spyware

Discussion in 'Computer Security' started by Nick, Sep 26, 2005.

  1. Nick

    Nick Guest

    Please, can anyone help by explaining to me the following? Thanks in
    advance!

    Nick




    AlexaToolbar - Browser Plugin

    RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\

    RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}


    Advertising - 3rd Party Cookie

    URL - Cookie:/


    Atdmt - 3rd Party Cookie

    URL - Cookie:/



    Edge - 3rd Party Cookie

    URL - Cookie:4.com/



    Fastclick - 3rd Party Cookie

    URL - Cookie:/



    Tribalfusion - 3rd Party Cookie
     
    Nick, Sep 26, 2005
    #1
    1. Advertising

  2. From: "Nick" <>

    | Please, can anyone help by explaining to me the following? Thanks in
    | advance!
    |
    | Nick
    |
    | AlexaToolbar - Browser Plugin
    |
    | RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    | Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    |
    | RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    | Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    |
    | Advertising - 3rd Party Cookie
    |
    | URL - Cookie:/
    |
    | Atdmt - 3rd Party Cookie
    |
    | URL - Cookie:/
    |
    | Edge - 3rd Party Cookie
    |
    | URL - Cookie:4.com/
    |
    | Fastclick - 3rd Party Cookie
    |
    | URL - Cookie:/
    |
    | Tribalfusion - 3rd Party Cookie
    |

    Please download, install and update the following software...

    Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.

    I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    that may be on the PC.

    BHODemon
    http://www.definitivesolutions.com/bhodemon.htm


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 26, 2005
    #2
    1. Advertising

  3. Nick

    Imhotep Guest

    David H. Lipman wrote:

    > From: "Nick" <>
    >
    > | Please, can anyone help by explaining to me the following? Thanks
    > | in
    > | advance!
    > |
    > | Nick
    > |
    > | AlexaToolbar - Browser Plugin
    > |
    > | RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    > | Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    > |
    > | RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    > | Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    > |
    > | Advertising - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Atdmt - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Edge - 3rd Party Cookie
    > |
    > | URL - Cookie:4.com/
    > |
    > | Fastclick - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Tribalfusion - 3rd Party Cookie
    > |
    >
    > Please download, install and update the following software...
    >
    > Ad-aware SE v1.06
    > http://www.lavasoft.de/
    > http://www.lavasoftusa.com/
    >
    > SpyBot Search and Destroy v1.4
    > http://security.kolla.de/
    >
    > After the software is updated, I suggest scanning the system in Safe Mode.
    >
    > I also suggest downloading, installing and updating BHODemon for any
    > Browser Helper Objects that may be on the PC.
    >
    > BHODemon
    > http://www.definitivesolutions.com/bhodemon.htm
    >
    >


    Dave, you truly are the good guys here. You help every newbee. Good job. I
    was thinking about cutting and pasting one of your help messages but, I
    figured that was not a polite thing to do....

    Im
     
    Imhotep, Sep 26, 2005
    #3
  4. From: "Imhotep" <>


    | Dave, you truly are the good guys here. You help every newbee. Good job. I
    | was thinking about cutting and pasting one of your help messages but, I
    | figured that was not a polite thing to do....
    |
    | Im

    Thanx :)

    I do what I can. Including writing the Multi AV scanning tool...
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 26, 2005
    #4
  5. Nick

    Imhotep Guest

    David H. Lipman wrote:

    > From: "Imhotep" <>
    >
    >
    > | Dave, you truly are the good guys here. You help every newbee. Good job.
    > | I was thinking about cutting and pasting one of your help messages but,
    > | I figured that was not a polite thing to do....
    > |
    > | Im
    >
    > Thanx :)
    >
    > I do what I can. Including writing the Multi AV scanning tool...
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script
    > Interpreter { http://kixtart.org Kixtart is CareWare } three batch files,
    > five Kixtart scripts, one Link
    > (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and
    > WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus
    > Command Line Scanners to remove viruses, Trojans and various other
    > malware.
    >


    Good job! I am sure you have helped many. The next time one of my friends
    has a virus problem I will try your software/script too!

    Im
     
    Imhotep, Sep 26, 2005
    #5
  6. Nick

    Nick Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:IfHZe.1283$qC4.545@trnddc02...
    > From: "Nick" <>
    >
    > | Please, can anyone help by explaining to me the following? Thanks

    in
    > | advance!
    > |
    > | Nick
    > |
    > | AlexaToolbar - Browser Plugin
    > |
    > | RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    > | Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    > |
    > | RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    > | Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    > |
    > | Advertising - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Atdmt - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Edge - 3rd Party Cookie
    > |
    > | URL - Cookie:4.com/
    > |
    > | Fastclick - 3rd Party Cookie
    > |
    > | URL - Cookie:/
    > |
    > | Tribalfusion - 3rd Party Cookie
    > |
    >
    > Please download, install and update the following software...



    Will you please let me know briefly what does the above INFO mean?
    I just started the security + program and hope to learn this stuff in
    details later on.
    Installing ZA helped me delete all of the above, but I guess it's not
    enough.

    >
    > Ad-aware SE v1.06
    > http://www.lavasoft.de/
    > http://www.lavasoftusa.com/


    It took me a while to find this file finally at
    http://www.download.com/3001-8022_4-10399602.html

    >
    > SpyBot Search and Destroy v1.4
    > http://security.kolla.de/


    Found this file at
    http://hestia-ignite.com/hs/spybot/download/index.html

    Actually I had this program on my computer before and I uninstalled it.


    >
    > After the software is updated, I suggest scanning the system in Safe Mode.


    Do you mean rebooting the computer in Safe Mode and then scanning the
    system? Why is that so important? ( hope you do not mind if I ask stupid
    questions)
    I scanned immediately and I received the following result:


    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@advertising[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:23
    Value : Cookie:/
    Expires : 9-24-2010 3:13:02 PM
    LastSync : Hits:23
    UseCount : 0
    Hits : 23

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@cgi-bin[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:130
    Value : Cookie:/cgi-bin
    Expires : 9-21-2015 6:55:14 PM
    LastSync : Hits:130
    UseCount : 0
    Hits : 130

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:61
    Value : Cookie:/
    Expires : 10-25-2005 3:17:24 PM
    LastSync : Hits:61
    UseCount : 0
    Hits : 61

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : 4[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:4.com/
    Expires : 9-18-2035 2:05:54 PM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@atdmt[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:9
    Value : Cookie:/
    Expires : 9-24-2010 5:00:00 PM
    LastSync : Hits:9
    UseCount : 0
    Hits : 9

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:/
    Expires : 2-28-2007 5:00:00 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@fastclick[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:14
    Value : Cookie:/
    Expires : 9-25-2007 3:17:22 PM
    LastSync : Hits:14
    UseCount : 0
    Hits : 14

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@questionmarket[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:2
    Value : Cookie:/
    Expires : 11-16-2006 10:41:06 AM
    LastSync : Hits:2
    UseCount : 0
    Hits : 2

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@doubleclick[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:/
    Expires : 9-24-2008 5:08:30 PM
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@tribalfusion[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:12
    Value : Cookie:/
    Expires : 12-31-2037 5:00:00 PM
    LastSync : Hits:12
    UseCount : 0
    Hits : 12

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : [2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:4
    Value : Cookie:/
    Expires : 9-25-2006 5:54:34 PM
    LastSync : Hits:4
    UseCount : 0
    Hits : 4

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : nick1@mediaplex[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:1
    Value : Cookie:/
    Expires : 6-21-2009 5:00:00 PM
    LastSync : Hits:1
    UseCount : 0
    Hits : 1

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 12
    Objects found so far: 12



    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 14


    Deep scanning and examining files (D:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for D:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 14


    Scanning Hosts file......
    Hosts file location:"C:\winnt\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    1 entries scanned.
    New critical objects:0
    Objects found so far: 14


    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 15

    7:57:32 PM Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:13:06.872
    Objects scanned:64593
    Objects identified:15
    Objects ignored:0
    New critical objects:15




    >
    > I also suggest downloading, installing and updating BHODemon for any

    Browser Helper Objects
    > that may be on the PC.
    >
    > BHODemon
    > http://www.definitivesolutions.com/bhodemon.htm


    Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and BHO
    Demon on my PC? Is there any single program that performs all the functions?

    I appreciate your help!

    Nick
     
    Nick, Sep 26, 2005
    #6
  7. Nick

    Nick Guest


    > > Please download, install and update the following software...
    > >
    > > Ad-aware SE v1.06
    > > http://www.lavasoft.de/
    > > http://www.lavasoftusa.com/
    > >
    > > SpyBot Search and Destroy v1.4
    > > http://security.kolla.de/
    > >
    > > After the software is updated, I suggest scanning the system in Safe

    Mode.
    > >
    > > I also suggest downloading, installing and updating BHODemon for any
    > > Browser Helper Objects that may be on the PC.
    > >
    > > BHODemon
    > > http://www.definitivesolutions.com/bhodemon.htm
    > >
    > >

    >
    > Dave, you truly are the good guys here. You help every newbee. Good job. I
    > was thinking about cutting and pasting one of your help messages but, I
    > figured that was not a polite thing to do....


    Every one is a newbee before he becomes an expert and I appreciate the
    support.

    Nick
     
    Nick, Sep 26, 2005
    #7
  8. Nick

    Notan Guest

    Imhotep wrote:
    >
    > <snip>
    >
    > Dave, you truly are the good guys here. You help every newbee. Good job. I
    > was thinking about cutting and pasting one of your help messages but, I
    > figured that was not a polite thing to do....


    Oh, go for it... Dave loves it when you cut/copy and paste his work!

    (To fair, however, it would be considered "good manners" to give him
    credit... Something that I forgot to do, in an earlier thread! <g>)

    Notan
     
    Notan, Sep 26, 2005
    #8
  9. From: "Nick" <>


    Replies are inline...

    |
    | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    | news:IfHZe.1283$qC4.545@trnddc02...
    >> From: "Nick" <>
    >>

    |>> Please, can anyone help by explaining to me the following? Thanks
    | in
    |>> advance!
    |>>
    |>> Nick
    |>>
    |>> AlexaToolbar - Browser Plugin


    Very minor data miner.


    |>>
    |>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    |>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    |>>
    |>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    |>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}


    Not sure what these are...


    |>> Advertising - 3rd Party Cookie
    |>>
    |>> URL - Cookie:/
    |>>
    |>> Atdmt - 3rd Party Cookie
    |>>
    |>> URL - Cookie:/
    |>>
    |>> Edge - 3rd Party Cookie
    |>>
    |>> URL - Cookie:4.com/
    |>>
    |>> Fastclick - 3rd Party Cookie
    |>>
    |>> URL - Cookie:/
    |>>
    |>> Tribalfusion - 3rd Party Cookie
    |>>


    Cookies are the LEAST of all problems to worry about. I don't bother with cookies at all.



    >> Please download, install and update the following software...

    |
    | Will you please let me know briefly what does the above INFO mean?
    | I just started the security + program and hope to learn this stuff in
    | details later on.
    | Installing ZA helped me delete all of the above, but I guess it's not
    | enough.
    |
    >> Ad-aware SE v1.06
    >> http://www.lavasoft.de/
    >> http://www.lavasoftusa.com/

    |
    | It took me a while to find this file finally at
    | http://www.download.com/3001-8022_4-10399602.html
    |
    >> SpyBot Search and Destroy v1.4
    >> http://security.kolla.de/

    |
    | Found this file at
    | http://hestia-ignite.com/hs/spybot/download/index.html



    I don't know if that is a legal mirror site and not a tampered version (I hope it isn't !)
    http://security.kolla.de/ takes you to http://www.safer-networking.org/en/index.html

    And was it found right here...
    http://www.safer-networking.org/en/download/index.html



    |
    | Actually I had this program on my computer before and I uninstalled it.


    You probably had an older version. The latest version of SpyBot S&D is v1.4.


    |
    >> After the software is updated, I suggest scanning the system in Safe Mode.

    |
    | Do you mean rebooting the computer in Safe Mode and then scanning the
    | system? Why is that so important? ( hope you do not mind if I ask stupid
    | questions)
    | I scanned immediately and I received the following result:


    Safe Mode is a limited version of the OS. It doesn't load as many Kernel files and doesn't
    load user startup files. Thus when scanning in Safe Mode removal of malware has a greater
    efficacy. This is due to the fact that there is less of a chance that the malware is
    running at the time of the removal.


    < snip >

    >> I also suggest downloading, installing and updating BHODemon for any

    | Browser Helper Objects
    >> that may be on the PC.
    >>
    >> BHODemon
    >> http://www.definitivesolutions.com/bhodemon.htm

    |
    | Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and BHO
    | Demon on my PC? Is there any single program that performs all the functions?
    |
    | I appreciate your help!
    |
    | Nick
    |

    No not at all. Albeit I am no phan of Norton AV (Symantec AV is for Corp./enterprise use
    and Norton AV is their retail product line).

    NAV/SAV - Anti Virus
    ZA - FireWall
    SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware

    There is NO single program that it all. While there may be overlap in their application,
    some may catch what another may miss. SyBot and Ad-aware are peer programs. They do the
    same thing but one may catch what the other misses. BHODemon is spoecific to the non-viral
    malware class called Browser Helper Objects (BHO). These are similar yet different to
    plug-ins to Internet Explorer. An example of a good BHO is the Acrobat Reader. This way
    you can view a PDF file within IE. Bad BHO's will generate lots of IE Pop-Ups, force you to
    go to poern sites or other web sites you don't want to go to, etc.

    When it comes to viral malware (Trojans are not really viruses but tend to be classed that
    way) one needs to have one anti virus application installed and performing what is known as
    "On Access" scanning. This is the process of scanning files written to or read from the
    hard disk. This is different fro what is known as "On Demand" scanning. This is when you
    specifically have AV software scan the entire computer or a specified area of the computer
    (such as a folder or just one hard disk).

    One should have only one "On Access" scanner installed but you can use multiple "On Demand"
    scanners. Reason being one may find what another may miss.

    "On Demand" scanners can be online scanners or the can be local scanners.

    Example online "On Demand" scanners...

    Trend:
    http://housecall.antivirus.com
    http://housecall.trendmicro.com

    F-Secure:
    http://support.f-secure.com/enu/home/ols.shtml

    McAfee:
    http://www.mcafee.com/myapps/mfs/default.asp

    Panda:
    http://www.pandasoftware.com/activescan/

    Kaspersky:
    http://www.kaspersky.com/de/scanforvirus

    Symantec:
    http://security.symantec.com/

    BitDefender
    http://www.bitdefender.com/scan/license.php

    Freedom Online scanner
    http://www.freedom.net/viruscenter/index.html

    The disadvantages of online scanners are...
    - dependence upon IE
    - requires Browser to be running
    - tend to only run in Normal Mode
    - some detect but don't remove infectors

    An example of a local "On Demand" scanner is my Multi AV scanning tool. It provides AV
    scanners from; McAfee, Sophos and Trend Micro.

    The advantage are..
    - can be executed in Safe Mode
    - non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one can use NTFS4DOS
    - no dependency on IE or a browser being used


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *



    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Sep 26, 2005
    #9
  10. Nick

    Nick Guest

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:_GRZe.5157$kH3.2145@trnddc01...
    > From: "Nick" <>
    >
    >
    > Replies are inline...
    >
    > |
    > | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > | news:IfHZe.1283$qC4.545@trnddc02...
    > >> From: "Nick" <>
    > >>

    > |>> Please, can anyone help by explaining to me the following?

    Thanks
    > | in
    > |>> advance!
    > |>>
    > |>> Nick
    > |>>
    > |>> AlexaToolbar - Browser Plugin
    >
    >
    > Very minor data miner.
    >
    >
    > |>>
    > |>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
    > |>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
    > |>>
    > |>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
    > |>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
    >
    >
    > Not sure what these are...
    >
    >
    > |>> Advertising - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:/
    > |>>
    > |>> Atdmt - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:/
    > |>>
    > |>> Edge - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:4.com/
    > |>>
    > |>> Fastclick - 3rd Party Cookie
    > |>>
    > |>> URL - Cookie:/
    > |>>
    > |>> Tribalfusion - 3rd Party Cookie
    > |>>
    >
    >
    > Cookies are the LEAST of all problems to worry about. I don't bother with

    cookies at all.
    >
    >
    >
    > >> Please download, install and update the following software...

    > |
    > | Will you please let me know briefly what does the above INFO mean?
    > | I just started the security + program and hope to learn this stuff in
    > | details later on.
    > | Installing ZA helped me delete all of the above, but I guess it's not
    > | enough.
    > |
    > >> Ad-aware SE v1.06
    > >> http://www.lavasoft.de/
    > >> http://www.lavasoftusa.com/

    > |
    > | It took me a while to find this file finally at
    > | http://www.download.com/3001-8022_4-10399602.html
    > |
    > >> SpyBot Search and Destroy v1.4
    > >> http://security.kolla.de/

    > |
    > | Found this file at
    > | http://hestia-ignite.com/hs/spybot/download/index.html
    >
    >
    >
    > I don't know if that is a legal mirror site and not a tampered version (I

    hope it isn't !)
    > http://security.kolla.de/ takes you to

    http://www.safer-networking.org/en/index.html
    >
    > And was it found right here...
    > http://www.safer-networking.org/en/download/index.html
    >
    >
    >
    > |
    > | Actually I had this program on my computer before and I uninstalled it.
    >
    >
    > You probably had an older version. The latest version of SpyBot S&D is

    v1.4.
    >
    >
    > |
    > >> After the software is updated, I suggest scanning the system in Safe

    Mode.
    > |
    > | Do you mean rebooting the computer in Safe Mode and then scanning the
    > | system? Why is that so important? ( hope you do not mind if I ask stupid
    > | questions)
    > | I scanned immediately and I received the following result:
    >
    >
    > Safe Mode is a limited version of the OS. It doesn't load as many Kernel

    files and doesn't
    > load user startup files. Thus when scanning in Safe Mode removal of

    malware has a greater
    > efficacy. This is due to the fact that there is less of a chance that the

    malware is
    > running at the time of the removal.
    >
    >
    > < snip >
    >
    > >> I also suggest downloading, installing and updating BHODemon for any

    > | Browser Helper Objects
    > >> that may be on the PC.
    > >>
    > >> BHODemon
    > >> http://www.definitivesolutions.com/bhodemon.htm

    > |
    > | Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and

    BHO
    > | Demon on my PC? Is there any single program that performs all the

    functions?
    > |
    > | I appreciate your help!
    > |
    > | Nick
    > |
    >
    > No not at all. Albeit I am no phan of Norton AV (Symantec AV is for

    Corp./enterprise use
    > and Norton AV is their retail product line).
    >
    > NAV/SAV - Anti Virus
    > ZA - FireWall
    > SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware
    >
    > There is NO single program that it all. While there may be overlap in

    their application,
    > some may catch what another may miss. SyBot and Ad-aware are peer

    programs. They do the
    > same thing but one may catch what the other misses. BHODemon is spoecific

    to the non-viral
    > malware class called Browser Helper Objects (BHO). These are similar yet

    different to
    > plug-ins to Internet Explorer. An example of a good BHO is the Acrobat

    Reader. This way
    > you can view a PDF file within IE. Bad BHO's will generate lots of IE

    Pop-Ups, force you to
    > go to poern sites or other web sites you don't want to go to, etc.
    >
    > When it comes to viral malware (Trojans are not really viruses but tend to

    be classed that
    > way) one needs to have one anti virus application installed and performing

    what is known as
    > "On Access" scanning. This is the process of scanning files written to or

    read from the
    > hard disk. This is different fro what is known as "On Demand" scanning.

    This is when you
    > specifically have AV software scan the entire computer or a specified area

    of the computer
    > (such as a folder or just one hard disk).
    >
    > One should have only one "On Access" scanner installed but you can use

    multiple "On Demand"
    > scanners. Reason being one may find what another may miss.
    >
    > "On Demand" scanners can be online scanners or the can be local scanners.
    >
    > Example online "On Demand" scanners...
    >
    > Trend:
    > http://housecall.antivirus.com
    > http://housecall.trendmicro.com
    >
    > F-Secure:
    > http://support.f-secure.com/enu/home/ols.shtml
    >
    > McAfee:
    > http://www.mcafee.com/myapps/mfs/default.asp
    >
    > Panda:
    > http://www.pandasoftware.com/activescan/
    >
    > Kaspersky:
    > http://www.kaspersky.com/de/scanforvirus
    >
    > Symantec:
    > http://security.symantec.com/
    >
    > BitDefender
    > http://www.bitdefender.com/scan/license.php
    >
    > Freedom Online scanner
    > http://www.freedom.net/viruscenter/index.html
    >
    > The disadvantages of online scanners are...
    > - dependence upon IE
    > - requires Browser to be running
    > - tend to only run in Normal Mode
    > - some detect but don't remove infectors
    >
    > An example of a local "On Demand" scanner is my Multi AV scanning tool.

    It provides AV
    > scanners from; McAfee, Sophos and Trend Micro.
    >
    > The advantage are..
    > - can be executed in Safe Mode
    > - non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one

    can use NTFS4DOS
    > - no dependency on IE or a browser being used
    >
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script

    Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart

    scripts, one Link
    > (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and

    WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus

    Command Line Scanners to
    > remove viruses, Trojans and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in

    Normal Mode. This
    > way all the components can be downloaded from each AV vendor's web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files

    or you can
    > download the files and perform a scan in Normal Mode. Once you have

    downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into

    Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want

    to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal

    Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more

    comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to

    go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > * * * Please report back your results * * *
    >
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >



    Thank you very much Mr.Lipman.
    This is also a very useful lecture to me on my way to CompTIA Security +
    exam.

    All the best!

    Nick
    A+, Network+, CNA
     
    Nick, Sep 26, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?UmljayBLb3JiZWNr?=

    Wireless after SP2 : Spyware rears its hideous head

    =?Utf-8?B?UmljayBLb3JiZWNr?=, Sep 9, 2004, in forum: Wireless Networking
    Replies:
    0
    Views:
    506
    =?Utf-8?B?UmljayBLb3JiZWNr?=
    Sep 9, 2004
  2. Taller Than The Fence

    Mozilla Spyware Killer?

    Taller Than The Fence, Oct 8, 2004, in forum: Firefox
    Replies:
    4
    Views:
    766
    charles
    Oct 9, 2004
  3. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Support
    Replies:
    21
    Views:
    987
    Dustin Cook
    Nov 13, 2007
  4. PeterOut

    spyware.bearshare found by "Spyware Detector"

    PeterOut, Oct 27, 2007, in forum: Computer Security
    Replies:
    18
    Views:
    1,027
    Jim Watt
    Nov 14, 2007
  5. dfinc
    Replies:
    1
    Views:
    944
    Kayman
    Jan 23, 2009
Loading...

Share This Page