[IamHD]

Could they be in my registry because I have them in my Internet restrictions host files?? I went to an innocent enough looking website the other night, and bam, it was a hacking site. It made my ad-aware start up and parts were written in German, then it crashed. It did the same thing to my SpyBot, my firewall and my ZoneAlarm.

I'm so paranoid about this...I'm afraid I may have an invisible keylogger, or something on my computer! Is there anything that I can do short of totally formatting my hard drive?

Thanks for any help!

[timpad]

What's your OS version? If you have XP or such have you tried System Restore?

[ProudVet77]

Are you using XP? If so, it's hard to get rid of certain things as it automatically backs them up and when you delete them it replaces them.
Also to see all files, open My Computer, Select Tools, then Folder Options, Click View, then select "Show Hidden files and folders".

[M. Peach]

Have you downloaded ad-aware 6? It's free, and it seems to do a good job for me - however it has to be done about every week.

I would also go to tools, internet options - general tab - and delete all files, cookies and delete history. You could also try to restore your computer to an earlier date.

I'm no expert - but that's what I would try....

[Americanchild]

I would say your paranoia is well-founded!If these things are in your registry then they are probably installed malware, trojans, etc. Are you saying Spybot, Ad-aware, Zonealarm, and your firewall all crashed ? Do you have all the file sets checked under settings in Spybot? I would think Hijack This! would be the quickest way to clean all this out. Have you tried that yet?

[Peace Is Coming]

bttt

[The Spirit Of Allegiance]

FIRST thing to do is to download and use either Firefox or Netscape, these are not nearly as vulnerable to being hacked.

Second thing is, when you are not actually needing to be online, physically disconnect your computer from its telecommunications capabilities--phone jack, Ethernet cable, USB cable or disable any wireless.

The rest of my suggestions could TRASH your computer, so do at your own risk. Exact sequence and steps taken would depend on the version of Windows and other "hunches" along the way....make a backup of your data in case of the worst!

Third, hit Ctl/Alt/Delete and using this key sequence and your mouse, kill programs ("end task") one at a time, keep track which ones can be safely killed without hanging/rebooting your machine. You'll have to do this a few times most likely...including restarts.

Fourth, when you get past #3 and you have only a couple programs (Explorer will be one but NOT IExplore.exe) running, then go to Start/Run and type in MSCONFIG and click Run. Go to the Startup tab and disable everything there that does not have to do with virus prevention (McAfee or NAV, for example) or ZoneAlarm.

Fifth, restart your computer. Try SAFE mode first. See if it seems to act "faster" You can make a backup of the system registry (export ALL) to the desktop. Then start deleting all the crap. If it's too much, you may just want to reinstall Windows from your CD...you do have one, I hope? Of course you also have a backup of your crucial stuff...?

Sixth, get yourself a copy of Norton Utilities 2003 or later, or Systemworks....$45-$100 but well worth it.

[tallhappy]

Is there anything that I can do short of totally formatting my hard drive?

Unplug it from the network if you think its being accessed.

Check hard disk size. See if it has increased significantly.

Search for any large files, make sure you've selected to see all file types, system and invisible etc...

Look for processes that shouldn't be running. Kill them. If they don't get killed it is suspicious.

Root kits can be hidden in the recycle, in volume info, buried deep in system directories.

[potlatch]

ping

[1L]

Download the following four files:

1. Avast anti-virus
2. Adaware SE
3. Spybot
4. CleanCache

(Just do a google search). Install and run in reverse order. That should clean things up well.

Then, after its clean, install and run Firefox and dump IE as a browser.

[ChefKeith]

check your pings for info in a different thread

[Prophet in the wilderness]

When ever in doubt when using your credit card number doing on line shopping, the best thing to do is to call your credit card company and have that credit card number closed, and they will issue a new number.
I had to call my credit card company to have them close my card number, after finding some spy ware on my computer. Some credit card companies have a thing called " Virtual account number " it's a number ( not your credit card number ) they give you so you can use it for shopping and you give that number to any merchants ( in some cases, you can only use it ONE TIME ) to do your shopping. It's a lot safer to use that virtual account number, than using you credit card number. If you can't get your ad ware scanner to work, or virus scanner to work, the next thing ( at least I did ) is to reformat, then, reinstall your OS and other programs on your PC, at least ( I had a peace of mind ) you'll have a peace of mind restoring your OS. Also, ALWAYS !!!!! keep your OS and PC up to date by checking for updates constantly. I never put my S.S. number on my PC, or my name or address. When ever you go to a web sight to do your shopping, always clean out the ( if you have Mozilla Fire FOX browser ) information cache

[nw_arizona_granny]

Ping

[Bloody Sam Roberts]

I have tried everything to delete them, and they keep reappearing in my REGISTRY.

There is an executable somewhere on your hardrive that is doing the nasty work of recreating all the registry entries.

I had the same problem with a friend's PC running XP. I had to reformat the drive and reload the OS to get rid of it. The bugger was hiding out in the Windows directory as an executable called "svhost.exe" which is supposed to look like a valid and necessary Microsoft program called "svchost.exe". It would run every ten minutes and recreate all the entries after deletion. It also would not allow Spybot S&D or CWShredder to run. The problem with XP is there is no way to delete a file that runs at startup per se. Since XP is the OS, you can't just startup in DOS mode and delete nasty files. And the creators of the spyware know this.

You may be horked and in need of a wipe 'n' load.

"Filthy nasty spywareses,
trying to hurt the Precious!
But we won't lets them, no we won't!"

[JoJo Gunn]

Don’t get excited just yet. It might be what you’re seeing in the registry is a good thing.

I run ME too, and just the other day I made an updated "nasties" list, which is/are unwanted cookies.

Go into Tools>Internet Options>Security, highlight "Restricted Sites", then click on "sites" and hopefully there is the list of what you speak.

If you find the list in the “trusted sites”, then of course that’s something else again and then you can worry.

My point is that if you're running Adaware or SpyBot or something similar it might very well be they put them there. You can individually place unwanted sites there as well, as I and others do, and then save them, (which someone started referring to as "nasties").

Here's an example of a “good thing”, the registry address of one site example I have in my restricted list:

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zonadialer.com]

[rintense]

Hijack works well by identifying unusual windows registry entries, and allows you to delete them.

[Preech1]

Let me be the first to say...."Are you logged in?"

[Cold Heat]

Question: What are you using to locate the files in your registry?

What happens when you delete them and what are you using to do the deletion.?

I suspect you are not erasing the actual items, but the reg keys that keep track of them. That is why they get replaced.

There are a few free reg cleaners that have a nifty automatic cleaner that does pretty well.

I use reg Medic, that I paid a few dollars for and it is safe to use in auto. It roots out all of the locations and creates a backup if you screw something up.

Your op system is part of the problem. It is a real piece of work. I dumped mine and got XP.

[Cold Heat]

Just read the post where you discovered that spybot loaded the stuff on your registry. I do not have that one, so I have never seen that.

I would not worry too much, now that you have ZA. It works like a charm. But remember that you tell it what to do, so it will open a port if you say it is OK.

I run mine with the warnings turned off unless a prog asks for permissions.

Also, make sure you have a updated virus screener that has a recovery data base. These fool hooks latch onto required files and kill your OS.

Run scan disk at full checkout and then run defrag. You need to kill your browser and all working programs when you do this so nothing interferes with the defrag.

I used to recommend doing it in safe mode, but some os defragers misinterpret and rearrange or loose data so I run it hot booted but programs off.

It really helps the speed if you keep it defraged if you do not have a high speed drive or large capacity. I have a older machine that needs tuneup frequently.

[A CA Guy]

As a good start, go to SEARCH. Search by date for all CREATED files in the last two weeks.

That should give you a start.

If you are clueless, you could have stuff in there for a year already.

[BJungNan]

bump for later read