An icon keeps appearing on my wife's desktop, saying "Click Here to Fix Errors".
In properties is a URL....
formatting link
No amount of scanning using various utilities, Ad-Aware, SpyBot S&D, eTrust Pest Patrol, Scan Spyware, Spyware Doctor, or Symantec finds anything.
Delete it from the desktop and it reappears in a few days.
Anyone recognize it?
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
Playing around I've concluded that this is Adware planted each time my wife visits website.
So I neutered it in the hosts file ;-)
I am really growing to love the hosts file ;-)
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
Right-click it, and look at its properties. It sounds like a shortcut to "regclean."
There's some program you can download to make stuff like that not automatically start (something like msstartup); you might need this if it's not in your start/programs/startup menu.
Also, most scanners, have a 'safe mode' form, or a scan from a boot disk, which is needed to deal with certain types of infection. If I remember correctly, that message, is from a particular form of 'spyware', and was common some months ago, but is correctly handled now by most of the anti-virus programs, but needs the latest version, run from a boot disk, rather than scanning from inside the OS, to find/fix...
If it's the one I think it is it took me 2 hours to get it off a workstation after some idiot clicked on a 'free' toolbar offer. BTW, if you pay for the 'remover' it still doesn't get removed. I wound up using the free demo Giant Antispyware tool (which Microsoft bought -
formatting link
to get most of it off. I installed TeaTimer to try to prevent further infestations.
Not here, but I would add another utility to your list of adware stuff, MS's Windows Defender. I know all about MS being the devil etc... but this software actually works and it's free for download off the MS website. BTW, neutering stuff in the hosts file works to stop stuff calling home but you still have the nasty in there somewhere so it's be worth trying to find out the cause.
I think I rooted it out this morning... but I'm still watching.
...Jim Thompson
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
It'll just come back Rich...I fought this one before. It gets installed via a pop-up that the user clicked on. Removing it is not easy. I had it beaten for 3 days then it came back. I eventually reformatted the customers computer...so much for the "protection" of AOL 9!!!
One huge vulnerability they don't tell Dozers about - Don't give ordinary user accounts administrator privileges, and don't run as administrator yourself, except when you have to administrate.
--
| James E.Thompson, P.E. | mens |
| Analog Innovations, Inc. | et |
| Analog/Mixed-Signal ASIC\'s and Discrete Systems | manus |
| Phoenix, Arizona Voice:(480)460-2350 | |
| E-mail Address at Website Fax:(480)460-2142 | Brass Rat |
| http://www.analog-innovations.com | 1962 |
I love to cook with wine. Sometimes I even put it in the food.
"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...
formatting link
Hi Jim,
The "infections" hide themselves from the OS and the scanners you are running. You could try some of the rootkit scanners
formatting link
formatting link
(by the way, if you have a rootkit, reinstall the OS!)
With your anti-virus do an offline scan and you have a better chance of detecting and removing this stuff, you achieved this partially by scanning from the network, but it is better to boot scan.
Assuming you can clean this PC then:-
If you insist on browsing from an administrator account then consider using dropmyrights
formatting link
The advantage of running as limited user is the "infections" can't install, all adaware, spybot etc finds now are cookies!
Jim - We got that with an infection of Brave Sentry. Every time we removed it, the message came back shortly. sysadmin wouldn't spring for a paid scanner that would actually remove problems though Spybot did detect them. I finally dove in and removed some offending keys in the registry that spybot had identified.
Have you tried Windows Defender (free)
formatting link
There's also a free system security scan here (use the full service scan and use the complete scan option on a later screen)
formatting link
Microsoft sells the onecare product to keep on your computer but you can run the online version (just doesn't have realtime protection) as often as you like. I run the online version every few weeks to remove temp files that the normal cleanup doesn't find. Also has a registry cleaner which is pretty effective.
How does one "neuter the host file"? Not familiar with that.
Oppie
"Jim Thompson" wrote in message news: snipped-for-privacy@4ax.com...
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.