Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 25-08-2005, 17:18   #201
Guest 33467
Shilpa Poppadom
 
Join Date: Jul 2003
Location: My house
Posts: 6,422
Thanks: 0
Thanked 1 Time in 1 Post
Occasionally I keep getting Microsoft AntiSpyware alerts saying 'YourSiteBar' is trying install. I remove this and after a full scan AntiSpyware finds nothing, but the threat still comes back after a day or so. Anyone else found this problem and how did you get rid of it?
Guest 33467 is offline   Reply With Quote
Old 25-08-2005, 17:44   #202
Dan
Passed away :(
 
Join Date: May 2002
Posts: 18,791
Thanks: 1
Thanked 3 Times in 2 Posts
Quote:
Originally Posted by snowball
Occasionally I keep getting Microsoft AntiSpyware alerts saying 'YourSiteBar' is trying install. I remove this and after a full scan AntiSpyware finds nothing, but the threat still comes back after a day or so. Anyone else found this problem and how did you get rid of it?
Remove Microsoft AntiSpyware.
Dan is offline   Reply With Quote
Old 25-08-2005, 17:45   #203
Guest 33467
Shilpa Poppadom
 
Join Date: Jul 2003
Location: My house
Posts: 6,422
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by Dan
Remove Microsoft AntiSpyware.
good plan. I'll try Adaware and see what that comes up with.
Guest 33467 is offline   Reply With Quote
Old 26-08-2005, 21:53   #204
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
Odd. MS AntiSpyware is pretty good and not had a problem with it. It's been invaluable at stopping things in their tracks.

Is the anti-"MS AntiSpyware" stance just an anti-MS stance? (in which case you do know it wasn't written by MS ).

Sounds more like you are getting re-infected quickly after removing the spyware and MS AntiSpyware is doing it's job (i.e. blocking it). A lot of other anti-spyware software will let the stuff be installed and only detect it when you do a scan.
Guest 993 is offline   Reply With Quote
Old 27-08-2005, 04:00   #205
Guest 33467
Shilpa Poppadom
 
Join Date: Jul 2003
Location: My house
Posts: 6,422
Thanks: 0
Thanked 1 Time in 1 Post
Quote:
Originally Posted by DeadKenny
Odd. MS AntiSpyware is pretty good and not had a problem with it. It's been invaluable at stopping things in their tracks.

Is the anti-"MS AntiSpyware" stance just an anti-MS stance? (in which case you do know it wasn't written by MS ).

Sounds more like you are getting re-infected quickly after removing the spyware and MS AntiSpyware is doing it's job (i.e. blocking it). A lot of other anti-spyware software will let the stuff be installed and only detect it when you do a scan.

i installed Ad Aware and it detected and removed this plus about 60 other spyware that MS AS did not detect So Ive now uninstalled this in favour of AdAware. Typical Microsoft
Guest 33467 is offline   Reply With Quote
Old 27-08-2005, 12:10   #206
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by snowball
i installed Ad Aware and it detected and removed this plus about 60 other spyware that MS AS did not detect So Ive now uninstalled this in favour of AdAware. Typical Microsoft
Typical 'Giant' you should say. MS didn't write it, they just bought the product from Giant.

Sure Ad-Aware detected it, just as MS AntiSpyware did. It's just that Microsoft's version stopped it installing in the first place. Ad-Aware won't (unless you buy the pro version). Do another scan later and I bet Ad-Aware picks it up again. What you want to be doing is finding out what dodgy bit of software you've got or keep installing that installs the spyware in the first place.

P.S. You should really install several anti-spyware packages and use them all. Ad-Aware won't catch everything either. A combination of Ad-Aware, Spybot S&D and MS Anti-Spyware will get most but none of them individually has a database that covers everything. Microsoft's product is mainly best for preventing the stuff getting on there in the first place. It's got some excellent stuff for blocking boot time applications sneaking in there and browser hijacks, that neither Ad-Aware or Spybot has anything like.

Last edited by DeadKenny; 27-08-2005 at 12:15.
Guest 993 is offline   Reply With Quote
Old 13-09-2005, 17:32   #207
Guest 3628
Trusted User
 
Join Date: Mar 2001
Location: england
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Arrgh !!!

Anyone any ideas about this ?: According to Spybot I'm clean but everytime I click a link in google I'm taken to some random site.

Is this a common problem ? Anyone know a cure ??

Cheers,

Dan
Guest 3628 is offline   Reply With Quote
Old 13-09-2005, 17:40   #208
anephric
Kidney Thief
 
anephric's Avatar
 
Join Date: Jan 2004
Location: Derby, UK
Posts: 22,698
Thanks: 33
Thanked 120 Times in 76 Posts
S' a browser hijacker. Try Ad-Aware, gets rid of most of mine... Zonealarm comes with a Spyware remover now that picks up a few things that Ad-Aware and Spybot miss, so you could try that too...
anephric is offline   Reply With Quote
Old 13-09-2005, 17:42   #209
Guest 3456
Trusted User
 
Join Date: Mar 2001
Posts: 848
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by drob4

Anyone any ideas about this ?: According to Spybot I'm clean but everytime I click a link in google I'm taken to some random site.
Run Hijack this and post the log...
http://www.merijn.org/files/hijackthis.zip
Guest 3456 is offline   Reply With Quote
Old 13-09-2005, 18:37   #210
Guest 3628
Trusted User
 
Join Date: Mar 2001
Location: england
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Just run Ad-Aware (thanks for the heads up) and it found a bunch of stuff. I was able to get rid of most of it but when I try and delete the 'coolweb' entries, Ad-Aware seems to lock up - or does it just take ages to get rid of this ?.

Cheers,

Dan
Guest 3628 is offline   Reply With Quote
Old 13-09-2005, 19:09   #211
Guest 3628
Trusted User
 
Join Date: Mar 2001
Location: england
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Oh, And this is my hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 8:19:27 PM, on 9/13/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\INVERSE IP INSIGHT\BT\ARMON32A.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB03.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BT YAHOO! INTERNET\DIALBTYAHOO.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clon.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btinternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Internet
R3 - URLSearchHook: (no name) - **577AB153-985F-CABC-5F77-14A94023656D** - sysconf16.dll (file missing)
O2 - BHO: Class - **0155DC89-58A9-DAA7-8C65-19B56169147B** - C:\WINDOWS\SYSTEM\ATLIY.DLL (file missing)
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - **1201333E-BAD9-481C-BCF5-6904498CF85B** - C:\PROGRAM FILES\UNH SOLUTIONS\IE PRIVACY KEEPER\IEPKBHO.DLL
O2 - BHO: Name - {AD57F920-9354-11D9-A58F-8DA4492D8B55** - C:\WINDOWS\SYSTEM\MSTWP.DLL
O3 - Toolbar: &Radio - **8E718888-423F-11D2-876E-00A0C9082467** - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FreshBar - **06ABAA2D-34AB-4902-A326-409BD9B9A7A5** - C:\WINDOWS\SYSTEM\DOCNTROP.DLL
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe
O4 - HKLM\..\Run: [wormexe] scanSYS.exe
O4 - HKLM\..\Run: [cmon14] WhatsNewBot.exe
O4 - HKLM\..\Run: [Auto Update] C:\WINDOWS\stchost.exe
O4 - HKLM\..\Run: [BTopenworld] "C:\PROGRAM FILES\BT YAHOO! INTERNET\DialBTYahoo.exe" /ReInstallAutoDial
O4 - HKLM\..\Run: [BT Modem Lock] "C:\PROGRAM FILES\BT YAHOO! INTERNET\WATCHDOG.EXE" -rk
O4 - HKLM\..\Run: [dmvrr.exe] C:\WINDOWS\SYSTEM\dmvrr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\BT\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\INVERSE IP INSIGHT\BT\ARMon32a.exe"
O4 - HKLM\..\RunServices: [D3UO32.EXE] C:\WINDOWS\D3UO32.EXE
O4 - HKLM\..\RunServices: [BT Modem Lock SVC] "C:\PROGRAM FILES\BT YAHOO! INTERNET\ModemLock.exe"
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [CToolBar] ExchangeMaster.exe
O4 - HKCU\..\Run: [AliceSD] nmdllw.exe
O4 - HKCU\..\Run: [JAguAr] MsNetHelper.exe
O4 - Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE** - (no file)
O9 - Extra button: Corel Network monitor worker - **1A2F59A0-2FE4-11D9-A58E-9F5370964C78** - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - **1A2F59A0-2FE4-11D9-A58E-9F5370964C78** - C:\WINDOWS\SYSTEM\INTLMAIN.DLL
O9 - Extra button: Freeserve - {F8CC0220-FE4E-11D3-A58D-B06067C10104** - http://www.freeserve.net/ (file missing) (HKCU)
O9 - Extra button: Corel Network monitor worker - **1A2F59A0-2FE4-11D9-A58E-9F5370964C78** - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - **1A2F59A0-2FE4-11D9-A58E-9F5370964C78** - C:\WINDOWS\SYSTEM\INTLMAIN.DLL (HKCU)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: **4248083C-9656-11D2-8B7F-00105A17847A** - http://downloads.mplayer.com/MplayerAutoInstaller.exe
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3** (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O16 - DPF: **73F0FD85-BD47-4A95-86D1-DE38860462C1** - file://C:\IberoDialerHTML.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.37
O21 - SSODL: OLE Module - **0656A137-B161-CADD-9777-E37A75727E78** - (no file)



This mean anything to anyone ???

Chers,

Dan
Guest 3628 is offline   Reply With Quote
Old 13-09-2005, 19:45   #212
Guest 3456
Trusted User
 
Join Date: Mar 2001
Posts: 848
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by drob4
This mean anything to anyone ???

Don't like the look of...
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clon.biz/
O16 - DPF: **73F0FD85-BD47-4A95-86D1-DE38860462C1** - file://C:\IberoDialerHTML.cab ***this one sounds suspect,worth checking out.
Guest 3456 is offline   Reply With Quote
Old 13-09-2005, 21:27   #213
Guest 993
Trusted User
 
Join Date: Sep 2000
Posts: 16,470
Thanks: 0
Thanked 0 Times in 0 Posts
You can post your HijackThis log into this to analyze it...

http://www.hijackthis.de/index.php?langselect=english
Guest 993 is offline   Reply With Quote
Old 23-09-2005, 17:41   #214
Mr Silly
wandering and wondering
 
Join Date: Aug 2003
Location: UK - east
Posts: 4,381
Thanks: 3
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by Dan
Messenger Service pop-ups (XP, 2000 and NT)

For Messenger Service pop-ups outside of your browser then visit this page which will show you how to stop the messenging service; it's for Windows NT, 2000 or XP only.

http://www.zen18097.zen.co.uk/messenger.htm

Feel free to add any other tools which may be of use.
Link doesn't work anymore mate. Anyone with any suggestions?
__________________
Help me raise money for a cancer charity that helped my Dad to beat Prostate Cancer. http://www.justgiving.com/Stuart-Hellingsworth
Mr Silly is offline   Reply With Quote
Old 24-09-2005, 10:16   #215
Spooky_uk
XBL/PSN : SPOOKYVILLE
 
Spooky_uk's Avatar
 
Join Date: Jul 2000
Location: West Yorkshire
Posts: 15,962
Thanks: 0
Thanked 80 Times in 46 Posts
Quote:
Originally Posted by Mr Silly
Link doesn't work anymore mate. Anyone with any suggestions?

Disabling the Messenger Service
To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service. Its easy to reverse at a later time if you wish to do so.



Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows NT
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK

Windows 98 & ME
Windows Messenger Service cannot be disabled
Spooky_uk is offline   Reply With Quote
Old 19-10-2005, 08:18   #216
Geoggy
Gamertag : Geoggy
 
Geoggy's Avatar
 
Join Date: Jul 2002
Location: In that number.
Posts: 4,976
Thanks: 75
Thanked 39 Times in 21 Posts
Tried all the ususal suspects but having problems getting rid of something.

A dialogue box keeps opening - it has "Sitebar" at the top and is asking me to agree to install the software to my browser.

At the same time a cmd.exe dos prompt opens in the back ground and an IE page opens on some random page.

Now this may be coincidental but my internet connection through IE seems shot at - ie i cant get on the web (posting this from work)

Adaware picks it up and says its deleted - reboot and its still there, spybot picked it up and then said it had sorted it - 2 seconds later still there. Avast finds nothing.

Help!
Geoggy is offline   Reply With Quote
Old 19-10-2005, 08:27   #217
PlexShaw
XBL/PSN/iOS: PlexShaw
 
PlexShaw's Avatar
 
Join Date: Apr 2005
Location: London
Posts: 6,535
Thanks: 93
Thanked 165 Times in 79 Posts
Have you tried running Ad-Aware/Spybot etc in Safe Mode to see if you can get rid of it that way?
PlexShaw is offline   Reply With Quote
Old 19-10-2005, 09:43   #218
Geoggy
Gamertag : Geoggy
 
Geoggy's Avatar
 
Join Date: Jul 2002
Location: In that number.
Posts: 4,976
Thanks: 75
Thanked 39 Times in 21 Posts
no - will give it a go - can you remind me how to do that?

cheers

(win xp)
Geoggy is offline   Reply With Quote
Old 19-10-2005, 10:19   #219
PlexShaw
XBL/PSN/iOS: PlexShaw
 
PlexShaw's Avatar
 
Join Date: Apr 2005
Location: London
Posts: 6,535
Thanks: 93
Thanked 165 Times in 79 Posts
Press F8 before the Window XP splash screen appears.

More info here:

http://support.microsoft.com/default...b;en-us;315222
PlexShaw is offline   Reply With Quote
Old 19-10-2005, 22:28   #220
Geoggy
Gamertag : Geoggy
 
Geoggy's Avatar
 
Join Date: Jul 2002
Location: In that number.
Posts: 4,976
Thanks: 75
Thanked 39 Times in 21 Posts
opening a new thread as now convinced this is a virus not spyware

Last edited by Geoggy; 20-10-2005 at 07:25.
Geoggy is offline   Reply With Quote
Reply

Bookmarks

Tags
Browsing, Email, Windows Update, windows.xp, Zonealarm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

All times are GMT. The time now is 17:15.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network