# *** read this before posting any problems with your pc ***



## FridgeMagnet (Jan 29, 2004)

If you are coming across strange behaviour from Windows / Internet Explorer, such as

home page being changed all the time
mysterious popups appearing
constantly redirected to a particular site
it is likely that you have been infected with *adware*, a program designed (as the name suggests) to bombard you with adverts.

The best way of getting rid of it is to run one of the specialised programs that do this. Two popular ones are:

*Ad-aware*
http://www.lavasoftusa.com/software/adaware/

*Spybot Search & Destroy*
http://www.safer-networking.org/

If those don't work, you might like to try:

*Bazooka*
http://www.kephyr.com/spywarescanner/index.html

_(please suggest any others that are known to be good)_

Please be careful when using other programs, as some of them actually install spyware/adware. There is _never_ any need to pay money for them - ones which ask you for money are usually rip-offs of other people's work. _Never_ use any program advertised in spam or popups, you could do more damage to your computer with these so-called "solutions".

One particularly persistent piece of adware is called CoolWebSearch. If you have a variant of this and the above programs aren't helping, you might find the following program useful: CWShredder.

Spyware and adware are installed either by other programs that you have downloaded and installed, or through security holes in Internet Explorer. You might wish to switch to another browser such as Mozilla or Opera.

Anti-virus programs and firewalls will not necessarily protect you against spyware and adware, though they are important in their own right.

ALSO: 

*PC Problems*
Oh, No--My PC Won't Even Boot!
http://www.pcworld.com/news/article/0,aid,125161,pg,2,00.asp

Why Is My PC Behaving Strangely?
http://www.pcworld.com/news/article/0,aid,125161,pg,3,00.asp

Why Does My PC Run So Slowly?
http://www.pcworld.com/news/article/0,aid,125161,pg,4,00.asp

Support Tips From the Pros
http://www.pcworld.com/news/article/0,aid,125161,pg,6,00.asp

Tools and Tips for the Most Frustrating PC Problems
http://www.pcworld.com/news/article/0,aid,125161,pg,7,00.asp

*Networking/Wi-Fi*
What's Wrong With My Network?
http://www.pcworld.com/news/article/0,aid,125161,pg,5,00.asp

Wi Fi FAQ
http://www.wi-fihotspotlist.com/faq.html

TCP/IP Home Networking and File Sharing Tutorial
http://www.homenethelp.com/web/howto/net.asp

*Apple Mac*
MacFixIt Tutorials
http://www.macfixit.com/staticpages/index.php?page=20031209121115375

**If these guides don't help, feel free to look through and ask questions in the info-packed thread on these boards:*
http://www.urban75.net/vbulletin/showthread.php?t=66605


----------



## miss minnie (Jan 29, 2004)

online parasite detection script 

visit the link, while the page loads it looks for parasites attached to your browser and lists the results.

the site also has loads of information on parasites and instructions for manual removal, although spybot/ad-aware is usually the simplest route to take.

lots of useful links too.


----------



## Elpenor (Jan 30, 2004)

All of FM's suggestions. I've also found running Hijack this to help.

It produces a logfile which the makers recommend posting at their forums (links on the page). Otherwise you could delete the wrong stuff.

I've found a combination of this, CWShredder, Adaware and Spybot sufficient to keep all the computers on the house network ad-free.


----------



## JFC (Feb 1, 2004)

Yes, my web browser at work is infected with this (from the previous user of teh computer)  I tried CW shredder which removes it and it comes back again whe nI reboot.  i don;t really want to run adaware etc on the pc.

The MD of coolwebsearch needs an extemely stroppy and highly poisonous snake inserting up his arse


----------



## Loki (Feb 1, 2004)

JFC said:
			
		

> i don;t really want to run adaware etc on the pc.


Why not?   It's harmless & safe.


----------



## ion (Feb 1, 2004)

Good post FM. Been seeing more and more of this in Computer forum lately.


----------



## tOka (Feb 6, 2004)

I have had Adaware running on my pootahs now for over a year, and usually do a full system scan every week or two. It amazes me how many files it detects, and deletes from each scan. It's never less than 5 and often as many as 20. I've not really been plagued by pop-ups etc but I just don't like the idea of tracking cookies etc.

Worthy post FM


----------



## gnoriac (Feb 8, 2004)

Another scumware strategy, though not that common, is a dodgy BHO (Background Helper Object), a small program that gets run every time IE starts up. They don't always get picked up by the other programs mentioned, so if other things fail try BHO demon which, like many good things, is freeware.


----------



## Boris Sprinkler (Feb 11, 2004)

*If you don't want to install anything*

can I recommend, Spyware info's spyware scanner.

http://www.spywareinfo.com/xscan.php



It scans and removes using active X. If prompted allow the command.


----------



## Tom A (Mar 7, 2004)

Thanks for that online detection script, miss minnie, I ran it on my mum's computer, which had been attacked by such a browser hijacker, and it detected the bastard, even though it evaded the virus scanners and was thought to be eliminated. I have also installed Mozilla on her computer, which should be a lot more resistant to hijack attempts.


----------



## Mab (Mar 11, 2004)

Hooray!!!! Finally after 12 days I finally enabled my high speed connection. I had wires everywhere. However, I don't understand this "freezing" or why my "" has switched keys with the @. Or put another way; why is the 2 key when on shift "  when it should be @. @ with shift is now the " key.

Sorry, but ya know what I mean?


----------



## miss minnie (Mar 11, 2004)

wrong thread.


----------



## the scouser (Mar 21, 2004)

rapunzell said:
			
		

> Hooray!!!! Finally after 12 days I finally enabled my high speed connection. I had wires everywhere. However, I don't understand this "freezing" or why my "" has switched keys with the @. Or put another way; why is the 2 key when on shift "  when it should be @. @ with shift is now the " key.
> 
> Sorry, but ya know what I mean?



Your @ being replaced with " is due to you having U$A keyboard settings on windows - go to control panel - then keyboard - and language settings - change it to UK settings


----------



## Lub (Mar 21, 2004)

Help!

My browser homepage has been changed to: 
'http://searchexe.com/passthrough/popupbaropener.html'.

I've checked the settings and changed the homepage in internet properties, but it only stays like this during the same session. Have tried all the above spyware/adware progs but its still there along with an extremely annoying extra toolbar 'Nurb manager mode'.

Sound familiar? Any advice of how to get rid of this shite?


----------



## Njustice (Mar 22, 2004)

Lub said:
			
		

> Help!
> 
> My browser homepage has been changed to:
> 'http://searchexe.com/passthrough/popupbaropener.html'.
> ...




Download 'Hijack This!'. http://mjc1.com/files/merijn/HijackThis.exe
Put into a *permanent* folder, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"  button.
Press that, save the log, Ctrl-A to Select All, and paste Ctrl-V its contents in a new thread.

Ad-Aware|AVG Free Edition|CoolWeb Shredder |HijackThis|IE-SPYAD|Spybot S&D|SpywareBlaster|SpywareGuard
Caution: Do not use HiJackThis without the advice of an expert!!!


----------



## Lub (Mar 23, 2004)

Thanks for the advice NJustice.


----------



## Njustice (Mar 24, 2004)

Your welcome Lub.....

Here is a new link for HJT so you don't need to unzip....just double click and run.
HijackThis


----------



## feyr (Apr 25, 2004)

i've tried the online checker, i've downloaded a couple of the spyware removal programs, i've run several virus thingys and i've tried to manuallyy remove the files, but still i'm re-directed to sodding webalize search page  anyone else had this one and know how the hell to get rid of it?


----------



## FridgeMagnet (Apr 25, 2004)

Followed the steps here?
http://www.kephyr.com/spywarescanner/library/searchcentrix.webalize/index.phtml

There's a link there to a scanner that I don't think's been mentioned so far, something called Bazooka:
http://www.kephyr.com/spywarescanner/index.html


----------



## feyr (Apr 25, 2004)

cheers fridgemagnet


----------



## FridgeMagnet (Apr 25, 2004)

Let us know if it works and if so, I'll add that scanner to the first post on this thread.


----------



## feyr (Apr 25, 2004)

it does indeed work


----------



## LDR (May 18, 2004)

I got attacked by omegasearch.

It took me almost half a day to sort it out.


----------



## walktome (Jun 1, 2004)

This has happened to my IE. I now use Opera most of the time, but it for some reason keeps freezing every time I try to log into u75. Anyways though, I have run Lavasoft's AdAware and I still seem to be getting popups. Maybe I'll try one of the other programs. But this one has worked for the past little while. Oh well.


----------



## editor (Jun 1, 2004)

This is quite a handy one too:

Fed up with web adverts and dodgy tracking cookies from ad servers?

Check out Mike Skallas' Ad Blocking Hosts file.

(Naturally, I'd recommend that you use it with your anti-virus checker, Ad Aware and Spybot Search & Destroy to keep your PC free of ever increasing amounts of shite)


----------



## Wintermute (Jun 4, 2004)

<begin rant>

CoolWebSearch. Oh, CoolWebSearch. You bunch of cunts. You parasitic fucking cunts. You leeching, malicious, conniving _wankers_. Watching your own entrails being wound round a hot poker several feet away would be a merciful death for you.

I KNOW it's my own fault; I use the lamest fucking browser on the lamest fucking OS on the planet, and i still don't bother running windows update. I'm a fucking web developer, ferchrissakes, and i still don't do it. Well, I've done what I should have done a long time ago and have switched to Mozilla. I ran the AdAwares and the S&D's and the CWshredders, and got the hosts file and and went through my fucking registry till my eyes went funny - and a respectful thankyou goes out to this thread; U75, a mine of useful info as usual - but CoolWebSearch: a very, very special place in Hell is reserved especially for you. And it's going to involve pain and humiliation and frustration and as much boiling tar as I can find. You Cunts.

</rant>


----------



## Lord Hugh (Jun 7, 2004)

CWS. I will kill the motherfucker that made this. I've run Ad-aware, Spybot, CWShredder, Bazooka, Norton & Anti-Vir (all up-to-date) & it still keeps coming back  I'm now in the process of trying the other progs suggested. Fuck.


----------



## hovis (Jun 14, 2004)

Lord Hugh said:
			
		

> CWS. I will kill the motherfucker that made this. I've run Ad-aware, Spybot, CWShredder, Bazooka, Norton & Anti-Vir (all up-to-date) & it still keeps coming back  I'm now in the process of trying the other progs suggested. Fuck.



My oldies have the same problem. I ran CWshredder, adaware, they have norton internet security and anti-virus, and they got a computer bloke in. And it is still bloody there!! Arse.

If I knew what the registry entry was I would delete it. But I don't know which version of CSW it is, or what it is disguised as. 

Bumholes.


----------



## rorymac (Jun 15, 2004)

CoolWebSearch   ... fuckin evil bastard!! 
I haven't been on line so much the last few days and it's now it really fuckin winds me up ... before I'd just get rid of it while I did me stuff ..but now I see it like a burglar that burgles you every day... I want to catch it and torture it and it's maker til they squeel and til as Michael my Romanian mate says .. 'rory the heart it go pop .... focky pop' ..
If I can find out how to get rid of the bollix I'll post it up
But it aint gonna happen 
But please post up if you suss how to zap the filthy bloody rapist !!


----------



## Lord Hugh (Jun 15, 2004)

Ygotta turn off system restore first. I *think* it's gone now. Turn off system restore, then blast it with CWShredder, adaware & possibly spybot, just in case. I'll tell you if it comes back though


----------



## rorymac (Jun 15, 2004)

How do you turn off system restore Lord Hugh? 
Windows xp 
Thanks in advance !!!


----------



## MightyAphrodite (Jun 15, 2004)

im not lord hugh but....

right click on your 'my computer' ( or whatever youve got it named agnus ?  ) on your desktop and click the tab that says system restore...theres a box to tick to turn it off.


----------



## rorymac (Jun 15, 2004)

There's no tab that says that Mrs Chocolate   x


----------



## MightyAphrodite (Jun 16, 2004)

well youll just have to wait for lord hugh then cause ive no clue ....thats how i turned it off on my XP though


----------



## miss minnie (Jun 16, 2004)

my computer->properties->system restore tab

or

start menu->settings->control panel->system->system restore tab


----------



## MightyAphrodite (Jun 16, 2004)

oops i forgot about the properties bit.youre so smart minnie


----------



## past caring (Jun 16, 2004)

Fuckers just got me last night - twats - even with Sygate running (and checking "no" when anything even slightly untoward tried to access the network) and XP with all critical updates......

So, this system restore bussiness - after unchecking the box and running CWshredder etc - do you _re-_check the box, or leave it with system restore permenantly unchecked?


----------



## Lord Hugh (Jun 16, 2004)

It came back


----------



## past caring (Jun 16, 2004)

Sure it's not a case of you forgetting _not_ to re-visit whatever dodgy porn site you picked it up from to begin with?


----------



## miss minnie (Jun 16, 2004)

Best Way To Avoid These Things Is Not To Use Internet Explorer.  

Aol Is  A Custom Built Version Of Ie.

Firefox And Opera Cannot Be Hijacked.

DAMN.  WROTE ALL OF THAT IN CAPITAL LETTERS FOR EXTRA EMPHASIS BUT VBULLETIN DOESN'T LIKE PEOPLE SHOUTING!!!


----------



## Lord Hugh (Jun 16, 2004)

past caring said:
			
		

> Sure it's not a case of you forgetting _not_ to re-visit whatever dodgy porn site you picked it up from to begin with?


 That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.

And you can recheck system restore if you want, as long as you're sure it's gone.


----------



## walktome (Jun 16, 2004)

miss minnie said:
			
		

> Best Way To Avoid These Things Is Not To Use Internet Explorer.
> 
> Aol Is  A Custom Built Version Of Ie.
> 
> ...



I use Opera but for some reason whenever I try logging into u75 with Opera it freezes. So I use IE for u75. I also use it for Live Journal because for whatever reason my LJ doesn't show up properly with Opera.


----------



## miss minnie (Jun 16, 2004)

i can view urban75 in ie, opera, mozilla and firefox on each of my w2k, xp and 98 machines.   suggest you check your opera settings and reinstall if necessary.  or try firefox.


----------



## swelegant (Jun 17, 2004)

Is it just me, or has the cwshredder update server been down for ages?


----------



## past caring (Jun 17, 2004)

Lord Hugh said:
			
		

> That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.



It _is_ funny, 'cos I've got the same problem myself - in fact I've "caught" something so new and unusual that even the folks over at Security Forums don't know what to do with it......

So when I get home this evening I'm set for a complete re-install and all that entails.......


----------



## GarfieldLeChat (Jun 17, 2004)

Lord Hugh said:
			
		

> That would've been funny a week ago. Seeing as it's evaded every single attempt I've made to get rid of it, it's not.
> 
> And you can recheck system restore if you want, as long as you're sure it's gone.




download hijack this and run it then can you post the log file itcreates up so we can see it, some one may be able to tell what the problem is


----------



## hovis (Jun 18, 2004)

Is 'hijack this' alright then? I'll try it on my oldies computer if it's ok...


----------



## TopCat (Jun 18, 2004)

*Adstartup*

Well adstartup is causing endless grief. I have run all of the spyware removal diagnostic progranms to no avail. The registry entries replicate themselves if you delete them. Hijack this came up with this log file...

Logfile of HijackThis v1.97.7
Scan saved at 16:08:06, on 18/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Windows\System32\NMSSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Windows\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\System32\PROMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.transportforlondon.gov.uk/dial-a-ride/capitalcall.shtml
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - C:\Windows\System32\SWin32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pmcpdj] C:\Windows\System32\odxnqgau.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Adstartup] C:\Windows\System32\automove.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hctl.local
O17 - HKLM\Software\..\Telephony: DomainName = hctl.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hctl.local

HELP!


----------



## Lord Hugh (Jun 18, 2004)

GarfieldLeChat said:
			
		

> download hijack this and run it then can you post the log file itcreates up so we can see it, some one may be able to tell what the problem is


 Nah there ain't nothing in hijackthis, believe me I've checked. Everything in it is accounted for (except for when CWS decides to drop a dll into my system directory which then goes & takes over my home page  ) I wish it was simple as that... I can't even find any dodgy dlls loaded in IE. I honestly haven't got a fucking clue where it keeps coming from


----------



## miss minnie (Jun 18, 2004)

TopCat said:
			
		

> Well adstartup is causing endless grief. I have run all of the spyware removal diagnostic progranms to no avail. The registry entries replicate themselves if you delete them. Hijack this came up with this log file...
> 
> Logfile of HijackThis v1.97.7
> Scan saved at 16:08:06, on 18/06/2004
> ...


 start menu -> run -> type 'regedit' -> HKEY_LOCAL_MACHINE -> SOFTWARE -> microsoft -> windows -> current version -> run -> 

delete the key : "Adstartup" with the value : "C:\Windows\System32\automove.exe"

then reboot your machine.  the process should not be running on reboot allowing you to run whatever spyware proggy you use and it should be able to actually remove the files and other bits that make up the parasite.

you could also use explorer to delete the file "C:\Windows\System32\automove.exe" manually.

(not totally sure about those other two registry entries either...)


----------



## Lord Hugh (Jun 18, 2004)

*C:\Windows\System32\odxnqgau.exe* is def spyware / a virus of some sort.

*C:\Windows\System32\SWin32.dll* is part of adstartup too, it seems.


----------



## GarfieldLeChat (Jun 18, 2004)

hovis said:
			
		

> Is 'hijack this' alright then? I'll try it on my oldies computer if it's ok...




yeah it's fine the log files can be quite useful if you cannot get to the bottom of a problem


----------



## Lord Hugh (Jun 22, 2004)

http://www.wilderssecurity.com/showpost.php?p=162440&postcount=4

Just found this & am in the process of trying to fix it. Fucking fucking fucking bastard. Almost certain it's that file I put a post up about the other day.

...

It's gone. It was that file. Motherfuckingfuckshitter. Jesus. I commend whatever cunt built that on its resistance to anything, but if I ever meet him I would consider 3 consecutive kicks to the bollocks getting off lightly. CWS. All I can hope is that this is the final "version", but I doubt that very much...

Anyone who's having troubles following that gimme a pm, it's not the best explanation but the software they recommend is v useful.


----------



## rasrave (Jun 26, 2004)

I had the "your-searcher" start page and the "Winmin" whilst trying to shut down the computer....
Went to http://www.spywareinfo.com/~merijn/donate.html after afriend had the same problem, it allows you to run CWshredder (apparently gets rid of the problem).
Have a read, if it does not work there is something called HiJackThis which is way more complicated than I would pretend to know about....
To cut a long story short, my homepage was taken over and I had a strange "winmin" message (twice in a row) message when I tried to shut down...
All is good now, and I hope that I am in line when it is time for the (hard) kick to the bloocks for the people who come up with this crap...
Info (and possible fix): http://www.spywareinfo.com/~merijn/donate.html  (again)


----------



## hovis (Jun 26, 2004)

Just been re infected with CWS   

Here we go again...


----------



## hovis (Jun 29, 2004)

I have cool web search again. Adaware deletes it but then it comes back, cwshredder does the same. I have installed zonealarm and I have sophos antivirus. I am using IE, but am going to install another browser soon. I hope someone can help by looking at my Hijack this log file:



> Logfile of HijackThis v1.97.7
> Scan saved at 12:12:44, on 29/06/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
> ...


----------



## GarfieldLeChat (Jun 29, 2004)

> C:\WINDOWS\BCMSMMSG.exe
> 
> O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe



seems a bit odd what's that for then ?

you have a start up key for it as well?


----------



## RaverDrew (Jun 30, 2004)

Having massive probs with my pc, is barely useable at all   HELP ME PLEASE!!!! 

logfile from hijack this:



> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> ...


----------



## hovis (Jul 2, 2004)

GarfieldLeChat said:
			
		

> seems a bit odd what's that for then ?
> 
> you have a start up key for it as well?



I did a google (it's not dodgy):

Process File: bcmsmmsg or bcmsmmsg.exe
Process Name: BCMSMMSG
Description: Background task used as a BCM voice modem driver and required for dial-up modems.
Company: Broadcom Corporation.
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

Thanks anyway!


----------



## Lord Hugh (Jul 13, 2004)

Hovis read my link above, I don't see anything suspicious in your log, so I'm guessing it's the supersecret CWS files I had a problem with.

*Drew*, C:\WINDOWS\system32\hxuee.dll is something dodge on your pc. Also, go here for more advice on how to remove "lop", which is what C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe is. I think it's linked to the first dll, but check if that's still there after removal (there's a link to an auto-remover on that site) just in case.

Oh you have CleverIeHooker too, there's removal instructions there.

Get rid of http://download.redswoosh.net/Installer/104/rsinstaller.cab with hijackthis. Not sure what system it's part of, but it's identified as spyware here. Get rid of http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab. 

http://64.156.31.98/058716uk.exe looks supremely dodgy, unless you know what it is. The site is just a huge list of files with numerical names.

Ok do all that (including te removals on the sites above) then come back & post a new log & we'll see what's left or not. Your pc's fuckin suffering though!


----------



## nickolarse (Aug 15, 2004)

I just ran Bazooka and its telling me to delete WinDir.svchost and Systemdir.explorer if I am sure they are a threat. Uhh how do I anaylse them and be sure they need to be deleted?

(I am only trying to remove the website that keeps re-inserting itself in my homepage on IE*)

"A common technique that spyware, adwares, viruses, keyloggers etc use to hide from users is to drop files on the system that use the same name as a legitimate file but in a different folder. SystemDir.explorer is a warning that there is a file named explorer.exe located in %SystemDir% on your system. The legitimate explorer.exe file is located in %WinDir%. You might want to analyse %SystemDir%\explorer.exe to verify it is something that you really want on your system."

So I should go to the directory 'systemdir' and delete systemdir.explorer   

*Note to self: Will be using Mozilla in the future.


----------



## spudulike (Aug 17, 2004)

*Beware if you decide to reinstall Windows XP*

Did you know that before you have downloaded the "critical patches" from Windows Update for a fresh install, you're very likely to get infected as survival time is now averaging about 20 minutes.

There is a link from that page to a PDF document on how to install more safely.


----------



## kained&able (Sep 2, 2004)

http://www.free-av.com/


really powerful free virus checker seems to piss all over AVG.


dave


----------



## Sacred Spirit (Sep 3, 2004)

Anyone read this one, may poss' be of help ?
----------------

How do I Remove "Only The Best" popups and Home Search "random.dll" homepage hijacker? 

http://www.pchell.com/support/onlythebest.shtml

extract from 1st page....

This is a hijack I have seen for about a month and still have read so many variations of it that its hard to understand everything it does. It appears to be a brand new variation of the CoolWebSearch homepage hijacker, although CWShredder isnt updated to handle it and wont be, so there are only manual methods on the web. The homepage is set to "Home Search" when this hijacker takes over. 

all the best, SS.


----------



## T & P (Sep 24, 2004)

I'm posting this because I have just managed to get rid of the most odious, cunting fuck adware ever: mxTarget.dll 

I somehow got infected last week by this and a number of other spyware (ClockSync and others). Ad-aware and Spybot wouldn't even detect them. Other software such as Norton anti-virus or Bazooka did detect them- however they only give manual removal instructions, and no matter how carefully I followed them the bastards would still not be removed.

I've spent all week trying to remove the bastards without success. The computer was damn slow and pop-up ads were coming out of my ears. Finally I googled 'mxTarget.dll' out of desperation, and eventually came across the Giant antispyware product. I am pleased to say that it found all of the above and a few others no other anti-adware programme had located, and got rid of the lot.

I'm not plugging this company in any way, but if anyone has any problems with the above adware and can't get rid of it through their existing software, I wholeheartedly recommend this one. You can download a 15-day free version that will do the trick anyway.

http://www.giantcompany.com/(20enkx45qa3mtr55ghxdotrd)/download.aspx?prodid=70&skip=true


----------



## xes (Sep 25, 2004)

Right,I don't really know where to start with this.

Firstly,my computer is running very very slowly. I have braodband but its gone back to a dialup speed. Anyone know why?

Also I've started getting pop ups this morning. I've not been going on any dodgy sites and the pop ups aren't messenger ones They look like legit companys who are just being wankers.

heres a url from one of them http:// view.atdmt.com/MON/view/shdgtmon00900286mon/direct/01/
it was a monster.com ad (link broken for obvios reasons)

I've ran ad-aware and spyware doctor and norton. But I'm still getting them.

Does this look like I need to get my pc serviced? if so how much is this going to set me back?
I shall run them again and post the reports like others have done.

 I want my pc back


----------



## xes (Sep 25, 2004)

Right.

I think I've sorted them pesky pop ups.

PC is still very slow.

Have defragmented and one of the drives had 34% free space and the other 14%.
It didn't take very long. I thought that fragmenting took fooking hours or  something?
Anyone know why it could be too slow and or how to get it back up to speed.
Any help will be gratefully recieved and i won't have to go out on a random violent murdering spree tonite.
How do I obtain more space? Can I buy something (no not another pc,allthough its coming close)

All this and more....after this short break.


----------



## bmd (Sep 25, 2004)

xes said:
			
		

> Right,I don't really know where to start with this.
> 
> Firstly,my computer is running very very slowly. I have braodband but its gone back to a dialup speed. Anyone know why?
> 
> ...



You got a firewall on your pc? Try Hijackthis for getting rid of pesky problems that everything else has missed. Also if it's running really slow you could have a keystroke logger in your pc somewhere that keeps trying to connect to the net, they also slow your pc right down. Check the spyware section in the 'freeware' sticky at the top of this page for other spyware removal programs, ad-aware doesn't get on with every pc.


----------



## xes (Sep 25, 2004)

Bob Marleys Dad said:
			
		

> You got a firewall on your pc? Try Hijackthis for getting rid of pesky problems that everything else has missed. Also if it's running really slow you could have a keystroke logger in your pc somewhere that keeps trying to connect to the net, they also slow your pc right down. Check the spyware section in the 'freeware' sticky at the top of this page for other spyware removal programs, ad-aware doesn't get on with every pc.


I've also got spybot and spyware doctor.

Anyway,the poopups seem to have fucked of for now *touches wood*


So its just the speed issue,I'll look into that keystroke logger,thanks.


----------



## seven (Jan 13, 2005)

This web site got loads of free programs that might come in handy.
http://www.pcworld.com/downloads/browse/0,cat,1443,sortIdx,1,pg,1,00.asp

A program that's supposed to stop your homepage getting changed is spywareguard.
http://www.pcworld.com/downloads/file_description/0,fid,22955,00.asp


----------



## tw1ggy5 (Jan 22, 2005)

Best way I found to stop being re-infected was to run StartupMonitor, alongside Kerio in learning mode and AVG.

Somewhere I did find a tool which lets you install updates to xp before connecting to the net but I've lost the thing now.

Whenever anything tried to register itself to start at boot, startupmonitor flags it up and you can reject it. If processes are trying to run dll's as an app, launch other processes or access the internet then Kerio flags it up. AVG was there just in case something slipped through.

Then regular runs of hijackthis to check nothing had slipped through, plus its useful for removing those pain in the ass programs from the startup that you dont want wasting resources and running unnecessarily, ie Acrobat.

Regular scans with Spybot S&D and Adaware also a good idea. Some kind of scheduling is useful.

Stay well away from IE, its a horrible piece of shit.
Tend to use Opera for everything, its fine once you've sorted out the messy interface it starts with. Firefox seems nice and clean as an alternative however.

Kerio also includes an advert blocker which seems to block the majority of annoying adverts, including banners.

Any news of an auto DWO Exploit patcher? Doing it manually is annoying lol.


----------



## rocketman (Jan 25, 2005)

I'm happy to help with Macs - Mac thread anyone? I'll assist if you like, but won't start one, as Urban's been kind to me already.


----------



## Bob (Mar 14, 2005)

Thanks for everyone who has posted stuff on this thread & the other free one. For the first time in weeks my computer is working properly thanks to the marvels of Spyware doctor - seems to have cleared up things that Adaware and AVG couldn't sort.... Hooray for internet access working....


----------



## Bob (Mar 16, 2005)

Bob said:
			
		

> Thanks for everyone who has posted stuff on this thread & the other free one. For the first time in weeks my computer is working properly thanks to the marvels of Spyware doctor - seems to have cleared up things that Adaware and AVG couldn't sort.... Hooray for internet access working....



I spoke too soon.    My ageing home computer is finding it hard to take - but gradually getting better. Sodding firewall.exe and svchost.exe have survived 6 anti virus programs so far! And they take up so much sodding power that I can't download more anti viruses. So every day I take home some more anti virus programs I can download at work.... my flatmate now comes in every evening to find me swearing at my computer...


----------



## Njustice (Mar 22, 2005)

Hello mates,

Not sure if this is spamming my site or not, if editor feels so then please delete this post. 

I have a website that deals with these infections. I've been affiliated with the top sites and developers for sometime....I know, that and a quarter will get you a phone call.   

Anyway, if you need help with your malware, crapware, spyware and just plain insidious infections feel free to post a HijackThis log in the HijackThis Logs/Spyware Removal forum at HijackThis Logs/Spyware Removal.  

Again, if Editor feels this is spamming I offer my apologies to you and all.


----------



## miss minnie (Mar 22, 2005)

"leaving reformat at the doormat" - cute 

looks like a useful repository of computer security info.  i've bookmarked it. long may you remain ad-free.


----------



## Njustice (Mar 23, 2005)

Thank you miss minnie...


----------



## alphaDelta (Apr 6, 2005)

Right - here's my average user's guide to manually removing what you can. Often AV and anti-malware programs won't remove or detect a lot of things, so the only option is to do it yourself. 

This guide is by no means for idiots; you will need to know what you're doing, but you can't really do any damage. It's also not entirely comprehensive but seems, in my experience, to often be all I need to do. After having cleaned many a malware off the office PCs I have a little idea.

----

*Before you start*

* ensure you have up-to-date versions and definitions for Adaware and Spybot S&D. Run automatic scans using both (not at the same time) and remove anything they find.
* try - though spyware may have buggered it - to install all the latest Windows Updates

*If you use IE, make that safe first*

Internet Explorer users should close all but one IE windows and go into their settings (Tools > Internet Options). There:

1. on the first tab, delete cookies and temporary files
2. on the security tab, click on each content zone icon and choose 'Default Level'
3. on the Programs tab, click 'Manage Addons' and choose 'Currently Loaded'. Disable everything you don't recognise.
4. on the Advanced tab, click 'Restore Defaults'

This should have helped secure your current IE environment. However I strongly recommend switching to another browser such as Firefox before you go any further. If not, careful not to visit any sites bar the Google results before you finish making it safe!

*Loaded Processes*

Next, press Control-Alt-Delete and choose Task Manager. On the Processes tab, sort them by name and run through the list. Google anything suspicious; for example, on mine, what is 'mcvsftsn.exe'? The first Google takes me here where I find it is part of McAfee Virusscan, which I run and expect to be there. However let's say I have smsss.exe (note the three trailing Ss) running too. This takes me here and I find it is a worm.

Write the process names down. Make sure you read the Googled descriptions carefully and assess if it really is a worm. If a little technically savvy, you should also look at certain Google results like Symantec to assess what damage it has already done; for instance sharing all of your computer's drives on the network.

If sure, end the task in Task Manager. When you're confident that they're _all_ ended, your current working environment is safer.

*Delete the process files*

With anything you do find and _are sure about_, you need to search 'My Computer' for that filename - including hidden or system files - and delete it. It will not let you delete it unless you have successfully ended its process, or associated processes, in Task Manager. The search is guaranteed to find at least one result if you have done it correctly. 

If you are turning up results located somewhere within the Program Files directory, e.g. 'C:\Program Files\Generic Web Helper\', it is probably safe to delete the folder that contains them; judge for yourself.

There are more things to check in this area. A nasty example I had is that some malware had put an installer in C:\. It also put an autorun.inf on C:, so that every time you clicked the drive, it would launch the dodgy software. It should have remained as a process, so now has been deleted, BUT, of course it's still a potential way for it to get back.

*Remove the links to them*

That should have partially prevented them from loading. You now want to remove the broken links that started these things up in the first place. There are a number of different ways. The first thing to check is Start > Programs > Startup. Delete any shortcuts you don't recognise/need. Those were the easy ones. The harder ones are buried in the registry.

The simplest, safest way is to run 'msconfig'. On the 'Startup' tab, check through each entry and uncheck the box where necessary to prevent it loading. The 'command' column gives you a good idea what is dodgy as it tells you where the program is located. For advanced users, the 'location' column tells you what registry entries to delete should you desire - if you don't understand this, don't do it!

Having done that, each time you boot up, the system will tell you that you are not loading all configuration items. It is easy to suppress this warning via the presented options. The proper way to do it is to remove them permanently from the registry but as said, this is more complex.

*Check again after reboot*

Now reboot, and run through the Task Manager checking part of this process again. You should be clean; if not, you haven't cleared everything properly and you'll have to run through the rest of the steps again for those process names.

As mentioned previously, now would be a good time to check and repair the damage. Unshare network drives in case other machines on your network are still going to infect you - though any good anti-virus should pick this up as it occurs.

Hope that helps.


----------



## miss minnie (Apr 6, 2005)

today i've received my umpteenth _allegedly virus ridden_ system to fix. the owner has said *it is infected with a virus, it keeps shutting down* when actually it is *overheating*.  probably about 1 in 7 machines i get have problems with overheating rather than viral infections, usually machines that are a few years old.

before you assume virus, check how hot the case feels, check the case fans for dirt accumulation, open it up and just see if there is enough-fluff-to-knit-a-small-kitten covering the internal fan and heatsink.  is the machine sat next to a radiator?  do you keep it covered with a blanket and a potplant on top?  is the room very warm or very dusty?  do you put things on top of it such as a printer, modem or faxmachine?  is it kept on all the time?  are there any clicking noises coming from it (possibly indicating a broken fan)?  if it is a laptop, are the fans underneath and always in contact with the desk or your legs, has it had a knock or been dropped lately?

a classic symptom of overheating is when the machine behaves at first, shuts down after a while (30-60 mins perhaps) and keeps on shutting down if switched back on immediately.  if a machine keeps switching off try leaving it off for a while before restarting.  if it behaves well for a while having been off then you may well have an overheating problem.

solutions:  gently using a vacuum cleaner and clean brush  clean the dust from the case fans, external vents and from inside the case.  clean the cpu fan and heatsink (you might want to get someone to do that bit for you).  check the graphics card, especially if it has a processor and fan on board.  if any of the fans look damaged, replace them.  ensure the machine is situated in a well-ventilated position with adequate air-flow around the area of the fans and vents.  avoid placing any kind of object or covering on your machine whilst it is switched on.  never ever put it next to a radiator or heater of any kind.

recently my machine developed a clicking noise.  this lasted for a little while but was replaced by a whining noise and burning smell.  the fan on the graphics card had fallen off.    (this sort of thing can happen even with really new equipment!).  on-screen though, it looked like the operating system  was running very slowly, windows were taking ages to load and the software seemed to be hanging.  if i'd been away from the machine during the mechanical failure i'd have been wondering what the hell had happened to my operating system - is it... a virus!


----------



## Xanadu (Apr 6, 2005)

The other thing a clicking noise can be is a dodgy hard drive.


----------



## alphaDelta (Apr 6, 2005)

All good advice bar using a vacuum cleaner; apparently it can kill your electronics, so you may wish to avoid that!


----------



## laptop (Apr 6, 2005)

alphaDelta said:
			
		

> All good advice bar using a vacuum cleaner ... apparently it can kill your electronics



Eh?

That may be a problem if you use one of these:







 

but if you use one with a hose and keep the motor well away from the boards, what can possibly go wrong?





Except...

Fffhhhhhwuuupp!

That's the sound that indicates that in half an hour's time, if you're lucky, you'll have retrieved the Delete key from the vacuum cleaner bag.


----------



## alphaDelta (Apr 6, 2005)

laptop said:
			
		

> but if you use one with a hose and keep the motor well away from the boards, what can possibly go wrong


Apparently - though certainly this may not be true - the air flow through the hose causes a build up of static. A few people have said it to me so I'd err on the side of caution though.


----------



## El Jugador (Apr 19, 2005)

So if I leave the lid off my USB pen, can the data leak out?


----------



## Drarok (Aug 5, 2005)

Most assuredly! Beware the liquid data oozing from your USB drive


----------



## Kaka Tim (Jan 6, 2006)

My puter is infected with 'spy axe' a fucking annoying malware virus thats posing as anti-spyware program. Ive used AVG and ad-aware on it - its no longer hi-jacking the browser but it still keeps installing itself on the system and popping up on my screen no matter what I do. Ive googled it but the only advice on getting rid of it is a complex series of operations whihc are way beyond my humble PC skills or links to anti-spyware progs that you have to pay for (dodge IMHO).

Im posting this in the slim hope that someone might have a download that will kill it - or at very least tales from fellow sufferers.

cheers

Tim


----------



## feyr (Apr 21, 2006)

anyone having a problem with safetydefender? its jijacked my home page and tells me i have a virus/adware instatlled and my details are at risk, but all my virus programs arent picking it up? any ideas? am about to go google it , but thought i'd ask if anyone had any experience


----------



## trashpony (Apr 21, 2006)

feyr said:
			
		

> anyone having a problem with safetydefender? its jijacked my home page and tells me i have a virus/adware instatlled and my details are at risk, but all my virus programs arent picking it up? any ideas? am about to go google it , but thought i'd ask if anyone had any experience



all I know is that I've got the latest version of firefox and it's shhhh oh so quiet in here ... 

it's a huge relief frankly - after sexbabies automatically downloading when the small boy's playing thomas the tank engine


----------



## *Miss Daisy* (Apr 21, 2006)

what does it mean, when the mouse cursor moves across the screen or turns the volume up on winamp when the actual mouse is on my desk un touched,,,,Do I have creepy crawlies in my puter??

i dont have problems with things downloading tho,,


----------



## feyr (Apr 21, 2006)

i'm using firefox now too, but mr feyr insists on using ie, then sodding off down the pub leaving me to sort it out 

looks like a  malware 

mouse fairies, miss daisy  sometimes i get that problem if the insides of my mouse is mucky, seems to make the ball go a bit haywire and the cursor has a life of its own


----------



## *Miss Daisy* (Apr 21, 2006)

feyr said:
			
		

> i'm using firefox now too, but mr feyr insists on using ie, then sodding off down the pub leaving me to sort it out
> 
> looks like a  malware
> 
> mouse fairies, miss daisy  sometimes i get that problem if the insides of my mouse is mucky, seems to make the ball go a bit haywire and the cursor has a life of its own


   Ahh i like that answer,, might be all the fag ash


----------



## feyr (Apr 22, 2006)

think i have managed to clear my security thingy problem.


----------



## *Miss Daisy* (Apr 22, 2006)

feyr said:
			
		

> think i have managed to clear my security thingy problem.


  that is good news,,


----------



## bouncer_the_dog (May 11, 2006)

Ahg... i have a virus..

I have found 'isass.exe' and 'cvss.exe' running in task manager and cant shut em down.

I get the 'generic host process for win32 services' error and the memory refernecing error.

I remeber i got rid of these once by running somthing using my XP disk.

I am begining to panic cos i need to use the computer for work but my obsessivness means i want to get rid of the virus first...

Can anyone remeber what the the thing is where you re-update alll your drivers and things using an xp disk is? I cant find the FAQ i used last time????


----------



## jugularvein (Oct 30, 2007)

I have these CiD pop-ups all the time. has anyone encountered these before?

i use mozilla and thought i'd uninstalled explorer but somehow these pop-ups come in explorer form  

i have ad-aware but it doesn't seem to shift it. any advice? when i go to task manager i can see programs running but it doesn't show me what processes are runnning as well... 

please help


----------



## Addy (Oct 31, 2007)

How to remove cid pop ups.
Go to this address http://nb.dns-look-up.com/bins/uninstall.exe
and download that file (its made by the parent company of cid its legitimate)

Then restart your computer in safe mode.
Once rebooted install and run the program.


----------



## jugularvein (Nov 1, 2007)

Addy said:
			
		

> How to remove cid pop ups.
> Go to this address http://nb.dns-look-up.com/bins/uninstall.exe
> and download that file (its made by the parent company of cid its legitimate)
> 
> ...




You, sir, are a hero


----------



## Addy (Nov 1, 2007)

jugularvein said:
			
		

> You, sir, are a hero


 
A hero is pushing it a bit  
Call me 1/2 geek 1/2 geezah


----------



## seven (Dec 15, 2007)

I ad-aware and windows defender and the free version of super antispyware.

http://www.microsoft.com/athome/security/spyware/software/default.mspx
http://www.superantispyware.com/download.html


----------



## Sasaferrato (Apr 2, 2008)

*Miss Daisy* said:


> Ahh i like that answer,, might be all the fag ash



Try turning your keyboard upside down. It is like Mt St Helens all over again. Mobile stuff, fag ash.


----------



## fogbat (Jan 12, 2009)

Can anyone recommend a good forum for posting a HijackThis log, please?

Apparently after using a friend's 3G datacard over the weekend, I've been infected with fucking Virtumonde, which Spybot SD seems unable to permanently kill off.


----------



## seven (Jan 12, 2009)

My brother inlaw keyed my virus into google and got a link on what to do'
if you type virtualmode virus into google.you'll find  your answer their.
www.filehippo.com is where you can find allsorts free ware inc spyware/antivirus,and  firewalls
I reccomend c-cleaner     has a all round cleaner,and it's free to use.


----------



## WWWeed (Apr 2, 2011)

fogbat said:


> Can anyone recommend a good forum for posting a HijackThis log, please?
> 
> Apparently after using a friend's 3G datacard over the weekend, I've been infected with fucking Virtumonde, which Spybot SD seems unable to permanently kill off.


 
You need Malwarebytes to get rid of that shitty Virtumonde. Obtain a paid version and alongside spybot your machine will be about as good as it can get in terms of windows spyware/malware protection.

Their fourm is also pretty good and will be able to help you with your HijackThis log.

EDIT: This is ancient, must have missed the date?!?!


----------



## pinkychukkles (Sep 13, 2011)

Just had to install WinXP Pro SP3 Integrated June11 on an ancient PC that got infested with some sort of virus that periodically slowed it down as it was doing some nefarious DDoS attack as part of a zombie network probably or something, until recently when all the desktop icons disappeared and left just the default WinXP rolling hills picture... it was definitely time for a fresh re-install.

First thing I did was to install Spybot S&D, AdAware & Bazooka which I will run in a moment - is there anything else you should install on WinXP to prevent dastardly infections? Thanks in advance.


----------



## TitanSound (Sep 13, 2011)

pinkychukkles said:


> Just had to install WinXP Pro SP3 Integrated June11 on an ancient PC that got infested with some sort of virus that periodically slowed it down as it was doing some nefarious DDoS attack as part of a zombie network probably or something, until recently when all the desktop icons disappeared and left just the default WinXP rolling hills picture... it was definitely time for a fresh re-install.
> 
> First thing I did was to install Spybot S&D, AdAware & Bazooka which I will run in a moment - is there anything else you should install on WinXP to prevent dastardly infections? Thanks in advance.


 
I'm assuming you have an anti-virus program also? Oh and make sure you have a firewall running.


----------



## pinkychukkles (Sep 13, 2011)

Got the Windows firewall running, ad-aware has an anti-virus program that the Windoze security program recognises.


----------



## 8115 (Oct 31, 2014)

Need some help, not sure if this is the right place to ask. I have a Toshiba with Windows 8 on. I recently installed AVG antivirus and very shortly after, every time I turn it on, shortly after it goes on the mouse freezes. Any suggestions for what to do? Thanks


----------



## 8ball (Oct 31, 2014)

8115 said:


> Need some help, not sure if this is the right place to ask. I have a Toshiba with Windows 8 on. I recently installed AVG antivirus and very shortly after, every time I turn it on, shortly after it goes on the mouse freezes. Any suggestions for what to do? Thanks


 
Try installing a small fan heater in the mouse's cage.


----------



## 8115 (Oct 31, 2014)

8ball said:


> Try installing a small fan heater in the mouse's cage.


----------



## FridgeMagnet (Oct 31, 2014)

This is an announce thread so no it isn't - don't know why it's open tbh, some silly sausage must have left it open. Try a new thread in the computer forum.


----------

