Re: Wicked spyware, can't get rid of it
From: Chek (chek_16_at_hootmail.com)
Date: 08/14/04
- Next message: Malke: "Re: Wicked spyware, can't get rid of it"
- Previous message: Kevin: "Re: CPU USAGE"
- In reply to: Dave: "Wicked spyware, can't get rid of it"
- Next in thread: Chek: "Re: Wicked spyware, can't get rid of it"
- Reply: Chek: "Re: Wicked spyware, can't get rid of it"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Aug 2004 00:54:41 +0100
Have you identified all the .dlls and .exe files in the 'R' section and
(usually) the 04 section of the
HiJack this log? There may be more in other places too, they get cleverer
every month.
There's a new version of Ad Aware - AdAware SE -out now. It's a worthwhile
addition.
Check the lavasoft forum where there's a guide to the
most thorough settings and get any available update.
Do the same for Spybot1.3.
Check if there's any new critical windows updates.
Also get About Buster
http://www.malwarebytes.biz/AboutBuster.zip
Update your anti-virus.
Then restart in safe mode and run:
Your anti-virus program,
CWShredder,
AdAware,
Spybot,
and make a new HiJack This log.
Pay attention to the .exe and .dll files reported, especially if you don't
recognise the software name.
Sometimes you can Google most of the files that show up, and that's enough.
But be careful - legitimate programs and processes are reported in addition
to the bad stuff.
You could nuke your system to the point of a repair reinstall if you do
something wrong here.
Just to warn you as strongly as possible. .
Othertimes, the parasites have authentic windows names, but in the wrong
location.
For instance in XP, the Hosts file should be in
C:\windows\system32\drivers\etc., but you may find other faked ones
in different locations. Another one that's common is Explorer.exe in
C:\windows\system32, which looks normal, except it should be in C:\windows.
Post your Hi Jack log in the malware/trojan and virus forums at
http://computercops.biz/
http://forums.spywareinfo.com
http://www.bleepingcomputer.com ,
where they have very good advice on offer.
http://www.aumha.org/a/parasite.htm
Is a great guide and download link source as well.
Hope this helps
Chek
-- Change' boos' to 'bos' in address to email directly "Dave" <anonymous@discussions.microsoft.com> wrote in message news:60a301c48189$8d8c2090$a401280a@phx.gbl... > I seemed to have contracted some spyware I can't get rid > of. I have used CWshredder, Highjackthis, and Spybot. My > norton anti-virus got rid of trojan.bitvariety, earlier. > My home page still changes and SVCHOST.exe or inetdata, > seems to be > the problem, maybe i'm wrong. I've looked up this file > and Microsoft says it's part of the system. CWshredder > and Spybot are updated but find nothing. Highjackthis > will not get rid of it. Norton scan comes clean. Any help > with this matter would be greatly appreciated, I already > deleted IE executable file out of frustration, ooops. > . > >
- Next message: Malke: "Re: Wicked spyware, can't get rid of it"
- Previous message: Kevin: "Re: CPU USAGE"
- In reply to: Dave: "Wicked spyware, can't get rid of it"
- Next in thread: Chek: "Re: Wicked spyware, can't get rid of it"
- Reply: Chek: "Re: Wicked spyware, can't get rid of it"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
