Re: Browser Hijack !!!!
From: Malke (malke_at_nospoonnotreally.com)
Date: 12/15/04
- Next message: ashnook: "Re: Volume meter 'gone away', cannot get back"
- Previous message: Greg: "Order of installation of updates and SP2"
- In reply to: phil: "Re: Browser Hijack !!!!"
- Next in thread: phil: "Re: Browser Hijack !!!!"
- Reply: phil: "Re: Browser Hijack !!!!"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Dec 2004 09:03:09 -0800
phil wrote:
> what programs would they use to do this?
> i like to fix things myself if i can.
>
> Phil
>
> "R. McCarty" <PcEngWork-NoSpam_@mindspring.com> wrote in message
> news:aulvd.3867$Yj4.500@newsread3.news.atl.earthlink.net...
>> Boot to Safe Mode (F8). Then run your tools.
>> However, based on the severity of your situation you might want
>> to take the computer to a local shop for professional cleaning.
When I clean a malware infested system, I start by manually deleting bad
files in Safe Mode. Of course, this requires a deep knowledge of
Windows operating systems, skill, and a lot of patience. You might also
note that Noadware was previously listed as "rogue spyware", in that it
added spyware to your system instead of removing it. According to this
excellent page by MVP Eric Howes, it has cleaned up its act:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note
However, if you have an earlier version you probably should uninstall
it. Aside from manually removing malware, here are my general malware
removal instructions. Make sure all tools are updated and that you run
everything in Safe Mode.
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/
General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: ashnook: "Re: Volume meter 'gone away', cannot get back"
- Previous message: Greg: "Order of installation of updates and SP2"
- In reply to: phil: "Re: Browser Hijack !!!!"
- Next in thread: phil: "Re: Browser Hijack !!!!"
- Reply: phil: "Re: Browser Hijack !!!!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
