Anyone hear of a spyware called Alexa and if it can mess up your computer, like causing a BSOD when I run MSN Messenger 6 or OE 6?
The reason I brought it up was because I went to one of my webpages which I'd registerd with CJB.net to get their address for my pages. As soon as I loaded the page, my browser crashed. When I started my browser I noticed there was a new toolbar on it and I went to the View menu and it was simply called Toolbar. I disabled and checked BHODemon and it only listed my Google bar and Lex bar, which I had disabled. I went to my other website also aliased through them and got the same. I went to CJB.net to complain of this new code and then got a BSOD. I then ran Adaware and it found a registry entry called Alexa which I dsabled. This Alexa is a lot more than spyware. I had to upgrade to IE 6 SP1 just to be able to use OE again because it'd crash or freeze if I tried to use it after this Alexa incident, also my MSN Messenger had to be uninstalled/reinstalled.
Hi ihatespyware, Out of curiosity: was that the first time you ran AdAware? There is one registry value for Alexa on every fresh Windows install. It is a Microsoft Internet Explorer key that points to a Microsoft DLL and a local Microsoft HTML file. That file redirects to an online MS page, and only that page redirects to the Alexa search engine. This could never have caused the problems you described. Regards, Pieter
Hi ihatespyware, That would account for the Alexa key. Every upgrade of IE will renew it. So, I´m pretty sure something other then Alexa caused your problems. You wouldn´t happen to know the CLSID or the name of that mysterious toolbar´s BHO? Regards, Pieter
L {11359F4A-B191-42d7-905A-594F8CF0387B}: Lexbar.dll - Lexico toolbar Legitimate, according to the magic list ...
Well it's the only thing I can think of. The only other software I've installed in the last few days is my digital camera's, and I really don't think it mess up my comp that bad. These crashes happened when I visited my sites which are aliased through CJB.net.
ihatespyware, If you want me to have a look. Could you post your HijackThis log Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post. Don´t fix anything yet. Most of what it finds is harmless. Regards, Pieter
This looks like the one to me: O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file) It is unknown which ususally means new baddy or lop.com Check that one and the ones listed below in HijackThis and close all windows except HijackThis, then click Fix checked: O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\LEXBAR.DLL__BHODemonDisabled (file missing) O15 - Trusted Zone: http://free.aol.com O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/1953e864376e26040314/netzip/RdxIE.cab O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.escorcher.com/program/supporter5.exe O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21769f6bf64866452521/netzip/RdxIE601.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB O16 - DPF: {A7532940-DB22-4B10-BE6A-B467E5330745} (CustomToolbar.Setup) - http://mojo.com/toolbar/Customtoolbar.CAB O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {BC97B254-B2B9-4D40-971D-78E0978F5F26} (IEToolbar.clsIEToolbar) - http://www.searchwww.com/toolbar/toolbar.cab Reboot after doing so. As you can see you have a few possible causes in your Downloaded Program Files. May I suggest that youset your security settings for ActiveX a little higher: Internet Options > Security > Internet, press 'default level', then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'. Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Regards, Pieter
Note to Javacool: New installer for SearchIt toolbar: O16 - DPF: {A7532940-DB22-4B10-BE6A-B467E5330745} (CustomToolbar.Setup) - Regards, Pieter