Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (
http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.
html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(
http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool
to
use. It will help you to both identify and remove any
hijackware/spyware.
**Post your files to
http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
Are You Ready for WinXP SP2?
http://www.microsoft.com/athome/security/protect/default.aspx
WinXP SP2 Release Notes
http://support.microsoft.com/default.aspx?scid=kb;en-us;835935
AumHa Forums
http://forum.aumha.org
Ian wrote:
Hello,
I have read this newsgroup but don't find anything concerning a problem
I
have with 3 windows opening every time I go online. No damage is caused
as
far as I can tell and my virus checker finds nothing.
I know little about computers so don't know where to start. The pages
that
load on their own go to
www.ssft.net, two don't load and end up as
white
pages and one does partly load.
I run Windows XP with Internet Explorer version 6. I downloaded Spybot
after
days reading up and it has found loads of spywear but didn't stop this
three page loading on every connection.
I have spent days on the net trying to get my head around this and
would
really appreciate any help I can get.
Thanks Ian