Re: Click-Click Spyware
From: Chuck (none_at_example.net)
Date: 12/14/04
- Next message: E.: "Re: Securely wiping SCSI disks"
- Previous message: gregf_at_kcls.org: "Preventing users from installing software"
- In reply to: Larry R Harrison Jr: "Re: Click-Click Spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 13 Dec 2004 23:20:32 -0600
On Mon, 13 Dec 2004 17:55:59 -0700, "Larry R Harrison Jr" <noone@noone.com>
wrote:
>I don't know, it always pulls up other names as well from other things that
>get found out about.
>
>LRH
Larry,
If you're seeing multiple things identified by Spybot, or things repeatedly
found, IMHO you need to do a thorough spyware check. Essential: AdAware,
Spybot, and HijackThis, followed by expert advice as noted below. And PLEASE
post a link to your HJT log post(s)!
Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
TrendMicro Engine <http://www.trendmicro.com/download/dcs.asp>
TrendMicro Signatures <http://www.trendmicro.com/download/pattern.asp>
TrendMicro Instructions <http://www.trendmicro.com/ftp/products/tsc/readme.txt>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the two TrendMicro files,
such as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, disable System Restore.
<http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboot your
computer, and re enable System Restore.
Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D again. First update it, then run a scan. Trust Spybot,
and delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
<http://forums.spywareinfo.com/index.php?showtopic=11150>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
-- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: E.: "Re: Securely wiping SCSI disks"
- Previous message: gregf_at_kcls.org: "Preventing users from installing software"
- In reply to: Larry R Harrison Jr: "Re: Click-Click Spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
