?
Solved

Spyware Problem

Posted on 2005-04-05
9
Medium Priority
?
482 Views
Last Modified: 2013-12-29
Hi Experts,

I do have a problem with my Windows 98 OS.  I believe this is a Spyware.  It keeps on poping up from time to time.  The default home page setting on my IE is http://hotoffers.info/278.  I tried to change it but i can't.  I received an error that my windows is corrupted and infected by a spyware.  

However i could still browse to the internet but from time to time, the default home page site which is http://hotoffers.info/278 will appear and i need to cancel it from time to time.

I tried to use the site www.hijackthis.de to remove spywares which i have been using for months now but still no luck.

Is there anyone will help me on how to remove this particular spyware?

Regards,
Nald
0
Comment
Question by:forgetmenotorelse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 32

Accepted Solution

by:
LucF earned 200 total points
ID: 13704985
Hi forgetmenotorelse,

http://www.hotoffers.info/uninstall/index.html

How to uninstall?

1. You need to save file uninstall.exe from our server.
2. You need to launch this file.
3. Then open regedit.exe in your Windows directory. And find HKEY_CURRENT_USER "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UninstallHP.
4. Now please delete UninstallHP folder.
5. Now please write in your command field: regsvr32 /u popup_bl.dll
6. Press OK. You're free of this trojan!

I do suggest you to run a full systemscan with Lavasofts Ad-aware SE afterwards just to be sure.
See http:Q_20975384.html for more information.

Greetings,

LucF
0
 
LVL 22

Expert Comment

by:RedKelvin
ID: 13706388
Also I would get a personal firewall like ZoneAlarm
http://www.download.com/3000-2092-10039884.html?part=zonealarm&subj=dlpage&tag=button

this will help keep you safe

Some Antivirus programs, such as Norton for example will pick up spyware files
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 13711252
Here are other Malware programs for your files. I have about 5 installed and use them about once per month. Run them in safe mode since a program may be in memory. It also has an explanation on the subject. I found that there is alot of confusion as to what Malware actually is. From what I read above you may not need them now, but I still would suggest that you install about 5 programs and put icons on the screen so you will not forget to use them.

You can easily get infected just by logging on a website or use the infamous Kazaa program. Even some mp3 come with spyware!

MALWARE  PROGRAMS

Download these programs, make an icon for each, run the programs in safe mode in case there is something in memory.

There can sometimes be a very fine line between a Virus and "spyware", generally Norton AntiVirus (and most other antivirus applications) will not detect normal "spyware" unless it comes in the form of what is referred to as a "Trojan".  This name is taken from the historical "Trojan Horse" where invaders sneaked into the walled city hidden in a wooden horse.  Similarly, a computer Trojan comes packaged and disguised as something else, and sneaks into your system where it can hide unseen doing a variety of things such as stealing passwords and sending them out to some other remote computer, monitoring activity, etc.

AntiVirus applications are often able to detect known Trojans, but not always.  It is very important for this reason to always allow your AntiVirus program to check regularly for updated "definition" files.  These are the "libraries" (for want of a better word) that the program uses to detect known threats, and new definition files will find new viruses.

Spyware is generally less nasty than a Trojan, but can certainly be a security leak.  In normal cases, they are huge annoyances rather than actual "spies".  I suppose that, if there were sub-categories, they could be divided into "Internet Home Page HiJackers" that redirect your internet pages constantly to specific search pages, "Ad Ware" which monitors your internet browsing habits and transmits them to central repositories for marketing purposes, and "Scumware" that sneakily installs programs that masquerade as legitimate programs and do similar things as "Adware", and "Scumware" which just messes up your system for no particular reason.

For the most part, all of these rely on changing or adding registry settings.  For instance, some will install and register files that have very similar names to genuine Windows system files so that a user checking what program files are currently being used won't immediately suspect a rogue process at work.  Some replace a windows system file with a rogue version of their own, and change a registry setting so that their rogue file does something else entirely different.

There is something known as a "Browser Helper Object" or BHO.  Most are legitimate and helpful, such as the integration of Adobe Acrobat Reader which will open up within Internet Explorer if you click on a link to a .PDF file.  Other BHO's are Norton AntiVirus Helper, which adds a "Scan with NAV" to various places and also runs behind the scenes ready to scan incoming email.  Unfortunately, some unscrupulous programs add unwanted BHO's into your system.

To somebody who is neither well acquainted with the names of files and folders in the "system" areas, and who has never had to know what lies in their windows registry, it can be difficult for that person to identify results thrown up by spyware removal tools.

Microsoft is often maligned and accused of creating unwanted, annoying, or "big brother-like" processes in Windows, and for that reason anti-spyware programs will often identify normal Windows registry settings, files, and processes as undesireable.  In most cases, these found items can be safely removed using the anti-spyware tool without suffering any adverse effects because they are not crucial to functionality.  In odd cases, however, allowing an anti-spyware utility to remove something could adversely affect your system.

There is also the risk that, by removing a rogue file that has deliberately replaced a legitimate system file, your system will look for that file and throw up errors when it can't find it.
The above was plagerized from BilDll

http://www.cyberwalker.net/columns/oct02/241002.html

Hijackers exploiting this bug will insert one or several .hta files on your hard drive which run when you start up Windows.

To fix this nastiness manually, search your computer for *.hta files. Click Start and Search or Find and then Files or Folders and type in *.hta. If you find them rename them so that they can't be found. For example, change file.hta to file.hta1 or move the files to another folder on your computer. Then switch your homepage back to one you like. If your computer doesn't do weird things after this permanently delete them. If it does, you might want to put them back one by one until you find the offender and then delete it.


Anti spyware tutorial

Spyware, also known as adware or malware, are programs that can cause problems. These include: pop up advertisements on your computer, browser hijacks, search engine hijacks, website redirections, website restrictions, computer problems (like slowdowns, lockdowns, etc.), personal information being logged in without your permission, preventing you access to certain sites or the whole internet, etc. Some spyware are worst than viruses, in my opinion. This section was created to help you detect and remove any suspicious activity that may be going on your computer. Also included is a section on how to prevent future spyware installations. Please read and follow the steps below to help make this process much faster and easier.

Before running any spyware programs, please run an online antivirus scan at one of the below sites to make sure that you don't have a virus. It is recommended to run a scan online because there are some viruses that can disable or make themselves invisible to the antivirus programs you have on your computer. If any viruses are found, write them down and remove them. Before running any of them, first disable System Restore if you have Windows ME/XP. You may use more than one:

http://www.greyknight17.com/spyware.htm


Spyblaster
http://www.javacoolsoftware.com/spywareblaster.html

Spybot Search and Destroy

Spybot - Search & Destroy can detect and remove a multitude of adware files and modules from your computer. Spybot also can clean program and Web-usage tracks from your system, which is especially useful if you share your computer with other users. Modules chosen for removal can be sent directly to the included file shredder, ensuring complete elimination from your system. For advanced users, it allows you to fix registry inconsistencies related to adware and to malicious program installations. The handy online-update feature ensures that Spybot always has the most current and complete listings of adware, dialers, and other uninvited system residents

http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button

Ad-Aware

Malware can track your surfing habits, abuse your Internet connection by sending this data to a third party, profile your shopping preferences, hijack your browser start page or pages, alter important system files, and can do this without your knowledge or permission

http://www.lavasoftusa.com

CWShredder

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml

http://download.softpedia.com/software/antivirus/CWShredder.exe


Note: Run "CoolWWWSearch.SmartKiller removal tool" BEFORE running CWShredder.

CoolWWWSearch.SmartKiller (v1 and v2) is a new, real ugly variant of CoolWWWSearch. When running, it will close every browser window you use to visit a large list of anti-spyware-sites, and even will close Spybot-S&D and some other anti-spyware applications as well.

http://www.safer-networking.org/files/delcwssk.zip


Adware scanner

http://www.adwarekillers.com/

clean your computer of over 36,000 invasive threats
Can be used only once before the purchase of said program








HiJack This!

HijackThis : A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.

http://www.merijn.org/files/hijackthis.zip
http://www.spychecker.com/program/hijackthis.html

Hyjack Tutorial

http://www.merijn.org/htlogtutorial.html

Paste logfile created into the text box here:

http://www.hijackthis.de/en

Remove all noted as "Nasty".

CWshredder
A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they update, you can use this to completely remove the hijack. This program is updated to remove the new variants once they come out  

Installing is CWShredder. Unzip the program to your Desktop. Double click on it to open up the program. Click on Fix and let it remove any traces found. When you click Fix, it will ask you to close all browser windows, so make sure you don't have Internet Explorer, Netscape or any other browser running. Click OK. It will scan and remove any files found. If a window pops up asking you if you want to delete a certain file, choose NO.
Next run Ad-aware

 http://www.majorgeeks.com/download4086.html

gonzal13(joe)

0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 
LVL 32

Expert Comment

by:LucF
ID: 13711517
Joe,
It appears your comment is a combination of postings on several resources on the internet. Please give credit to the sources.
In this case I'm also wondering if you actually checked the original question before posting your 3 screen post (1280x1024) this is a pretty simple piece of crapware to remove, so in no-way all the information you posted is needed. Why not just post a link to the general http:Q_20975384.html ?

LucF
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 13712129
I did give credit. The first portion was from BillDLL as mentioned. The other text is from the websites mentioned.

gonzal13(joe)
0
 
LVL 32

Expert Comment

by:LucF
ID: 13712136
Ok, sorry... I missed that part :)
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 13712211
Appology accepted. It is not the first time that I have been accused of cut and pasting without giving due credit using this document.

Joe
0
 

Author Comment

by:forgetmenotorelse
ID: 13714081
LucF,

I do have a question for you.  I posted another question.  Will you please see this link http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21378029.html

Thanks...

Regards
Nald
0
 
LVL 32

Expert Comment

by:LucF
ID: 13714903
Glad to help ;)
I'll take a look at your next question.

LucF
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question