[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SpyWare

Posted on 2005-04-25
10
Medium Priority
?
540 Views
Last Modified: 2010-04-11
Hi,

Two days ago I stared having a popup ad generator.  I am getting:

- www7.as1
- www.loadingwebsite
- paypopup

I scanned the computer using:

- AdAware SE Pro.  with the most recent definitions
- SpyBot
- Spy Nuker
- Hijack This
- VX2 addon for AdAware

But they return.

Has anyone experienced this?  what is the solution?

Thanks
hhammash

0
Comment
Question by:hhammash
10 Comments
 
LVL 6

Expert Comment

by:benwiggy
ID: 13861222
Hmmm. Try Spware Doctor.
Try updating them all and run again (I know it's a hassle)
Check you do not have a program installed which is running this as a service
Do you have Antivirus software?
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13861288
Hi!

Download HijackThis (version 1.99.1) from:
http://www.gatesofdelirium.com/ee/tools/
Place it into a folder of it's own - something like:
C:\HJT\hijackthis.exe or C:\Program Files\HJT\hijackthis.exe
Do not run it directly from the "Zip" file, a "temp" folder, or the Desktop.
HijackThis makes "backups" and it's good to have them in a centralized location.

With all browser windows closed - run HijackThis and
copy and paste the log file into the Analysis site here:
http://www.hijackthis.de/en

Click on the "Analyze" button; and when the analysis is done -
Click on the "Save Analysis" button -
A page will be generated with your saved analysis -
Post a LINK to that page back here.

Please, do not post your log file here!

We'll take a look at it!  :)

Good luck!
RF
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13861655
Are you using XP or winME? If so turn off system restore, then remove the pests after you've turned off system restore:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

I just posted this answer here: http://www.experts-exchange.com/Security/Q_21401755.html
Should give you an understanding of how to avoid spyware by using a browser that does not have ActiveX controls
-rich
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 14

Author Comment

by:hhammash
ID: 13862167
Hi,

I have a corporate Norton Anit Virus.  NAV and all the SpyWare I mentioned are up-to-date. I am using Windows 2000 Pro.

I'll do that RF.

hhammash
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 13865584
Browser Hijacking/Spyware/Adware/Malware Removal instructions

Full removal and Prevention instructions are available on my website,

http://www.petenetlive.com/Tech/Browsers/hijack.htm


The EE Official Link to info is,
 http:Q_20975384.html#10973783
0
 
LVL 14

Author Comment

by:hhammash
ID: 13874163
Hi PeteLong,

I'll check the links.  Thank you.

Question:
Did you face these spywares:
- www.loadingwebsite
- paypopup
- ads1

Thanks
0
 
LVL 14

Author Comment

by:hhammash
ID: 13903378
Hi rossfingal,

This is the link for the log:
http://www.hijackthis.de/logfiles/6cfc6535f7e5ce7278396e400f2a55d9.html

hhammash
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13903999
Hi!

Make sure "Show all Files and Folders",including hidden and system is enabled.

Did you or a program you have installed set these restrictions?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your Desktop and double click "l2mfix.exe".
Click the "Install" button to extract the files and follow the prompts -
then open the newly added l2mfix folder on your Desktop.
Double click "l2mfix.bat" and select option #1 for "Run Find Log" by typing 1 and then pressing enter.
This will scan your computer and it may appear nothing is happening -
then, after a minute or 2 (the time varies), notepad will open with a log.
Copy the contents of that log and paste it into this thread.

->-> IMPORTANT: <-<-
Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Good luck!
RF

0
 
LVL 14

Author Comment

by:hhammash
ID: 13905321
Hi,

I downloaded l2mfix a week ago and tried it.  When I run it,  the dos window blinks and disappears.

I am using Miscrosoft Anti Spy, maybe it put the restrictions.

After using Miscrosoft Antiy Spy,  I did not see those popups.  Is it because Microsoft Anti Spy blocked them or it deleted them?

What to do about L2mfix?

Thanks a lot.
0
 
LVL 12

Accepted Solution

by:
rossfingal earned 1000 total points
ID: 13908334
Hi!

That's a common problem these days.

Go to this page and use the fix for your Operating System (XP Home/XP Pro/Win 2000):
http://www.tech-forums.net/computer/topic/29806.html

Then, try running l2mfix again.

Hope this helps!

RF
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question