Hi cornbread
You have a hijacker and/or malware on your system. In addition to updating
and running your AV, download, install and run the programs below in Safe
Mode with Hidden Files enabled. This will remove the nasty you have and
any others it may have let in the back door. Some malware can replicate
itself repeatedly if not removed properly, so even if you have run some of
the programs listed here, it is important that you run them again according
to the information below so that Windows is not operating to hide any files
'in use' Follow all instructions carefully:
First, Clear the TIF's and empty the recycle bin:
http://www.mvps.org/winhelp2002/delcache.htm
Also…empty your Recycle bin.
Then do the following:
CAUTION>>>> Backup all documents and files before removing any spyware!!
Most importantly, download install and run CWShredder here
http://www.majorgeeks.com/download3019.html
or here
http://www.trendmicro.com/cwshredder/
Then download, install and immediately update these three programs before
running:
AdAware SE - Update immediately after installing
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
SpyBot S &D - Update immediately after installing
http://www.majorgeeks.com/download2471.html
Microsoft Windows Antispyware Program (Beta)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Ewido Security Suite (W2000 and XP only)
http://www.ewido.net/en/download/ (freeware)
(Per Mike Burges) Note: When installing, under "Additional Options"
Uncheck: "Install background guard"
Uncheck: "Install scan via context menu"
Note: When you run ewido the first time, you will get a warning:
"Database could not be found!". Click OK.
(this will be resolved in the next step)
From the main ewido screen, click on Update (left menu)
See Screenshot:
http://www.ewido.net/images/screen_en_1.jpg
Next click the Start update button.
After the update finishes (bottom status bar displays "Update successful")
Note: do not run a full scan yet, just install the updates.
Then visit these sites (if possible) to test for parasites and help with
basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
Http://aumha.org/a/quickfix.php
Next, do an Online scan here (if possible) -
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure that you choose "fix" or "clean".
Download and install HiJackThis. This step is one of the most important.
Follow all instructions carefully. This progarm shoud be run in Normal mode.
How to download and install HiJackThis: Win 98-XP
http://www.download.com/HijackThis/3000-8022_4-10227353.html
Please…. DO NOT post your log HiJackThis log to this newsgroup. It is
important that you go to one of the HiJackThis Support Forums below and
allow the experts there to analyze it for you.:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
AumHa HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or HJT - CastleCops
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.
CAUTION!!!!! Before you try to remove spyware using any of the programs
above, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX to have at hand if needed,
available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
How to Show Hidden Files
http://snipurl.com/6rl8
Dealing with an infected PC
http://www.microsoft.com/windowsxp/using/security/expert/russel_infectedpc.mspx
Hope this helps.
Jan
MS MVP/Windows - Internet Explorer
Smiles are meant to be shared,
that's why they're so contagious
Replies posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
....
