kaymoore6's thread

Discussion in 'privacy problems' started by kaymoore68, Jul 21, 2003.

Thread Status:
Not open for further replies.
  1. kaymoore68

    kaymoore68 Registered Member

    Joined:
    Jul 21, 2003
    Posts:
    2
    I recently got tired of all the popups on my computer, the last straw was 12 porn popups which took over my screen when I started my browser. So I looked for software to remove and deny these annoyances so I could surf where I wanted to go. I installed Spywareblaster, Ad-Aware and Zero Popup. Now I am having trouble logging in to some web sites, and as this is a shared computer, I need to fix this before someone gets back from vacation. Mypoints for example says I need to have javascript and cookies enabled. So did Iwon, but I modified the settings in the internet options box of the browser and accessed IWon, but not Mypoints.
    So I have some questions.
    Which program could be the problem?
    Should I uninstall all of them and try again?
    Use a different popup program (I can't modify it.)
    Any help would be appreciated.
    kaymoore68
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re:New Finds?

    Hi kaymoore68,

    Could you post your HijackThis log
    Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
    Don´t fix anything yet. Most of what it finds is harmless.

    Regards,

    Pieter
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Re:New Finds?

    I received kaymoore68's by mail
    and had him fix several things.
    One however didn't ring any bells:
    O4 - HKLM\..\Run: [infus] c:\windows\system\infus.exe /noconnect

    If anyone is familiar with it, let us know.

    Regards,

    Pieter
     
  4. mmmm

    mmmm Guest

    no, it did not work. Still cannot log into Mypoints.
    Any others?
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Check in Internet Options > Security, and select "Trusted Sites".
    Press the "Sites" button and add the URL for the MyPoints site.
    Does that help?
    Please don't do the same for Iwon. Their reputation is dodgy, to say the least: http://www.safersite.com/PestInfo/db/i/iwon.asp

    Regards,

    Pieter
     
  6. mmmm

    mmmm Guest

    No did not help, changed the setting as requested, closed the browser, reopened then when it did not work went ahead and restarted. Still will not accept username and password at mypoints. I did also check and ensure the username and password from them is correct. (They emailed it). I was able to correct the problem with the Iwon site. It logs me in now. I will be away until tomorrow. I will check this site when I log back in. Thanks for working with me on this.
     
  7. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    FWIW, the only candidates I found for infus were a web development application and an online pharmaceutical ordering app. I can't imagine either of those loading within the auto-run areas of the registry.

    Regards,

    Dan
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Yup. And the /noconnect switch always makes me suspicious.
    Seen that on too many dialers. :doubt:

    Regards,

    Pieter
     
  9. kaymoore68

    kaymoore68 Registered Member

    Joined:
    Jul 21, 2003
    Posts:
    2
    :) Hello again, brief update,
    Upon restart, Zero Popup threw up a screen that said my trial period had expired which was wrong since I only had the program three days from download to use. I don't remember how many days it was to be used, but was much more that three. I uninstalled it, and accessed Mypoints immediately and your site with a little tweaking ( your site was modified under managed sites to always allow cookies).

    However, I am still looking into the energy variations on this computer, since I have not had any ( lag between sites, pauses) for the past few days. This computer accesses the internet through a cable modem as well which would also make it attractive to hackers or remote users.

    I installed EMS Free Surfer mk II - I allow it to chirp when a pop up tries to open. It is a very satisfying sound.

    Thank you for your help, as for the infus, don't know what it was, took it out with hijack and will continue to look for good cleaner type software. I would not have thought Zonealarm would allow this through.

    Any monitoring software recommendations?
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi kaymoore68,

    I'm still interested in a copy of infus.exe, if you can provide it.

    I think your question about monitoring software needs some specifying as to what you'd like to monitor.

    Regards,

    Pieter
     
  11. mmmm

    mmmm Guest

    infus.exe is an application program when I run a find from the start menu. How would I send it to you?

    Also I am looking to monitor intrusions, such as stealing passwords to my accounts online or using my computer remotely, the last of which I think was being done prior to using spywareblaster.
     
  12. mmmm

    mmmm Guest

    In addition it sits in the C drive//windows//system, an infus uninstall sits right beside it. I have made sure to be able to view all files hidden or otherwise. No info shows when I ask for the properties such as company name etc.
     
  13. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi,

    Can you compose an e-mail, click attachment and the browse to that file and doubleclick it.
    It will not disappeasr from your system. I will just get a copy.

    For intrusion detection: doesn't your ZoneAlarm create logs? I'm sure our firewall experts can help you out there.

    Regards,

    Pieter
     
  14. mmmm

    mmmm Guest

    The email is away. I forgot about the logs in Zonealarm. Since I feel someone has already remote accessed this computer, I thought maybe there would not be a record.
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi kaymoore,

    I received the file. I think it's best to delete it.
    No firm name listed, which is suspicious. There is an IP address in there, formatted as a URL.
    The site it points to seems to be down.

    I'll see if I can interest someone in analyzing it further.

    Regards,

    Pieter
     
  16. mmmm

    mmmm Guest

    I have deleted it. I also used Zonealarm analyzer and downloaded myNetwatchman. Zonealarm analyzer shows one attack, and My netwatchman shows these:
    Code Red/Nimda
    SQL Slammer Worm
    w32.Opaserv Worm
    RingZero
    NetBios Session Service
    What to do?
     
  17. krachen

    krachen Registered Member

    Joined:
    Jul 22, 2003
    Posts:
    9
    Location:
    Utah
    If anyone is interested, I picked up a FREE copy of Popup Killer before it went commercial. I use it on all four of my machines. <Edited. See comment below. Pieter>Takes a few steps to set up but works great.
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    krachen,

    I think if you read the EULA you OK'ed when installing that free version you will see it says you are not allowed to distribute it.

    Am I right? ;)

    Regards,

    Pieter
     
  19. krachen

    krachen Registered Member

    Joined:
    Jul 22, 2003
    Posts:
    9
    Location:
    Utah
    I'll look. In the help about, on the version I've got, it says it is 'FREEWARE'. I noticed that when I saw it a few days later that it was stated as 'SHAREWARE'. Does this constitute a change in how I look at it?
     
  20. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Even freeware will make that restriction most of the times.
    But I'm pretty sure they wouldn't appreciate us, allowing you to give away free copies, of a software you now have to pay for.

    Regards,

    Pieter
     
  21. krachen

    krachen Registered Member

    Joined:
    Jul 22, 2003
    Posts:
    9
    Location:
    Utah
    Here is the disclaimer:
    This program is 100% free, which means that you can copy it, use it as in many machines as you like, and make as many backup copies as you like! But please, if you're going to copy it, copy the original setup file, so the integrity of the program is maintained.

    Anyway, if you like this program and wish to make a donation in order to help me maintain it free, you're welcome to do so.

    There's a secure registration that you can use to make your donations:
    Click here for more information.

    The disclaimer part is very short... I'm not responsible if the program (PopUp Killer) behaves in some way different from expected and because of that you loose some data, or some of your data gets damaged or... or... or... Yours is the responsibility to use the program! not mine, ok?
     
  22. krachen

    krachen Registered Member

    Joined:
    Jul 22, 2003
    Posts:
    9
    Location:
    Utah
    I understand about the distribution. I'm sure the version I have is a far cry from what it is now but I'll not offer it again.
    Thanks
    Just want to stay on the right road.
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Thank you for understanding. :)
     
  24. mmmm

    mmmm Guest

    :D Thanks for all the help and the point in the right direction. My computer has a few bugs and glitches, and the infus.exe must have been the problem as Zonealarm analyzer reported 1 attack. Spywareblaster probably was enough for what I needed, but I felt I had to know what was being done so I installed mynetwatchman. PC Cillin and Truscan both reported no viruses, this after infus.exe was deleted. I don't have all the time I need to dedicate to this. i,e trace back, so I'll now let the new monitoring tool check the ports for me and also run spywareblaster and the other tools as well. Thanks Pieter and everyone.
     
Loading...
Thread Status:
Not open for further replies.