protection for restricted sites being disabled

Discussion in 'SpywareBlaster & Other Forum' started by barcados, Dec 17, 2004.

Thread Status:
Not open for further replies.
  1. barcados

    barcados Registered Member

    Joined:
    Dec 17, 2004
    Posts:
    3
    I am a newbie with postings - I hope that this is the right place to post this.

    The Proctection for restricted sites is automatically being disabled for three sites:
    blazefind
    mediatickets
    searchbarcash

    I have "cleaned" (several times a day) my computer with:
    ad-awareSE
    spy-subtract
    spybot search n destroy

    I have done this locally as adminstrator, and logged on as myself. The scans show there is nothing there anymore, but I get the odd spontaneous pop-up advert in an IE type window (I mostly use Mozilla).

    In the past I had some form of CoolWebSearch (about:blank) but that is supposed to have been cleaned.

    I have noticed that in the Tools section about:blank is listed as the local machines homepage, but I do not see that from within IE. Will changing this using Spyblaster help my situation?

    I hate knowing there is something there I can't get out - is this typical of something and how do I get rid of it?

    Thank you.
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi barcados, and welcome to the Forum.

    I saw your post in claudio's thread, but I'll answer in this one and ask that you do not cross-post in other threads but stay with this one, please. :)

    As LowWaterMark mentioned in the other thread, some anti-spyware programs can mistakenly identify some of SpywareBlaster's protection as an infection. Then when you have the anti-spyware tools fix those items, you end up in a vicious cycle of disabling and enabling SpywareBlaster's protection each time you run a scan with your anti-spyware tools.

    You can check to see if this is what is happening by enabled ALL SpywareBlaster's protection, then immediately do a scan with all your anti-spyware tools, fix what they find, then check SpywareBlaster to see if the exact same items have been disabled. If that is what is happening, then you can ignore those items when you do a scan with your anti-spyware tools.

    "about:blank" will show in the Address line if you've click on the "Use Blank" button under IE's Tools -> General -> Home page settings.

    You can change your IE's home page using SpywareBlaster's Tools options, or you can set your home page using IE's Tools option. If after you've reset your home page to something else and clicked the "Apply" button to save the settings, then later when you open IE find the home page has changed back to a previous setting, then there's a good chance you may not have been successful in removing all of the previous infected files from your system and you could still be infected with a hijacker.

    You've mentioned seeing "odd spontaneious pop-up advert in IE type windows". This can be due to low security settings in IE, or an indication your system may have become re-infected with spyware. The possibility that something could have been missed when cleaning the earlier CWS infection is also a concern. You may want to consider posting a hijackthis log for review at one of the forums that offer spyware/hijack removal, and have a spyware removal expert take a closer look. As we no longer do hijackthis reviews here, you can find a list of sites that offer this type of cleaning service in this link: http://a-sap.org/

    Hope the above helps,

    Regards,

    snap
     
  3. barcados

    barcados Registered Member

    Joined:
    Dec 17, 2004
    Posts:
    3
    Thanks snap

    sorry about the cross-post.

    I scanned my system, and no changes to the protected list.

    Then I opened IE and found my homepage had been changed to hxxp: //69.50.160.100/ and a new tool bar 0CAT had replaced my Google tool bar. I don't know how long it has been like this (days?) - I usually use Mozilla. On the plus side none of the restircted sites in Spyblaster have had their protection disabled ;)

    Spybot Search and Destroy, Ad-aware, and spysubtract aren't picking anything up.

    I guess the next step is to post a hijack log on one of the recommended forums.

    I'll will post the end results here incase anyone with a similar issue is following.

    Thanks,

    Alex
     
    Last edited by a moderator: Dec 20, 2004
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi barcados,

    I disabled the link so no one accidently clicks on it and becomes infected. ;)

    It does look like you are still infected with spyware, and probably CWS too.

    The 0CAT YellowPages Toolbar and BHO are listed on CastleCops' - CLSID Toolbar and BHO List with an X: http://computercops.biz/CLSID.html

    There is also a sample log that Metallica worked on here:
    http://computercops.biz/postp392717.html

    In that log sample, the following were identified along with a "0CAT YellowPages" folder in Program Files.

    O2 - BHO: STIEbarBHO Class - {D797AD6C-6447-4DB4-91D0-090344408E72} - C:\Program Files\0CAT YellowPages\STIEbar.dll

    O3 - Toolbar: 0CAT Yellow Pages - {679695BC-A811-4A9D-8CDF-BA8C795F261A} - C:\Program Files\0CAT YellowPages\STIEbar.dll

    O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll

    O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - C:\Program Files\0CAT YellowPages\STIEbar.dll

    ----

    You can try running your anti-spyware tools while in Safe Mode (make sure you have them fully up-todate first), then also do an on-line virus scan: Free Services

    Once you have done the above, please do follow-up with posting a HijackThis log at one of the forums listed in the link I gave you in my first post.

    Please do let us know how it turns out.

    Good luck,

    snap
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
Loading...
Thread Status:
Not open for further replies.