Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

I need a bit of computer advice/help, please!
12/06/04 | me

Posted on 12/06/2004 8:48:09 PM PST by IamHD

I think that I may have a trojan or a keylogger or something on my computer. I have tried everything that you can think of, short of completely deleting everything from my computer. I have all up to date anti-virus protection, pop-up stoppers, hijackthis, etc., etc., etc. I accidentally found 1,000's of porno, gambling, dialers, etc., in my REGISTRY:

HKEY_CURRENT_USER

LEADS TO INTERNET SETTINGS, THEN HISTORY, FILLED WITH HUNDREDS OF PORNO, GAMBLING AND AD SITES, AND;

LEADS TO A FOLDER CALLED ZONEMAP, WITH IS FILLED WITH OVER A THOUSAND MORE DIALERS, GAMBLING AND PORN SITES.

I have tried everything to delete them, and they keep reappearing in my REGISTRY. If I use my search option and check for these files, they don't show up, but they are in the REGISTRY. In the registry, it shows that these files are in my History and my Favorites, but they aren't. HELP!


TOPICS: Computers/Internet
KEYWORDS:
Navigation: use the links below to view more comments.
first previous 1-2021-4041-60 next last
To: IamHD
When ever in doubt when using your credit card number doing on line shopping, the best thing to do is to call your credit card company and have that credit card number closed, and they will issue a new number.
I had to call my credit card company to have them close my card number, after finding some spy ware on my computer. Some credit card companies have a thing called " Virtual account number " it's a number ( not your credit card number ) they give you so you can use it for shopping and you give that number to any merchants ( in some cases, you can only use it ONE TIME ) to do your shopping. It's a lot safer to use that virtual account number, than using you credit card number. If you can't get your ad ware scanner to work, or virus scanner to work, the next thing ( at least I did ) is to reformat, then, reinstall your OS and other programs on your PC, at least ( I had a peace of mind ) you'll have a peace of mind restoring your OS. Also, ALWAYS !!!!! keep your OS and PC up to date by checking for updates constantly. I never put my S.S. number on my PC, or my name or address. When ever you go to a web sight to do your shopping, always clean out the ( if you have Mozilla Fire FOX browser ) information cache
21 posted on 12/06/2004 10:23:26 PM PST by Prophet in the wilderness (PSALM 53 : 1 The ( FOOL ) hath said in his heart , There is no GOD .)
[ Post Reply | Private Reply | To 1 | View Replies]

To: 1L
There are a couple more free utilities that I find helpful.Spybot search and destroy will give you the option to download Javacools Spyware Blaster when you set up or immunize, get it, it's not a scanner it works resident to block thousands of malware programs and is compatible with Spybot you can run them both resident at the same time.Then there's one of my all time favorites CCleaner short for "crap cleaner" this is a killer disk cleanup tool much faster and more powerfull than the standard Windows Disk Cleanup. Plus it will detect and allow you to delete registry errors with or without backing them up.If you do go for a reinstall afterwards download, set up and update Zone Alarm first even before you update Windows.
22 posted on 12/06/2004 10:23:59 PM PST by edchambers ("Pajama clad Neocon footsoldier of the Haliburton Death squad Digital brown shirts")
[ Post Reply | Private Reply | To 19 | View Replies]

To: edchambers
Yes, I use Spyblaster and WEBROOT SPYSWEEPER.
is it ok ? to use 2 firewalls at the same time ?
I heard there could be conflicts with them ?
Even if 2 firewalls had conflicts, will that make my PC more susceptible to attacks ?
23 posted on 12/06/2004 10:42:52 PM PST by Prophet in the wilderness (PSALM 53 : 1 The ( FOOL ) hath said in his heart , There is no GOD .)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Alabama MOM

Ping


24 posted on 12/06/2004 11:24:56 PM PST by nw_arizona_granny (Today, please pray for God's miracle, we are not going to make it without him.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cedar

Thanks! :) I just registered and posted my HJT log.


25 posted on 12/06/2004 11:45:57 PM PST by IamHD
[ Post Reply | Private Reply | To 18 | View Replies]

To: Prophet in the wilderness

I don't recomend using two firewalls at once.I've done it with Mcaffee and Zone Alarm and while it worked it was more trouble than it's worth.Windows XP does not recomend using it's built-in firewall with anything else.Haveing tried all of the above I prefer Zone Alarm.The Windows fire wall was either too confusing or restrictive for me so I turned it off and went with Zone Alarm.


26 posted on 12/07/2004 7:18:38 AM PST by edchambers ("Pajama clad Neocon footsoldier of the Haliburton Death squad Digital brown shirts")
[ Post Reply | Private Reply | To 23 | View Replies]

To: ProudVet77

(The best advice I can give any owner of an ME system is to upgrade to XP)

I like XP just fine on a modern system with ALOT of memory, but if you can find it 98se is better than Me and much less of a system resource hog than XP.It doesn't have all the built in security stuff of XP but with all the good freeware security available today that's a non issue.


27 posted on 12/07/2004 7:35:13 AM PST by edchambers ("Pajama clad Neocon footsoldier of the Haliburton Death squad Digital brown shirts")
[ Post Reply | Private Reply | To 12 | View Replies]

To: edchambers

A point well taken. I have 98 on my laptop and it's just fine.


28 posted on 12/07/2004 7:44:00 AM PST by ProudVet77 (Just say NO to blue states.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: IamHD
I have tried everything to delete them, and they keep reappearing in my REGISTRY.

There is an executable somewhere on your hardrive that is doing the nasty work of recreating all the registry entries.

I had the same problem with a friend's PC running XP. I had to reformat the drive and reload the OS to get rid of it. The bugger was hiding out in the Windows directory as an executable called "svhost.exe" which is supposed to look like a valid and necessary Microsoft program called "svchost.exe". It would run every ten minutes and recreate all the entries after deletion. It also would not allow Spybot S&D or CWShredder to run. The problem with XP is there is no way to delete a file that runs at startup per se. Since XP is the OS, you can't just startup in DOS mode and delete nasty files. And the creators of the spyware know this.

You may be horked and in need of a wipe 'n' load.

"Filthy nasty spywareses,
trying to hurt the Precious!
But we won't lets them, no we won't!"

29 posted on 12/07/2004 10:46:17 AM PST by Bloody Sam Roberts (All I ask from livin' is to have no chains on me. All I ask from dyin' is to go naturally.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IamHD
I have WindowsME.

You're in luck. You can find and delete the executable I mentioned. I am certain that is what is happening on your system.

Use msconfig from the run box and go to the startup tab and look for executable files that do not belong there. To find out what some things are, got to www.answersthatwork.com and look at their startup task page. It will have an alphbetic index of just about everything you could find in a startup listing. And it will tell you what it is and what it does and if it is important or not.

Also, use your "Hijackthis!" to search for things that look out of the ordinary. It will take some detective work, but once you find it, you can boot from a 3 1/2" floppy startup disk and go directly to the path where it lives and delete it. Once done you can startup WinME and clean the registry....In safe mode of course.

30 posted on 12/07/2004 10:51:48 AM PST by Bloody Sam Roberts (All I ask from livin' is to have no chains on me. All I ask from dyin' is to go naturally.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: IamHD; Bloody Sam Roberts
Don’t get excited just yet. It might be what you’re seeing in the registry is a good thing.

I run ME too, and just the other day I made an updated "nasties" list, which is/are unwanted cookies.

Go into Tools>Internet Options>Security, highlight "Restricted Sites", then click on "sites" and hopefully there is the list of what you speak.

If you find the list in the “trusted sites”, then of course that’s something else again and then you can worry.

My point is that if you're running Adaware or SpyBot or something similar it might very well be they put them there. You can individually place unwanted sites there as well, as I and others do, and then save them, (which someone started referring to as "nasties").

Here's an example of a “good thing”, the registry address of one site example I have in my restricted list:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonadialer.com]

31 posted on 12/07/2004 12:05:23 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoJo Gunn; All
Thanks! :) That's exactly what's going on. I was doing further checking all night long, and the list in my registry is the same as the list in my restricted sites.

Now, I know that my browser was hijacked by something called CoolWebSearch.com, along with a few more. I'm trying to make absolutely certain that I don't have a hidden keylogger somewhere in my computer.

When this happened late Saturday night, my Ad-aware flashed on and turned to the German language, then shutdown, along with my spybot, my anti-virus software, and my firewall, so whatever it was, it got me good. What a nightmare!

I uninstalled and reinstalled all of my programs, and since then, hackers have been trying to get in, BIG time. My firewall is showing a lot of the same IP addresses trying to get into my computer. Everytime I scan with my Ad-aware, spybot, etc., etc., I have a ton of junk to remove, and my computer is running very slow, so I think that there is still something there.

Thanks to everyone! :) I'll stop by when I get an answer on my HijackThis log that I left at 2 different sites.

32 posted on 12/07/2004 2:28:44 PM PST by IamHD
[ Post Reply | Private Reply | To 31 | View Replies]

To: IamHD; All

I'm glad you haven't been that hammered after all. :)

One place you can't go wrong with your hijack list is here:

http://www.cybertechhelp.com/forums/forumdisplay.php?f=25

AnnMarie is one sharp cookie, and you can tell her I said so. :)




(Your "Hijack This" program has this next item built in, so it's posted for anyone else that might read this thread):

This is a direct link to a freebie zipped file called "startup list". It's small, nothing you install, and wherever you save it is where it'll create and save a text file of all the programs running in the background. Maybe you've been told that already, but if not.... and besides anyone else here can gain from it. It's one more thing to keep in the toolbox.

http://downloads.subratam.org/startuplist.zip


33 posted on 12/07/2004 3:07:20 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 32 | View Replies]

To: IamHD

My editing skills left something to be desired in that last post. Oh well....

There's a way to save all those listed in the Restricted Zone, for the time you might have to do a reinstall.

Go to Start>Run, and type in "regedit" without the quote marks, and then find your way to that "Domains" folder for the RESTRICTED sites. Here's the path:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

You highlight the Domains folder and then go all the way to the top and click Registry>Export registry file. Give it a name, I usually name it "nasties as of (date)" and save it.

By the way, you'll no doubt notice it's a little time consuming to find the exact place in the registry, and there's a place at the top to bookmark things, just as with a browser, "Favorites". Mark that place and you'll be able to export your unwanted additions with ease.

Since this is about nasties and such, here's another trick about entering unwanted things into that Restricted area. For example:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearsh.com]

What you can do is copy and paste that into a Notepad file, and save it with whatever name you want, but save it with a .reg at the end. That'll turn it into a registry file, and then you can double click it and enter it into the registry. (You'll get a confirmation box first). Sometimes people on some sites will post comprehensive lists in plain text, and you can make your own file that's quick to enter instead of doing them all one at a time.

To all: Obviously it's not that hard to mess with the registry, so let me give this caveat: in a very real sense we're talking about brain surgery here. You break the registry, you run a good chance of breaking your OS, so be methodical and careful and don't be afraid to ask if you're not sure! Go to Start>Run and then type "scanreg" without quotes and the registry will be checked for errors and then you'll be asked if you want to make a backup. Say YES.

Bookmark this and better yet print it:

http://www.helpwithwindows.com/windows98/start-145.html



Class dismissed.... :)


34 posted on 12/07/2004 3:35:29 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 32 | View Replies]

To: 1L

Does she really have a problem???

Is this what you find in the registry.

"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" ??

Spybot S&D and some other anti-spyware programs will put these into the registry so they can block downloads from the offending sites.


35 posted on 12/07/2004 3:50:26 PM PST by daylate-dollarshort
[ Post Reply | Private Reply | To 19 | View Replies]

To: JoJo Gunn

Thank you for the links! I haven't heard anything from the other 2 sites that I placed my HijackThis log, yet, so another won't hurt! :)


36 posted on 12/07/2004 5:32:09 PM PST by IamHD
[ Post Reply | Private Reply | To 33 | View Replies]

To: JoJo Gunn
These really help, too! I knew that there was an easier way for me to do this...I just hadn't figured it out yet.

So far, my machine appears to be clean. I've been redoing my spybot, ad-aware, and all the others, and so far, so good. My computer is running a lot faster now.

I can't believe (well, I know that it's true, but as never happened to me until now) that just clicking on a supposedly innocent looking website, turned out to be a hacking site. How dumb do I feel?? My curiosity got the better of me.

Thanks again!

37 posted on 12/07/2004 5:39:46 PM PST by IamHD
[ Post Reply | Private Reply | To 34 | View Replies]

To: IamHD

Hijack works well by identifying unusual windows registry entries, and allows you to delete them.


38 posted on 12/07/2004 5:40:57 PM PST by rintense
[ Post Reply | Private Reply | To 1 | View Replies]

To: daylate-dollarshort

Yes, that's what I finally figured out last night. And to think, my husband told me that I could go to jail for having these things on my computer. LOL


39 posted on 12/07/2004 5:42:25 PM PST by IamHD
[ Post Reply | Private Reply | To 35 | View Replies]

To: rintense

It really does. I have been working on my computer since this happened. So far, I haven't received any replies to my HJT logs, (2 sites) so I found a place that tells you what you can remove or fix. I did find several browser hijacker entries and removed those, along with some other suspicious items. So far, so good. :) I'm going to send my log to another site recommended by JoJoGunn and see if they will take a look for my own peace of mind.


40 posted on 12/07/2004 5:47:33 PM PST by IamHD
[ Post Reply | Private Reply | To 38 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-60 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson