Alexa?

Discussion in 'privacy problems' started by ihatespyware, Jun 26, 2003.

Thread Status:
Not open for further replies.
  1. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    Anyone hear of a spyware called Alexa and if it can mess up your computer, like causing a BSOD when I run MSN Messenger 6 or OE 6?
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
  3. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    The reason I brought it up was because I went to one of my webpages which I'd registerd with CJB.net to get their address for my pages. As soon as I loaded the page, my browser crashed. When I started my browser I noticed there was a new toolbar on it and I went to the View menu and it was simply called Toolbar. I disabled and checked BHODemon and it only listed my Google bar and Lex bar, which I had disabled. I went to my other website also aliased through them and got the same. I went to CJB.net to complain of this new code and then got a BSOD.

    I then ran Adaware and it found a registry entry called Alexa which I dsabled. This Alexa is a lot more than spyware. I had to upgrade to IE 6 SP1 just to be able to use OE again because it'd crash or freeze if I tried to use it after this Alexa incident, also my MSN Messenger had to be uninstalled/reinstalled.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi ihatespyware,

    Out of curiosity: was that the first time you ran AdAware?
    There is one registry value for Alexa on every fresh Windows install.
    It is a Microsoft Internet Explorer key that points to a Microsoft DLL and a local Microsoft HTML file. That file redirects to an online MS page, and only that page redirects to the Alexa search engine.
    This could never have caused the problems you described.

    Regards,

    Pieter
     
  5. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    I installed the newest version of IE 6 before I ran Adaware.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi ihatespyware,

    That would account for the Alexa key.
    Every upgrade of IE will renew it.
    So, I´m pretty sure something other then Alexa caused your problems.
    You wouldn´t happen to know the CLSID or the name of that mysterious toolbar´s BHO?

    Regards,

    Pieter
     
  7. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    LEXBAR.DLL {11359F4A-B191-42D7-905A-594F8CF0387B}
     
  8. Reverend Ike

    Reverend Ike Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    25
    Location:
    Sacramento, CA
    L {11359F4A-B191-42d7-905A-594F8CF0387B}: Lexbar.dll - Lexico toolbar

    Legitimate, according to the magic list ...
     
  9. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    Well it's the only thing I can think of. The only other software I've installed in the last few days is my digital camera's, and I really don't think it mess up my comp that bad. These crashes happened when I visited my sites which are aliased through CJB.net.
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    ihatespyware,

    If you want me to have a look.
    Could you post your HijackThis log
    Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  11. ihatespyware

    ihatespyware Registered Member

    Joined:
    Jun 26, 2003
    Posts:
    8
    Location:
    Michigan
    As per your request:

     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    This looks like the one to me:

    O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)
    It is unknown which ususally means new baddy or lop.com

    Check that one and the ones listed below in HijackThis and close all windows except HijackThis, then click Fix checked:
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\LEXBAR.DLL__BHODemonDisabled (file missing)
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/1953e864376e26040314/netzip/RdxIE.cab
    O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://www.escorcher.com/program/supporter5.exe
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21769f6bf64866452521/netzip/RdxIE601.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
    O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/webregtest/RegDload.CAB
    O16 - DPF: {A7532940-DB22-4B10-BE6A-B467E5330745} (CustomToolbar.Setup) - http://mojo.com/toolbar/Customtoolbar.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {BC97B254-B2B9-4D40-971D-78E0978F5F26} (IEToolbar.clsIEToolbar) - http://www.searchwww.com/toolbar/toolbar.cab

    Reboot after doing so.
    As you can see you have a few possible causes in your Downloaded Program Files.

    May I suggest that youset your security settings for ActiveX a little higher:
    Internet Options > Security > Internet, press 'default level', then OK.
    Now press "Custom Level."

    In the ActiveX section, set  the first two options ("Download signed and unsigned ActiveX controls)  to  'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to  'disable'.  

    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.

    Regards,

    Pieter
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Note to Javacool:

    New installer for SearchIt toolbar:
    O16 - DPF: {A7532940-DB22-4B10-BE6A-B467E5330745} (CustomToolbar.Setup) -

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.