Re: CWS & about.blank return
From: PA Bear (PABear_at_mvps.org)
Date: 06/16/04
- Next message: Jim Byrd: "Re: Content Advisor Not Working"
- Previous message: PA Bear: "Re: IE sending data"
- In reply to: david: "CWS & about.blank return"
- Next in thread: Jim Byrd: "Re: CWS & about.blank return"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 16 Jun 2004 01:29:54 -0400
Check your system for "hijackware":
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder (fix all found)
2. Ad-Aware (fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
Also:
1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
-- HTH - Please Reply to This Thread ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE), AH-VSOP AumHa Forums http://forum.aumha.org What You Should Know About Spyware http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx david wrote: > A friend with winxp has about.blank and CWS on her computer. In safe mode > I turned off restore and ran CWShredder 1.59. It only found 6 IE pages to > restore. Then HiJackThis and only found two questionable items to remove. > Then ran stinger. It found no problems. Ran SBS&D 1.3 and Ad-Aware. Fixed > everything they found. Went to Internet options and fixed the home page. > Installed MVP HOSTS and SpyWareBlaster 3.1. Rebooted and things looked OK. > Home page is MSN and she uses hotmail. Disconnected and reconnected > several times and without problems. > > Then I went to Google and searched for a model airplane. SBS&D teatimer > popped up with requests to change the homepage and the install a BHO. I > denied both of them. Disconnected from the internet and ran SBS&D and > Ad-Aware. Spybot did not find anything but Ad-Aware found 9 problems. > Fixed those and tried again. Same things happened but this time the > Ad-Aware errors grew to 12. Fixed these and booted to Safe Mode. Ran > SWShredder but it did not find and fix anything. Ran HiJackThis but there > were no new entries. Rebooted and tried the internet and search again. > Same thing happened. We did look at a few more sites and had a few more > teatimer pop-ups that were denied. The Ad-Aware scan this time found 16 > problems; two to change the homepage and the rest for CWSearch. > > How can I resolve this? Please do not imply that we are surfing porn. She > says that she does not do that. I only went to google and the last search > used MSN search. > > David
- Next message: Jim Byrd: "Re: Content Advisor Not Working"
- Previous message: PA Bear: "Re: IE sending data"
- In reply to: david: "CWS & about.blank return"
- Next in thread: Jim Byrd: "Re: CWS & about.blank return"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
