• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Mighty_Maxx

Purityscan/trafficmarketplace must die!!

4 posts in this topic

Ok here's the deal. I am no stranger to removing spyware, but this has got me stumped. I am getting Traffic marketplace popups, and then what I call generic internet explorer popups

 

I believe I have stopped the trafficmarketplace, but the generic popups still occur. I have done some research after scouring my task list, found two suspicious tasks, all others seem to check out, if you see one that you think is a problem point it out. the enns.exe is a purityscan task. Spybot search and Destroy (SBSD) find it everythign and removes it (while in safe mode), but continues to return. I'm running windows 2000 so its difficult for me to determine whats being started up upon boot (no msconfig).

 

I have taken the following steps to remove the software for purityscan or traffic market place.

(while in safe mode)

-Ran adaware

-Ran SBSD

-Ran CWShredder

-Ran Hijackthis (which I could not see anything worth noting)

-Removed suspicious programs from add remove programs

 

Information You may want

 

Computer: Compaq Deskpro EN

OS: Windows 2000 pro SVCpk 4

Connection: LAN network/firewalled to hell and back

NOTE: I bypass the firewall sometimes using Hopster, I have researched it a lot and have heard only good things, I highly doubt I'm getting spyware through it, as it has its own "annoying banner".

 

Generic Popup

Task List

 

Hijackthis log

 

Any help would be greatly appreicated

-I have been through the stickied threads and FAQS, if I missed something feel free to flame me over an open fire. But if I were to read every FAQ or every response in teh stickied threads, my equipment would be out of date, and this thread would be pointless ;)

 

 

Logfile of HijackThis v1.97.7

Scan saved at 8:36:18 PM, on 6/24/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

c:\program files\timbuktu pro\tb2launch.exe

C:\WINNT\NetopiaRC\Tb2RCAssist.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Windows Media Player\wmp.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\Promon.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe

C:\WINNT\system32\nyxfjz.exe

C:\Documents and Settings\XC03912\Application Data\enns.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE

C:\Program Files\timbuktu pro\tb2pro.exe

C:\Program Files\timbuktu pro\TNOTIFY.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\hopster\hopster.exe

C:\Program Files\Trillian\trillian.exe

C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE

C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\XC03912\Desktop\Spyware\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.s94340963.onlinehome.us/videos/new_page_1.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=webcache.sfbay.sun.com:8080;http=webcache.sfbay.sun.com:8080;https=webcache.

sfbay.sun.com:8080

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINNT\iDonate.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [fwenc.exe] "C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe"

O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu pro\tb2init.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [qstpgqze] C:\WINNT\system32\nyxfjz.exe

O4 - HKCU\..\Run: [Hela] C:\Documents and Settings\XC03912\Application Data\enns.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

O4 - Global Startup: Timbuktu Pro.lnk = C:\Program Files\timbuktu pro\tb2pro.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O16 - DPF: Xerox PeopleNet Web - http://hrapps.xpn.xerox.com/c/xp10400.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://internal.connect.xerox.com/xnet/Por...rces/msddsc.cab

O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab

O16 - DPF: {70A89DB7-5EC2-4790-AC34-0018FC2E61CB} (oucv3 Class) - http://officeupdate.microsoft.com/v3content/ouv3is.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7996.2882523148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb01.com/pathways/pway_ii...ab/pwlninst.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://xnet.connect.xerox.com/ActiveX/ikcntrls.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Edited by LoPhatPhuud

Share this post


Link to post
Share on other sites

Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'c:\program files\hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

 

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

 

Check the following items in HijackThis.

R3 - Default URLSearchHook is missing

 

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - C:\WINNT\iDonate.dll

 

O4 - HKLM\..\Run: [qstpgqze] C:\WINNT\system32\nyxfjz.exe

O4 - HKCU\..\Run: [Hela] C:\Documents and Settings\XC03912\Application Data\enns.exe

 

O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab

 

Close all windows except HijackThis and click Fix checked.

 

While still in Safe Mode*, delete the following: (you may need to show hidden files**)

C:\WINNT\system32\nyxfjz.exe

C:\Documents and Settings\XC03912\Application Data\enns.exe

 

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406

**Show Hidden and System files and folders

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

 

Reboot in normal mode.

 

Run HiJackThis again and post a new log in this thread.

Share this post


Link to post
Share on other sites

Did all the above, believe that did the trick.

 

 

 

Logfile of HijackThis v1.97.7

Scan saved at 12:09:02 PM, on 7/2/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

c:\program files\timbuktu pro\tb2launch.exe

C:\WINNT\NetopiaRC\Tb2RCAssist.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\Program Files\Windows Media Player\wmp.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\Promon.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe

C:\WINNT\system32\NDrv.exe

C:\Program Files\Compaq\Easy Access Keyboard\MMUSBKB2.EXE

C:\Program Files\timbuktu pro\tb2pro.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\timbuktu pro\TNOTIFY.EXE

C:\Spyware\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.s94340963.onlinehome.us/videos/new_page_1.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=webcache.sfbay.sun.com:8080;http=webcache.sfbay.sun.com:8080;https=webcache.sfbay.sun.com:8080

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINNT\system32\NDrv.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [Easy Access Keyboard] C:\Program Files\Compaq\Easy Access Keyboard\MMKeybd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [fwenc.exe] "C:\Program Files\CheckPoint\SecuRemote\bin\fwenc.exe"

O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu pro\tb2init.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [NDrv] C:\WINNT\system32\NDrv.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe

O4 - Global Startup: Timbuktu Pro.lnk = C:\Program Files\timbuktu pro\tb2pro.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell (HKLM)

O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)

O16 - DPF: Xerox PeopleNet Web - http://hrapps.xpn.xerox.com/c/xp10400.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://internal.connect.xerox.com/xnet/Por...rces/msddsc.cab

O16 - DPF: {70A89DB7-5EC2-4790-AC34-0018FC2E61CB} (oucv3 Class) - http://officeupdate.microsoft.com/v3content/ouv3is.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7996.2882523148

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - http://www.platoweb01.com/pathways/pway_ii...ab/pwlninst.cab

O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://xnet.connect.xerox.com/ActiveX/ikcntrls.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Share this post


Link to post
Share on other sites

At last, your system is clean and free of spyware! Want to keep it that way?

 

Here are some simple steps you can take to reduce the chance of infection in the future.

 

1. Visit Windows Update: <-- YOU NEED TO DO THIS!!

Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.

a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

 

1. Adjust your security settings for ActiveX:]

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the

second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

 

2. Download and install the following free programs

a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html

c. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

1. Install Spyware Detection and Removal Programs:

You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. AdAware: http://www.lavasoft.de/

b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

 

 

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

 

 

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0