Jump to content


Photo

Need Help - Have been hijacked - Log file


  • Please log in to reply
4 replies to this topic

#1 reastman

reastman

    Member

  • New Member
  • Pip
  • 4 posts

Posted 19 July 2004 - 01:29 PM

I tried to get to "http://www.spywarein...cles/hijacked/", but got "This page cannot be displayed".

My IE start page has been hijacked to res://rpplf.dll/index.html#22776, and scanning with an updated spybot and CWShredder has not helped.

Here is my HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 2:11:27 PM, on 7/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\mshw.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\d3ok.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob Eastman\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://rpplf.dll/index.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rpplf.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rpplf.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {99F0E077-D792-D9CB-1B91-6B33C2CEB9AB} - C:\WINDOWS\system32\netoj32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [d3ok.exe] C:\WINDOWS\d3ok.exe
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKLM\..\RunOnce: [iebn.exe] C:\WINDOWS\system32\iebn.exe
O4 - HKLM\..\RunOnce: [atlyx.exe] C:\WINDOWS\atlyx.exe
O4 - HKLM\..\RunOnce: [mshw.exe] C:\WINDOWS\mshw.exe
O4 - HKLM\..\RunOnce: [wingy.exe] C:\WINDOWS\wingy.exe
O4 - HKLM\..\RunOnce: [ntbs.exe] C:\WINDOWS\ntbs.exe
O4 - HKLM\..\RunOnce: [javalt32.exe] C:\WINDOWS\system32\javalt32.exe
O4 - HKLM\..\RunOnce: [ievr.exe] C:\WINDOWS\ievr.exe
O4 - HKLM\..\RunOnce: [atlxh32.exe] C:\WINDOWS\system32\atlxh32.exe
O4 - HKLM\..\RunOnce: [apiml32.exe] C:\WINDOWS\apiml32.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\system32\sdkpb32.exe
O4 - HKLM\..\RunOnce: [mfcvz.exe] C:\WINDOWS\mfcvz.exe
O4 - HKLM\..\RunOnce: [d3jw.exe] C:\WINDOWS\d3jw.exe
O4 - HKLM\..\RunOnce: [ipss.exe] C:\WINDOWS\ipss.exe
O4 - HKLM\..\RunOnce: [addxy.exe] C:\WINDOWS\system32\addxy.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: SideStep (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1090250874093
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00721/sb028.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5919D6B5-E098-4683-9A3F-D521D98B05EE}: NameServer = 205.188.146.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{5919D6B5-E098-4683-9A3F-D521D98B05EE}: NameServer = 205.188.146.146

--------------------------------------------------------------------

THANK YOU FOR ANY ASSISTANCE YOU CAN PROVIDE.

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 19 July 2004 - 07:45 PM

Please download About:Buster and unzip it to your desktop. Donīt run it yet.

How to use Ad-Aware to remove Spyware <= Please check this link for instructions on how to download, install and then use adaware. Donīt use it yet.
1 You already have Adaware installed. Make sure it's up to date. Just open Adaware and click on *Check for Updates Now* and then *Connect*. It will find a new reference-file. Click *ok* and let it download and install the updates by clicking on *Finish* .This will return you to the main screen. You should now see Reference File # : 01R332 12.07.2004 or higher listed.

2. Print out these instructions so you have them handy as most of the steps need to be done in safe mode and you may not be able to go online.

3. Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called "Network Security Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.If this service is not listed go ahead with the next step.

4. Reboot to Safe Mode
How to start the computer in Safe mode
http://service1.syma...src=sec_doc_nam


5. Make sure your PC is configured to show hidden files

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

6.CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://rpplf.dll/index.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://rpplf.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://rpplf.dll/index.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rpplf.dll/sp.html#22776
O2 - BHO: (no name) - {99F0E077-D792-D9CB-1B91-6B33C2CEB9AB} - C:\WINDOWS\system32\netoj32.dll
O4 - HKLM\..\Run: [d3ok.exe] C:\WINDOWS\d3ok.exe
O4 - HKLM\..\RunOnce: [iebn.exe] C:\WINDOWS\system32\iebn.exe
O4 - HKLM\..\RunOnce: [atlyx.exe] C:\WINDOWS\atlyx.exe
O4 - HKLM\..\RunOnce: [mshw.exe] C:\WINDOWS\mshw.exe
O4 - HKLM\..\RunOnce: [wingy.exe] C:\WINDOWS\wingy.exe
O4 - HKLM\..\RunOnce: [ntbs.exe] C:\WINDOWS\ntbs.exe
O4 - HKLM\..\RunOnce: [javalt32.exe] C:\WINDOWS\system32\javalt32.exe
O4 - HKLM\..\RunOnce: [ievr.exe] C:\WINDOWS\ievr.exe
O4 - HKLM\..\RunOnce: [atlxh32.exe] C:\WINDOWS\system32\atlxh32.exe
O4 - HKLM\..\RunOnce: [apiml32.exe] C:\WINDOWS\apiml32.exe
O4 - HKLM\..\RunOnce: [sdkpb32.exe] C:\WINDOWS\system32\sdkpb32.exe
O4 - HKLM\..\RunOnce: [mfcvz.exe] C:\WINDOWS\mfcvz.exe
O4 - HKLM\..\RunOnce: [d3jw.exe] C:\WINDOWS\d3jw.exe
O4 - HKLM\..\RunOnce: [ipss.exe] C:\WINDOWS\ipss.exe
O4 - HKLM\..\RunOnce: [addxy.exe] C:\WINDOWS\system32\addxy.exe


7. Delete the following files if present.
C:\WINDOWS\system32\rpplf.dll
C:\WINDOWS\d3ok.exe
C:\WINDOWS\system32\netoj32.dll
C:\WINDOWS\atlyx.exe
C:\WINDOWS\mshw.exe
C:\WINDOWS\system32\iebn.exe
C:\WINDOWS\mshw.exe
C:\WINDOWS\wingy.exe
C:\WINDOWS\ntbs.exe
C:\WINDOWS\system32\javalt32.exe
C:\WINDOWS\ievr.exe
C:\WINDOWS\system32\atlxh32.exe
C:\WINDOWS\apiml32.exe
C:\WINDOWS\system32\sdkpb32.exe
C:\WINDOWS\mfcvz.exe
C:\WINDOWS\d3jw.exe
C:\WINDOWS\ipss.exe
C:\WINDOWS\system32\addxy.exe


8. Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

9. Scan with Adaware and let it remove any bad files found.

10. Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

11. Reboot to normal mode, scan again with Hijack This and post a new log here.

12. Finally, do an online scanHERE. Let it remove any infected files found.


Post a fresh HijackThis log and the AboutBuster report back here please.

#3 reastman

reastman

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 August 2004 - 02:50 PM

:D
mmxx66:

Thanks for your advice. I have just gotten back from some vacation, and so I am just now going through your recommended steps. And will report back before the weekend is out.

Thanks again.

#4 reastman

reastman

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 August 2004 - 05:32 PM

:D
mmxx66:

Many thanks !!!!!!!!!!!!!!!!!!!

Things seem to be Ok now.

Followed all of your instructions from july 19th.

Have just finished running Trendmicro Housecall (which found 4 more Trojan horses that Norton Anti-Virus had not found ??????).

Here is my new HiJack this log:

Logfile of HijackThis v1.97.7
Scan saved at 4:52:05 PM, on 8/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bob Eastman\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.cnn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.cnn.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2FA7668-51A3-BA8C-F6B3-6755AF9CDBED} - C:\WINDOWS\system32\crxg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Support (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.micr...b?1090250874093
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.side...00721/sb028.cab




Did get all of this insidious little f_____ing pest ??

Thanks again.

#5 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 07 August 2004 - 05:45 PM

CLOSE ALL WINDOWS AND BROWSERS Scan with Hijack This and put checks next to all the following, then click "Fix Checked":

O2 - BHO: (no name) - {C2FA7668-51A3-BA8C-F6B3-6755AF9CDBED} - C:\WINDOWS\system32\crxg.dll (file missing)

You have RealPlayer running at Startup and this is not necessary. You can fix this with HJT, but you will also need to set it not to load in RealPlayer itself to keep it from resetting itself. This is the item to fix in HJT:
O4 - HKLM\..\Run: [TkBellExe] "C:\ProgramFiles\Common Files\Real\Update_OB\realsched.exe" –osboot

This item is considered to be resource hog that is not needed and it may be worthwhile to fix it with HJT. You will still be able to start it manually if you need it
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

And also see TonyKlein's good advice
So how did I get infected in the first place?

Good luck :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button