Jump to content


Photo

Seeking my lost homepage


  • This topic is locked This topic is locked
15 replies to this topic

#1 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 09:40 AM

Ever feel like you are chasing your own tail? :grrr: Well after six hours of doing so I am now here in a plea for help, not to mention a large glass of water and a Tylenol! Two days ago my computer started acting funny, getting strange “new” homepages and icons on the desktop, getting an about:blank, and or two web search homepages as well as a casino page…none of which were my starting page. No matter how many times I tried to change it back to the original homepage it kept returning to these odd pages. A quick run of the AntiVirus program brought to light that there was 2 new “friends” on the computer. …lovely…<insert slight tilt of head and a few moments of blinking at the screen :huh: >

PWS.Hooker.Trojan and Backdoor.Agent.B


I use Symantec as my AntiVirus, also have XoftSpy, CWShredder and Hijackthis

Apparently I was able to take care of the viruses since they are no longer found on my system but I am still having trouble getting my homepage back. So I have been spending the last few hours here at this site reading. I do have the latest in Windows update (running windows XP), or at least I should since one of those six hours has been puttering around while waiting for it to finish downloading (updates).

I have also read and tried to do step-by-step of what was said here:
http://www.spywarein...icles/hijacked/

Also have found the below to be great sites. Easy to use (least I thought so) and understand! Thank You!! :bounce:
http://sysinfo.org/
http://hometown.aol....al/tutorial.htm


Now either I messed up somewhere or I am just stuck, but in my case it would be both knowing me, so may the computer gods/goddesses shine a little light on me and help me keep what little hair I have left? :wtf:

Here is the Logfile from HijackThis:

Logfile of HijackThis v1.98.0
Scan saved at 11:22:27 PM, on 7/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetdata\services.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\GetRight\getright.exe
C:\Documents and Settings\Sue\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0websearch.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com



By the way R0 I know is “Bad” and I have tried fix it several times but it keeps coming back. Also when I run shredder it keeps deleting CWS.Yexe even though it says nothing is found.
:scratchhead: :techsupport: :whistle: :ugh:

#2 mpanelli

mpanelli

    Member

  • New Member
  • Pip
  • 4 posts

Posted 30 July 2004 - 10:13 AM

I had a similar problem. I found a site called PC Hell. The site is not laid out very well but if you can find what you are looking for it has GREAT information.
PCHELL.COM

#3 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 30 July 2004 - 10:22 AM

Hi, Hugsnkissesums,

Let's try this:

Close inetdata\services in Task Manager.

Run HJT with all other windows/browser closed, and rick to fix these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://0websearch.com/
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

Reboot into Safemode:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Look for this and delete:
C:\WINDOWS\inetdata\services.exe <= inetdata folder

Reboot normally.

Empty your Temporary Internet Files and history in Internet Options. And clean out your
%Userprofile%\Local Settings\Temp (User Profile: repeat for all users)

OR: Use the Disk Cleanup Utility to empty all your Temp folders

Flush System Restore:
(Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Problem gone? Post a fresh log, and we'll take a look.
Microsoft MVP - Consumer Security

#4 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 10:54 AM

Thank you for replying

It wouldn’t let me close inetdata/services in Task Manager

Tried running HJT and fix what you listed, after the joyous search in safe mode and deleting that .exe, I rebooted to be greeted with 2 errors looking for that .exe. Again I was greeted with the errors after I turned system restore off…(deep breath and crosses fingers), turned it back on. Took a look to see if it worked and as the great Homer Simpson would say…Doh!! No, I get an About:Blank (but no strange webpages just a nothingness)….unless that’s a good thing?

Fresh Error every time I boot now, it wants services back from the .exe that was deleted and I have lost utilities such as printer, scanner and a few other things.

Here is the new log:
Logfile of HijackThis v1.98.0
Scan saved at 12:47:23 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Documents and Settings\Sue\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com

#5 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 11:34 AM

the printer and scanner are just not actively up on the taskbar like the use to, but both work fine.

#6 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 30 July 2004 - 12:56 PM

You scared me there, for a minute! Am glad you only lost the taskbar buttons for those!
Not to worry... Yes you should be able to add your printer and scanner to the taskbar again (Check your XP info), as well as setting your desired homepage in Internet Explorer again (Tools>Internet Options).

Run HJT in safemode this time.
Still a few remnants to fix:
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetdata\services.exe

Reboot into Safemode and delete:
C:\WINDOWS\inetdata\services.exe< = folder (This guy is probably what was giving you the error as he was looking for his buddies. FYI: Troj/Krepper-G is Trojan which changes browser settings, downloads and installs/runs new software and modifies the HOSTS file to redirect internet searches.)

Empty the temps again. If all is well, flush System Restore again as before.
Yeah, scary, but you don't want anything living in there only to return someday.

Edited by Bugbatter, 30 July 2004 - 02:06 PM.

Microsoft MVP - Consumer Security

#7 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 07:52 PM

Sorry I didn’t get back to you, I fell asleep somewhere around 1am after I posted here. Nothing like waking up with keyprints on your face. :hmmm:

Anyway homepage has returned to me, knowing it …it probably ran off to Alaska and didn’t even bother sending a post-card. Hehe just good humor! :rofl:

Ok after doing what you suggested I still got the error of the services.exe is missing and it wants it back.

Here is what the error messages say: :bangbang:

Windows cannot find: C:\WINDOWS\inetdata\services.exe Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and the click search.

Could not load or run C:\WINDOWS\inetdata\services.exe specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.



Here is the new log file:

Logfile of HijackThis v1.98.0
Scan saved at 9:31:15 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Documents and Settings\Sue\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attmil.ne.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com


The R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attmil.ne.jp/ is my homepage <insert happy dance and much cheering from the back ground…even party popers?>
:bounce:

#8 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 30 July 2004 - 08:08 PM

Glad to hear that your homepage is back, but I do not know why you are getting that error message, because your log does not show it in the registry.
Have you rebooted since removing it in HJT? Did you clean the temps and System Restore? Did you set alienware as your startpage, or did the hijacker do that? If you did not do it, that might be the answer and we can take that out, so let me know....
As a last resort, you could manually search for it in the registry. Have you ever worked in the registry?
Microsoft MVP - Consumer Security

#9 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 08:26 PM

I have an Alienware computer, it is where the computer came from and is the default, the http://www.attmil.ne.jp/ is the homepage I use, my custom homepage, which is my email site.

Have you rebooted since removing it in HJT? Yes
Did you clean the temps and System Restore? Yes

Those errors only come up when I restart

Have you ever worked in the registry? Yes, I have done a search after you said something and found a reference to the .exe and deleted it. Rebooted and there was no longer any error messages.

Question time :

How do I get back the printer and scanner back on my taskbar?
Is their anything else I should check or double check to make sure my system is ok now? I have run my AntiVirus program a few times now and nothing has come up. The homepage comes up every time now when I open IE /cheer and no more About:Blank!

Logfile of HijackThis v1.98.0
Scan saved at 10:21:50 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\GetRight\getright.exe
C:\Documents and Settings\Sue\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attmil.ne.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com

#10 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 30 July 2004 - 09:46 PM

Much better! :D
Regarding the taskbar, just rt-click your taskbar, then toolbars, then quicklaunch.
You can then add the shortcuts you want in that.

Also see if these help:
http://www.helpwithp...ial-taskbar.htm
http://www.microsoft...tombrowser.mspx
Microsoft MVP - Consumer Security

#11 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 10:34 PM

Thank you so much for your time and patience, very much appreciated and you helped me out of what I thought was going to be a system format and reinstalling everything. Again thank you!


I was wondering if you can help me with a new problem that has come up but it has nothing to do with my web page. When my screensaver starts up it starts to be real laggy and the when I go to “wake” it up by moving the mouse the screensaver closes but the desktop seems to get stuck. My desktop pattern shows up and I can move my mouse and see the curser but the desktop icons (folders and such), start menu, and task bar will not load up. I have to hard boot out of it, even ctrl alt delete won’t do anything. Any ideas? This has never happened before and just started within the last couple of hours.

#12 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 30 July 2004 - 11:24 PM

ok, after fooling around tryen to find some idea of whats wrong I'm at my wits end, I have no idea of how to fix this or what is making it do this all of a sudden. :ugh:

#13 Hugsnkissums

Hugsnkissums

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 31 July 2004 - 01:49 AM

Went though some of my programs in trying to see what else may be fishy or wrong...seems anything that is dealing with graphics is making me crash or get locked up to where I have to hard boot.

Screensavers
Dark Age of Camelot (MMOG)

Those two things are really apparent that something is really wrong but even loading complex WebPages with high graphics makes the computer lockup. Is it possible that when trying to fix my homepage something was tampered with or something that was “fixed”/ deleted /infected was misplaced or deleted which turned out to be something important?

Just really frustrating when my machine was running better with the problems it had then it is now that those problems were fixed.

The log files are the same as when I last posted them

I updated my Graphics driver and now just on a wishful thought of luck that it fixed it. Just seems I/we fix one thing another problem pops up. Someone needs to invent a pop-up problem blocker like they have for pop-up adds. :techsupport: :hmmm:

Edited by Hugsnkissums, 31 July 2004 - 01:58 AM.


#14 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 31 July 2004 - 07:41 AM

We did not change anything that would have messed up your graphics.

All one can do is read and learn what the signs of hardware and software problems are, so you have some idea where to look for help.

Here is my standard list of prevention tips:

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupd.../en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free programs:
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.javacools...ywareguard.html
Periodically check for updates.

4. Keep your antivirus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs)http://www.zonelabs....ontent/home.jsp is free.

5. You might consider installing Mozilla or Firefox. It seems to have fewer vulnerabilities than IE.
http://www.mozilla.org/

6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft....ftware/adaware/
b. SpyBot S&D: http://security.koll...n&page=download
Check for updates in Adaware frequently as they sometimes can update daily.
I would check for updates in SpyBot once a week or so.
I scan with each at least weekly.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

I'm glad we could help. Happy computing! :wave:
Microsoft MVP - Consumer Security

#15 chileeeboy

chileeeboy

    Member

  • New Member
  • Pip
  • 1 posts

Posted 01 August 2004 - 04:53 PM

i had the same exact problem... with the c:\windows\inetdata\services.exe
it kept coming back, no matter how many times i used adaware and spybot. kept changing my darn homepage to "0websearch". but anyway, i think i fixed it. i went into msconfig and unchecked the "inetdata\services.exe" in the startup section and then rebooted, and deleted the whole inetdata folder. THEN, i found out they fricken hijacked my notepad.exe in c:\windows\system32\notepad.exe, and turned it into their own version (which i was wondering why i couldn't read txt's by this time) and it turns out, that every time i tried to open a txt file, it would directly open their notepad.exe, (which wasn't even notepad and did nothing when i clicked the txt files) and when doing so, would replace the c:\windows\inetdata folder and EVERYTHING in it, including services.exe. so i found the real notepad in the c:\WINDOWS directory and put it back into c:\windows\system32. then i ran ad-aware one more time and the stupid thing has finally stopped bothering me. i just hope i reached the bottom of it. :grrr: well, that's all my two cents has to offer.

#16 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 August 2004 - 02:14 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button