Re: RE: KeySnatch & BonziBuddy ??? Please help
From: <*((((><{ ({~~~_at_ocean.net)
Date: 10/21/04
- Next message: Phillip Windell: "Re: printing from the internet"
- Previous message: Chris: "How do I disable Windows Security Alerts?"
- In reply to: MAP: "RE: KeySnatch & BonziBuddy ??? Please help"
- Next in thread: PA Bear: "Re: KeySnatch & BonziBuddy ??? Please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Oct 2004 14:21:37 -0700
Follow up --
Pest Patrol (free) found KeySnatch and BonziBuddy.
Spybot S&D did NOT find them.
???
Can anybody confirm that the following reg keys are bad and
should be deleted?
065e6fd6-1bf9-11d2-bae8-00104b9e0792
8c3d4aa6-2599-11d2-baf1-00104b9e0792
Can anybody suggest why Pest Patrol found two malware, but Spybot
S&D did NOT find them?
<*((((><{
Fishy@Ocean.Net
PS: Thanks for the links to all the great programs. I have been
using several -- I'll try a few more.
<*((((><{
Fishy@Ocean.Net
In the last exciting episode on Thu, 21 Oct 2004 00:15:04 -0700, MAP
<MAP@discussions.microsoft.com> wrote:
|
|
|"<*((((><{" wrote:
|
|> I ran Pest Patrol (late updated in July). It found Keysnatch and
|> Bonzi Buddy. I can't figure out how I got them. I have the
|> evaluation version, so it won't remove anything. It says to remove
|> keys
|> 065e6fd6-1bf9-11d2-bae8-00104b9e0792 and
|> 8c3d4aa6-2599-11d2-baf1-00104b9e0792
|>
|> It references files named sssplitter and such.
|>
|> Question: How do I find out where these pests came from? Do I have
|> something on my machine that is causing them to load up? Did they
|> load up just from surfing the net?
|>
|> Question: How do I get rid of them? Am I safe in deleting all
|> references to the above keys? Or only references in certain areas of
|> the registry?
|>
|> Question: Is there a free program that will delete them for me?
|> (Since my Pest Patrol is old and only evaluates, doesn't remove)?
|>
|> Thanks for the help.
|>
|> <*((((><{
|> Fishy@Ocean.Net
|>
|
|Hi, These keys you mention are Broswer helper objects (BHO's)
|You can disable them with BHODemon or with the advanced interface of Spybot
|S&D
|
|Sometimes,when you remove malware it will stop your TCP/IP
|stack from working (Internet connection).
|Winsock or LSP-fix will correct the problem,Download first.
|Note to anyone using NOD32 Anti-Virus software,Do Not delete the
|"imon.dll" this fix reports,That is your e/mail scanning engine.
|
|YES-You need more than 1 malware program,the one's below are all free
|and work well.
|LSP-fix- http://www.cexx.org/lspfix.htm
|Spybot S&D - http://www.safer-networking.org/en/index.html
|CWS Smart Killer- http://www.safer-networking.org/minifiles.html
|
|About Buster- http://www.spychecker.com/program/aboutbuster.html
|Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
|CWShredder - http://www.majorgeeks.com/download4086.html
|Hijack this - http://www.majorgeeks.com/download3155.html\
|Hijacjthis tutorial -http://forums.maddoktor2.com/index.php?showtopic=165
|SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
|SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html
|WinPatrol - http://winpatrol.com
|Win Patrol is NOT a malware program,but it will inform you if anything writes
|to your registry or changes your home/search page,a nice little program.
|BHODemon - http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
|Bazooka -http://www.kephyr.com/spywarescanner/index.html
|asquared2 "Trojan Remover" - http://www.emsisoft.com/en/
|Socklock- http://nsclean.com/socklock.html
|
|NOD32Anti-Virus Free 30 day trial
| http://nod32.com/download/trial.htm
|
|A link for free online virus and trojan scanners.
|http://virusall.com/downscan.html
|
|A listing of BHO's
|http://www.spywaredata.com/bho.php?current_page=0
|
|To see if that freeware program you are about to inststall
|is infested with spyware check it out first at this link.
|http://www.spychecker.com/
|
|
|To help stop unauthorized downloads via your activex controls change your
|default settings.
|These settings are good for XP. The wording should be close for other systems
|as well.
|Go to control panel and open "internet options.
|Click on the security tab then custom level.
|make sure these settings are as follows.
|
|Download signed active x controls>set to prompt
|Download unsigned active x controls>set to disable
|Initialize and script active x controls not marked as safe>set to disable
|Run active x controls and pluggins>set to enable
|Script active x controls marked safe for scripting>set to enable
|Java permissions>set to high
|Launching programs and files in a IFRAME" > Prompt
|Installation of Desktop items"> Prompt
|Navigate sub-frames across different domains>prompt
|
|Recovery Console Password- Do this BEFORE you need it! Like maybe now.
|On many XP installations you can't start the Recovery Console because it
|won't recognize your password. This registry edit causes the Recovery Console
|not to ask for a password. This works for both XP Home and XP Professional.
|Start | Run | Regedit
|Navigate to
|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Setup\RecoveryConsole
|Set the DWORD SecurityLevel value to 1
|Exit Registry and Reboot
|
|
|Free Firewalls
| ZoneAlarm (Free and up)
|http://snipurl.com/6ohg
|
|Kerio Personal Firewall (KPF) (Free and up)
|http://www.kerio.com/kpf_download.html
|
|Outpost Firewall from Agnitum (Free and up)
|http://www.agnitum.com/download/
|
|Sygate Personal Firewall (Free and up)
|http://smb.sygate.com/buy/download_buy.htm
|
|NTbackup link
|http://www.onecomputerguy.com/software/ntbackup.msi
|Erunt- http://home.t-online.de/home/lars.hederer/erunt/index.htm
- Next message: Phillip Windell: "Re: printing from the internet"
- Previous message: Chris: "How do I disable Windows Security Alerts?"
- In reply to: MAP: "RE: KeySnatch & BonziBuddy ??? Please help"
- Next in thread: PA Bear: "Re: KeySnatch & BonziBuddy ??? Please help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
