Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Tenacious Spyware Problem (Vanity)
6/16/04 | Me, Myself, and I

Posted on 06/16/2004 10:42:22 AM PDT by Born Conservative

Please excuse the vanity (this is my first vanity post). I am having a problem with spyware. It started when my 11 year old son installed a "really cool" screensaver on the computer (running XP Home) from "screensaver.com". As soon as he told me he did that, I knew that I was up the creek without a paddle. So, I ran Spybot, and then Ad Aware, and "fixed" my Spyware problems. Right. Needless to say, my computer is still infested.

I then did some searching on the web,and downloaded Hijack This, since my browser was hijacked to a different home page (msn.com). Since I wasn't sure which programs were spyware, and which were not, I haven't "fixed" them with Hijack This yet. I also downloaded Aluria's free spyware scanner, and it shows 17 spyware files. The files include Wild Tangent, IWon, Cydoor, 2020Search, Comet Cursor, WhenUSave, and MyWay Speedbar. I did re-run the SpyBot and AdAware, as well as CWShredder (run in Safe Mode), but the spyware persists. I am also up to date on all Windows updates. Any help would be appreciated. I do have a log file from the Hijack This if that would help.


TOPICS: Miscellaneous; Your Opinion/Questions
KEYWORDS: help; spyware
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last
To: Born Conservative
Just to add yet another thing to try:

Autostart Viewer

There are numerous ways that malicious programs can embed commands to have them start automatically. This lists them and sometimes helps.

I just recently helped my daughter's teacher clean off her computer, which her son was using to download music files. Between Adaware and Spybot S&D, it found almost 600 files/registry entries to delete - I've never seen a system so dirty.

Even after Adaware and Spybot cleaned them, there was still something executing at boot time that was automatically generating a .exe file and inserting it into the "Run" folder in the registry, which automatically runs (usually legitimate) programs at boot time. I had a heck of a time getting rid of that.

One other thing to be sure you are doing is updating Adaware and Spybot S&D before scanning. The downloads are usually out of date, so click the "Check for updates" button to be sure you have the latest spyware signatures before scanning.

81 posted on 06/16/2004 1:55:43 PM PDT by Mannaggia l'America
[ Post Reply | Private Reply | To 1 | View Replies]

To: b4its2late
Spy Bot may also zap some registry files that might screw up your internet connection

I ran into this problem this past weekend. It jacked my connection all up. The computer wouldn't recognize my modem or anything. I hadn't done a clean install of XP in about a year and a half, so I went ahead and reinstalled. It's amazing how fast this computer runs now. :)

82 posted on 06/16/2004 2:08:08 PM PDT by GOPyouth (De Oppresso Liber! The Tyrant is captured!)
[ Post Reply | Private Reply | To 45 | View Replies]

To: Born Conservative

Bump for later research. One of our computers at work was hyjacked to mshp over the weekend. May have to do a total clean out of the system. Unplugged it from the server.


83 posted on 06/16/2004 3:14:36 PM PDT by Deguello
[ Post Reply | Private Reply | To 1 | View Replies]

To: boris
Slowed my cable modem connection by a factor of 100x, screwed up my registry, messed with my CMOS settings.

I don't doubt you had problems but I'm very surious as to how the executable for the Proxomitron could have caused CMOS problems. It also places nothing in the registry. What kind of problems did you experience, exactly.
Only if you care to share. Did you use version 4.5?

84 posted on 06/16/2004 3:39:32 PM PDT by Bloody Sam Roberts (ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,Election '04...It's going to be a bumpy ride,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø)
[ Post Reply | Private Reply | To 79 | View Replies]

To: Born Conservative

Trend Micro Sysclean Package http://www.trendmicro.com


85 posted on 06/16/2004 3:42:45 PM PDT by Registered
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative

Reference bump


86 posted on 06/16/2004 3:48:27 PM PDT by dbwz (CAN THE BAN!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GOPyouth


>>vI ran into this problem this past weekend. It jacked my connection all up. The computer wouldn't recognize my modem or anything.<<

There's one spy program and I'm drawing a blank on it right now, but it's like "value shopping" or somesuch and it actually replaces your winsock.dll with it's own. If you use spybot and clean it, you have no connection any longer. You generally have to re-extract it from the cabs.

I clean systems almost daily(everyone brings in their kid's pcs for me to fix, rather unrelated to my job). There's not a single one I've not been able to return to like-new function.


87 posted on 06/16/2004 3:59:20 PM PDT by Malsua
[ Post Reply | Private Reply | To 82 | View Replies]

To: Born Conservative
I had a similar problem and took similar steps to remedy it about a month ago. With similar results. In the end, to get rid of the pests I had to go the IBM way ("It's Better Manual".) No drastic steps such as system restore were required. Since the spyware removal programs can identify the culprits but are unsuccessful removing them completely, jot the names down and google on them. You'll find pages explaining how to remove the things manually. Also google on the names of suspicious running processes. Reboot again and again.

It took me 5 days to completely clean up my machine - it had spyware, malware and several trojans. How did I catch the disease? By searching the net for cheap airfares to Europe and googling for advice on searching the net for cheap airfares to Europe. Nothing different than what I had done a year ago when I wasn't running any anti-virus or anti-spyware. Last year I found a reasonable airfare and went, this year - nada!

88 posted on 06/16/2004 4:01:55 PM PDT by Revolting cat! ("In the end, nothing explains anything!")
[ Post Reply | Private Reply | To 1 | View Replies]

To: boris
Unbeatable all right. Slowed my cable modem connection by a factor of 100x, screwed up my registry, messed with my CMOS settings.

Well, there we have it.

Caveat emptor.

89 posted on 06/16/2004 4:11:44 PM PDT by don-o (Stop Freeploading. Do the right thing and sign up for a monthly donation.)
[ Post Reply | Private Reply | To 79 | View Replies]

To: Mannaggia l'America
Between Adaware and Spybot S&D, it found almost 600 files/registry entries to delete - I've never seen a system so dirty.

Had a customer a few weeks ago who had over 900 items found by AdAware, and thirty five files infected by viruses detected by AVG antivirus! It was a miracle I could even start the machine, I had to do each in two swipes, I couldn't even connect the computer to the Internet (he had dialup) until I used months-old versions of those programs that I travel with.

Took about two hours of billable time, but I finally got him straightened out!

90 posted on 06/16/2004 4:26:55 PM PDT by hunter112
[ Post Reply | Private Reply | To 81 | View Replies]

To: GOPyouth

Yep. You're right. But with some patience you can achieve similar goals with Spy Bot. I'm not knocking it, it has it's benefits. You just have to know what you are doing (and that does not apply to me all the time either BTW).


91 posted on 06/16/2004 5:08:51 PM PDT by b4its2late (Hillary, it is bad to suppress laughter; it goes back down and spreads to your hips.)
[ Post Reply | Private Reply | To 82 | View Replies]

To: GOPyouth

How youthful are you, if you don't mind me asking?


92 posted on 06/16/2004 5:09:33 PM PDT by b4its2late (Hillary, it is bad to suppress laughter; it goes back down and spreads to your hips.)
[ Post Reply | Private Reply | To 82 | View Replies]

To: Born Conservative

bump


93 posted on 06/16/2004 5:12:24 PM PDT by VOA
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative; Bloody Sam Roberts; zeugma; JoJo Gunn; All
If this thread doesn't answer your questions, THIS ONE MIGHT. It's my account of a vicious spyware attack I suffered two months ago, and the steps I took to fix it, and the subsequent advice I got from some knowleageable FReepers. I highly recommend it.
94 posted on 06/16/2004 5:17:28 PM PDT by Long Cut (Certainty of Death, small chance of Success...What are we waiting for?...Gimli the Dwarf)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
The easiest thing to do is do a system restore to an earlier date.

Spybot has a deep scan option, takes a long time, but digs out a lot more of the offending programs than the quick scan.

I would also run Norton anti-virus, or another good anti-virus on your complete computer.

System restore is your friend. It allows you to back out changes. Spybot has a similar mechanism, just in case it deletes something you needed.

Once you get it fixed, the Norton utilities contains a program called clean sweep which will back out these kinds of problems and detect and prevent them from being installed. You can set it so your family can't install.

BTW, you are running the computer as a user not as the 'OWNER' account. If you aren't I suggest you make a special account for your family that does not allow program installation. Many problems can be prevented by just making a separate account with restricted privileges.

95 posted on 06/16/2004 5:21:28 PM PDT by snooker (Reagan has put the smile back on America's face ... again. Can't you feel it?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
Try:
www.techguy.org
www.cybertechhelp.com
96 posted on 06/16/2004 5:22:46 PM PDT by RightWinger
[ Post Reply | Private Reply | To 1 | View Replies]

To: snooker
"System restore is your friend. It allows you to back out changes."

Absolutely great way to fix this problem, I did a Restore to June 1st and Im back where I was before this problem arose.

Took half an hour maybe, 1st time I used it but certainly not the last.

Just searched files for Restore and there it was.

97 posted on 06/16/2004 6:25:11 PM PDT by No Blue States
[ Post Reply | Private Reply | To 95 | View Replies]

To: mlbford2

How did you do it in 2 hours? It usually takes me days.


98 posted on 06/16/2004 6:27:46 PM PDT by M. Peach (eschew obfuscation)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Bloody Sam Roberts

Bump


99 posted on 06/18/2004 6:24:54 AM PDT by jokar (On line data base http://www.trackingthethreat.com/db/index.htm)
[ Post Reply | Private Reply | To 78 | View Replies]

To: Born Conservative
I am pinging this open because I have been days trying to eliminate belt.exe and its associated files and decided tonight to manually delete them per Symantec's instructions; when I opened the hidden files I saw that belt.exe had been last modified 8/13/2003; the only thing is, I bought this cpu new 02/12/2004.

In other words, either CompUSA sold me a refurbished computer without wiping the drive or COMPAQ pre-installed a trojan adware pgm.

Anybody have any ideas about this before I yell at CompUSA?

100 posted on 06/19/2004 7:21:51 PM PDT by Old Professer (lust; pure, visceral groin-grinding, sweat-popping, heart-pounding staccato bursts of shooting stars)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100101-106 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson