Post by: Guest_Terry_* on March 21, 2005, 07:08:22 PM
Been having trouble with CWS. I've ran Cwshredder, hijack this, trojan hunter and a couple others, but it keeps returning. I use adaware and spybot. I know it's in pretty deep and will probably be pretty involved to get rid of. I'm using Mozilla now, but since it's still there it "messes" me up when I open folders and files, etc.
downloaded startdreck, but couldn't get it to unzip - it said i needed an additional file? tried this a couple times and same thing.
Here's my hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 9:28:49 AM, on 3/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: (no name) - {027C4097-9949-11D9-8504-00A0DFA7EB35} - C:\WINDOWS\SYSTEM\ABJK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .com/individualapp/app?screenIdTextField=PageFramework&actionTextField=displayPrintable&FORM_ID=IN&APPLICATION_ID=1000065151: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O18 - Filter: text/html - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
O18 - Filter: text/plain - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
Thanks
Terry
Post by: guestolo on March 22, 2005, 02:00:52 AM
Can you please register to the forum and post your log again
Also, to unzip Startdreck you will need an Unzipping utility
Most use the Evaluation version of Winzip<<Don't worry about the 21 day warning
http://www.winzip.com/downwzeval.htm (http://\"http://www.winzip.com/downwzeval.htm\")
There is also others out there that are not evaluation versions
Such as
IZArc
http://www.tucows.com/preview/335168.html (http://\"http://www.tucows.com/preview/335168.html\")
You only need one or the other
If you don't have an unzipping utility you should get one, you will need it now and for other future downloads
Even after we're done here, it's something to hold onto
Post by: iago on March 22, 2005, 11:25:24 AM
Thanks
Terry
Logfile of HijackThis v1.99.1
Scan saved at 9:28:49 AM, on 3/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
O2 - BHO: (no name) - {027C4097-9949-11D9-8504-00A0DFA7EB35} - C:\WINDOWS\SYSTEM\ABJK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .com/individualapp/app?screenIdTextField=PageFramework&actionTextField=displayPrintable&FORM_ID=IN&APPLICATION_ID=1000065151: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O18 - Filter: text/html - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
O18 - Filter: text/plain - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
stardrecklog
StartDreck (build 2.1.7 public stable) - 2005-03-21 @ 20:32:38 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Terry Wise at F8U9F1
»Registry
»Run Keys
»Current User
»Run
*SpybotSD TeaTimer=C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
»RunOnce
»Default User
»Run
*SpybotSD TeaTimer=C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*Propel Accelerator="C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
**wlcu=rundll32 C:\WINDOWS\YAPS.LOG,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
*Ipswitch.WsftpBrowserHelper.1/{601ED020-FB6C-11D3-87D8-0050DA59922B}
`InprocServer32=C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
*{FE96DAAD-99E5-11D9-8504-00A09F8FAD5D}
`InprocServer32=C:\WINDOWS\SYSTEM\ABJK.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\SYSTEM\autoexec.nt
*C:\WINDOWS\wininit.ini
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
+FFEF6551=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF11C9=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF2639=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF3371=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE97BD=C:\WINDOWS\RUNDLL32.EXE
+FFFEDF55=C:\WINDOWS\EXPLORER.EXE
+FFFD810D=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFD6B35=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFFD6A5D=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFFD1325=C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
+FFFC2009=C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
+FFFBA761=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFFB6DF9=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFF9B8A9=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF8385D=C:\WINDOWS\SYSTEM\SPOOL32.EXE
+FFF8BBA9=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
+FFF724A5=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
+FFF8F061=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFF1A56D=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFF21A65=C:\PROGRAM FILES\STARTDRECK.EXE
+FFF1D361=C:\WINDOWS\TEMP\STARTDRECK.EXE
»NT Services
»Application specific
Post by: guestolo on March 23, 2005, 12:52:22 AM
Download and save to Desktop SpSeHjFix_Beta8.zip
[attachment=82:attachment]
UNZIP the folder within, to your desktop
So you will now have SpSeHjFix_Beta8.exe on your desktop
I need you to disable Spybot's Tea Timer so it won't interfere with any fixes we try
Start Spybot>>Click Mode>>advanced Mode>>Ok it
Tools>>Resident>>Uncheck Resident Tea Timer>>Accept the change
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=2#_Section2\")
The tool will remove these files, but if you find them delete them now
Find and delete these files if found
C:\WINDOWS\SYSTEM\ABJK.DLL <-file
C:\WINDOWS\YAPS.LOG <-file
Navigate to, and delete the contents of your temp folders, or whatever you can
C:\WINDOWS\Temp <-delete contents
C:\WINDOWS\Temporary Internet Files <-delete contents
Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {027C4097-9949-11D9-8504-00A0DFA7EB35} - C:\WINDOWS\SYSTEM\ABJK.DLL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O18 - Filter: text/html - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
O18 - Filter: text/plain - {027C4096-9949-11D9-8504-00A0B0EB4EAE} - C:\WINDOWS\SYSTEM\ABJK.DLL
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Ensure you unzipped SpSeHjFix_Beta8.exe
Double click to open it and click the
Start Disinfection
It should restart your computer when done, if not restart anyways back to Normal mode
Back in Windows
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page
Post back a fresh Hijackthis log and a New Startdreck log
Also post the log from SpSeHjFix_Beta8.exe
If some entries return, we should get them on the next round
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: iago on March 23, 2005, 09:36:39 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> You're impressin' me here!
Followed your instructions and here are the new logs:
Logfile of HijackThis v1.99.1
Scan saved at 9:24:09 PM, on 3/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .com/individualapp/app?screenIdTextField=PageFramework&actionTextField=displayPrintable&FORM_ID=IN&APPLICATION_ID=1000065151: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
StartDreck (build 2.1.7 public stable) - 2005-03-23 @ 21:29:59 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Terry Wise at F8U9F1
»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*Propel Accelerator="C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
**izr=rundll32 C:\WINDOWS\YAPS.LOG,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
*Ipswitch.WsftpBrowserHelper.1/{601ED020-FB6C-11D3-87D8-0050DA59922B}
`InprocServer32=C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\SYSTEM\autoexec.nt
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
+FFEF6E09=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF1A91=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF2D61=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF3829=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFE9CE5=C:\WINDOWS\RUNDLL32.EXE
+FFFEDAE9=C:\WINDOWS\EXPLORER.EXE
+FFFDE4A1=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFD4F19=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFFD4FD1=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFFBC66D=C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
+FFFA5809=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFFA1E51=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFFBB6C9=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
+FFF9CA1D=C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
+FFF90A75=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFF83A89=C:\PROGRAM FILES\STARTDRECK.EXE
+FFF83619=C:\WINDOWS\PROGRAMFILES\STARTDRECK.EXE
»NT Services
»Application specific
3/23/05 9:12:04 PM SPSeHjFix started v1.08
3/23/05 9:12:04 PM OS: Win98SE A (4.10.67766446)
3/23/05 9:12:04 PM Bad-Dll(IEP): (not found)
3/23/05 9:12:04 PM BHO-DLL: (not found)
3/23/05 9:12:04 PM Searchassistant Unintaller found
3/23/05 9:12:04 PM Searchassistant Unintaller - Keys Deleted
3/23/05 9:12:04 PM UBF: 4
3/23/05 9:12:04 PM UBB: 2
3/23/05 9:12:04 PM UBR: 5
3/23/05 9:12:04 PM Bad IE-pages:
3/23/05 9:12:04 PM Stealth-String found: C:\WINDOWS\YAPS.LOG
3/23/05 9:12:04 PM File added to delete: c:\windows\system\abjk.dll
3/23/05 9:12:04 PM File added to delete: c:\hjruon.txt
3/23/05 9:12:04 PM File added to delete: c:\windows\yaps.log
3/23/05 9:12:04 PM Reboot
3/23/05 9:14:24 PM SPSeHjFix 2nd Step
3/23/05 9:14:25 PM RunServicesOnce-Key: (alex)
3/23/05 9:14:34 PM Cleaned
Is it fixed?
Appreciate your help.
Iago
Post by: guestolo on March 23, 2005, 11:04:00 PM
Seems like the Beta fix didn't get rid of the Hidden infection
We have to get rid of this bad guy identified in the startdreck log
Code: [Select]
»RunServicesOnce
**izr=rundll32 C:\WINDOWS\YAPS.LOG,DllGetClassObjectDownload and save to Desktop Remove.zip
[attachment=83:attachment]
Unzip the contents so you now have Remove.reg on the desktop
Please Print the rest of this out or write it down
I need you to Restart your computer into MS-Dos Mode
START>>Shutdown>>select Restart in MS-DOS mode
OK
At restart you should be at this prompt
C:\WINDOWS>
Type in the below excluding the (Enter), that indicates hitting Enter on your Keyboard>>>Take note of all the spaces too
attrib -r -s -h C:\WINDOWS\YAPS.LOG (Enter)
del YAPS.LOG (Enter)
If you want a rundown of what that should all look like with all the spaces, I've included below the same commands with = signs indicating where there should be a single space, you will not input the = sign, just the space
======================================================
attrib=-r=-s=-h=C:\WINDOWS\YAPS.LOG
del YAPS.LOG
======================================================
Use CTRL+ALT+DEL to Restart your computer back to Normal mode
This should restart the computer back in Normal mode
Double click on Remove.reg and allow to merge to the registry
Restart your computer again
Post back a fresh hijackthis log and a Fresh Startdreck log
Post by: iago on March 24, 2005, 03:25:40 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Thanks, again for your time!
Logfile of HijackThis v1.99.1
Scan saved at 3:10:41 PM, on 3/24/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .com/individualapp/app?screenIdTextField=PageFramework&actionTextField=displayPrintable&FORM_ID=IN&APPLICATION_ID=1000065151: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
StartDreck (build 2.1.7 public stable) - 2005-03-24 @ 15:13:24 (GMT -05:00)
Platform: Windows 98 SE (Win 4.10.2222 A)
Internet Explorer: 6.0.2800.1106
Logged in as Terry Wise at F8U9F1
»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*Propel Accelerator="C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
*AVG7_CC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
*AVG7_EMC=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
*AVG7_AMSVR=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
+OptionalComponents
+IMAIL
*Installed=1
+MAPI
*NoChange=1
*Installed=1
+MAPI
*NoChange=1
*Installed=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar1.dll
*Ipswitch.WsftpBrowserHelper.1/{601ED020-FB6C-11D3-87D8-0050DA59922B}
`InprocServer32=C:\PROGRAM FILES\IPSWITCH\WS_FTP PRO\WSBHO2K0.DLL
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\autoexec.bat
*C:\WINDOWS\SYSTEM\autoexec.nt
*C:\WINDOWS\wininit.bak
»System/Drivers
»Running Processes
+FFEF6E1B=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF1A83=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFF2D73=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFF383B=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFEDEFB=C:\WINDOWS\EXPLORER.EXE
+FFFDD82F=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
+FFFDA8C3=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
+FFFDB7A3=C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
+FFFCDB97=C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
+FFFC258F=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFFBE967=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFFB3E23=C:\WINDOWS\DESKTOP\STARTDRECK.EXE
»NT Services
»Application specific
Post by: guestolo on March 24, 2005, 08:49:23 PM
You should set up protection against future attacks
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
Post by: Guest on March 25, 2005, 12:53:04 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Seems to be okay!
I switched to Mozilla, but will check out the links you have listed, just in case I have to use IE.
Thanks!!!!
Terry
Post by: guestolo on March 25, 2005, 09:49:38 PM
If you need it reopened please PM a Mod or the site Admin and supply a link to this thread
I use Mozilla Firefox all the time, very rarely even open IE
But I still have IE-Spyad installed just in case
Internet Explorer is so integrated into Windows it is just safer to have IE-Spyad installed
SpywareBlaster also has protection for Mozilla Browsers, so you should defintely install it
Take Care
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />