This is not exactly a sex question, but since I really have nowhere else to take it, I hope the moderator will allow it. I suspect many other guys have been duped as I was.

I was cruising the net the other night looking at naked men, and found my way onto a web site. One of the galleries said, "Screen Savers," and without thinking I clicked, and before I realized what was happening, I had a naked man screen saver installed on my computer. I deleted it from my "downloads" folder (where I chose to save it), but it
s still there. Moreover, I now have a "quicksearch" tool bar on my desktop when I start up, and really worry that I have somehow opened my system up to all kinds of nasties. I've tried the add/remove software on my control panel, but these items are not on the list. The naked man is nice, but like so many men after sex, I want him to go away now!

Can anybody help? The IT manager in my office is a very nice straight guy, but I can't take this problem to him! Thanks, and thanks to the moderator for letting me go off topic a bit!

Quote |

Never install anything on your computer.

That being said - you now have adware, spyware, etc on your computer.

Now - it is was a screen saver & not necessarily a program - you can search in your Windows for *.scr - but it more than likely was a program. So you need to go to Start - Control Panel - Add / Remove Programs. See if you see that screen saver there - hopefully it is there & it will remove everything for you. Do you see new.net there? Remove that. Or what about Virtual Bouncer? Something possibly like that. Or maybe IncrediFind. I am just working off memory here.

As far as the quick search - that might be a lot more difficult. See if there is a program there for that as well. Do you know what was installed on your computer before all of this happened?

Also go to Start - Programs - Start-Up - anything in there that was no in there before?

If the above does not help: http://www.spychecker.com/program/hijackthis.html - download this & paste the results here.

__________________
Corey

Not as innocent as one might think

Quote |

I haven't tried the software Corey recommends, but I'm sure it's just as good as the one I use. It might be helpful to you to try out BOTH just in case one has a tough time finding what needs to be removed from your system. Go here:

http://www.lavasoftusa.com/software/adaware/

Download and install. Very easy. This software is absolutely free, updated often, extremely effective. The first time you run it you'll probably find dozens and dozens of spyware references. AdAware will quarantine these items, remove them from your system, and NOT allow them to ever return.

To date, AdAware hasn't failed me yet. I am vigilant with my PC, however -- I NEVER allow any installs of frivolous or "free" items: they're almost always spyware. I run AdAware about once a month. For me, most times there's nothing to quarantine and remove, but it's nice to know for sure so I run it anyway. This is also a good time to do a defrag, just to keep on schedule.

Go through the options the first time you run it. It's all pretty much self-explanatory. Use the help file or just Google AdAware for plenty of advice on running it.

You're right -- spyware often hides itself and won't show in Add/Remove Programs, but it's worth a look anyway. You may find some of the more "kind and thoughtful" spyware installs itself properly in the Program Files folder, so if you are familiar with your PC you may be able to locate the new, unusual folders and check to see if an uninstall program is offered. Usually not, though. I'm sure you know NOT to just delete a folder -- you'll have remnants left in your registry. AdAware and similar programs will purge the registry for you.

If you want, you can also head into Internet Options and remove the "install on demand" option. This will force IE to reject all installs offered by websites. Personally, I leave it on and just manually reject installs, but it's up to you.

My own personal rant... Windows allows for an option to appear which will allow a user to "trust all content" from whichever source is trying to send you junk. For example, a trusted company like Macromedia. Why the hell haven't they considered an alternate option to REJECT all future content from a specific source? I'd love to be able to block, say, XUpiter, an evil bit of spyware that shows up quite often when online. Get cracking on this, Gates!

Quote |

It's hard to diagnose computer problems via the net. I prefer just to sign on & look at the person's computer - and that is usually what I allow the tech guys when I have screwed up my server (like today )

And I always hate to suggest to install something else to fix something else. LOL - I know I recommended something - and adaware is good. I have the "paid" version - but another great program written by people who hate spyware is called spybot: http://www.safer-networking.org/

The reason I did not suggest either of them - I have seen major problems (one person could not connect to the internet - I had to blow out his entire system). You do need to know what you are tell spybot / adaware to delete BEFORE you delete. If you have any P2P programs (kazaa, limewire, bearshare) - it is VERY important to let us know. Deleting portions of their "spyware" will cause severe problems in your system.

__________________
Corey

Not as innocent as one might think

Quote |

Guilty as charged.

Few months ago, I downloaded a new clock utility since my present clock on this antique note-book I really like (this is crazy, I know) was running like trains in Italy or planes there, these days.

So, I downloaded this junk and managed to extract most of it but whenever I power up the comp. windows starts searching for it. Anyway, here is the scan. If you care to look at it, please, let me know what I need to delete...

Thanks, Corey...

KD
Logfile of HijackThis v1.97.7
Scan saved at 5:08:55 AM, on 5/2/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\SYSTEM\ATI2PLAB.EXE
C:\COMPAQ\INTERNET\ISDBDC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\NETGEAR\WG511SCU\UTILITY\GEAR511.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\HOTMAIL POPPER\HOTPOP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://66.250.130.194/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://66.250.130.194/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://deardrocher.com/cgi-bin/get.pl?s=58
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.250.130.194/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von i-one Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://66.250.130.194/main/hp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [AtiGart] c:\Ati\Gart\AtiGart.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSECOMR.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [AtiPTA] Atiptaab.exe
O4 - HKLM\..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [CyberLat RAM Cleaner] C:\PROGRAM FILES\CYBERLAT\CYBERLAT RAM CLEANER 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\PROGRAM FILES\SPYBLOCKER SOFTWARE\spyblocker.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [FreeRAM XP] "C:\WINDOWS\DESKTOP\FREERAM XP PRO 1.20.EXE" -win
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CPQInet Runtime Service] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plab.exe
O4 - HKLM\..\RunServices: [isdbdc] c:\compaq\internet\isdbdc.exe
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HotSync Manager.LNK = C:\Palm\HotSync.exe
O4 - Startup: Hotmail Popper.lnk = C:\Program Files\Hotmail Popper\hotpop.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office-Start.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: http://www.gay.or.at
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.gaynet.at:8000/java/cr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} (NeRemoteDoc Class) - https://vault.netvoyage.com/neWeb2/neWebCl.cab
O16 - DPF: {9E472D6A-F10C-11CF-B7A9-0020AFD6A362} (NetEnvelope Certificate Signature) - https://vault.netvoyage.com/neweb2/neCrypto.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6FB9FE59-7D3B-483D-9909-C870BE5AFA1F} (DiskHealth Class) - http://www.pcpitstop.com/pcpitstop/diskhealth.cab
O16 - DPF: Arcsoft Web Printer for HP - http://www.hpphoto.com/downloads/iprintHP.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/...tdmgainads.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/10469377076b7c4...p/RdxIE601.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...082.2100115741

Quote |

Do you know the program name that starts when you boot up? I would uninstall gator though.

Try to go thru these procedures to possibly remove the start up program that wants to start. Also do the below to make sure the thing is not in there. Win98 loves to put start up programs in three places (drove me insane!)

• 1. Go to Start - Run.
  2. Type in msconfig & .
  3. Go to the Startup tab, locate the file(s) that you wish not to start when you boot. Uncheck those files.
  4. Hit Apply.
  5. Hit OK - it will ask you to re-boot. Don't just yet.
  6. Go to Start - Programs - Startup. Under this folder, are any programs there that you unchecked in step 3? if so, right click & choose delete.
  7. Re-boot.

Also - you can get rid of:
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

If I remember correctly, the Synaptics is for a touch pad or something like that? If so - leave it as is.

__________________
Corey

Not as innocent as one might think

Quote |

Respectfully... I run P2P applications all the time. Like right now, for example. I have never had one problem with running P2Ps and still using AdAware.

Now, I DO stick with eMule and BearShare as a rule, so I could very well be wrong on some of these other P2P apps. But as far as these two are concerned -- eMule includes NO spyware, so it's not an issue. As for BearShare... well, all that bullshit warning you get telling you that if you remove Save or WeatherCast you may disable BearShare -- that's just bullshit. It works perfectly with those spyware items removed. HOWEVER, I suppose it is important to note that I do NOT use AdAware to remove them. They are simple enough to remove manually. One can be deleted from Add/Remove Programs, the other by opening the folder it installs to (Save) and just running the uninstall that comes with it.

The only minor annoyance is that when uninstalling these items, you are directed to a website which asks you WHY you are uninstalling. It only takes a minute to check a few boxes, though. What I DO like about this is that there's an optional area for "comments." So I like to type stuff in along the lines of: "You motherfucker pieces of shit, I hate you and despise your evil, spying software. Die, die, die." Or close to it, at any rate. Oh, what fun!

BearShare upgrades itself rather often, and if you don't accept the update sooner or later, functionality starts to suffer. It gets harder to connect to other peers. Upgrading fixes that, but it ALSO reinstalls Save and WeatherCast, so you have to go through the removal process again. Oh, well... the "price" we pay for P2P is still pretty low!

As for KD's nifty little problem -- no way in hell am I touching THAT! Good luck, man...

Quote |

Thanks, Corey...

This is truly an old-time note book. It still runs on Win98 and is overflowing with all kinds of files I have created over the time. Sure, it is the time to move on and I'll just have to do that. So, I am going to save the crucial stuff and transfer it to the new notebook and start from there. ... But I still like this old guy and he'll hang around for while longer, too.

Take care,

KD

Quote |

If it works for what you need - no need to change. I never used Win95 myself. I was an old DOS guy & I refused to upgrade from win 3.1 to Win 95 (which I still have an old system on 3.1 actually). When we bought a new computer - I almost still put 3.1 on it but made the change to 98. I had 98 probably for about 5 years I guess. I refused to get ME. But I did get 2000 Pro & now I have XP pro. I would say that XP Pro is one of the better ones that MS finally came up with.

I would try to stay away from Compaq or HP. Get a Dell. Compag & HP put too much proprietary crap on their systems - as you can see by just scanning thru your programs. All those CPQ programs - I hated them. And try to add something to one of those system - pain in the ass. Dell - you open it up like you do the hood of a truck. Very easy to put in a new HD or something. Just make sure - modems are becoming obsolete / optional & now even 3.5" floppies are optional on most systems.

__________________
Corey

Not as innocent as one might think

Quote |

The adaware program from Lavasoft that scruffy mentioned works very well. it is also free!!!

Look for very large but innocent sounding programs on your add/remove software list from windows.

__________________
40 something, 6' 175 brn/brn hairy looking for other married wm or younger guys to play.

Quote |

And another thing - if you do have a virus protection on your system (which y'all better! ) - go to this site if you have a broadband connection: http://housecall.trendmicro.com/ - and run a free virus scan every so often. I always like to do a online scan just in case - even though I have two virus protectors & two firewalls running all the time.

You might have to agree to something - it's cool. Basically it wants to install a little program to help with the scanning.

__________________
Corey

Not as innocent as one might think

Quote |

I'd like to thank you gentlemen who were so generous with your help. Just so you know, you made me think to do a Windows update, which meant that my computer was the only one in the office today without the Sasser worm. I guess that there is a learning curve, after all! Thank you!

Quote |

Speaking of virus protection, here's a nifty little FREE gift from the folks at Grisoft:

http://www.grisoft.com/us/us_dwnl_free.php

This is a terrific bit of anti-virus software, in my opinion.

I love the fact that it's FREE, of course -- Grisoft makes their money on commercial sales and offers this software free to home users (so probably it wouldn't be a good idea to try to install multiple copies on networked machines in a commercial setting).

It's fully functional insomuch as the only disable features are little housekeeping options that aren't necessary. The parts you WANT, the virus protection -- work just fine.

Online updates are always available and always free -- best of all, always CURRENT. The most recent handles the worm mentioned above.

Almost all new PCs come with a year free trial of Norton or some other similar utility. This is nice, but after that time is up, you almost always have to pay to get continued updates. And, as we know, virus protection without current updates is pretty much useless.

Additionally, AVG anti-virus is very much non-intrusive. Once installed, it takes only a few moments to fiddle with the options to get a configuration best suited to your needs. I personally like to keep as little as possible running in the background and at boot up (with Win98, this is almost mandatory lest you enjoy blue screens). Anyway, AVG doesn't intrude on your system if you don't want it to and doesn't integrate itself deep into basic Windows tasks. When you want it, it's there. When you don't -- no problem. Yes, all anti-virus software can be set up this way, but it seems like Norton wants to make it harder to do so.

Did I mention it's FREE and has FREE updates all the time?

Yes, they DO sell a registered version that enables a few tweak tidbits, but it's definitely not necessary to fully utilize this software, nor are updates ever blocked.

What are you waiting for?

Quote |

What is this "spyware" you are referring to. I have noticed this onone of my computers. Is this what you are trying to get rid of or is that needed to keep the virus out. Sorry to be so computer illiterate but I am trying to learn!
Thanks,
Jim

Quote |

Spyware basically spies on you. And then it reports back to the company or the person who made it where you have been.

This is why it is so bad for people to use e-mail addresses that get placed in the URL. If that happens & you have spy ware - just kiss that e-mail good bye. The spyware will capture the e-mail & then sell it to the highest bidders.

__________________
Corey

Not as innocent as one might think

Quote |