Ports

I turned off my pc for awhile, I wanted things to sit after all had been removed. I booted, ran ad-aware an it found some more... 12 in fact, cydoor made it back in and a few others, one was written as sextext... i quickly deleted it. I didn't want to know anymore about it! LOL

I'm running tds3 again, just to make sure.

It's probably my fault my isp in allowed on za, my first experience with a firewall would not let me connect, so i assumed clicking yes to allow that program to access the internet was the correct answer. Now I'm confused.

BTW, I'm more then exhausted, my eyes feel like they might pop out of my head! LOL

I'm going to take some time, rest my eye's, then read through the thread and soak it all in and see what else I need to do.

Everyone has been EXTREMELY helpful.

 

Thank you! I think snap mentioned something last night about spybotsd, i've downloaded it... I have the screen open and though I should let my mind rest a bit, I CAN'T!
What do I do with this program?

And snowy mentioned my isp and za, that it shouldn't be there. Does anyone have any suggestions to that?
The third scan with tds3 found nothing and I'm still looking for the thread with the link for pcflank (is that right?)

Am I forgetting anything?

Thanks for all the spyfree file share links! I WILL go back to those!!!

~Lori

 

http://www.pcflank.com/test.htm


Lori

the post by Spy 1 will lead you to Mike's site where you can read about homepage highjacking

there is another post by Prince that will tell you what you need to do to use spybot..

don't worry about your ip right now

there is still something on your computer that is re-installing that spyware....you took it off once with adaware...it came right back....very odd behavior....have never known of this happening
for now just take the pcflank test....afterwards someone may offer better advice than I can on this

 

---------------------------------------------------------------------------
BY PRINCE

As for SpybotS&D, run the scan, then check the boxes beside any spywares found and delete them. If there aren't any it will say so. Leave the Registry Settings stuff alone for now (in the list). Wiser heads can guide you on the rest of it.
--------------------------------------------------------------------

 

Ok, I did a search with spybot...

Red exclamation points on all... here's what was found, I dunno what to delete.?.?.

Windows Explorer
Windows Office 9.0
Log:install wnsetup.log
Log:install setupapi.log
Log:install Active Setup Log.txt
Log:install IE brndlog.txt
Log:Activity OEWABLog.txt
Internet Explorer: Temp Int. Files(3756 entries)
Internet Explorer: last used directory HKEY_Current_user
Internet Explorer: Cookies (48 cookies)
Common Dialogs: History (96 files) (same Hkey stuff as above)

NOW THESE ARE ALL IN RED LETTERS WITH EXCLAMATION MARKS
MS Media Player Client ID
Internet Explorer: data sourse object exploit
HitsLink: tracking cookie or cookie of tracking site
Hitbox: Tracking cookie or cookie of tracking site (3 of these)
BDE Projector: application settings(two of these one being secureinstall.exe, the other viewer.exe
Avenue A, Inc.: Tracking cookie or cookie of tracking site
Advertising.com: Tracking cookie or cookie of tracking site

All are checked, should all be checked?

 

pcflank test

danger (don't remember what this was)
warning (trojan)
danger (don't remember what this was either)

I did the exploits test and I came out with a smiley green face! I passed that one!

 

About the SpyBot results:

Most of them are user tracks and cookies.
Nothing to get worked up about. It's your choice whether you want to delete them.

Two things need further attention:

1) The IE Data source object exploit.

It's an IE vulnerability. Read about it here, and download DSOstop: http://www.nsclean.com/dsostop.html

2) The two BDE Projector files.

Probably B3D, spyware, and you should get rid of those.

 

Thanks TonyKlein and I downloaded the IE protection.

 

Good decision!

 

Lori

Tony knows his stuff.....do will to follow his advice.

about this trojan.....how about lets get rid of it....remember the mcaff emergency boot disk.....looks its time to use it.........TDS is by far the best...there could be a very simple reason why its not detecting the trojan....you may not have it set-up correctly.....so instead of wasting time...just try the boot disk....it should do the job.

snowman

 

Okie Dokie...

After scanning with pcflank and TDS, is it really possible?

I think spybot really helped. After deleting and adding the IE protection, my icons seem to be back to normal and yahoo came up as my homepage after I rebooted.

I will start the McAfee scan... I should post again in about an hour.



Thanks guys!

 

Lori

you put forth a real effort....the decision is yours of course......perhaps just for your own peace of mind it would be nice to run the boot disk,,,,,sure wont hurt......oh..may want to print the instructions.....

 

boot scan completed and nothing was detected!!!

This is Good!!!

Is there anything else I should do? My icons are still black, is this where my pc was hyjacked? All icons... in browser window, where the www. is typed, at the top right corner of the browser, quicklaunch bar... all of them, every one of them is black.

Any thoughts?

 

Hi Lori! It looks like you've got most everything pretty much under control and with the links and advice the other's have posted, you're on a good start to getting your pc back to where you want it and clean.

i can't offer too much help with with your QuickLaunch icons turning black....i know there are some features in IE that do have icons that are not used often turn dark and/or gray (i have two myself that turn dark if i don't use them, but not all do) You might want to go to Microsoft's site and do a search on Internet Explorer, check and see if you have all the most recent updates and patches for it, etc. Sorry i can't help much more on that.

with Spybot S&D, you can go to the Forum here: Spybot Search&Destroy Forum and read through some of the posts; some may be very similiar to your questions about what to delete.

a step-by-step instruction for the settings for Spybot S&D can be found here: settings

i was thinking of suggesting something like RegRun also to check for errors in your registry, but i am not all that familiar with the Registry so that might be something someone else may be able to offer a li'l more help with-----something may still be there that could be re-installing spyware that isn't being caught by SpybotS&D? (just a thought)

but if you go to the Tools page here at Wilders:
http://wilders.org/free_tools.htm
there you will find some helpful tools that you may wish to use later, like BHODemon - to check what I.E. Browser Helper Objects you may have installed, and Spider - to help clean I.E.'s cache & index.dat files.

these are just suggestions and if you have any questions about the Tools on the Tools Page, many of the Members have used them, and know them pretty well, and will be able to help.

hope the above is useful....good luck Lori!

snap

 

Thank you snap!

I wish there was something I could do for everyone who has helped, being a mom, I want to bake everyone cookies, but that's a bit unrealistic! LOL

So, thanks again...

I'll let ya know what comes up about my icon issue...

 

You are welcome! LOL! and virtual cookies would be great--no calories!

snap

 

I love cookies! The edible, fattening kind. I can do a more detailed walk-through of Spybot with screenshots but it will have to be later this morning. I have no time right now.

When you go to look for help at Microsoft, practice patience. I am an experienced research archivist and Microsoft's libraries give me the willies. They can be a bit obtuse to a beginner.

I'm not certain if this applies to your problem, but whenever I've had black icons, at least on webpages, it is because the Java applet has failed. Can this be similar to your IE taskbar? Someone correct or clarify if you like. See you later.

 

Maybe a corrupted icon cache?

Download TweakUI and install it. Click on Repair and choose Repair Icons and click Repair Now. You may need to do that a couple of times.

Depending on which version of windows you have .....

For Windows 95/98/ME/2000, http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp

For XP Home and Pro, http://www.microsoft.com/windowsxp/pro/downloads/powertoys.asp

 

Lori

consider just turning the icons off.....wont bother the programs any....plus less to load at start-up..(granted not alot) you really don't need those icons in the tray...noper..

how: go to the bottom system tray (where all the icons are) right click on the tray...up pops a screen...."TOOLBARS".>....Quick Launch>....removed the "check">...close.>.all gone..............want the icons back....just " check" again......

snowman

 

Mike

oops...we were posting at the same time

Lori the suggestion by Mike is a far better way to go....

snowman

 

Hi snap, snowman, Lori and everyone else! I am processing the screenshots I took of running SpybotS&D right now. There are 17 all together. I don't know if Wilders will permit that many. With Irfan, I can make them smaller yet still legible. Each would be about 50Kb or less. If I cannot put them up here, then Lori can IM me, we can make some other arrangement.

So, how about it? Anyone want a step-by-step, visual walkthrough of Spybot Search and Destroy? (With commentary/instructions.) I won't post them unless I have permission to do so. Thanks.

 

Prince

Tryed SPYBOT last night an it completely hosed my system.........I would not use it again under any circumstances,.......will need to do a re-format as soon as possible....the os is just limping through today

snowman

 

Paul

I was also of the understanding that it ran flawlessly....in fact several people using it has the same os as me....so I don't know what happened.......actually Paul this was the second time.......what happens after install is that opening spybot....soybot then becomes one giant screen saver..takes the entire screen....no trays...no start menu...mouse wont work....no way of accessing spybot or any other program.........bypassing causes the monitor to become something of a 3d ..........
obviously there is something on my os that is not agreeable with spybot............however...this should not be taken to imply that it wont work properly for others...it does.
but would I ever try it again....absolutely not!!

snowman

 

I haven't searched thru MS yet... I set spybot to search for everything thing! LOL

BUT after the search, downloadalot still came up... thre really is something on here that spybot and ad-aware isn't finding... is it simply atttached to my IE? I've tried downloading IE 6, but the install will not complete. If I completely remove IE and download netscape or MSN Explorer and then download IE6 would that work?

And prince, all my icons are black, at the top of an IE page, where it give the discrip of the page, like this page it has the white page w/blue e and says Post reply - Microsoft ..... the little white page and blue 3 are black, along with all other icons... includeing the quick launch and occasionally the program's running with disappear from the right side next to the time clock... i'm baffled!!! So I guess that would mean it's more then IE, it's window's explorer as well, correct?