PA Bear said:Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
Each time I check the Use HTTP 1.1 in the Advanced Settings of IE 6 SP2
it
only stays checked for a single browser session. Prior to installing XP
SP2
this setting was persistent. Is there any way to make this check box
stay
checked? Thanks in advance.
I am virus and spyware free... I use a firewall, always have currently
updated virus definitions and so your suggestions do not apply in this
case,
but I appreciate you trying to help.
PA Bear said:Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool
to
use. It will help you to both identify and remove any
hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
Each time I check the Use HTTP 1.1 in the Advanced Settings of IE 6 SP2
it
only stays checked for a single browser session. Prior to installing XP
SP2
this setting was persistent. Is there any way to make this check box
stay
checked? Thanks in advance.
PA Bear said:Please post a link to a forum where your HijackThis log was given the "all
clear." If you can't provide such a reference, you cannot say your system
is virus- and spyware-free IMO.
Routine AV scans (1) not done in Safe Mode and with (2) 'Show Hidden
Files' not enabled do *not* find everything.
--
~PA Bear
I am virus and spyware free... I use a firewall, always have currently
updated virus definitions and so your suggestions do not apply in this
case,
but I appreciate you trying to help.
PA Bear said:Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool
to
use. It will help you to both identify and remove any
hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
Gregg wrote:
Each time I check the Use HTTP 1.1 in the Advanced Settings of IE 6 SP2
it
only stays checked for a single browser session. Prior to installing
XP
SP2
this setting was persistent. Is there any way to make this check box
stay
checked? Thanks in advance.
Fortunately, my word is good enough. I can assure you, because I've been
doing this longer than you have, that I am spyware free. I am not some
noob
out there roaming the net throwing caution to the wind.
My saying that I am is good enough, because it is a fact. I could post
the
log, but because it reveals information such as my proxy and homepage, I
will not divulge this information. I could add these to the ignore list,
but then you would probably say that having Google is my home page and
since
it was ignored, that this was the cause of the problem.
All of the items found are known and trusted.
So since we have established that it is not spyware, lets proceed with
discovering the real root cause.
Please do not reply again if you are not able to assimilate the
information
I have provided which is, I am virus and spyware free and the Use HTTP 1.1
checkbox periodically becomes unchecked after the installation of SP2.
Since the cause is not spyware, what other factors could be causing this.
Thanks in advance.
PA Bear said:Please post a link to a forum where your HijackThis log was given the
"all
clear." If you can't provide such a reference, you cannot say your
system
is virus- and spyware-free IMO.
Routine AV scans (1) not done in Safe Mode and with (2) 'Show Hidden
Files' not enabled do *not* find everything.
--
~PA Bear
I am virus and spyware free... I use a firewall, always have currently
updated virus definitions and so your suggestions do not apply in this
case,
but I appreciate you trying to help.
Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates &
reboot.
2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV
maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before
each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool
to
use. It will help you to both identify and remove any
hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
AumHa Forums
http://forum.aumha.org
Gregg wrote:
Each time I check the Use HTTP 1.1 in the Advanced Settings of IE 6
SP2
it
only stays checked for a single browser session. Prior to installing
XP
SP2
this setting was persistent. Is there any way to make this check box
stay
checked? Thanks in advance.