Re: New at Spyware, need help
From: Chuck (none_at_example.net)
Date: 06/29/04
- Next message: Chuck: "Re: weird traffic on my LAN"
- Previous message: Matthijs Hebly: "Re: MD5/SHA (or other hash tool) for complete directory (sub-)tree ?"
- In reply to: Larry: "New at Spyware, need help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jun 2004 14:25:07 -0500
On 28 Jun 2004 08:46:30 -0700, *email_address_deleted* (Larry) wrote:
>Okay, I'm new with the spyware thing, and got hit with it last week.
>In this instance, the spyware is taking control of my homepage and
>hitting me with pop up ads. During the first encounter, it also added
>a ".bak" to the end of my notebook and mwp executable files,
>essentially hiding them from shortcuts and such.
>
>The problem I have is that over the course of the past week I've
>deleted this same spyware from my computer about 9 times, and it keeps
>coming back. I've run Norton, and it doesn't detect anything. I
>downloaded AdAware and it can get rid of it when it comes back, but
>doesn't detect anything else. I've added the Goggle Toolbar with pop
>up blocker, and that doesn't help. I've deleted all my temporary
>internet files, cookies and prefetch files (XP home), but that's not
>helping. Somehow, this particular spyware keeps coming back. It
>doesn't seem to be related to any particular website (otherwise I'd
>stop going there), and sometimes, it comes back without surfing the
>web at all. I've noticed that it puts 2 files on my computer. The
>first is a dll with a random name (jemc.dll, dib.dll, dhise.dll, it's
>a random 3-5 letter name each time), and the second is sp.html.
>
>Is it possible that this thing has recorded my IP address and the host
>sends the files to me at random times? If so, how do I stop this from
>happening? Is it possible for a program to run in the background with
>my knowledge that loads the files on my computer, and a program that
>neither Norton or AdAware will pick up?
>
>PLEASE HELP!!! SERIOUSLY FRUSTRATED!!!
Larry,
CWShredder may be part of the solution, but most likely you will also need
HijackThis, and expert advice to interpret it's log.
Try one or more of these free online virus scans, which should complement NAV:
<http://www.bitdefender.com/scan/license.php>
<http://www.pandasoftware.com/activescan>
<http://www.ravantivirus.com/scan/>
<http://housecall.trendmicro.com/housecall/start_corp.asp>
Start by downloading each of the following free tools:
CWShredder <http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<http://www.majorgeeks.com/download4113.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <http://www.cexx.org/lspfix.htm>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Install and run Stinger.
<http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKillerMiniRemoval, then CWShredder. Have the latter fix all.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and post it, or a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
Wilders Security<http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
And Larry, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: Chuck: "Re: weird traffic on my LAN"
- Previous message: Matthijs Hebly: "Re: MD5/SHA (or other hash tool) for complete directory (sub-)tree ?"
- In reply to: Larry: "New at Spyware, need help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
