JD said:
Several times in the last week I've been logged in to Comcast.net, when a
message appears telling me that my browser may be infected with "adwares,"
[sic] and advising me to install some program to remove them. When I click No,
a page appears that seems to be running something. Closing that page closes
IE.
I've run CA Anti-virus, Ad-Aware, and Windows Defender. All find nothing
amiss.
Comcast tech thinks that some malware program has been installed on my
computer, but otherwise has no idea why the Windows pop-up blocker is being
bypassed.
I see no unrecognized programs in Add/Remove. Any advice?
Also, possibly related, I find these entries in HKLM/Software. Internet
searches turned up nothing [other than Universal Life Church]. Can anyone
identify them?:
1. FES
2. ULC
3. Secure
Thanks for any help.
Run a full system virus scan with fully up-to-date definitions.
**It is very important to run the update for each program before running the
app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab click
Delete Files, put a check in Delete all Offline..., click OK and close when
finished.
Delete all files in c:\windows\temp.
Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html
For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html
Download/install/run Ad-Aware SE to detect/rid of any other parasites/spyware
that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it finds.
Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it. Spybot
S&D is more of an advanced users tool and changing from the default settings can
be dangerous to the novice user. Items found in the default settings that are
RED can usually be safely removed. If you are unsure of a found item, do not
remove it and ask for help.
If you still have problems, download/run HijackThis from:
http://www.aumha.org/secure.htm
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html
Copy HJT to it's own folder, this is where the log files will be saved. Run
HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove, HJThis
will list many apps that are needed along with the bad ones. Removing items
listed hap-hazardly without knowing what they are can/will create a royal mess.
Read the quick start here on how to create a log file that can be copied/pasted
into a forum that can provide assistance on removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick
Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting which
are most commonly posted first at the top in each specific forum. Read any
information under each forum category name for information on what that
particular one is used for, look for the proper one that you post logs to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/
After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to HOSTS
File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm
Download/install/run SpywareBlaster which stops the bad boys before they even
get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html
--
Brian A. Sesko { MS MVP_Windows Desktop User Experience }
Conflicts start where information lacks.
http://basconotw.mvps.org/
Suggested posting do's/don'ts:
http://www.dts-l.org/goodpost.htm
How to ask a question:
http://support.microsoft.com/kb/555375