Losing Control of my Computer



PorkTeriyaki
07-09-2005, 11:52 PM
I have virus protection, firewalls, popup blockers, a spyware remover,
& a CWS shredder, but still I'm spending more time clicking off popups,
deleting unwanted bookmarks from my Favorites list, & deleting unwanted
shortcuts from my desktop, than working with my computer. How do you
keep free from these swarms of pests?

Many of these files are attached to \WINN\system32\. If find many
files attached to this but don't know what they are so don't know which
to delete. Where can I get a directory of file names?

The most tenacious of these pests are Aurora,
banners.searchingbooth.com, ads1.revenue.net,
fad.1115.nyc1.targetnet.com, adserver.sharewareonline.com,
www.smileycentral.com, ads.addynamix.com, net-offers.net, All Jackpots
Online Casino, & All Shots Casino. How do you cut these off?

Malke
07-09-2005, 11:52 PM
PorkTeriyaki wrote:

> I have virus protection, firewalls, popup blockers, a spyware remover,
> & a CWS shredder, but still I'm spending more time clicking off
> popups, deleting unwanted bookmarks from my Favorites list, & deleting
> unwanted
> shortcuts from my desktop, than working with my computer. How do you
> keep free from these swarms of pests?
>
> Many of these files are attached to \WINN\system32\. If find many
> files attached to this but don't know what they are so don't know
> which
> to delete. Where can I get a directory of file names?
>
> The most tenacious of these pests are Aurora,
> banners.searchingbooth.com, ads1.revenue.net,
> fad.1115.nyc1.targetnet.com, adserver.sharewareonline.com,
> www.smileycentral.com, ads.addynamix.com, net-offers.net, All Jackpots
> Online Casino, & All Shots Casino. How do you cut these off?

Obviously the popup blocker and spyware remover(s) you have aren't
working. Seriously, your computer is quite infested and you need to
clean it up. Follow the general malware removal steps below, doing
everything with updated tools in Safe Mode. From your description of
the extent of the problem, you will probably need to also run
HijackThis. To make a shorter newsgroup post, I've got links to all the
programs and sites on my website here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

The links for HijackThis tutorials and places to post your log (not
here, please) are on the website, too.

Particularly check out the last link to MVP Eric Howes' "rogue spyware"
page to make sure the "spyware remover" you have isn't really
betrayalware.

First delete all Temporary and Temporary Internet Files. For IE's
Temporary Files, go to Control Panel>Internet Options>General tab.
You'll see where you can delete cookies and files. For Firefox, clear
its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
Temporary files, Start>Run cleanmgr [enter].

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix or WinSockFix for XP - see links
below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See the links on my
website for a HijackThis tutorial and places where you can post your
HJT log. Again, this is an expert tool and novices should get help
with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Imhotep
07-09-2005, 11:52 PM
Malke wrote:

> PorkTeriyaki wrote:
>
>> I have virus protection, firewalls, popup blockers, a spyware remover,
>> & a CWS shredder, but still I'm spending more time clicking off
>> popups, deleting unwanted bookmarks from my Favorites list, & deleting
>> unwanted
>> shortcuts from my desktop, than working with my computer. How do you
>> keep free from these swarms of pests?
>>
>> Many of these files are attached to \WINN\system32\. If find many
>> files attached to this but don't know what they are so don't know
>> which
>> to delete. Where can I get a directory of file names?
>>
>> The most tenacious of these pests are Aurora,
>> banners.searchingbooth.com, ads1.revenue.net,
>> fad.1115.nyc1.targetnet.com, adserver.sharewareonline.com,
>> www.smileycentral.com, ads.addynamix.com, net-offers.net, All Jackpots
>> Online Casino, & All Shots Casino. How do you cut these off?
>
> Obviously the popup blocker and spyware remover(s) you have aren't
> working. Seriously, your computer is quite infested and you need to
> clean it up. Follow the general malware removal steps below, doing
> everything with updated tools in Safe Mode. From your description of
> the extent of the problem, you will probably need to also run
> HijackThis. To make a shorter newsgroup post, I've got links to all the
> programs and sites on my website here:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> The links for HijackThis tutorials and places to post your log (not
> here, please) are on the website, too.
>
> Particularly check out the last link to MVP Eric Howes' "rogue spyware"
> page to make sure the "spyware remover" you have isn't really
> betrayalware.
>
> First delete all Temporary and Temporary Internet Files. For IE's
> Temporary Files, go to Control Panel>Internet Options>General tab.
> You'll see where you can delete cookies and files. For Firefox, clear
> its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
> Temporary files, Start>Run cleanmgr [enter].
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix or WinSockFix for XP - see links
> below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See the links on my
> website for a HijackThis tutorial and places where you can post your
> HJT log. Again, this is an expert tool and novices should get help
> with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Malke

....if it is that bad maybe a rebuild might be easier...make sure to do it
right (and behind a firewall)

-Im

Phillip Windell
07-09-2005, 11:52 PM
You'd eliminate 99% of all that stuff and never need any of those
Application to protect you if you just disable all the ActiveX related stuff
in the Browser's security settings.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

"PorkTeriyaki" <helluo@go.com> wrote in message
news:1116708640.547167.130150@g49g2000cwa.googlegroups.com...
> I have virus protection, firewalls, popup blockers, a spyware remover,
> & a CWS shredder, but still I'm spending more time clicking off popups,
> deleting unwanted bookmarks from my Favorites list, & deleting unwanted
> shortcuts from my desktop, than working with my computer. How do you
> keep free from these swarms of pests?
>
> Many of these files are attached to \WINN\system32\. If find many
> files attached to this but don't know what they are so don't know which
> to delete. Where can I get a directory of file names?
>
> The most tenacious of these pests are Aurora,
> banners.searchingbooth.com, ads1.revenue.net,
> fad.1115.nyc1.targetnet.com, adserver.sharewareonline.com,
> www.smileycentral.com, ads.addynamix.com, net-offers.net, All Jackpots
> Online Casino, & All Shots Casino. How do you cut these off?
>

PorkTeriyaki
07-09-2005, 11:52 PM
I think i found the problem. I found my firewall disabled and can't
reactivate it. I'll have to call Symantec to discuss this. And when
running Norton Virus Protector, it indicated a virus in
C:\ied_s7m.cab\nnet.exe which it can't remove or quarantee. This might
have something to do with the firewall being shut off.

I downloaded another popup blocker & an adware blaster. This got rid
of most of the popups except those from Aurora, RateMyPup, &
coolweb.com. But I talk to Symantec about this.


Losing Control of my Computer