Hijacking

Discussion in 'Computer Support' started by Bob Brister, May 22, 2004.

  1. Bob Brister

    Bob Brister Guest

    Somehow I have gotten a program that hijacks my home address and adds an
    icon on my desktop. The icon says "sexdial" and when I click on it I go to
    www.casinopalazzo.com. I have used Adaware and Spybot but still have the
    same problem. Oh yes, the thing automatically pops up every 20 minutes or so
    and opens a new browser window to the casinopalazzo. I have found the
    address, but I don't know how to delete it. The address is "C:\Program
    files\Internet Explorer\Iexplore.exe"http://www.casinopalazzo.com. I have
    Windows 98 SE. Any help will be greatly appreciated.

    Bob
    Bob Brister, May 22, 2004
    #1
    1. Advertising

  2. Bob Brister wrote:
    > Somehow I have gotten a program that hijacks my home address and adds
    > an icon on my desktop. The icon says "sexdial" and when I click on it
    > I go to www.casinopalazzo.com. I have used Adaware and Spybot but
    > still have the same problem. Oh yes, the thing automatically pops up
    > every 20 minutes or so and opens a new browser window to the
    > casinopalazzo. I have found the address, but I don't know how to
    > delete it. The address is "C:\Program files\Internet
    > Explorer\Iexplore.exe"http://www.casinopalazzo.com. I have Windows 98
    > SE. Any help will be greatly appreciated.
    >
    > Bob


    Are you running adwatch? That should prevent browser hijacks. Go to
    settings, and make sure 'block hijack attemmpts' is checked.
    Scott Freeman, May 22, 2004
    #2
    1. Advertising

  3. Bob Brister

    Richard Guest

    Bob Brister wrote:

    > Somehow I have gotten a program that hijacks my home address and adds an
    > icon on my desktop. The icon says "sexdial" and when I click on it I go
    > to
    > www.casinopalazzo.com. I have used Adaware and Spybot but still have the
    > same problem. Oh yes, the thing automatically pops up every 20 minutes or
    > so and opens a new browser window to the casinopalazzo. I have found the
    > address, but I don't know how to delete it. The address is "C:\Program
    > files\Internet Explorer\Iexplore.exe"http://www.casinopalazzo.com. I have
    > Windows 98 SE. Any help will be greatly appreciated.


    > Bob


    1) run msconfig and in the startup tab, uncheck the box for "sexdial" or the
    casino site or both.
    2) check the "ini" files for any entry and delete them.
    3) run regedit and search the registry for both items and delete all entries
    found.
    4) in the start button check the "startup" item and make sure nothing is
    referred to here. Delete if it is.
    5) In IE, go to internet options advanced tab. Uncheck "Enable install on
    demand".

    If you are on dialup, be sure to check your phone bill for any item that you
    know you did not create.
    "sexdial" is an autodialer and will call a specified number, probably a 900
    number, or overseas number, and you will unwittingly pay the bill.

    Spyware programs may not catch autodialers. As these change names as often
    as they are distributed.
    Richard, May 23, 2004
    #3
  4. Bob Brister

    zaax Guest

    In article <>, Richard <Anonymous@127.001>
    writes
    > Bob Brister wrote:
    >
    > > Somehow I have gotten a program that hijacks my home address and adds an
    > > icon on my desktop. The icon says "sexdial" and when I click on it I go
    > > to
    > > www.casinopalazzo.com. I have used Adaware and Spybot but still have the
    > > same problem. Oh yes, the thing automatically pops up every 20 minutes or
    > > so and opens a new browser window to the casinopalazzo. I have found the
    > > address, but I don't know how to delete it. The address is "C:\Program
    > > files\Internet Explorer\Iexplore.exe"http://www.casinopalazzo.com. I have
    > > Windows 98 SE. Any help will be greatly appreciated.

    >
    > > Bob

    >
    >1) run msconfig and in the startup tab, uncheck the box for "sexdial" or the
    >casino site or both.
    >2) check the "ini" files for any entry and delete them.
    >3) run regedit and search the registry for both items and delete all entries
    >found.
    >4) in the start button check the "startup" item and make sure nothing is
    >referred to here. Delete if it is.
    >5) In IE, go to internet options advanced tab. Uncheck "Enable install on
    >demand".
    >
    >If you are on dialup, be sure to check your phone bill for any item that you
    >know you did not create.
    >"sexdial" is an autodialer and will call a specified number, probably a 900
    >number, or overseas number, and you will unwittingly pay the bill.
    >
    >Spyware programs may not catch autodialers. As these change names as often
    >as they are distributed.
    >
    >

    If they are in your country prepare a bill / invoice for damages and
    send it to them, take them to court if they don't pay
    --
    Zaax
    http://www.ukgatsos.com
    zaax, May 23, 2004
    #4
  5. Bob Brister

    Richard Guest

    zaax wrote:


    > If they are in your country prepare a bill / invoice for damages and
    > send it to them, take them to court if they don't pay


    yeah, right. USA courts would not accept that as a legitimate case.
    Richard, May 23, 2004
    #5
  6. Bob Brister

    Bob Brister Guest

    I have done everything Richard said, but the problem is still there. The
    home page it goes to is www.easy-search.biz. When I try to delete or modify
    the registry to get rid of this address, it comes right back. I deleted
    every reference to easy-search but when I reran regedit and searched for it,
    there it was! I can find no reference to casino, sexdial or easy-search in
    the startup. I could remove IE6 and reinstall if that would help. Oh yes, I
    tried SpyBouncer, and it didn't find the problem either.

    Bob
    Bob Brister, May 23, 2004
    #6
  7. Bob Brister

    Boomer Guest

    "Bob Brister" <> wrote:

    > I have done everything Richard said, but the problem is still
    > there. The home page it goes to is www.easy-search.biz. When I try
    > to delete or modify the registry to get rid of this address, it
    > comes right back. I deleted every reference to easy-search but
    > when I reran regedit and searched for it, there it was! I can find
    > no reference to casino, sexdial or easy-search in the startup. I
    > could remove IE6 and reinstall if that would help. Oh yes, I tried
    > SpyBouncer, and it didn't find the problem either.
    >
    > Bob


    Hi

    Download and install HijackThis
    http://tomcoyote.com/hjt/

    Then post your log over here:
    HijackThis forum/HijackThis Logs
    http://www.lavasoftsupport.com/index.php?act=idx

    Also could you please include some of the message you are responding
    to,
    in your reply?
    (Tools> Options> Send tab, tick the "Include message in Reply" box.)


    Thanks. :)
    Boomer, May 23, 2004
    #7
  8. Bob Brister

    zaax Guest

    In article <>, Richard <Anonymous@127.001>
    writes
    > zaax wrote:
    >
    >
    > > If they are in your country prepare a bill / invoice for damages and
    > > send it to them, take them to court if they don't pay

    >
    >yeah, right. USA courts would not accept that as a legitimate case.
    >
    >

    So if someone smashed you car you could not sue them for damages?
    --
    Zaax
    http://www.ukgatsos.com
    zaax, May 23, 2004
    #8
  9. Bob Brister

    °Mike° Guest

    Then you're either a fool, or very naive about usenet.
    Never, repeat never, take any notice of "advice" given
    by Richard (RtS) Bullis.


    On Sun, 23 May 2004 10:18:52 -0500, in
    <>
    Bob Brister scrawled:

    >I have done everything Richard said,


    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 23, 2004
    #9
  10. Bob Brister

    °Mike° Guest

    First of all, try CWShredder:

    CWShredder (CoolWebSearch remover)
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip

    If that doesn't help, install HijackThis and post the contents
    of your log here.

    HijackThis
    http://www.tomcoyote.org/hjt/
    http://mjc1.com/mirror/hjt/
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip


    On Sun, 23 May 2004 10:18:52 -0500, in
    <>
    Bob Brister scrawled:

    >I have done everything Richard said, but the problem is still there. The
    >home page it goes to is www.easy-search.biz. When I try to delete or modify
    >the registry to get rid of this address, it comes right back. I deleted
    >every reference to easy-search but when I reran regedit and searched for it,
    >there it was! I can find no reference to casino, sexdial or easy-search in
    >the startup. I could remove IE6 and reinstall if that would help. Oh yes, I
    >tried SpyBouncer, and it didn't find the problem either.
    >
    >Bob
    >


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 23, 2004
    #10
  11. Bob Brister

    Bob Brister Guest

    Logfile of HijackThis v1.97.7
    Scan saved at 12:34:09 PM, on 5/23/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\STICKUPS\STICKUPS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\USBMMKBD.EXE
    C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\RUNWIN32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\HIGHSTREAM TURBO\HSTURBO.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\WININET32.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://easy-search.biz
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://easy-search.biz
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://easy-search.biz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://easy-search.biz
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http://easy-search.biz
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://easy-search.biz
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://easy-search.biz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = local
    F1 - win.ini: run=c:\stickups\stickups.exe
    O1 - Hosts: 69.50.170.20 www.google.com
    O1 - Hosts: 69.50.170.21 search.yahoo.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM
    FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL__SpybotSDDisabled (file missing)
    O2 - BHO: MyWebSearch Search Assistant BHO -
    {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM
    FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL__SpybotSDDisabled (file
    missing)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
    C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch
    Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
    /P23 "EPSON Stylus C84 Series" /O7 "EPUSB1:" /M "Stylus C84"
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
    deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Cosmi\HelpExpress\Robert
    Brister\HXIUL.EXE
    O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Cosmi\HelpExpress\Robert
    Brister\Client\HelpExp.exe
    O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
    O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Startup: HighStream Turbo.lnk = C:\Program Files\HighStream
    Turbo\HSTurbo.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: &Search -
    http://bar.mywebsearch.com/menusearch.html?p=ZNxdm800
    O8 - Extra context menu item: Show Original Image - res://C:\PROGRAM
    FILES\HIGHSTREAM TURBO\HSTURBO.EXE/227
    O8 - Extra context menu item: Show All Original Images - res://C:\PROGRAM
    FILES\HIGHSTREAM TURBO\HSTURBO.EXE/250
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: WeatherBug (HKCU)
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37976.3532407407
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
    http://software-dl.real.com/18f0566e29b1011e4216/netzip/RdxIE601.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
    http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
    http://www.mt-download.com/MediaTicketsInstaller.cab

    These are the files found by Hijackthis. I still have the problem, of
    course.

    Bob
    Bob Brister, May 24, 2004
    #11
  12. Bob Brister

    docmill Guest

    "Bob Brister" <> wrote in
    news::

    > Logfile of HijackThis v1.97.7
    > Scan saved at 12:34:09 PM, on 5/23/04
    > Platform: Windows 98 SE (Win9x 4.10.2222A)
    > MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >

    I didn't refresh back far enough to see your question Bob,
    But you are hosed.

    --
    +++++++++++ SEND ME A LINK +++++++++++
    docmill's Home Of HotLinks In The Frying SPAM
    docmill, May 24, 2004
    #12
  13. Bob Brister

    Bob Brister Guest

    So how do I get unhosed? Reformat the hard drive and reinstall all my
    software? I was hoping for an easier solution!

    Bob
    Bob Brister, May 24, 2004
    #13
  14. Bob Brister

    °Mike° Guest

    On Sun, 23 May 2004 20:38:47 -0500, in
    <>
    Bob Brister scrawled:

    >Logfile of HijackThis v1.97.7
    >Scan saved at 12:34:09 PM, on 5/23/04
    >Platform: Windows 98 SE (Win9x 4.10.2222A)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:
    >C:\STICKUPS\STICKUPS.EXE


    I'm not sure what the above is; if you don't know,
    terminate it and see my comments below [*****].


    >C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE


    The above program is spyware.


    >C:\WINDOWS\RUNWIN32.EXE


    The above is a password stealing trojan (PWSteal.AlLight)
    http://www.symantec.com/avcenter/venc/data/pwsteal.allight.html


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    >http://easy-search.biz
    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    >http://easy-search.biz
    >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://easy-search.biz
    >R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >http://easy-search.biz
    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    >http://easy-search.biz
    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    >http://easy-search.biz
    >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    >http://easy-search.biz
    >R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    >http://easy-search.biz
    >R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    >http://easy-search.biz
    >R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    >Settings,ProxyServer = 127.0.0.1:8080
    >R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    >Settings,ProxyOverride = local


    Have HijackThis fix ALL of the above. See comments below [+++++]


    >F1 - win.ini: run=c:\stickups\stickups.exe


    [*****] See my comments about stickups above.
    Fix this if you don't know what it is, or didn't install it.


    >O1 - Hosts: 69.50.170.20 www.google.com
    >O1 - Hosts: 69.50.170.21 search.yahoo.com


    Have HijackThis fix the above.


    >O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM
    >FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL__SpybotSDDisabled (file missing)


    Have HijackThis fix the above.


    >O2 - BHO: MyWebSearch Search Assistant BHO -
    >{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM
    >FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL__SpybotSDDisabled (file
    >missing)


    Have HijackThis fix the above.


    >O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
    >C:\PROGRAM FILES\MYWEBSEARCH\BAR\2.BIN\MWSBAR.DLL (file missing)


    Have HijackThis fix the above.


    >O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1


    Spyware.


    >O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe


    Password trojan; see comments above and have HijackThis fix
    the above.


    >O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe


    Hijack Trojan. See comments above [+++++]
    http://fr.trendmicro-europe.com/ent...tail.php?id=59220&VName=TROJ_AGENT.AD&VSect=T

    Shorter link for above:
    http://makeashorterlink.com/?F2BD12368


    >O8 - Extra context menu item: &Search -
    >http://bar.mywebsearch.com/menusearch.html?p=ZNxdm800


    Have HijackThis fix the above.


    >O9 - Extra button: WeatherBug (HKCU)


    Spyware.

    >O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    >http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab


    Have HijackThis fix the above.


    >O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
    >http://www.mt-download.com/MediaTicketsInstaller.cab


    Have HijackThis fix the above.


    >These are the files found by Hijackthis. I still have the problem, of
    >course.


    Run a complete system antivirus scan with *at least* two
    online scanners, and update your normal scanner.

    Online Antivirus scanners:
    ================
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://www.pandasoftware.com/activescan/activescan.asp


    Download, update and use *all* of the following:

    Spybot Search & Destroy
    http://spybot.eon.net.au/
    http://www.safer-networking.org/
    http://spybot.safer-networking.de/
    SpyBot S&D guide
    http://www.chem.wisc.edu/~network/spybot/

    Ad-Aware
    http://www.lavasoftusa.com/
    http://www.lavasoft.nu/

    Spyware Blaster
    http://www.wilderssecurity.net/spywareblaster.html
    http://www.javacoolsoftware.com/spywareblaster.html
    http://www.net-integration.net/tools/spywareblaster.html

    CWShredder (CoolWebSearch remover)
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 25, 2004
    #14
  15. Bob Brister

    Bob Brister Guest

    Again, I did everything you said, then went to the web sites you recommended
    and finally, at last, my computer is cured. I'm not exactly sure which fix
    or deletion did the trick, but I am very grateful for your help. I
    appreciate all of you who took the time and trouble to give me advice. I
    have learned a lot form this newsgroup.

    Thanks!


    --
    Bob
    Bob Brister, May 25, 2004
    #15
  16. Bob Brister

    °Mike° Guest

    All of them, and you're welcome.


    On Tue, 25 May 2004 16:01:07 -0500, in
    <>
    Bob Brister scrawled:

    >Again, I did everything you said, then went to the web sites you recommended
    >and finally, at last, my computer is cured. I'm not exactly sure which fix
    >or deletion did the trick, but I am very grateful for your help. I
    >appreciate all of you who took the time and trouble to give me advice. I
    >have learned a lot form this newsgroup.
    >
    >Thanks!


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, May 25, 2004
    #16
  17. Bob Brister

    St?phane Guest

    "Bob Brister" <> wrote in message news:<>...
    > I have done everything Richard said, but the problem is still there. The
    > home page it goes to is www.easy-search.biz. When I try to delete or modify
    > the registry to get rid of this address, it comes right back. I deleted
    > every reference to easy-search but when I reran regedit and searched for it,
    > there it was! I can find no reference to casino, sexdial or easy-search in
    > the startup. I could remove IE6 and reinstall if that would help. Oh yes, I
    > tried SpyBouncer, and it didn't find the problem either.
    >
    > Bob


    Hi,

    .... sorry for my english! I'm a french canadian from Montreal in
    Quebec.

    I Have the same problem! I tryed -Spy Ferret- and -NoAdware-. The
    scans saw some things, but they ask to registrate... 30$ US and more!

    If somebody find the solution, contact me please.

    Thank you!

    Stéphane
    St?phane, Jun 9, 2004
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ringo
    Replies:
    5
    Views:
    1,246
    ringo
    Dec 13, 2004
  2. Brian H¹©

    Hijacking a thread

    Brian H¹©, Jul 6, 2003, in forum: Computer Support
    Replies:
    19
    Views:
    787
  3. Replies:
    3
    Views:
    845
    no way
    Aug 2, 2004
  4. Broom Hilda

    Hijacking detected

    Broom Hilda, Oct 10, 2005, in forum: Computer Support
    Replies:
    6
    Views:
    4,308
    zarathustra
    Oct 14, 2005
  5. Toni from T.O.

    Modem hijacking/internet dumping

    Toni from T.O., Nov 2, 2005, in forum: Computer Security
    Replies:
    14
    Views:
    1,021
    Moe Trin
    Nov 5, 2005
Loading...

Share This Page