Re: Cool Web Search "Shredder" Update 03/12/03
From: Jim Byrd (jrbyrd_at_spamlesscomcast.net)
Date: Wed, 3 Dec 2003 23:00:01 -0800
Hi Mad Max - While I strongly suspect that you're trolling now, (even if it
didn't start that way), I'll take one shot (only) at trying to provide some
useful information which might help prevent this from occuring in the
If you want to take steps to defend your machine, there are a number of
things which need to be considered. I would suggest the following:
The minimum necessary to start with are a good hardware or software firewall
and an AV.
For the general hijack case, the best way to start is to get Ad-Aware 6.0,
Build 181 or later, here: http://www.lavasoftusa.com/support/download/.
Update and run this regularly to get rid of most "spyware/hijackware" on
your machine. If it has to fix things, be sure to re-boot and rerun
AdAware again and repeat this cycle until you get a clean scan. The reason
is that it may have to remove things which are currently "in use" before it
can then clean up others.
Another excellent program for this purpose is SpyBot Search and Destroy
available here: http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan. The reason is that SpyBot sometimes has to remove things
which are currently "in use" before it can then clean up others.
Note that sometimes you need to make a judgement call about what these
programs report as spyware. See here, for example:
Next, courtesy of Mike Burgess:
"--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
Information isn't free if you can't find it!
Note the Publisher setting - this vector is often overlooked.
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it updated) The latest version as of this writing
will prevent installation or prevent the malware from running (887 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Both Very Highly Recommended.
Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension)
Lastly, with regards to cookies: Courtesy of Mel's Spyware Tools, here:
XML-Menu for IE6 - (http://www.staff.uiuc.edu/~ehowes/main.htm, click on IE6
Tools on website) "This package contains a full menu of custom Import XML
files that can be used to manipulate IE6's handling of cookies in the
Internet and Trusted zones (the Privacy tab controls only the Internet
zone). The files are divided into three sets: one "short list" of
recommended files, and two "advanced" lists containing a wide range of
possible Privacy configurations. The ReadMe covers the basics of using
custom XML Import files and details all the files that are available. A
.REG file that can be used to restore the default Privacy tab settings is
This is the technique that I use and, while I do sometimes have to override
almost infallible in stopping bad cookies (I use 1-e, BTW) FWIW, Eric
Howes site, above, is one of the very best on the net with regard to
anything having to do with security. Highly Recommended.
See if any of this helps
-- Please respond in the same thread. Regards, Jim Byrd, MS-MVP