Well, to begin with, I'm new and my name's Jess, and I apologize if I'm posting in the wrong spot, but I'm totally desperate.
A few months back, I suddenly started getting a mass of pop ups, including one that would set itself as my homepage routinely.
I downloaded Spy Killer, and it seemed to fix some of the problems although I was still getting a c**pload of pop ups.
I was told that this was just normal internet stuff, and that lately everyone was getting masses of pop ups.
I've been dealing with this for a while now, and then two days ago, I was using my Internet Explorer window and trying to go to a different address, and the animated flag that shows that things are working started to flicker, like it was freezing up, and the entire window suddenly closed. When I tried to reopen another one, it flickered again and close. But I'm still connected to the internet every time this happens. My AIM service works, just not the browser window.
I was told when I went looking for help that it was probably some sort of Plexus problem. I was then told by someone else that every time this happens, I should shut off my internet service and disconnect the phone line as someone could possibly be controlling my computer remotely.
I run Spy Killer everyday, and other than that, I'm clueless as what to do.
I have no idea where to go, and I was hoping that maybe someone here could offer some advice, since you all seem to know your stuff so well.
Thanks!
jenae
June 4th, 2004, 11:08 PM
Hi Fairjess, I like the name and a warm welcome to the forums. Have a look at this thread and apply the suggestions there. If you have any difficulty post back and we will assist.
http://discussions.virtualdr.com/showthread.php?threadid=157522
Ridgerunr
June 5th, 2004, 12:05 AM
Welcome to Virt.Dr. fairjess :)
As discogail suggests. And another nice one to keep spyware/adware from getting on is 'IE-spyads'. You simply dn/load it,unzip or run the exe depending on how you dn/loaded it and doubleclick the '.reg' to add it to the registry then reboot. What it does is enter many urls of nastyware to your IE restricted sites zone. Any on the list will be banned from your IE when surfing. Check for updates on a regular basis and follow the instructions on how to uninstall the old list,then install the new. Works behind the scenes as does SpywareBlaster... http://www.staff.uiuc.edu/~ehowes/resource.htm
Be sure to have a decent anti virus program installed such as AVG: http://www.grisoft.com/us/us_dwnl_free.php (free) or Avast:
http://www.avast.com/i_idt_153.html (also free) Or my favorite: eTrust EZ Antivirus: http://www.my-etrust.com/products/Antivirus.cfm?WebRefferalAffiliate=IPE200000001&VDRID=EZ00000006
This is not free after a 30 day trial,but it knocks others such as McCrappy and Norton right off the field.
Be sure also,to have a good firewall such as Zone Alarm installed and configured properly...
SuperSparks
June 5th, 2004, 03:12 PM
Hi fairjess, welcome to Virtual Dr :)
Don't trust anything that Spykiller tells you - it's basically a scam product to get you to part with your money. It will always tell you that it's found something whether you have spyware on your PC or not.
Once you've run those, run this one and post the logfile here:
Hijack This (http://www.spychecker.com/program/hijackthis.html)
fairjess
June 7th, 2004, 10:05 PM
Logfile of HijackThis v1.97.7
Scan saved at 9:57:58 PM, on 6/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Download CWShredder from here (http://www.computercops.biz/zx/phoenix22/cws.zip) & run it. Select the fix button & it will get rid of everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including IE, before running CWShredder. Reboot.
To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here (http://windowsupdate.microsoft.com/) for your critical updates.
You have other nasty nasties too. Go here (http://housecall.trendmicro.com/) for an on-line scan & set it to autoclean for you.
Go here too (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) for another scan.
Download & instal Adaware from here (http://www.computercops.biz/downloads-file-292.html)
& update it B4 scanning.
In settings under 'scanning,' have it set to
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.'
Also in 'tweaks' under 'cleaning engine' set it to 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
Select 'activate in-depth scan' before starting scan.
When the scan is finished select 'next.'
Remove what it finds by placing a check in the box to the left of the object. Reboot
Download & instal Spybot S&D from here (http://www.computercops.biz/zx/phoenix22/spybotsd13.zip) Update it B4 scanning. Go into settings & have it check for Beta releases also & download if available.
After the scan is complete, have spybot fix everything marked RED.
On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot
Reboot after doing this & post another log please.
fairjess
June 9th, 2004, 06:22 PM
I tried to use all those links everyone posted, and my computer just can't open those pages.
It seems like things are actually getting worse now.
I have installed Spybot S&D and CWShredder, and both tell me that all problems are fixed.
I can't get rid of whatever else is causing problems with those scans, unfortuantely.
I was wondering if I posted another HiJack This log if someone could tell me what to do manually.
And thanks so much for all your help, everyone. I totally appreciate it.
I'm sure with your help, I'll hav this fixed sooner or later.:)
SuperSparks
June 9th, 2004, 06:48 PM
Yes post another log.
fairjess
June 9th, 2004, 11:29 PM
Thanks!
Here it is...
Logfile of HijackThis v1.97.7
Scan saved at 11:20:57 PM, on 6/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Yuck! That thing must run like a pig with all that stuff in the 04 startup! Use msconfig to trim that down to about 5 items.
You have a virus called Sasser, go here and read carefully. Disable the windows restore feature before doing anything.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125009
And be sure to download and run the latest version of Stinger (http://vil.nai.com/vil/stinger/)
Get rid of that worm and do all windows critical updates. Then start over with the advice in crunchies post.
fairjess
June 10th, 2004, 11:52 AM
Thanks for the help, I'm downloading that stuff now.
One question though, what is msconfig? And how do I use it?
I don't think I've ever heard of it before.
Thanks again.
hongman
June 10th, 2004, 12:26 PM
Click on Start>Run>msconfig
On the tabs up the top you should have one there named Startup or something like that. It lists all processes set to load at Startup. One of the others here will tell you what you NEED to keep and what can be safely unticked.
Regards
Hong
fairjess
June 10th, 2004, 01:07 PM
Ahh, groovy.
Well then, if someone would be so kind as to tell me what to safely remove..lol
Thanks, guys
hongman
June 10th, 2004, 01:16 PM
Why dont you post a screenshot of what your msconfig startup consists of, then people would know what's in there ;)
fairjess
June 10th, 2004, 01:50 PM
My bad...lol.
I'm not too good at this multitasking thing.
fairjess
June 13th, 2004, 11:56 PM
Okay, I've been out of town, and couldn't get to my pc until now.
I've run everything everyone suggested, except for the Windows updates, which I will be getting to soon.
I am, unfortunately, still having problems.
Every night, usually after I've been online for a bit, my internet will slow down, and my AIM will kind of freeze up, although both still say I'm online.
After a while, my AIM will tell me it's trying to reconnect because the connection's been interrupted.
My browser window will also begin moving at normal speed again.
It's very odd, since I've run all the virus scans and spybot detection programs that were suggested, and I'm getting clean reads on all of them.
Is this a connection problem, or should I try to find another hijacker or virus?
Thanks!
crunchie
June 14th, 2004, 08:31 AM
You need to post another hijackthis log as the tools you ran were only preliminaries :) . There WILL be more to remove.
LindaHewitt
June 14th, 2004, 10:43 AM
Hi Jess,
It would be helpful, if you posted information about your computer, such as which operating system you are using. Likewise for anti-virus, and whether or not you are using a software firewall.
Cheers,
Linda
:D :rolleyes: :D
shadow1
June 14th, 2004, 01:07 PM
You must consider the Windows updates as top priority. maybe you dont quite understand, simply by being connected without certain patches, windows has vulnerabilities that allow certain viruses to infect it. That means you dont have to do anything such as open emails, go to websites, etc. to get infected, it will just happen and you may not even know it's happened.
As a simple example, if you were to start installing XP from scratch and had a live network cable plugged in, you would quite possibly be infected before the install is complete.
Get that system up to date, quick.
Byan
June 14th, 2004, 02:49 PM
I would like to add that before you run Spybot or adaware make sure to update them..., they don't update the installers that often...
shadow1- it's not as simple as you may think..., there are way to many updates for one using dail-up to download..., I hardly ever update my windows... and I hardly ever have a problem..
I don't even have the Blaster or Sasser patches installed yet..., my firewall does a good enough job with them.., I think that once SP2 comes out I'll bring my computer to a friends house (with DSL) and update it there....
However, it is very important to have a Firewall and AV program running at all times (or at least when you are connected to the internet), and have them update periodically...
I hope this helps,
Byan
hongman
June 14th, 2004, 03:16 PM
Actually, to be on the safe side, Microsoft do have a service whereby they send you out a CD with all the current updates on free of charge. mine came through within 2 weeks.
LindaHewitt
June 14th, 2004, 04:03 PM
Jess,
I agree with Shadow1. Your top priority needs to be downloading and installing the critical Windows updates, as well as the updates for your OS.
and then scan your computer and it will tell you which updates that you need to download. Some of the updates have to be downloaded by themselves and once installed, then you must reboot.
I also have dialup and what I do is start the download process before I get ready to retire for the evening.
Go here to do an online Panda anti-virus scan. Panda has software for removing the different viruses and worms, etc.
Although I have previously used Norton AV and McAfee AV, I have been using Panda's Platinum, which includes both the AV as well as the software firewall. I have been using this on all of my computers for the past 3 years and I am very pleased.
IMO, there are two AV products that you should stay away from and they are Norton and McAfee.
If you want to take more time to decide which AV and software firewall software that you want to purchase, then here are some freeware alternatives that you can use, until you make those decisions.
Once you have completed this process, then the next thing that you need to do, if you don't have an AV or software firewall, is to download the freeware version of AVG, install it and reboot. When you decide which AV that you are going to purchase, you will have to uninstall the freeware AVG.
http://www.grisoft.com/us/us_dwnl_free.php
Then download the freeware version of Zone Alarm, install it and reboot. When you decide which software firewall that you are going to purchase, you will have to uninstall ZA.
When you run Ad-Aware, always click the button to check to make sure that you have the latest updates. Then run Ad-Aware, delete anything that it finds and then immunize your system. Reboot your system.
http://www.lavasoftusa.com/
Then run SpyBot, click the button to check to make sure that you have the latest updates. Then run SpyBot, delete anything that it finds, and then immunize your system. Reboot your system.
Ad-Aware and SpyBot identifies spyware already on your system, so that it can be removed.
SpywareBlaster prevents the spyware from being installed on your computer.
You can set your AV software up for live updates. Initially, you may want to run Ad-Aware, SpyBot and SpywareBlaster on a weekly basis. But I am sure that after you run this for 3-6 weeks and your system comes up clean, you will probably decide to do what I do, which is to run them on a monthly basis.
There are two other software packages that I use that I recommend and both are produced by Firetrust, http://www.firetrust.com/.
Mailwasher Pro -- Mailwasher Pro allows the user to preview their email while it is still on your ISP's email server. This allows you to prevent any malware from being downloaded. The problem with most automated spam programs is that these programs generate both false positives and false negatives.
If you have an associate, who sends you email from a new email address, it will be blacklisted. Likewise, some spammers and malware distributers, use the user's email address in the from address. Obviously, you don't want to blacklist your own email address.
I do not allow anything to be downloaded to my computer if it is not someone that I know, a vendor / associate that I deal with, newsletters that I have subscribed to or an email message with substantive content. The other part of safe computing is not going to high risk websites such as music download sites (Kazza, etc.) or porn sites.
Mailwasher has the following email status codes, friend, blacklist, possibly SPAM, possibly legitimate, possible virus.
Benign is the other program and it neutralizes any malware, which may occur as a result of html vulnerabilities or which is embedded in graphic images.
Firetrust has an interesting policy, which is that your purchase of this software entitles you to all future updates.
I have been using this software and following these practices for the past 3 years and to date, none of my computers have been infected with any form of malware.
I hope that this helps.
Cheers,
Linda
:D :rolleyes: :D
LindaHewitt
June 14th, 2004, 04:08 PM
Jess,
Pertaining to Hongman's suggestion about the security CD, I do not recommend this approach because the security updates are only through October 2003, so you would still need to run Windows update. Windows Update allows you to select which updates that you want to download and install. For instance, I have chosen not to download or install the Direct X updates because this isn't pertinent to how I use my computer.
Cheers,
Linda
:)
hongman
June 14th, 2004, 04:25 PM
Really? My UpdateCD is dated Feb 2004...
Point is, if you have dialup then you can install the majority of the updates until Feb 2004, then just download the minority. This applies especially with things like Service Packs. The CD covers all updates and SP's for NT, 2000 and XP.
It also comes with EZ Antivirus (do a search on the forum, it comes up highly recommended), with 1 years free subscription.
Up to you, but well worth it in my opinion. Especially if you have dialup.
Regards
Hong
LindaHewitt
June 14th, 2004, 09:03 PM
Here is a post from another thread here that is on point to this discussion. The name of the thread is "What "little" program could you simply not do without?" and it is in the "General and Business Software" confence. Here is the link.
Registered: Jan 2002
Location: Texas, USA
Posts: 2568
Startup Inspector for Windows seems to be a cool little tool also.
http://www.windowsstartup.com
Startup Inspector for Windows is a Windows™ platform software that helps Windows™ user to manage Windows™ startup applications. On www.windowsstartup.com, there are more than 4,100 known programs in the database. Startup Inspector for Windows can thus provide a consultative information on the programs that are running at your Windows startup process. Whether a program is necessary to the system, or is the program a spyware.
Scans all programs that are in the Windows Startup Folder, Registry and provide you with a background information of the program.
Remove harmful programs like spyware, virus, dialers, make your system healthier.
Remove unnecessary programs like reminders, monitors, improve your systems performance.
Startup Inspector for Windows is Freeware. If you are satisfied by this little program you can always make appreciation through PayPal.
__________________
"A man would do nothing, if he waited until he could do it so well that no one at all would find fault with what he has done." - Cardinal Newman
05-03-2004 03:15 PM
Byan
June 15th, 2004, 01:06 AM
Originally posted by LindaHewitt
I also have dialup and what I do is start the download process before I get ready to retire for the evening.
*shrug*, I just think that what help are the updates. Even if I have them, I am still going to have my antivirus and my firewall running. There really isn't much point to it in my opinion..., I have not had a problem since that nasty backdoor ache trojan that was causing me problems, which was when I decided to get a firewall.... (and no update fixes that...)
shadow1
June 15th, 2004, 01:25 PM
Its true that using a firewall can stop such things as blaster and sasser which feed on Windows vulnerabilities but some are now smart enough to shut down your firewall while it sneaks onto your computer.
Sasser would not have been such a problem worldwide if every XP system was patched. I personally dont use a firewall for several reasons and one being its high use of resources and another is network restrictions. I do agree that a firewall is an additional measure of security and I have used them in the past. But now I feel my router is protection enough, when combined with common sense. I also rarely have my antivirus dynamic scan enabled because it takes so much resource and slows me down.
If it gets to the point of using up so much of your computer's resources just to protect you on the internet, it starts to lose it's appeal.
fairjess
June 15th, 2004, 06:24 PM
I've installed the patch, and it's just still slow going with updating everything else.
Unfortunately, the connection is still being very touchy, so updating some of the protection programs ha been tough.
Since everyting I could do has been takn care of, I'll run another HijackThis scan and post the results.
Thanks for listening yet again...:rolleyes:
fairjess
June 15th, 2004, 09:12 PM
Here 'tis.
Logfile of HijackThis v1.97.7
Scan saved at 8:13:36 PM, on 6/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Internet Exploder should be closed when scanning with HJT. Also, I cannot see where hijackthis is running from. It should be in it's own, permanent folder before fixing any of the following.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
Reboot into safe mode following the instructions here (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) & navigate to & delete the following if found:
Reboot normally.
Please locate the following file, right click on it & select properties. Please copy as much info as you can get from it back here.
C:\WINDOWS\System32\landriver32.exe< file
Go here (http://housecall.trendmicro.com/) for an on-line scan & set it to autoclean for you.
Post a new log with your reply please.
fairjess
June 16th, 2004, 10:00 PM
I did all you said, and after cleaning up everything, things are running much better.
This is my latest log, and I'm in the process of running a search for that LAN file.
Thanks so much for all the advice, it has totally helped.
Logfile of HijackThis v1.97.7
Scan saved at 9:43:19 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
Reboot normally. I am thinking that the landriver is a baddy, but will wait for your info.
fairjess
June 18th, 2004, 09:42 PM
Just a quick question...
Those files that I should delete. I only found one of them, smsc.exe
I delted it, and rebooted, but when I rebooted, Windows displayed a pop-up message that the application smsc.exe could not be found, blah blah.
Does deleting it affect anything major?
It's still in the recycling bin, I haven't emptied it yet, and I'm using our other computer until I know for sure.
Thanks!
crunchie
June 19th, 2004, 02:24 AM
Go to this site for clarification on that file. http://it.trendmicro-europe.com/enterprise/security_info/ve_detail.php?VName=WORM_AGOBOT.WF&VSect=T
You may have to do a search for the others, with hidden files shown.
LindaHewitt
June 20th, 2004, 10:13 AM
All,
Here is a rare special for Panda Platinum, which includes AV and firewall. This is excellent software.
This is a free download for IT professionals.
Panda does this for IT professionals, in the hopes that the IT professionals will be so impressed that they will recommend it for their corporate networks that they work with. You get a 1 year license for Platinum by going to the site below and filling out their form and then downloading the software.
Before installing software, you will need to uninstall any existing AV and firewall software.
http://www.pandasecurity.com/VIPIT
Cheers,
Linda
:D :rolleyes: :D
hongman
June 20th, 2004, 11:11 AM
Thats pretty fab, maybe you should post it as a new thread with a nice atractive title Free Antivirus Software or something! Will probably get more views that way.
Thanks for that! :p
fairjess
June 25th, 2004, 10:15 PM
Okay, I've not forgotten to look for that file or anything (work had to come first for a while)
Unfortunately, I'm having extreme trouble locating that LAN file.
Not quite sure what to do until I can find it.
fairjess
July 6th, 2004, 05:40 PM
Well, y'all were right about that landriver32.exe file being bad.
I just found today that it's infected with a nasty little worm called RBOT.BT
How do I go about cleaning it?
I should also mention that I can't even seem to find the file with a search just to check the properties.
I just can't believe how much there is that's wrong.
Although after having a friend look at my computer, he informed me I have Norton ant-Virus, which is doing all but nothing to help me out.
I'm thinking of deleting it and installing something else.
I've also got no firewall that I know of, and am trying to download one to use.
Other than these issues, I don't know why I seem to be getting infected with so many viruses all the time.
I don't surf p*rn, and I don't open my music download service anymore.
Ah well, it's only a computer.:)
LindaHewitt
July 8th, 2004, 10:08 PM
Hi FairJess,
I use Panda's Platinum 7.0, which includes anti-virus and a firewall.
http://www.pandasoftware.com/
I also use Firetrust's Mailwasher Pro and Benign, http://www.firetrust.com/.
In three years, I have not been infected.
Mailwasher Pro allows a user to preview their email while it is still on their ISP's email server. This way the user can delete or blacklist the bad guys, so that the spam, viruses, whatever is not downloaded to their computer.
Benign is a program which neutralizes any new ways that the twerps find to take advantage of html vulnerabilities or embed trojans or viruses in a graphic.
There are 3 freeware programs that I also use, which are Ad-Aware, SpyBot and SpywareBlaster.
This has been my approach to keep my computer clean and to date it has worked. I think that all of this software is excellent and I highly recommend these products.
Cheers,
Linda
;)
fairjess
July 8th, 2004, 11:10 PM
Thanks much, Linda.
You've been totally helpful:)
I'm really glad these things have free downloads..sadly I can't pay for anything. For now, at least, lol
Hopefully that'll change soon.
Anyway, thanks!
-jess
fairjess
September 6th, 2004, 11:13 AM
I'm back again... (after haing a to do a full system restore...meh)
And in the interest of saving posting space, I figured I'd use my old thread, since the problem is much the same.
Hopefully someone will know what to delete, as I'm a bit nervous about just having at it myself.
Thanks!
I should also mention that I've run Adaware and Spybot S&D. I can't get CWShredder to work anymore, so I couldn't use it. I've also done several virus scans and have come up with nothing.
Logfile of HijackThis v1.97.7
Scan saved at 11:03:03 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. (http://www.computercops.biz/downloads-file-328.html) Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.
Make sure Adaware & spybot are both updated & run them again.
Uninstall the following:
C:\Program Files\Warez P2P Client
Whilst there uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe
Remove Newdotnet, either from add/remove programs, or by going here (http://www.newdotnet.com/#remove) & scrolling down to the uninstall tool.
Go here (http://housecall.trendmicro.com/) for an on-line scan & set it to autoclean for you.
Try this (http://www.pandasoftware.com/activescan/com/activescan_principal.htm) scan as well.
Post another log when done.
virtualdr.com
Copyright Internet.com Inc., All Rights Reserved.