So then I need to follow the above listed instructions and try to get rid of it?

THANKS
Jim

Quote |

Do you know if you have any? You can use Spybot or the free version of adaware. The HiJackThis! will also do the trick - it shows you what programs are running in the background.

Spyware / adware / malware is different from a virus - do keep that in mind.

Also before installing anything on a network computer - make sure you have permission to do so. I take it that the company that Doya66 works with - well - his IT guy just is not up to speed? Sorry Doya66 - but the network should be locked down a lot more to prevent installs. And as far as keeping Windows up to date - he should have made sure. I check that up date feature about 5 times a day. I do not have the notify me of critical updates enabled just because I do not want to rely on that.

But before I go to bed - my computer is either scandisking, defragging, scanning for viruses every night.

__________________
Corey

Not as innocent as one might think

Quote |

I ran the adaware program from lavasoft on my teen's machine today. He had three spyware programs on it. one was favoriteman, one was sahagent and I can't remember the third.

I ran it on my laptop and our other machine. Both had cookies, but no .exe's.

I'm not too religious about Windows Update because I run Win98 on everything. I run it about once a month to update IE. I refuse to run Outlook. Everyone has web-based email which keeps the malicious junk to almost nil.

I do run McAfee on all the machines and update it weekly.

I have a wireless network connecting all our machines. My router can detect two other networks nearby. One is locked down using encryption protocols. The other is wide open. I don't know which neighbors' networks I am seeing. I use Mac addressing as my main defense. So if either neighbor tries to access my network, they'll have no luck.

Quote |

Apologies in advance for drifting off the topic.

A great site for TIME of day that does not require any downloads (but runs a JAVA script) is

http://www.time.gov/

It is run by the U.S. Naval Observatory atomic clock time standards organization and is the OFFICIAL U.S. time.


I feel for you. I did not have my firewall turned on last Saturday (because I had to do a network maintenance item that required it to be off) and the SASSER worm managed to spray my Windows XP registry with rouge programs before I could get the Windows update patches. It was awful and it also looks like it used my machine to send SPAM all over the world (my mailbox is still filling up with bounced messages) and it was also attacking Microsoft with a denial of service attack.

I keep a Drive Image DVD backup copy of a pristine version of my system and I was just about ready to reformat the drive and start over when I was able to deactivate the worm by editing the registry (which I hate to do because you can really screw up your computer with one wrong typo) and I was able to go to the microsoft.com web site where they had just posted a removal tool.

I wish the people that hate Microsoft would go to Redmond and attack them directly instead of hiding behind MY computer to attack Microsoft like a bunch of sissies. I DO NOT download programs, etc, I DO NOT open email attachments, I make sure every link I click is not a program, etc. I SHOULD NOT HAVE TO PUT UP WITH THIS CRAP!!

Quote |

Support for Windows 98 was supposed to end in January, but Microsoft has extended that. I check out Windows Update once or twice a week. Admittedly, updates for 98 are much more infrequent than for XP, but just a few days ago two critical updates appeared.

My ISP notifies me via email of certain updates available, too. Now and then Microsoft releases something that is not included at the Windows Update site. Usually these are updates geared to very specific vulnerabilities that most folks won't need, but I like to get them anyway. Even if only for the fact that it's something FREE from Microsoft! I'm not a Microsoft hater, though -- I'm quite fond of Windows and can't wait until I can afford a PC that will run XP. I only get to work with it these days at customer's homes...

Speaking of clock synch -- here's another nifty freebie:

http://www.worldtimeserver.com/

I do NOT let anything run in the background or load itself into the tray area, but this is nice because you can also just disable the auto-start features and fire it up if you notice your clock is off. Some programs seem to enjoy fucking up my clock. This is a handy tool which synchs up with World Time Server.

Never had a problem with Outlook. My ISPs web-based email has spam filters which simply never let the junk get through to Outlook. You can also set Outlook to refuse dangerous attachments, but this can lead to missing certain files you actually WANT.

To each his own, though. I always tell my customers their PCs should be friendly to them and be set up in whatever way makes them happy.

Quote |

I've used these three programs for five years now and I have NEVER gotten a virus or spyware, even when I accidentally clicked the program:

AVG Antivirus: www.grisoft.com

Spybot: spyware terminate and stay resident program (catches them before they can even download from yoru browser.

Adaware: same as above. I run both, setting up Spybot to run
AFTER adaware gets done. Adawre free version WILL NOT STOP LIVE downloads of spyware.

Zonealarm Pro: firewall

Some of these have complicated settings. You'll just have to toughen up.

In AVG antivirus free, you can even set the program to check for any extension, which it will not allow to run or will scan it when it sees it come onto your hard dirve by any means. I set mine up to include .scr extension becsaue screen saver .scr files can now contain viri.

__________________
Will meet with discreet men w/large erections, true 7"+ & hard. Will sit down on your hard-on while you stroke me, or get on my hands and knees, reach back and massage your balls while your cock's up my asspipe. Like prostate massages and sucking. I always have enema before playing. Very clean only. No kissing or hugging, etc. Just sex.


If your cock is big and hard, I'm truly interested.

Northern California, Coos Bay, Ashland, Medford in Oregon, and other places.

Quote |

Here are some more links - some have already been mentioned but feel free to check these out & just some general information:
TIPS

++ If your Browser is hijacked, the quickest way to close the Browser window is ALT+F4.

++ Whichever tool you choose, be sure that you keep the definition files updated AND read the warnings and alerts, some may impact the way your environment has run in the past.

++ For IE6, disable 3rd-party browser Extensions is an immediate workaround. Stops all the BHOs, Toolbars, Browser extensions from loading and starts a clean instance of IE.

++ Installation recommendations from the number one expert in Brower Issues (Asta):

Another thing that should be helpful is this, in terms of manually controlling the installation of items (such as unwanted toolbars, etc)... Since I always encourage using the most updated version of IE, which is IE 6 with all Service Packs, this is the process:

IE - tools - Internet options - advanced - browsing -> Uncheck "Enable install on demand (Internet Explorer)" as well as unchecking "Enable install on demand (Other)". This means that auto installs for updates to IE and/or other interfaces and applications will require your manual intervention to complete. This is my ideal choice, but we each make our own.

++ Upgrade to MS Java 3810 or uninstall MS JVM and install Sun's version of Java

++ For safe browsing it is best to set the browser to prompt for activeX, Java, and plugins. The minor irritation is nothing compared to the disaster that can come with downloading malware.

++ NEVER permit the download or running of any EXE unless you are 100% sure you know what it is.

++ NEVER disable the firewall or anti-virus software except when necessary for the installation of items you know are safe

++ If you are not sure about a site; set security to high, and disable all scripting, until you check it out -- look at the source code.

++ "FREE" should always mean proceed with caution.
------------------------------------------------------------------------------------
PRIMARY CLEANUP TOOLS

++ CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html

++ Hijack This
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

++ Trojan Remover:
http://www.simplysup.com/
X-Cleaner:
http://www.spychecker.com/download/d..._xcleaner.html
KL-Detector:
http://www.spychecker.com/download/d...ldetector.html
------------------------------------------------------------------------------------
DETAILED INFORMATION

++ A description of what Spychecker does
http://www.softpedia.com/public/cat/...0-17-143.shtml
Features:

· Redirections to CoolWebSearch related pages
· Redirections when mistyping URLs
· Redirections when visiting Google
· Enormous IE slowdowns when typing
· IE start page/search page changing on reboot
· Sites in the IE Trusted Zone you didn't add
· Popups in Google and Yahoo when searching
· Errors at startup mentioning WIN.INI or IEDLL.EXE
· Unable to change or see certain items in IE Options
· Unable to access IE Options at all


++ Hijack This Tutorial: http://www.TomCoyote.org

++ BHODemon:
Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. Highly recommended.

++ Browser Hijack Blaster:
Running silently in the background, Browser Hijack Blaster only springs into action when an attempt is made. It watches and protects the following items: IE Homepage, IE Default Page, IE Search Page, BHOs. Whenever one of the above items is changed, or a BHO is added, you are immediately provided with information on the item, along with the option to keep the change, or revert to your previous settings.

++ General and overall information about Spy/Adware
http://www.cexx.org/adware.htm

++ merijn.org is being blasted by a massive DDoS, that's why it now resolves to localhost.
You can still reach it by adding "209.133.47.200 www.merijn.org" to your hosts file.
Mirror is still available at:
http://www.spywareinfo.com/~merijn/

++ What is spyware:
http://www.spychecker.com/spyware.html

++Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm
------------------------------------------------------------------------------------
UNWANTED BHOs

++ BHODemon
http://www.spywareinfo.com/downloads/bhod/

++ About BHOs:
http://sysinfo.org/bhoinfo.php
Merijn Bellekom, the developer of the brilliant Startuplist and Hijack This! has introduced BHOList.exe. It downloads and displays the BHO Collection in a searchable & sortable list. Also from the above link.

++ http://sysinfo.org/
The site contains a very detailed and comprehensive list of registry entries that spyware and virus may put there. And a list of thousands of BHOs with status on which ones are malware, and which are safe.

Sometimes the site is hard to get to because it comes under attack from hackers trying to shut it down a lot. When that happens you can use the url as a search argument in Google to get to the Google cached pages.
------------------------------------------------------------------------------------
ACTIVE SCANNING

++ Browser Hijack Blaster:
http://www.wilderssecurity.net/bhblaster.html
------------------------------------------------------------------------------------
GENERAL UTILITIES

++ spybot:
http://spybot.safer-networking.de/

++ AdAware:
http://www.lavasoftusa.com/

++ Spycop:
http://www.spycop.com/

++ ToolBarCop:
http://www.mvps.org/sramesh2k/toolbarcop.htm
------------------------------------------------------------------------------------
DOWNLOAD LOCATIONS

++ Spychecker:
http://www.spychecker.com/download/d...bshredder.html

++ spybot:
http://spybot.safer-networking.de/in...&page=download
http://www.spychecker.com/download/download_spybot.html

++ Cool Web Shredder:
http://www.zerosrealm.com/downloads/CWShredder.zip
http://radiosplace.com/
http://209.133.47.200/~merijn/files/CWShredder.exe

++ Hijack This: http://www.majorgeeks.com/download3155.html
http://radiosplace.com/
http://209.133.47.200/~merijn/files/HijackThis.exe

++ Ad-aware:
http://www.spychecker.com/download/d...d_adaware.html

++ BHODemon:
http://www.spywareinfo.com/downloads/bhod/

++ JAVA
This is the Sun Java download link, including documentation and patches:
http://java.sun.com/j2se/1.4.2/download.html
This link for more choices, including Enterprise system solutions
http://java.sun.com/
The Sun Java auto-update link:
http://www.java.com/en/download/windows_automatic.jsp
------------------------------------------------------------------------------------
IE SECURITY DOCS

++ http://support.microsoft.com/default.aspx?scid=kb;[ln];833786

++ http://support.microsoft.com/default...&Product=ie600

++ Transitioning from the Microsoft Java Virtual Machine
Published: September 12, 2003 | Updated: April 2, 2004
http://www.microsoft.com/mscorp/java/
http://www.microsoft.com/presspass/p...greementPR.asp
------------------------------------------------------------------------------------
PREVENTION

++ Preventing Browser Hijacking and some insights here:
http://www.spywareinfo.com/articles/...ed/prevent.php
http://www.spywareinfo.com/articles/hijacked/

++ Recommended Minimal Security Settings
http://www.mvps.org/winhelp2002/unwanted.htm

++ Prevent spyware from being installed:
Set the kill-bit to unwanted ActiveX controls (spywareblaster helps in this case)
http://www.mvps.org/sramesh2k/Malware_Defence.htm
------------------------------------------------------------------------------------
DEFINITIONS

++ BHO -- Browser Helper objects. These are programs used by the browser to extend functionality. For example Adobe Acrobat is a BHO that allows a browser to work with PDF files. The problem with BHOs is that many of the Free BHOs and toolbars are actually malicious code that can take over the computer where they are installed.

++ SPYWARE -- is software that tracks user activity, usually for the purpose of build a preferences profile for targeted advertising, most often it gets installed as part of "free" toolbars.

++ Browser Hijacking -- refers to the action of some malicious BHOs that re-direct to target sites, change home pages, or prevent access to some sites. Such software may also alter registry settings and attempt to damage security and privacy software.

++ Trojan -- a program that get loaded on a computer and lies dormant until a triggering mechanism (frequently from a external source) launches it to carryout instructions from the owner of the trojan. A more active form BOTS, frequently find unsecured ports to communicate with their master

++ MALWARE -- a general term for any software that is unwanted and frequently malicious that is put on a computer either without the users permission, or by misleading the user about its purpose.

__________________
Corey

Not as innocent as one might think

Quote |