PDA

View Full Version : Malware Browser Hijacker Ass Clowns


NousDefionsDoc
07-31-2004, 10:58
I recently had a HUGE problem with this. Adware, Spybot, etc would find it, but it always came back. If I ever get my hands on the SOB that invented or installed this stuff on my computer - monkey stomping won't begin to describe the beating he's going to get.

Any of you SMEs have experience with these?

http://www.siena.edu/antivirus/Spyware/hijackthis.htm

http://www.download.com/Bazooka-Adware-and-Spyware-Scanner/3000-8022-10247783.html?tag=lst-0-1

Ambush Master
07-31-2004, 11:20
Bill,
Are you familiar with using msconfig ?? You may have something in your Registry that you can track down with msconfig !!

Let me know.
Martin

NousDefionsDoc
07-31-2004, 11:22
Not familiar AM, unless it was the one TS told me about. Adaware finally cleared mine up, I guess with the updates.

Ambush Master
07-31-2004, 11:29
I had some extremely persistent problems, like my machine would lock up for exactly 6 boots and would work on the 7th !!! EVERY TIME !!!

Went to the "Start" button, up to the "Run" option, entere msconfig, & go. What you get is the "System Configuration Utility". Select the "Startup" tab and you will see all of the programs that are set to initiate at startup. I'll find the link to the Symantec site that details how to trobleshoot from there !! It works !!

Later
Martin

Ambush Master
07-31-2004, 12:31
Found the Link !! It is for addressing a specific problem dealing with Norton Anti-Virus, but the same proceedure could be used to isolate what is causing your problem:

http://service1.symantec.com/SUPPORT/NAV.NSF/DOCID/19983374923

Later
Martin

Solid
07-31-2004, 12:39
NDD-
Before you touch your registry, back it up. There is a 'back up' tab under start-programs-accesories-systemtools. Only delete the backup when you know that there is no problem with what you've deleted from the registry.

HTH,

Solid

Kyobanim
07-31-2004, 14:07
Some spyware/malware runs as a process in windows 2k/XP. The best way to get rid of it is to start the PC in safe mode and then run your spyware removal program. When finished running the spyware removal program open up Add/Remove programs and remove the unwanted app from there. After doing that reboot the PC again to safe mode and run the add removal program one more time.

Kyobanim
07-31-2004, 14:13
I might have posted this before. . .

Before you do any of this: if you’re using Windows XP create a restore point.

To create a Restore Point in Windows XP:
1. Click Start, Programs, Accessories, System Tools, System Restore.
2. The System Restore window will appear. Chose Create a Restore Point and click the Next button.
3. Next, you will be given the opportunity to create a name for the Restore Point. Type in the name and click create.


Preparing to clean up (read this entire section before attempting any of these procedures)

Download one of these:
Adaware 6.0
SpyBot

Another good one and one that I recommend is Pest Patrol. This can be found at http://www.pestpatrol.com. The cost is $39.99 for home users but it is well worth the price.

When finished, disconnect from the cable/dsl modem and restart your computer in Safe Mode. This is done by pressing the F8 key while the PC is booting up before the Windows splash screen appears. If the Windows splash screen appears just restart and do it again. If you’ve never done this before you might have to press the F8 key several times to get it to take. If you are successful, you’ll get a DOS menu. At the top of the list you should see Safe Mode. Regardless of where it is, highlight Safe Mode using the up and down arrow keys and press Enter. Once the boot process is complete you’ll see the windows desktop. Don’t worry about what the video looks like.

The Cleaning Process for XP and 2000

First we’re going to do a little manual cleaning. Open up My Computer and double click on the C drive.
1. Look for a file that ends in .XML. If you see it, delete it. It shouldn’t be there.
2. On the Drop Down menus at the top of the window click on Tools, Folder Options, View. In the new window look down the list and click the button beside Shall All Files. Then exit by clicking OK on all the windows.
3. Open up the C drive again, if you just closed it, then open up the Windows Folder. Then open up the folder called Temps. Delete all the files in this folder.
4. Close these windows until you are viewing the contents of the C drive.
5. Open the Windows folder. Look for the Temp folder and delete the contents of the folder. Navigate back to the Contents of C.
6. Open the Documents and Settings Folder
7. Open the folder that is named the same name that you use to log onto the computer. If you don’t have to login open the Administrator folder. Open the Local Settings folder.
8. Next, open the Temp folder and delete all the files out of it.
9. Open the Temporary Internet Files folder. Delete the files in this folder. Sometimes login information is stored here for things like web forums, and web sites that require a log in and password. Unless you want to go through every file and delete them one by one, delete everything. You’ll just have to enter an account and password for the web forum you go to all the time.
10. Open up Internet Explorer. Click on Tools, Internet Options, Settings, View Objects. These are application plug-ins like Flash Player, Real Player, etc. If any are listed as “unknown” remove them.

When finished, close all open windows. Look on the desktop for the Adaware icon. Double click the icon and run the application. It could take 15 or 20 minutes to run.

Next, do the same with Spybot. There’s a good chance that Adaware will get everything but it never hurts to be sure.

Now that you’ve gotten rid of the registry entries and cookies, we’re going to get rid of the applications themselves.

Open up the Control Panel then double-click the Add/Remove Programs icon. It’s time to remove some applications. Look for any of the following and remove them:
• EBates
• GAIN
• Golden Retriever
• IGetNet
• IPinsight
• King Solomon's Casino
• MyWay Speedbar
• NetPalNow.com
• Purity Scan
• Sidestep
• Webhancer
• Sidesearch
These are just a few.

Now go through the applications and make a list of the ones that you don’t know what they do. (Did that make sense?) If you’re sure that you didn’t install them and know that you don’t need them, remove them. If you’re not sure, look them up on the internet. If you take the second option there’s a good chance that you’ll have to go through this process again.

If at anytime you are prompted to reboot the computer DON”T DO IT! If you reboot before you uninstall these apps you’ll have to start the whole process over again. Sometimes this can’t be avoided. If the PC reboots its self during the process make a note of the application you were uninstalling when it happened. Next time do it last.

Once you’ve made it through all this you should have a clean PC. Now we need to keep it that way.

There are a lot of other things that can be done and as I get them documented I'll post them.

Pandora
08-01-2004, 00:01
A decent option for free scans for ad/spyware is
Trend Micro (http://housecall.trendmicro.com/housecall/start_corp.asp)

Doesn't replace Norton and something like PanicWare, but it is a good (free) option to run daily.