spywareguard 2.2

Discussion in 'SpywareBlaster & Other Forum' started by bazzer55, Oct 7, 2003.

Thread Status:
Not open for further replies.
  1. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    hi folks!
    basically, spywareguard 2.2 doesn't work! i downloaded it primarily because my browser was being hijacked..it still is....as for spyware, Adaware has just reported 29 files (15 in reg. + 14 other)...is 2.6 any more successful? i am prepared to donate to a successful prog., but what's the use if it doesn't work?!
    i'm using ie6 with google advanced as engine. am i doing something wrong?
    thanks for any help
    baz
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi baz,

    Basically, there are different forms of spyware and different mechanisms that they use to get installed on to your computer. Ad-Aware detects most forms of spyware and adware, so, there will be things it detects that SpywareGuard alone won't prevent. It doesn't mean that SpywareGuard doesn't work, just that what and how it protects is not what's being used to get into your computer.

    When you mention "2.6" above, I'm guessing you are asking about whether to install SpywareBlaster (2.6.1) along with SpywareGuard (2.2). Is that correct? If so, the answer is Yes, you should install both if you haven't yet. Here's a description of the two products and their different protection methods:

    If you run both of these Javacool programs together and keep them active and updated then the amount of spyware that gets on to your system should be greatly reduced. Ad-Aware should find less in future runs.

    The other thing you could do is post the log of what Ad-Aware is finding on your system so that we'll know what kinds of spyware you are seeing. People here can confirm what causes that type of spyware and if extra steps of protections will help prevent your system from getting infected in the future.
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Oh, it is also possible that there is already some embedded spyware on your system. Since it is a good idea to get a system to a clean state before assessing whether there is a problem with any specific security protection, it might be good if you could post a HijackThis Log here. HijackThis is a tool that displays the startup information from your system. It is a very good way to determine if malware is already present.

     
  4. bazzer555

    bazzer555 Guest

    many thanks to lwm for quick reply, however, the claim of sg is to prevent browser hijack...quote
    "SG also includes capabilities to prevent browser hijacks..."
    surely the absence of its sister program is not going to make any diff to this capability? i shall load it anyway of course, please tell me more, i'm only a pc builder not a s/ware guru :rolleyes:
    regards
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Ah, I should have said more on that point, sorry. First, let's confirm that SpywareGuard's browser hijack protection is active... Have you tried testing it by simply making a manual change to your IE Home Page? You should get an alert from SG if it is working properly. If you don't, perhaps there are other issues we need to look at. If it does alert on that, then we need to determine just what types of changes you are seeing that aren't being handled by SG.

    But, let's not get too far ahead. I still recommend: installing SpywareBlaster; testing SpywareGuard with a manual home page change; posting a log from Ad-Aware showing what spyware you are seeing; and finally posting a HijackThis log to determine if some spyware is already installed on your system.

    Sounds like a lot, I know, but, it should cover all the bases. ;)
     
  6. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    ...tried to put hijack this log in attachments...wouldn't accept it...will a simple copy and paste in there work?
    baz
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Yes, most people just paste the contents right into a post, it's easier than getting a file attached here.

    (I'm going to be away for a little while, so check back later if you don't get an immediate response.)
     
  8. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    lwm, attempted manual change of browser, elicited no response from SG..
    thanks for help..herewith log from hijack:
    Logfile of HijackThis v1.97.2
    Scan saved at 18:35:06, on 07/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\CConnect\CConnect.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Kazaa Lite K++\Kazaa.kpp
    C:\Program Files\WinAce\WinAce.exe
    C:\Documents and Settings\bazzer\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/advanced_search?hl=en
    O1 - Hosts: 645238813 auto.search.msn.com
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://geotoo.mkm-wpe.net/activex/AxisCamControl.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.1256597222
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    :rolleyes:hope this means s.thing!
    baz
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi bazzer55,

    You were hijacked through your Hosts file, so it seems.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O1 - Hosts: 645238813 auto.search.msn.com
    O3 - Toolbar: (no name) - {FF7FD490-34E7-4FA1-927A-F5799E6AAD7B} - (no file)

    Then reboot and start Spybot S&D in Advanced Mode, then click Immunize and put a checkmark before Lock Hosts file Read-only as protection against hijackers.

    Of course you could also do this manually by finding your hosts file, rightclick it, choose properties and put a checkmark in the Read-Only box. Then click Apply and click OK.
    The path to the hosts file for Windows XP is c:\windows\system32\drivers\etc\hosts

    Regards,

    Pieter
     
  10. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    hi pieter, thanks for your input. i have deleted the offending lines and rebooted. next prob...i have spywareguard/blaster but i have never heard of 'spybot s&d! is this another prog that i have to load? :blink:
    regards
    baz
     
  11. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi bazzer55,

    No-one is forcing you, but Spybot S&D and AdAware are the two most renowned freeware spyware-removers.

    A tutorial and download link for Spybot S&D can be found here: http://www.tomcoyote.org/SPYBOT/

    AdAware downloadlink: http://www.lavasoftusa.com/software/adaware
    and how to set it up:
    http://www.lavasoftsupport.com/index.php?showtopic=9240&st=0%EF%BF%BDentry71677

    And since you already have SpywareBlaster, you can also make a backup of your hosts file under Tools > Hosts safe

    Regards,

    Pieter
     
  12. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    oooook! found and installed spybot, already have adaware. you mentioned advanced mode for spybot but i can't find it. no entry in programs list although appears on add/remove progs!! how do i access it pieter?
    sorry for being a dimbo :p
    baz
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Didn't Spybot give you options at install to add any Start menu > Programs entries? Doesn't matter anyway, the way you get into advanced mode versus easy mode is entirely based upon the shortcut used to start Spybot. On my system, I have these two shortcuts setup to run Spybot:

    easy mode: "c:\...\Spybot - Search & Destroy\SpybotSD.exe" /easymode
    advanced mode: "c:\...\Spybot - Search & Destroy\SpybotSD.exe"

    It's just the qualifier on the end that makes the difference.

    Edit: Actually, when you run Spybot in Advanced mode the first time, you can use its Settings tab > Settings button, and see in the right panel a place where you can tell it to add Desktop icons, Quick launch buttons and/or Start menu options.
     
  14. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    welcome back lwm,
    you have told me many things...all of which do not tell me how to access advanced settings!
    quote:
    Didn't Spybot give you options at install to add any Start menu > Programs entries
    yes, but i chose not to:
    2. quote:
    On my system, I have these two shortcuts setup to run Spybot:

    easy mode: "c:\...\Spybot - Search & Destroy\SpybotSD.exe" /easymode
    advanced mode: "c:\...\Spybot - Search & Destroy\SpybotSD.exe"

    i don't have this setup because i didn't get that far.
    3. quote:
    Edit: Actually, when you run Spybot in Advanced mode the first time, you can use its Settings tab > Settings button, and see in the right panel a place where you can tell it to add Desktop icons, Quick launch buttons and/or Start menu options.
    i'm not running in advanced mode because i can't find it!!
    can we go back to basics chaps please? would it be better for me to reload and make different choices?
    patience! i am green
    baz
     
  15. doggeral

    doggeral Guest

    Click Mode and select advanced
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Well, I gave examples of the shortcuts from my system so that you could create a shortcut yourself to run it on your system... As far as advanced mode versus easy mode goes, it's only a matter of whether the shortcut you make has the "/easymode" qualifier after it. That's what all that was about...

    However, how about we do this. Open Windows Explorer and navigate to the folder you installed Spybot S&D in, then double-click on the program file: SpybotSD.exe That will run Spybot in Advanced Mode. At that point, you can make future executions of it easier by going into the Settings panel, selecting the Settings button and looking for the options I mentioned above to create either a Start menu or desktop icon, which ever you prefer.
     
  17. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    :D
    well done mate! found prog in winexplorer...same as before EXCEPT had options to change settings...i shall make changes as you suggested at first and update the saga
    seriously though...thanks to all for explaining
    all the best
    baz
     
  18. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Not a problem, we're glad to help! :)

    Listen, there was a lot of different stuff in this thread. If problems remain, then simply look back here and pull up whatever issue it is and let us know. We'll go through each point as needed.

    Especially this one... Does SpywareGuard now detect changes to your browser's home page - even if you try to change it manually? If it doesn't, then we can try to find the cause.

    Here's what it should do. My test system has IE's home page set to the about:blank option. If I trigger a change (by hitting Use_Default) and then hit Apply or OK, SpywareGuard gives me this image sequence...
     

    Attached Files:

  19. bazzer55

    bazzer55 Registered Member

    Joined:
    Oct 7, 2003
    Posts:
    8
    lwm, g'day,
    i have tried your test using about blank....'cos i'd already been into host? file and changed all the others to google!!!. notwithstanding this, the test now works perfectly thanks to all again.
    baz
    ps. you wouldn't know where i can get an xvid 8192 audio ENcoder would you :) bye for now!
     
Thread Status:
Not open for further replies.