If you have an anti-virus program get it updated and run it as it can remove
the Backdoor.Trojan that appears to be on your computer. There are free AV
programs out there that you can download. When you have updated your AV
program disconnect from the internet and leave it disconnected until you
have cleaned up your machine.
I would check for any trojans or spyware first.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
More tools than you need but better to have a full arsenal than just one.
Start by downloading Adaware, Spybot S&D, HiJack This, CWShredder.
Adaware & Spybot S&D may do the job. If not continue with the other tools.
Scum/Spyware removal tools/blockers/information
http://grc.com/optout.htm
"What is Spyware?
Spyware is ANY SOFTWARE which employs a user's Internet connection in the
background (the so-called "backchannel") without their knowledge or explicit
permission."
Once any spyware/scumware is installed it can change and/or lock you out of
your home page, really slow down or cripple your computer, gather
information about which sites you go to, install keystroke loggers, install
and run
programs in the background without your knowledge, making your computer a
zombie slave at their command to use to attack other computers or servers on
the internet, find your passwords & credit card numbers etc etc...
Programs:
http://www.lavasoftusa.com (Free)
Ad-aware is a free multi spyware removal utility that scans your
memory,registry and hard drives for known spyware and scumware components
and lets you remove them safely. It is updated frequently.
Download and install it, MAKE SURE YOU UPDATE IT, and then run it following
these directions:
Ad-Aware 6 comes pre-configured with default options that are already ON
(green checkmark) ... do not change them. The following are changes that you
will need to make to prepare the "Full" custom scan that is recommended for
the first look into your computer (instead of a red "x", you will make them
a green "checkmark"):
Launch the program, and click on the Gear icon at the top of the start
screen to access the preferences/setting window.
Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard
drives.
Under Memory & Registry, select all options.
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Now update to the latest reference file. They update these constantly.
When you are finished, you will be using the Custom Scan with Memory and
Both registry scans ON. Please make sure that you activate IN-DEPTH scanning
before you proceed.
After you have set up these options, be sure to choose "Custom Scan" not
"Smart Scan" and choose next.
Let it remove all finds. It will put these in quarantine to back up later if
necessary.
REBOOT
http://www.lurkhere.com/~nicefiles/ (Free)
SPYBOT SEARCH AND DESTROY : Searches your system for so-called spyware,
adware and similar threats to your privacy and security. If such threats are
found, it can give you some information about the interloper and remove it
from your system; creating a backup beforehand. Download and install it,
MAKE SURE YOU UPDATE IT before running it.
HijackThis:
HijackThis examines certain key areas of the Registry and Hard Drive and
lists their contents and provides the ability to remove any unwanted stuff..
These areas are used by both legitimate applications and hijackers. This
list can then be posted in a forum where experienced people can assist you
to get rid of the unwanted programs if the above two programs do not
entirely clean your system. Some spyware can be heavily imbedded into the
windows infrastructure.
Download, unzip, and run Hijack This from one of these locations:
http://www.net-integration.net/tools/hijackthis.html
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents,
or similar). Most of what it lists will be harmless or even required, so do
NOT fix anything yet.
Copy the log files and paste them into a new post at one of these forums:
http://forum.aumha.org/
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/
The folks there will tell you what to remove.
A tutorial for using Hijack This is located here:
http://tomcoyote.com/hjt/
and an in-depth tutorial is here:
http://aumha.org/a/hjttutor.htm
CWShredder (on same page):
http://www.net-integration.net/tools/hijackthis.html
CWShredder
If you find a system scan by SpybotS&D indicates CoolWebSearch present but
does not effectively remove it download and run CWShredder.
CWShredder, a small utility for removing CoolWebSearch (aka CoolWwwSearch,
YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D tends to
forget essential parts of the hijack, so until it updates, you can just do
this to completely remove the hijack. Updated to remove the new variants
once they come out.
http://www.allsecpros.com/download/CWShredder.exe
Any known information regarding CoolWebSearch can be found in the
CoolWebSearch Chronicles at
http://www.spywareinfo.com/~merijn/cwschronicles.html
http://www.wilderssecurity.net/spywareblaster.html (Free)
SPYWAREBLASTER doesn't scan and clean for spyware - it prevents it from ever
being installed. How? By setting a "kill bit" for the spyware ActiveX
controls, it prevents the installation of any of them from a webpage. You
can run Internet Explorer with Active-X enabled, but you will never even get
a "Yes/No" box popped up, asking you to install a spyware Active-X control
(Internet Explorer will never download or run it!). All other Active-X
controls or plug-ins will work fine. The SpywareBlaster database contains
information on these known spyware Active-X controls. Make sure you run the
Check For Updates feature frequently to get the latest database! (And make
sure you check the new items to protect your system against them!)
A wealth of information on many of the spyware items that SpywareBlaster
protects against can be accessed here:
http://www.doxdesk.com/parasite/
This site can also check any scum/spyware you might have acquired, in most
cases unknowingly, in trips around the internet.
http://www.javacoolsoftware.com/spywareguard.html (Free)
SpywareGuard
Provides a real-time protection solution against spyware that is a great
addition to SpywareBlaster's protection method.
An anti-virus program scans files before you open them and prevents
execution if a virus is detected - SpywareGuard does the same thing, but for
spyware! And you can easily have an anti-virus program running alongside
SpywareGuard.
http://www.wilderssecurity.com/bhblaster.html (Free)
BROWSER HIJACK BLASTER protects your system from browser hijackers and
spyware that alters your Internet Explorer settings. Running silently in the
background, Browser Hijack Blaster only springs into action when an attempt
is made. It watches and protects the following items:
IE Homepage, IE Default Page, IE Search Page, BHOs. Whenever one of the
above items is changed, or a BHO is added, you are immediately provided with
information on the item, along with the option to keep the change, or revert
to your previous settings.
Great spyware-related information and resources;
http://www.spywareinfo.com
http://www.pchell.com/support/spyware.shtml
Browser Hijacking
http://www.spywareinfo.com/articles/hijacked/
Then once that is handled check out the following info.
..............................................................................................................................................
If you are a single user of a non-networked machine, you can disable the
following items, with no ill effect. This will improve windows startup
because a lot of these services are set to automatically start when they
don't need to or are not required anyway on a standalone PC.
To disable unneeded startup services for a safer, faster XP, use the
"Services" Admin Tool (Control Panel/Administrative Tools/Services).
Alerter
Clipbook
Computer Browser
Fast User Switching
Human Interface Access Devices
Indexing Service (Slows the hard drive down)
Messenger
Net Logon (unnecessary unless networked on a Domain)
Netmeeting Remote Desktop Sharing (disabled for extra security)
Remote Desktop Help Session Manager (disabled for extra security)
Remote Procedure Call Locator
Remote Registry (disabled for extra security)
Routing & Remote Access (disabled for extra security)
Server
SSDP Discovery Service ("Universal P'n'P", & leaves TCP Port 5000 wide open)
TCP/IP NetBIOS Helper
Telnet (disabled for extra security)
Universal Plug and Play Device Host
Upload Manager
Windows Time
Wireless Zero Configuration (for wireless networks)
Workstation
Services - Listed and Explained
Windows XP Services
Services - Here is a way to figure out which services to set as Automatic
and which to set as manual or disabled.
Step1: Set ALL your services to *manual* setting.
Step2: Reboot computer and wait for windows XP to load. XP will boot pretty
slowly, since it has to turn on each service separately. Use your computer
for a bit, doing what you normally do during a computing session. This will
allow any
other services to activate (such as DHCP or other services that didn't load
during the boot process).
Step3: Go back to the list of services, and see which ones are Started.
Change the services that are marked as Started, to
*Automatic*. This way windows will automatically load all of the services
that you normally use, and the ones that you don't use will stay unloaded.
Tip: Services Running - Alter to Improve Performance
DNS Client - Automatic / Manual - This service is responsible for DNS lookup
so disable at your own risk!
IPSEC Services - Automatic / Manual
Messenger - Automatic / Manual
Remote Registry - Automatic / Manual
Automatic Updates - Automatic / Disabled
Computer Browser - Automatic / Manual
Distributed Link Tracking Client - Automatic / Manual
Portable Media Serial Number - Automatic / Disabled
Task Scheduler - Automatic / Manual
