Problem Infection??

Playing around I've concluded that this is Adware planted each time my wife visits website.

So I neutered it in the hosts file ;-)

I am really growing to love the hosts file ;-)

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
|  Analog/Mixed-Signal ASIC\'s and Discrete Systems  |    manus    |
|  Phoenix, Arizona            Voice:(480)460-2350  |             |
|  E-mail Address at Website     Fax:(480)460-2142  |  Brass Rat  |
|       http://www.analog-innovations.com           |    1962     |
             
I love to cook with wine.      Sometimes I even put it in the food.

Right-click it, and look at its properties. It sounds like a shortcut to "regclean."

There's some program you can download to make stuff like that not automatically start (something like msstartup); you might need this if it's not in your start/programs/startup menu.

And, you could just remove the program.

Good Luck! Rich

Check the security settings. If sites can plant stuff like that who knows what else they could sneak, or have already snuck in.

--
Regards, Joerg

http://www.analogconsultants.com

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

You shouldn't be surfing as Administrator, what is the OS?

regards

Ian

Also, most scanners, have a 'safe mode' form, or a scan from a boot disk, which is needed to deal with certain types of infection. If I remember correctly, that message, is from a particular form of 'spyware', and was common some months ago, but is correctly handled now by most of the anti-virus programs, but needs the latest version, run from a boot disk, rather than scanning from inside the OS, to find/fix...

Best Wishes

You might consider switching her to a non-adminiustrator account ( I call it "wife_wimpy account" ) and/or using FireFox.

If it's the one I think it is it took me 2 hours to get it off a workstation after some idiot clicked on a 'free' toolbar offer. BTW, if you pay for the 'remover' it still doesn't get removed. I wound up using the free demo Giant Antispyware tool (which Microsoft bought -

to get most of it off. I installed TeaTimer to try to prevent further infestations.

It's a link to an ad server and is probably one of the more notorious infections. Interesting none of the various tools found it.

Is she using exploder? If so, you may need to tweak some settings (so other sites don't do the same thing).

Cheers

PeteS

In message , Jim Thompson writes

Not here, but I would add another utility to your list of adware stuff, MS's Windows Defender. I know all about MS being the devil etc... but this software actually works and it's free for download off the MS website. BTW, neutering stuff in the hosts file works to stop stuff calling home but you still have the nasty in there somewhere so it's be worth trying to find out the cause.

--
Clint Sharp

I think I rooted it out this morning... but I'm still watching.

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
|  Analog/Mixed-Signal ASIC\'s and Discrete Systems  |    manus    |
|  Phoenix, Arizona            Voice:(480)460-2350  |             |
|  E-mail Address at Website     Fax:(480)460-2142  |  Brass Rat  |
|       http://www.analog-innovations.com           |    1962     |
             
I love to cook with wine.      Sometimes I even put it in the food.

Download the LSP add-on for Lavasoft's Ad-Aware... I think you'll be surprised at some of the leaks that Layered Service Providers can be.

It'll just come back Rich...I fought this one before. It gets installed via a pop-up that the user clicked on. Removing it is not easy. I had it beaten for 3 days then it came back. I eventually reformatted the customers computer...so much for the "protection" of AOL 9!!!

One huge vulnerability they don't tell Dozers about - Don't give ordinary user accounts administrator privileges, and don't run as administrator yourself, except when you have to administrate.

Or, just get Linux. ;-)

Cheers! Rich

Where do I get that?

...Jim Thompson

--
|  James E.Thompson, P.E.                           |    mens     |
|  Analog Innovations, Inc.                         |     et      |
|  Analog/Mixed-Signal ASIC\'s and Discrete Systems  |    manus    |
|  Phoenix, Arizona            Voice:(480)460-2350  |             |
|  E-mail Address at Website     Fax:(480)460-2142  |  Brass Rat  |
|       http://www.analog-innovations.com           |    1962     |
             
I love to cook with wine.      Sometimes I even put it in the food.

It's the LSP Explorer, it's free.

Get a look at a fresh XP with it to help you with the decision of what to remove. I currently have 6 protocols and 3 name space providers in mine.

That's the message of Windows Vista!

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

Hi Jim,

The "infections" hide themselves from the OS and the scanners you are running. You could try some of the rootkit scanners

(by the way, if you have a rootkit, reinstall the OS!)

With your anti-virus do an offline scan and you have a better chance of detecting and removing this stuff, you achieved this partially by scanning from the network, but it is better to boot scan.

Assuming you can clean this PC then:-

If you insist on browsing from an administrator account then consider using dropmyrights

The advantage of running as limited user is the "infections" can't install, all adaware, spybot etc finds now are cookies!

regards,

Ian

Jim - We got that with an infection of Brave Sentry. Every time we removed it, the message came back shortly. sysadmin wouldn't spring for a paid scanner that would actually remove problems though Spybot did detect them. I finally dove in and removed some offending keys in the registry that spybot had identified.

Have you tried Windows Defender (free)

There's also a free system security scan here (use the full service scan and use the complete scan option on a later screen)

Microsoft sells the onecare product to keep on your computer but you can run the online version (just doesn't have realtime protection) as often as you like. I run the online version every few weeks to remove temp files that the normal cleanup doesn't find. Also has a registry cleaner which is pretty effective.

How does one "neuter the host file"? Not familiar with that.

Oppie

"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...

Right, Check if it's in the statup menu. Also look for strange entries of "run=" in the registry.