SpywareBlaster enable disable PROBLEMS

Discussion in 'SpywareBlaster & Other Forum' started by SINNED, Nov 10, 2004.

Thread Status:
Not open for further replies.
  1. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Can someone help me please,in SpywareBlaster my Internet Explorer protection and Restricted Sites protection is enabled. When i click up SpywareBlaster all of them or some of them are disabled, i also have the ISTbar downloader virus which i cant get rid of, i have been to many sites and followed their instructions to no avail, and my anti virus software cant get rid of it, and i find hundreds of Porn sites sitting in my registry, i run Windows me, Avast anti virus and Zone Alarn Firewall.
    CAN SOMEONE HELP ME PLEASE :mad:
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi SINNED,

    Welcome to Wilders.

    It looks like your system is still infected and that infection is affecting SpywareBlaster from working properly. The best advice I can give you is to go to one of the sites that do HijackThis log analysis and system cleaning, and post your HijackThis log. Please note, we no longer provide HijackThis log review here at Wilders.

    Here is a direct link to CastleCops (aka ComputerCops)
    http://computercops.biz/forum67.html
    Please read CastleCops' Rules & Guidelines before you post a HijackThis log:
    http://computercops.biz/postt8864.html

    Also, here are two more links with information on ISTbar and removal instructions that may help:
    doxdesk - ISTbar
    Trend Micro - Troj_ISTbar.X

    After your system is cleaned, you can try reinstalling SpywareBlaster.

    Please let us know how it goes.

    Regards,

    snap
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey SINNED....Welcome to Wilders [​IMG]

    Given the fact that some adware cleaning programs of late are producing False Positives in respect to ISTbar and a number of other reg entries....and given some of the info you have shared.... "find hundreds of Porn sites sitting in my registry"....I have a few questions.

    1)What....if any....adware\spyware cleaning programs do you use
    2)These hundreds of Porn sites in the registry you mention....what registry key are you seeing those entries in
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Bubba just brought up a good point, and yes some of the rouge anti-spyware programs do flag the entries SpywareBlaster places in the registry for protection.

    SINNED, please answer Bubba's questions first because if this is what is happening, then my post will not apply.

    snap

    (Thanks Bubba - I must need another coffee) :D
     
  5. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi guys thanks a lot for your help, bear with me cause im new at the technical side of computers. I'm running Ad-aware Personal, SpywareBlaster and Spybot, one problem with Spybot have missed quite a few updates to no fault of my own, i try to update nearly everyday but says no new updates so i use Ad-aware more these days. Now to the main point the porn sites appear in this part of the registry:
    HKEY_USERS/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/INTERNET SETTINGS/ZONE MAP/DOMAINS
    And viola there are heaps of porn sites in there. I hope this helps, i know its early morning there and its just starting to get dark hear in Melbourne, Australia, i really do appriciate your help.
    Thanks Dennis
     
  6. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Sorry to bother you again guys when i go to certain sites i get this message on my Internet Explorer HTTP 403 (FORBIDDEN), this has started happening the last couple of weeks, by the way i think i forgot in my previous posts to tell you that i run Zone Alarm Pro Firewall, what a dunce i am. Sorry to bother you hopefully i can get these problems sorted with your help.
    Well im going off to sleep and hopefully tomorrow when i go online you will have some answers for me.
    Thanks a lot Dennis
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Dennis,

    I'll address the 403 (FORBIDDEN) question first. The common reason for this error is that directory browsing is forbidden for the Web site. Would you mind giving a link to a site that exhibits this error message.

    Your first question dealing with porn sites and the reg key(HKEY_USERS....ZONE MAP/DOMAINS....is one of the locations IE places entries in respect to sites listed in IE's Trusted Zone and Restricted Zone but usually is only used in certain cases with Win9X type OS's. If you look at that key again....click on one of the sites listed and notice in the right hand box. You should see something similar....0x00000004(4). The 4 signifies a site in IE's Restricted Zone....where as a site entry with 0x00000002(2)....would signify a site in IE's Trusted Zone. If you hunt around again for the below reg key....you should find where IE normally stores those entries for the current user that is logged on to the PC.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    If the entries I mentioned above have the # 4....that tells me they were either put there by one of Spybot's Immunization feature, SpywareBlaster or some other software that places sites in the Restricted Zone of IE.
     
  8. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi Bubba thanks for the reply, this is one of the pages that says HTTP 403 (FORBIDDEN): http://209.133.47.12/~merijn/files/HijackThis.exe
    and about the numbers 2 and 4 how do i stop the restricted sites getting into my registry, remember im new at this, and anyway getting that pest ISTBAR virus out of my system i have tried various ways that heaps of web sites have told me, but to no avail, theres also another virus called TROJAN-GEN (OTHER),and AVAST finds them but cant repair them or delete them, i have tried various online scanners and the same scenario, they wont get rid of them. And last of all the SpyBlaster problem, if i leave it open and minimised it wont change all protections are enabled, but when i click it off and then open it thats when all or part of my protections are disabled. Once again thanks for your help.
    Thanks Dennis
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It's not a bad thing to have sites placed in the Restricted Zone of IE....especially when you want to restrict certain sites like "major ad servers, hijackers, dialers and parasites". One of the features of SpywareBlaster is it's Restricted Sites protection....which if enabled....will place IP\URL addresses in the Restricted Zone of IE for the above given reason. When you have time....visit the below link and ask further questions if it's not sinking in.

    This link---> Adding sites\servers to the Internet Explorer Restricted Zone

    What I'm more concerned about at the moment is your possible problem with this....ISTbar downloader virus and TROJAN-GEN (OTHER).

    Please follow as many of the below instructions as you can and report back.

    These instructions---> GENERAL Virus and Trojan removal Instructions.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  11. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi Bubba thanks for the link to remove viruses and trojans but no can do the software it tells me to download Stinger and Ewido i get the HTTP 403 (FORBIDDEN) message, so how can fix this problem before i start on the other im going out of my mind please HEEEEELLLLLLLLLLLLLLLLLPPPPPPPPPPPP. Thanks Dennis
     
  12. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi SINNED,

    Just to make sure your hosts file has not been compromised, could you please download hoster.zip and unzip it to a permanent folder (example c:\hoster)
    http://members.aol.com/toadbee/hoster.zip

    Close IE, then run Hoster.exe.
    Click on the "Restore Original Hosts" button and the "Make Hosts Read Only" button.
    Close the program when finished.

    Then try the downloads again in the link Bubba provided for General Virus and Trojan Removal Instructions.

    Let us know if that helps.

    Regards,

    snap
     
  13. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Dennis,

    Would you attempt a little house cleaning by clearing your cache(Temporary Internet Files).

    Open Internet Explorer,...select Tools\Internet Options and in the Temporary Internet files section....select Delete Files....if\when the next box pops up....put a check next to Delete all offline content., and then click OK.

    Now go to one of the sites that has been giving this error Please.
     
  14. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi guys sorry but both your answers didnt work i still get the forbidden sign when i go to those sites. I downloaded the Firefox browser and i can get to those sites, so should i still try and follow those instructions to fix my Internet Explorer, or do i have to try something different.By the way guys i am learning so much with your info keep it up.
    Thanks Dennis
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  16. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi guys i can go to those 2 site with no forbidden error and i typed in the word football and it took me to the MSN page i hope this helps you and once again found heaps of porn sites in my registry and i deleted them they were in the domain section and the history section, very persistant buggers, keep up the good work i know eventually we will win this battle.
    Thanks Dennis
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm not sure we are getting anywhere Dennis unfortunately because If those sites your removing have 0x00000004(4)Restricted Zone and If those entries in the history section your deleting have Block next to them....I have failed in conveying to you that those are legitimate entries placed there by SpywareBlaster.

    Do me a favor and re-read my posts and before deleting those entries again Please check the entries for what I have described above.

    As far as those links go....what happens if you go to the below link:

    This one
     
  18. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi Bubba sorry, new at this, and its late at night, im fustrated with these downloader viruses, i will not delete these entries in future, and that enable disable problem is still happening, i went to that link, still getting that forbidden message, sorry once again.
    Thanks Dennis
     
  19. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Sorry Bubba one more thing in the history part for example one of the porn sites is porntrack.com and the number next to it is 0x00000005(5) is that fine because there is no block next to them, all the sites in the history section have this number.
    Sorry once again for being a pest Dennis
     
  20. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Nah....your fine as long as I'm not being a hendrance instead of a help....we're kewl o_O

    The sites you are seeing in the registry at....HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History....are the same sites you'd see via IE's menu....Tools\Internet Options\Privacy tab....in the Web Sites section click on the Edit button. That's where you'll see the words....Always Block....that's the Block I was referring to above. Those are entries SpywareBlaster(SB) places there if a user enables SB's Internet Explorer Cookie protection. The 0x00000005(5) you mentioned is a value that means Always Block....where as a 0x00000001(1) value would mean Always Allow.

    You said earlier...."i run Windows me, Avast anti virus and Zone Alarn Firewall". If you temporarily shutdown Zone Alarm....do you still get the forbidden message ?

    Also....concerning the ISTbar downloader....what program is giving you the indication you have the ISTbar downloader ?
     
  21. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi Bubba we are super kool now, when i shut down zone alarm i can get to those sites with no forbidden message, and Avast anti virus tells me i have the istbar virus and the trojan-gen (other) virus and it cant repair it or delete it so hopefully we can find a remedy for it. By the way do you think it is better and safer using Firefox than Internet Explorer browser.
    Once again thanks for your help Dennis
     
  22. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Dennis,

    Can you tell us the location of the files that Avast is flagging as infected? I'm wondering if they could be in your Restore folder? If that is where they are, then all you would need to do is turn System Restore off and reboot your computer to clear the old restore points. Please see the link below on further instructions for turning off System Restore.

    System Restore Instructions for WinME.

    Once you have cleared the restore folder, do another scan with your antivirus. Hopefully everything will come back clean. Then remember to turn your System Restore back on.

    There sounds like a configuration problem with your firewall with reaching some sites. You may want to start a new topic on that over in our Other Firewalls Forum where it will get better attention. Many people here do use ZoneAlarm and they may be able to help you with the 403 error problem (you could put a link in your post back to this thread for reference if you wish.)

    As for which browsers to use other than IE., there are many threads on this topic over in our Software & Services forum where Members have given their suggestions, preferences, etc. Browsers such as Firefox or Opera would not have as many exploits and vulnerabilities as IE does of course, so it is always good to have a 2nd browsers. But please look through the forum as you will find many suggestions on browsers here. ;)

    Please let us know where Avast is flagging the infected files and if removing the old restore points works.

    Regards,

    snap
     
  23. SINNED

    SINNED Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    12
    Hi Snapdragin
    The area's where this virus is situated is
    C\RESTORE\ARCHIVE\F66.CAB\A0016363.CPY
    C\RESTORE\ARCHIVE\F66.CAB\A0016368.CPY
    C\RESTORE\ARCHIVE\F66.CAB\A0016415.CPY
    And Avast Antivirus says ERR OCCURED DURING FILE DELETING ACCESS DENIED.
    By the way last night i tried your method i turned off system restore rebooted my computer and done a virus scan and it picked them up againand it would not let me delete or repair them. WE WILL WIN THIS WAR EVENTUALLY I BELEIVE IN YOU, THIS EVIL MUST COME TO AN END.
    Thanks a lot guys.
    Dennis
     
  24. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Dennis,

    The files Avast are detecting are in your System Restore folder, and since that folder is protected by Windows, antivirus apps cannot access that folder to delete anything from it. What happens is when a file is being deleted, Windows thinks you may change your mind and want it back at a later date, so it takes a 'copy' of it, gives it a special name, and tucks it away in the System Restore folder (that's if of course you have System Restore turned on, which in your case you do.)

    The files in the System Restore are not active since they are archived there, so you can just ignore them. The only time they would ever become active again is if you used the System Restore feature and 'restored' back to an earlier date, which would then re-enter those infected files back into the system.

    I do not know why you are unable to clear your System Restore though, unless you missed a step or two in that link I gave you above about how to turn it off and purge old restore points. But sooner or later your system will purge old restore points since it only keeps the most recent one's and gets rid of the older ones on a FIFO (First In, First Out) basis.

    Regards,

    snap
     
Loading...
Thread Status:
Not open for further replies.