Jump to content


Photo

Recurring malware


  • Please log in to reply
8 replies to this topic

#1 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 June 2004 - 08:32 AM

Someone kindly helped me recently eradicate some spyware but it seems to have come back again. Please could someone have a look at my HJT and suggest a fix:
Logfile of HijackThis v1.97.7
Scan saved at 14:27:37, on 22/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\C_PAN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\BROTHER\BRMFLPRO\FAXRX.EXE
C:\HPOJET\MGR\HPOJDMAN.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe
O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownloa...n/myv3/myv3.cab

Thanks in advance

#2 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 June 2004 - 03:05 AM

I haven't had a response and could really do with some help. I am not sure if this is recurring or a new parasite. It has the same symptoms as before i.e. "hotxxx" keeps appearing all over the place and I believe it dials up premium sites. After some assistance here a couple of weeks ago it disappeared but has now returned.
Help please! :gasp:

#3 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 June 2004 - 08:10 AM

Getting a bit desperate now as I have had no replies and all sorts of strange things keep happening. My home page has just been hijacked to a site called www.sureseeker.com
Help gratefully appreciated please.

#4 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 23 June 2004 - 08:42 AM

Oh yes and in case it has changed my hjt log today looks like this:
Logfile of HijackThis v1.97.7
Scan saved at 14:34:47, on 23/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\C_PAN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\C_PAN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\7.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\C_PAN.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\BROTHER\BRMFLPRO\FAXRX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\HPOJET\MGR\HPOJDMAN.EXE
C:\WINDOWS\SYSTEM\BRMFRSMG.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe
O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownloa...n/myv3/myv3.cab

Thanks all

#5 smckillop

smckillop

    Rockin' Apple of SWI

  • Retired Staff - Helper
  • PipPipPip
  • 143 posts

Posted 23 June 2004 - 06:20 PM

Hello again r0b! It appears that you have the identical problem that you had during your last visit here. I am concerned as to how you became re-infected so I will walk you through a few extra steps in a follow up post (after we get the issue cleaned up) to try and prevent future infection.

Posted Image Reboot your PC into Safe Mode by doing the following:
  • Start Windows, or if it is running, shut Windows down, and then turn off the computer.
  • Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
  • As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.
Posted Image Make sure you are set to Show Hidden Files and Folders:
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View Tab.
  • In the Hidden files section select Show all files.
  • Click OK.
Posted Image Delete the following files:
  • C:\WINDOWS\C_PAN.EXE
Posted Image Close all application and browser windows and run HijackThis.

Click on the Scan button
Put a check beside the following line(s)
  • O4 - HKLM\..\Run: [httpd] C:\WINDOWS\c_pan.exe /i
You have OSA.EXE loading at startup which is resource hog that can be launched manually if it is required. I recommend letting HijackThis fix it by checking the following line:
  • O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Click on the "Fix Checked" button

Posted Image Reboot your PC a couple of times and reply to this topic with an updated HijackThis log.
smckillop
He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo

#6 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 June 2004 - 03:09 AM

Yes hello again smckillop
is it a re-infection or recurrence of something lurking after the last fix? The hijack to "pureseeker" didn't happen before.
However after much tapping of f8 without success I discovered the other way of getting into safe mode and carried out your instructions. Here's the subsequent hjt log:
Logfile of HijackThis v1.97.7
Scan saved at 09:02:10, on 24/06/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.EXE
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.EXE
C:\FREESERVE\FREESERVECONNECTIONKIT\ATDIALLER1.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WASHER\WASHER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\HPOJET\MGR\HPOJDMAN.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\CONFIG\EREG\REMIND32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\POPUP\SMARTUI.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SCANSOFT\PAPERPORT\PPLINKS.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [MicroDialler] C:\Freeserve\FreeserveConnectionKit\atdialler1.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\BRMFLPRO\SetDefPrt.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.EXE"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\BRMFLPRO\faxrx.exe
O4 - Startup: HP OfficeJet Auto Prompt.lnk = C:\HPOJET\MGR\HPOJDMAN.EXE
O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\ScanSoft\PaperPort\Config\Ereg\REMIND32.EXE
O4 - Startup: Brother SmartUI PopUp.lnk = C:\Program Files\ScanSoft\PaperPort\PopUp\SmartUI.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.google.com
O16 - DPF: {5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} (V3ProX Control) - http://ahnlabdownloa...n/myv3/myv3.cab

Thanks again.

#7 smckillop

smckillop

    Rockin' Apple of SWI

  • Retired Staff - Helper
  • PipPipPip
  • 143 posts

Posted 24 June 2004 - 06:01 AM

Nice work r0b!

I don't see any visible problem in your HijackThis log. You didn't state in your post if you're still being redirected to "pureseeker". Let me know and I'll see if I can find some info, otherwise, you should be good to go!

Posted Image I would recommend looking into the following to try and prevent future infections:

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
http://www.wildersse...areblaster.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.staff.uiu...rce.htm#IESPYAD

Both are very small free programs that you run once, and then just occasionally to check for updates.

And also see TonyKlein's good advice
So how did I get infected in the first place?

Thanks!
smckillop
He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo

#8 r0b

r0b

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 June 2004 - 11:07 AM

I have done all you recommend. No pureseeker hasn't appeared again.
Interestingly I have been running spywareblaster for a few months now but it didn't stop me getting infected twice. I have just downloaded an update.
Thanks a million for your help.

#9 smckillop

smckillop

    Rockin' Apple of SWI

  • Retired Staff - Helper
  • PipPipPip
  • 143 posts

Posted 24 June 2004 - 01:04 PM

Thanks r0b!

Since your symptoms have been resolved. I am considering the issue closed. If you do come across another problem, please start a new topic. :wave:
smckillop
He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button