PesrPatrol cleans up system but cydoor keeps installing

Everytime I go to theage.com.au my PestPatrol goes wild and cleans up all the rubbish that is put on my pc (running Windows 2000 Professional).

But now, even though I no longer visit theage.com.au cydoor keeps installing itself. PestPatrol detects and deletes it but

a: Where is it coming from now.

b: Can some securiry guru load theage.com.au and tell me what is going on with this site?

Thanks in advance.
LVL 1
kjuliffAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mugman21Commented:
Let me take a guess....

You have some P2P software installed, kazza, imesh, bearshare, grokster, ect....

A lot of free P2P application will detect if you delete the spyware, and then will download and install new copies.

Do you have P2P software installed, or any other freeware programs?

Mugman
0
mugman21Commented:
Just finished examining the source to the page you specified and it's clean.... no activex controls, no dll's, no .cab files, and the .js files look harmless. I don't know why you are getting any popups or messages from this page....

Mugman
0
SheharyaarSaahilCommented:
Hello kjuliff =)

There must be some other thing which is going wrong on your system, so try this, get msconfig for Win2000 from here >> http://www.perfectdrivers.com/howto/msconfig.html
Then use msconfig to untick unwanted progrmas as described here >> http://netsquirrel.com/msconfig/
Then Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger
========================================================

Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ?? :)

If still the same, then Download HijackThis v1.98.2 from here, run it and Save the LOG file:
http://tools.radiosplace.com/HijackThis.exe

Then Post that log at this site >> http://www.hijackthis.de/index.php?langselect=english
and it will automatically analyse it for u,,, Fix the entries which it labels as Nasty :)
To Fix, check the lines in Hijackthis scan and click on Fix Checked !!

HJT Log Tutoriol >> http://aumha.org/a/hjttutor.php

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

kjuliffAuthor Commented:
Thanks for the responses so far especually SheharyaarSaahil 's. I will do those things as suggested tonight.

There is a new development. I can NOW access theage.com.au from my work. I am not getting blocked. I suspect something has changed on that site in the last few days!
0
SheharyaarSaahilCommented:
sure, good luck and keep us informed :)
0
CharlyPhillyCommented:
Go to www.giantcompany.com and download the Giant AntiSpyware free trial. If you run that program, you should be able to find alot more crap than most of the other programs (has larger database).

Here are the basic registry keys created:

              Open regedit

              Navigate to and delete the keys (if they exist):

                           HKEY_USERS\.DEFAULT\Software\Cydoor
                           HKEY_USERS\.DEFAULT\Software\Cydoor Services
                           HKEY_CURRENT_USER\Software\Cydoor
                           HKEY_CURRENT_USER\Software\Cydoor Services
                           HKEY_LOCAL_MACHINE\Software\Cydoor


Exit the Registry Editor.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kjuliffAuthor Commented:
I meant to split the points the other way around!  I wanted most points to go to SheharyaarSaahil

Don't know what happened. Can this be corrected?
0
SheharyaarSaahilCommented:
lol.... never mind.... you still have given me the most points.... 400 to Me and 100 to CharlyPhilly.... is it Ok :)
0
kjuliffAuthor Commented:
Yes that's what I meant but I got confused with the Assisted Answer thing ...
0
SheharyaarSaahilCommented:
no problem with that..... Cheers ^_^
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.