Jump to content


Photo

CWS.Searchx PLZ HELP


  • This topic is locked This topic is locked
12 replies to this topic

#1 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 13 June 2004 - 02:43 PM

I got hijacked by a CWS.Searchx probably, as every time I run CWS Shredder,
it claims to have removed it. I have used Ad-Aware, Spybot and CWS Shredder and only the last one has found something (CWS.Searchx).

Here's what I get:
My start page has been turned to about:blank and i have a "Search for.." homepage, which I cannot remove. Moreover I get some popups sometimes
saying that my computer "may be" infected with spyware:/

After running CWS Shredder it disappears but only for some time. After 2 or 3
reboots it comes back again.

Pls help me, because it really drives me crazy.
Here's my Hijack This log (i've put HJT into C:\HJT\ directory):



Logfile of HijackThis v1.97.7
Scan saved at 21:33:00, on 04-06-13
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\STARTER.EXE
D:\PROGRAM FILES\DAEMON\DAEMON.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MSCAN\MSOFFICE\PANEL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {D1731389-BD76-11D8-95BB-4445D6F9329B} - C:\WINDOWS\SYSTEM\DMBM.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\PROGRAM FILES\DAEMON\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab


PLZ PLZ HELP ME!

#2 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 13 June 2004 - 02:54 PM

And here's the log from HJT after cleaning with CWS Shredder and after a reboot of course.



Logfile of HijackThis v1.97.7
Scan saved at 21:48:50, on 04-06-13
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\STARTER.EXE
D:\PROGRAM FILES\DAEMON\DAEMON.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MSCAN\MSOFFICE\PANEL.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\PROGRAM FILES\DAEMON\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab



I hope You'll help me.

#3 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 13 June 2004 - 03:59 PM

Hi, oobi,
Download: "StartDreck", from
HERE

Unzip to its own folder and start the program,

Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Post the log in this thread.
Microsoft MVP - Consumer Security

#4 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 13 June 2004 - 04:13 PM

Here is the log from StartDreck:



StartDreck (build 2.1.5 public BETA) - 2004-06-13 @ 23:09:07
Platform: Windows 98 (Win 4.10.1998 )

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*internat.exe=internat.exe
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.ExE
*IrMon=IrMon.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*nwiz=nwiz.exe /install
*EnsoniqMixer=starter.exe
*autoclk=autoclk.exe
*DAEMON Tools-1033="D:\PROGRAM FILES\DAEMON\daemon.exe" -lang 1033
*WT GameChannel=C:\Program Files\WildTangent\Apps\GameChannel.exe
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
舞unServicesOnce
**usk=rundll32 C:\WINDOWS\SYSTEM\SQLBKNJ.DLL,StreamingDeviceSetup
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
*FFEF37A1=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF60DD=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF774D=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFF4E8D=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFFF199=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFFCE9D=C:\WINDOWS\EXPLORER.EXE
*FFFE22CD=C:\WINDOWS\RUNDLL32.EXE
*FFFED339=C:\WINDOWS\SYSTEM\INTERNAT.EXE
*FFFD2989=C:\WINDOWS\TASKMON.EXE
*FFFD3001=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFD7AC5=C:\WINDOWS\SYSTEM\IRMON.EXE
*FFFCEFF9=C:\WINDOWS\STARTER.EXE
*FFFB5AD5=D:\PROGRAM FILES\DAEMON\DAEMON.EXE
*FFFA11CD=C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
*FFFDD1D1=C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
*FFFC34A9=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFFC15C9=C:\MSCAN\MSOFFICE\PANEL.EXE
*FFFAB789=C:\WINDOWS\SYSTEM\RNAAPP.EXE
*FFFAE521=C:\WINDOWS\SYSTEM\TAPISRV.EXE
*FFF9B87D=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
*FFF805BD=D:\SPYWARE\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#5 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 13 June 2004 - 06:37 PM

So far, so good! I see a bad file in there.

Try doing a search for this file: **usk=rundll32 C:\WINDOWS\SYSTEM\SQLBKNJ.DLL,StreamingDeviceSetup
Please let me know if you cannot find the .dll file. We'll try another step.

If you can locate it, right click, select 'Properties' and remove any 'Read only' protection.
Right click again and select "Delete".
Reboot.
Run scans with updated versions of Adaware, Spybot, CWShredder, and HJT. Post your fresh HJT log.


.
Microsoft MVP - Consumer Security

#6 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 14 June 2004 - 07:31 AM

Nope, I actually can't find it:/

#7 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 14 June 2004 - 08:03 AM

Thanks, oobi. Okay, we'll catch that critter.
Please download: "Win98Fix.zip" from here:
<Here>

Unzip to its own folder.

Open Folder and double click on RunFix.reg file.
Hit 'Yes' to merge it into your registry.
Restart your computer.

The bad file should now be visible so you can delete it.
Browse to **usk=rundll32 C:\WINDOWS\SYSTEM\SQLBKNJ.DLL,StreamingDeviceSetup

Right click select 'Properties' and remove any 'Read only' protection.
Right click again and select 'Delete'.

(If you cannot find the file, run the 'Who.bat' file in the folder.
The file will be found and listed.)

Then reboot and run the scans with updated Adaware, Spybot, CWS, and HJT. (Be sure that your version of CWS is 1.59.00)
Please post your fresh HJT log.
Microsoft MVP - Consumer Security

#8 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 14 June 2004 - 08:26 AM

oobi, before you start, be sure that your computer is configured to show all hidden files.
Here
Microsoft MVP - Consumer Security

#9 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 14 June 2004 - 09:56 AM

Right now everything seems to be ok, but I will have to wait sometime to see whether CWS won't come back. And here are some fresh logs from HJT and StartDreck.



Logfile of HijackThis v1.97.7
Scan saved at 16:51:01, on 04-06-14
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\STARTER.EXE
D:\PROGRAM FILES\DAEMON\DAEMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
C:\MSCAN\MSOFFICE\PANEL.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spyware\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\PROGRAM FILES\DAEMON\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
O16 - DPF: komentator - http://sport.onet.pl/komentator.cab




StartDreck (build 2.1.5 public BETA) - 2004-06-14 @ 16:51:26
Platform: Windows 98 (Win 4.10.1998 )

舞egistry
舞un Keys
翟urrent User
舞un
舞unOnce
聞efault User
舞un
舞unOnce
腿ocal Machine
舞un
*internat.exe=internat.exe
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.ExE
*IrMon=IrMon.exe
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*nwiz=nwiz.exe /install
*EnsoniqMixer=starter.exe
*autoclk=autoclk.exe
*DAEMON Tools-1033="D:\PROGRAM FILES\DAEMON\daemon.exe" -lang 1033
舞unOnce
舞unServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*SchedulingAgent=mstask.exe
舞unServicesOnce
舞unOnceEx
舞unServicesOnceEx
肇iles
艋ystem/Drivers
舞unning Processes
*FFEF3401=C:\WINDOWS\SYSTEM\KERNEL32.DLL
*FFFF637D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
*FFFF74ED=C:\WINDOWS\SYSTEM\MPREXE.EXE
*FFFF4D2D=C:\WINDOWS\SYSTEM\mmtask.tsk
*FFFFEB91=C:\WINDOWS\SYSTEM\MSTASK.EXE
*FFFE2B15=C:\WINDOWS\EXPLORER.EXE
*FFFE1229=C:\WINDOWS\SYSTEM\INTERNAT.EXE
*FFFE6881=C:\WINDOWS\TASKMON.EXE
*FFFE71F5=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
*FFFEB029=C:\WINDOWS\SYSTEM\IRMON.EXE
*FFFEC7B5=C:\WINDOWS\STARTER.EXE
*FFFEDCF5=D:\PROGRAM FILES\DAEMON\DAEMON.EXE
*FFFD1659=C:\WINDOWS\SYSTEM\DDHELP.EXE
*FFFD0955=C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
*FFFEEEA5=C:\WINDOWS\TWAIN_32\A4S2_600\WATCH.EXE
*FFFEE28D=C:\MSCAN\MSOFFICE\PANEL.EXE
*FFFC5521=C:\HJT\HIJACKTHIS.EXE
*FFFC9A9D=C:\WINDOWS\NOTEPAD.EXE
*FFFC8665=D:\SPYWARE\STARTDRECK\STARTDRECK.EXE
翠pplication specific

#10 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 14 June 2004 - 09:57 AM

And I'll post some info in next 24hrs. And right now: thank You very much, Bugbatter!

#11 oobi

oobi

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 15 June 2004 - 12:14 PM

The Searchx did not fortunately come back, so I have to thank You very much again- You've solved my problem. Cheers.

#12 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 15 June 2004 - 12:51 PM

That is good news! You are very welcome. If I were you, I'd get today's update for Adware, run that and CWShredder, and those should clean up any leftovers that do not need to be there.
Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: Here

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free program:
SpywareBlaster: Here
Periodically check for updates.
Check for updates in Adaware frequently as they sometimes can update daily.
I would check for updates in SpyBot once a week or so.
I scan with each at least weekly.

4. Use updated antivirus software and firewall software.
Note: Zone Alarm Firewall (Zone Labs) Here is free.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.
Microsoft MVP - Consumer Security

#13 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 August 2004 - 02:21 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button