Persistent ADware Infection

  • Thread starter Thread starter Agent_C
  • Start date Start date
A

Agent_C

I am trying to determine the source of a persistent piece of adware,
which infects my computer on a daily basis.

Every day, sometimes more than once, I get an advisory from Norton
2005 that it has deleted 'access_now.exe' from my temporary
directory. This is the '0Cat Yellow Pages' browser redirect.

What want to know is; how can a 3rd party (I'm assuming a web site)
insert an _executable_ on my computer without my consent? Is there an
Active-X setting that I can adjust to prevent this?

I'm running a fully patched machine.

Thanks,

A_C
 
1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt359.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




| I am trying to determine the source of a persistent piece of adware,
| which infects my computer on a daily basis.
|
| Every day, sometimes more than once, I get an advisory from Norton
| 2005 that it has deleted 'access_now.exe' from my temporary
| directory. This is the '0Cat Yellow Pages' browser redirect.
|
| What want to know is; how can a 3rd party (I'm assuming a web site)
| insert an _executable_ on my computer without my consent? Is there an
| Active-X setting that I can adjust to prevent this?
|
| I'm running a fully patched machine.
|
| Thanks,
|
| A_C
|
|
 
In addition to David's input, try to use a local user account that is not a
member of the local administrators group for daily basis. This is good
starting point to prevent potential malware littering everywhere, especially
key system folders.

HTH.
 
Thanks very much. I'll monitor things over the next day or so to see
if this did the trick.

A_C
 
Back
Top