Jump to content


Photo

Atwola


  • This topic is locked This topic is locked
17 replies to this topic

#1 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 11 August 2005 - 06:52 PM

It seems that everytime I boot up this comes back. I've run zone alarm's spyware scan and it always picks it up and deletes it. What is it and how do I get it off my computer for good?

#2 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 12 August 2005 - 09:24 AM

From what I've read, it sounds like a cookie.

Do the following:

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK

After doing this, delete all cookies.

Run another scan and see if it comes back up.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#3 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 12 August 2005 - 02:36 PM

From what I've read, it sounds like a cookie.

Do the following:

Click on the Privacy tab and click on the Advanced button.

In the box that pops up, check both the Override automatic cookie handling and Always allow session cookies boxes. Set First party cookies to "Allow" and Third party cookies to "Block". Click OK

After doing this, delete all cookies.

Run another scan and see if it comes back up.

-- LB


I couldn't find anything in bold.

#4 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 12 August 2005 - 02:52 PM

I forgot to mention that you need to open Internet Explorer first before doing the above steps :oops: .


-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#5 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 13 August 2005 - 12:15 PM

That might be a problem--I have Firefox. In zone alarm's privacy-->Cookies there's an option to "Block persistent cookies". Should I check that?

#6 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 13 August 2005 - 12:36 PM

For Firefox, do the following:

On the Firefox menu bar, click on Tools->Options.

On the box that pops up, click on Privacy.

Click the '+' sign next to Cookies.

Check the box next to for the originating web site only. Also click the Clear button.

Click on OK.

Reboot and see if the scanner picks up Atwola again.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#7 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 14 August 2005 - 02:11 AM

Still picked it up. :unsure:

#8 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 16 August 2005 - 10:43 PM

Install the following 2 programs and see if they do the trick:

IE-Spyad

MVPS Hosts

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#9 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 17 August 2005 - 07:32 PM

:wtf: Still picks it up. I doubt this will help but I've included a HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 8:29:57 PM, on 8/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\SSDPSRV.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS.000\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\SYSTEM\MSDTCW.EXE
C:\WINDOWS.000\SYSTEM\RPCSS.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\ptsnoop.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
F:\PROGRAM FILES\DAEMON.EXE
F:\PROGRAM FILES\AIM.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNUPDATE.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
E:\FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.EXE
D:\PROGRAM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dial
F1 - win.ini: run=hpfsched
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS.000\SYSTEM\RDXPH.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS.000\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS.000\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS.000\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [AIM] F:\PROGRAM FILES\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRAM FILES\AIM.EXE

#10 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 19 August 2005 - 03:55 PM

Nothing bad in the log.

After you installed those 2 programs, did the scanner find it on the 1'st scan and any scans after that?

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#11 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 21 August 2005 - 11:29 AM

Yeah, it always finds it on a "quick scan". What it does is detects it and deletes it but as I've stated before, it just comes right back on the next boot up.

#12 auggief

auggief

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 25 August 2005 - 04:30 AM

Yeah, it always finds it on a "quick scan". What it does is detects it and deletes it but as I've stated before, it just comes right back on the next boot up.

View Post



atwola=AOL-Time Warner Online Advertising

#13 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 26 August 2005 - 03:32 PM

Is the scanner picking up the cookie in Internet Explorer or in Firefox? Also, do you have muliple profiles in Firefox?

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#14 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 27 August 2005 - 09:40 PM

I dunno what you mean by that. I don't use IE at all. And didn't know about profiles in Firefox so probably no. Sorry I'm being so difficult :p

#15 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 27 August 2005 - 10:11 PM

Does the Zone Alarm scanner produce a log of what it finds? If it does, could you post it here?

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#16 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 28 August 2005 - 12:55 PM

I couldn't find a logfile but I did include a screenshot. It's no big deal if we can't get rid of it. I can always just scan and delete whenever I boot up everytime.

http://img184.images...reenshot7fi.png

#17 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 30 August 2005 - 08:43 AM

In zone alarm's privacy-->Cookies there's an option to "Block persistent cookies". Should I check that?

View Post


Go ahead and do that. Report back with the results.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#18 Calicoo

Calicoo

    Advanced Member

  • Full Member
  • PipPipPip
  • 117 posts

Posted 08 September 2005 - 08:12 PM

It took forever but here's the results:

Made no difference. Still picked it up. :(




Member of UNITE
Support SpywareInfo Forum - click the button