Worms?

I don't know what's going on with my machine. I'll be visiting a site,
like CNN.com, and all of a sudden, I get a page not found screen with
"http:///" in the address bar. Before it'd go to the google search
page. It only seems to occur with IE and not with Mozilla Firefox. I
have done all the newest Windows updates, installed ZoneAlarm for
firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
and everything, and yet it continues. I have gotten a detection message
from McAfee a couple of times for a p2p virus. Each time it says it's
been cleaned, but I'm still having problems. Anyone have any advice?
Thanks in advance!

SuzyElizabeth

TheThigILove@gmail.com

wrote:

> I don't know what's going on with my machine. I'll be visiting a site,
> like CNN.com, and all of a sudden, I get a page not found screen with
> "http:///" in the address bar. Before it'd go to the google search
> page. It only seems to occur with IE and not with Mozilla Firefox. I
> have done all the newest Windows updates, installed ZoneAlarm for
> firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
> and everything, and yet it continues. I have gotten a detection message
> from McAfee a couple of times for a p2p virus. Each time it says it's
> been cleaned, but I'm still having problems. Anyone have any advice?
> Thanks in advance!
>
> SuzyElizabeth

Have you check for spyware/crapware? I used to use spybot search and
destroy...also check you hosts file....I would guess that you have some
kind of crapware installed...

Imhotep

Imhotep

For someone who's kind of spyware naive, where can I locate the hosts
file? I will try the spybot as you suggested. I must admit, this is the
first instance of the term "crapware" that I've heard. Thank you!

TheThigILove@gmail.com

From: <>

| I don't know what's going on with my machine. I'll be visiting a site,
| like CNN.com, and all of a sudden, I get a page not found screen with
| "http:///" in the address bar. Before it'd go to the google search
| page. It only seems to occur with IE and not with Mozilla Firefox. I
| have done all the newest Windows updates, installed ZoneAlarm for
| firewall purposes, run McAfee three times, used TrendMicro's HouseCall,
| and everything, and yet it continues. I have gotten a detection message
| from McAfee a couple of times for a p2p virus. Each time it says it's
| been cleaned, but I'm still having problems. Anyone have any advice?
| Thanks in advance!
|
| SuzyElizabeth

For non-viral malware...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.


For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

wrote:

> For someone who's kind of spyware naive, where can I locate the hosts
> file? I will try the spybot as you suggested. I must admit, this is the
> first instance of the term "crapware" that I've heard. Thank you!

Read David Lipman very good advice....

im

Imhotep

wrote:
> For someone who's kind of spyware naive, where can I locate the hosts
> file? I will try the spybot as you suggested. I must admit, this is the
> first instance of the term "crapware" that I've heard. Thank you!
>
%\windows\system32\etc

Make sure to switch mode of spybot to advanced mode, after scanning and
immunizing, preferably after you have updated...then check BHOs )browser
helper objects, activeX controls, startup items and processes. All of
this are accessible through the advanced mode. Use spybots host list if
you have a machine with >128MB RAM.
Winged

Winged

From: "Winged" <>

| wrote:
>> For someone who's kind of spyware naive, where can I locate the hosts
>> file? I will try the spybot as you suggested. I must admit, this is the
>> first instance of the term "crapware" that I've heard. Thank you!
>>
| %\windows\system32\etc
|
| Make sure to switch mode of spybot to advanced mode, after scanning and
| immunizing, preferably after you have updated...then check BHOs )browser
| helper objects, activeX controls, startup items and processes. All of
| this are accessible through the advanced mode. Use spybots host list if
| you have a machine with >128MB RAM.
| Winged

The correct path to the 'hosts' file is...

For NT based OS'
%windows%\system32\drivers\etc

For Win9x/ME
%windir%

For NT based OS', anything alse means the Registry setting which is...

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
DataBasePath=%SystemRoot%\System32\drivers\etc

Has been changed by malware.

The Multi AV Scanning tool I provided in this thread deals with alterations of this setting
and if is different from the above it will be set to the above and it will also rename
'etc/hosts' to 'etc/hosts.bak' to make sure the anti virus files can be downloaded from
their respective vendors web sites.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

David H. Lipman wrote:
> From: "Winged" <>
>
> | wrote:
>
>>>For someone who's kind of spyware naive, where can I locate the hosts
>>>file? I will try the spybot as you suggested. I must admit, this is the
>>>first instance of the term "crapware" that I've heard. Thank you!
>>>
>
> | %\windows\system32\etc
> |
> | Make sure to switch mode of spybot to advanced mode, after scanning and
> | immunizing, preferably after you have updated...then check BHOs )browser
> | helper objects, activeX controls, startup items and processes. All of
> | this are accessible through the advanced mode. Use spybots host list if
> | you have a machine with >128MB RAM.
> | Winged
>
> The correct path to the 'hosts' file is...
>
> For NT based OS'
> %windows%\system32\drivers\etc
>
> For Win9x/ME
> %windir%
>
> For NT based OS', anything alse means the Registry setting which is...
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
> DataBasePath=%SystemRoot%\System32\drivers\etc
>
> Has been changed by malware.
>
> The Multi AV Scanning tool I provided in this thread deals with alterations of this setting
> and if is different from the above it will be set to the above and it will also rename
> 'etc/hosts' to 'etc/hosts.bak' to make sure the anti virus files can be downloaded from
> their respective vendors web sites.
>
Yup, your right, somehow I missed the driver portion of the
path...Thanks for the catch..
Winged

Winged