Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Steveos21

8 Posts

1617

March 2nd, 2005 09:00

Spyware cont...

I have run the Ad-Aware Spyware removal program, yet again - and yet again it has found another 3-6 tracking cookies which just seem to keep re-appearing.
Everytime i delete them they still persist, this in turn causes my MSN Messenger to sign out after around 2mins or if i try and change my status.
Also, i am still having the problem with the googe web site, which is still bringing up "random" website of no interest or relation to what i searched for; in some cases, no results return and the explorer shuts down, which seems to also change the www.google.com website to www.bbc.co.uk (with errors) everytime i try to access the URL of google (BBC website is my homepage).

Like i said in my last post on here, i have run all the spyware removal protection progarms, have followed all the guide lines to removing the spyware from the directions given on the Dell forum. I have downloaded the Microsoft Anitspwyare programs, venus spyware trap... everything!

Would it be a possiblility if i am to try this hijakcthis removal tool? If so, would anyone guide me though as to what to do?

I have also included a Scan Log from what Ad-Aware found:

MRU List(TAC index:0):12 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings

01-03-2005 23:32:22 - Scan started. (Full System Scan)
 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
   Description        : list of recently saved files, stored according to file extension

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
   Description        : list of recent programs opened

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
   Description        : list of recent documents opened

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\internet explorer
   Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!    Location:          : software\microsoft\directdraw\mostrecentapplication
   Description        : most recent application to use microsoft directdraw

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\internet explorer\typedurls
   Description        : list of recently entered addresses in microsoft internet explorer

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\preferences
   Description        : last playlist index loaded in microsoft windows media player

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\preferences
   Description        : last playlist loaded in microsoft windows media player

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\mediaplayer\medialibraryui
   Description        : last selected node in the microsoft windows media player media library

 MRU List Object Recognized!
   Location:          : S-1-5-21-484763869-1004336348-839522115-1004\software\microsoft\windows media\wmsdk\general
   Description        : windows media sdk

 MRU List Object Recognized!
   Location:          : C:\Documents and Settings\ssmith\Application Data\microsoft\office\recent
   Description        : list of recently opened documents using microsoft office

 MRU List Object Recognized!
   Location:          : C:\Documents and Settings\ssmith\recent
   Description        : list of recently opened documents

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
   
#:2 [csrss.exe]
   
#:3 [winlogon.exe]
   
#:4 [services.exe]
   
#:5 [lsass.exe]
   
#:6 [svchost.exe]
   
#:7 [svchost.exe]
   
#:8 [svchost.exe]
   
#:9 [svchost.exe]
   
#:10 [svchost.exe]
   
#:11 [explorer.exe]
   
#:12 [ccsetmgr.exe]
   
#:13 [ccevtmgr.exe]
   
#:14 [spoolsv.exe]
    
   
#:16 [bcmwltry.exe]
   
#:17 [realsched.exe]
   

#:19 [hpgs2wnd.exe]
   
#:20 [ccapp.exe]
   
#:21 [gcasserv.exe]
   
#:22 [hposol08.exe]
   
#:23 [spysub.exe]
   
#:24 [hpgs2wnf.exe]
   
#:25 [navapsvc.exe]
   
#:26 [nvsvc32.exe]
   
#:27 [savscan.exe]
  
#:28 [svchost.exe]
  
#:29 [symlcsvc.exe]
   
#:30 [wdfmgr.exe]
   
#:31 [symwsc.exe]
   
#:32 [gcasdtserv.exe]
   
#:33 [alg.exe]
   
#:34 [msmsgs.exe]
   
#:35 [ad-aware.exe]
   
 
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 12

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Tracking Cookie Object Recognized!
   Type               : IECache Entry
   Data               : ssmith@servedby.advertising[2].txt
    Category           : Data Miner
   Comment            : Hits:10
   Value              : Cookie:ssmith@servedby.advertising.com/
   Expires            : 31-03-2005 23:19:32
   LastSync           : Hits:10
   UseCount           : 0
   Hits               : 10
 Tracking Cookie Object Recognized!
   Type               : IECache Entry
   Data               : ssmith@tribalfusion[1].txt
    Category           : Data Miner
   Comment            : Hits:1
   Value              : Cookie:ssmith@tribalfusion.com/
   Expires            : 01-01-2038
   LastSync           : Hits:1
   UseCount           : 0
   Hits               : 1
 Tracking Cookie Object Recognized!
   Type               : IECache Entry
   Data               : ssmith@c4.zedo[1].txt
    Category           : Data Miner
   Comment            : Hits:1
   Value              : Cookie:ssmith@c4.zedo.com/
   Expires            : 02-03-2005 05:00:00
   LastSync           : Hits:1
   UseCount           : 0
   Hits               : 1
 Tracking Cookie Object Recognized!
   Type               : IECache Entry
   Data               : ssmith@advertising[1].txt
    Category           : Data Miner
   Comment            : Hits:7
   Value              : Cookie:ssmith@advertising.com/
   Expires            : 28-02-2010 23:12:18
   LastSync           : Hits:7
   UseCount           : 0
   Hits               : 7
 Tracking Cookie Object Recognized!
   Type               : IECache Entry
   Data               : ssmith@zedo[2].txt
    Category           : Data Miner
   Comment            : Hits:122
   Value              : Cookie:ssmith@zedo.com/
   Expires            : 27-02-2015 23:12:34
   LastSync           : Hits:122
   UseCount           : 0
   Hits               : 122
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 17
 
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 17
 

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
23:43:01 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:10:39.453
Objects scanned:154069
Objects identified:5
Objects ignored:0
New critical objects:5


I really hope someone can salvage something from this list... it's now getting to the point where i think the best thing i should do is wipe the computer and start again...

Thanks for your time, hope you can help!

Best regards,

Steve.
P.s. after clicked submit post it returned this message:
Your post has been changed because invalid HTML was found in the message body. The invalid HTML has been removed. Please review the message and submit the message when you are satisfied.
Hope what is left is of help. doesnt look like anything has been deleted though.

ky331

3 Apprentice

 • 

15.6K Posts

March 2nd, 2005 13:00

also, the MRU objects that Ad-Aware finds are not critical at all....  you should simply tell ad-aware to ignore them:
from the opening status screen, after you click on START, you should turn-off (X) the option marked Search for negligible risk entries , and then click NEXT for your scan
this will stop the MRU (Most Recently Used) objects from being reported .

ky331

3 Apprentice

 • 

15.6K Posts

March 2nd, 2005 13:00

Concerning cookies:
tracking cookies are not necessarily bad.... most sites you go to (including your bank, and MSN Messenger, for example) may place a "cookie" on your machine... sometimes, this allows you to re-access the site without having to log-in again... which can be helpful.  so you WANT 'good' cookies.  the problem is that some cookies collect information from you at one site, but then share the information with other sites.    unfortunately, 'bad' cookies have a way of coming back, over and over again.   if you wish to permanently stop them:
in Internet Explorer, click on TOOLS
   INTERNET OPTIONS
   PRIVACY
   EDIT (web sites)
and then type-in and BLOCK the 'bad' cookies you want to keep away (e.g., advertising.com, tribalfusion.com, zedo.com)
when done, click on OK
Just be careful not to block any "good" sites (like your bank/brokerage, or sites you intentionally log-into regularly, like Yahoo or HotMail or MSN Messenger --- removing the MSN cookie is what makes your Messenger sign out).
 
By the way, I know this cookie-blocking feature is available on win98,  winME, and win2000... i'm not sure about other WIN operating systems.   Alternatively, you can download a program which can monitor cookies (among other things):  WinPatrol 9.0

Message Edited by ky331 on 03-02-2005 09:45 AM

ky331

3 Apprentice

 • 

15.6K Posts

March 2nd, 2005 14:00

Sorry if I might have offended you with my detailed response on tracking cookies... I have no way of knowing, in advance, how technically-adept someone else might be.   besides, others who read this thread may also benefit from the discussion.
 
anyway, concerning HiJack this, yes, it is a powerful, and popular tool around here.  however, i can't stress enough that, if you choose to go that way, you should obtain the results of its scan, and then, post it here for one of the 'experts' to help you.  IF YOU SIMPLY REMOVE THINGS ON YOUR OWN, YOU RISK SEVERELY DAMAGING YOUR PC.   (FYI, I am not qualified to analyze HiJackThis logs, so you'll have to seek elsewhere.)  Having said this, you may obtain HiJack This 1.99.1 from
it should be installed in a folder of its own; e.g.,  C:\HJT
 
Before you go the way of HiJack This, it's highly recommended that you run several (ideally, ALL) of the following anti-spyware programs first:
 
Microsoft anti-spyware beta (Note:  will NOT run on win98 nor winME)
 
spybot search and destroy 1.3
http://www.spybot.info/en/download/index.html  for the underlying 1.3 program.  
Install it.  and THEN go to:
http://majorgeeks.com/download4392.html  for the 1.3. 1TX DSO-Exploit patch
 
ad-aware SE 1.05 (which you already have), with the VX2 add-on
 
CWShredder 2.13
 
hope this helps.  good luck

Steveos21

8 Posts

March 2nd, 2005 14:00

Im aware about what cookies do, and how they work, except this still does not work when i block the bad cookies.

I have just blocked the URls of the cookies which appeared on the  Ad-Aware scan, and i am still having the same problems, expect new bad cookies are now appearing... i.e. this is the search results i got after deleteing and blocking the bad cookies on google:

Adult Friend Finder S** Personals

Anonymously find singles, couples and group action online. Search over 10,000,000 profiles and thousands of saxy member photos. It's free and easy to join.
www.adultfriendfinder.com/go/p133677.subFROS - 9k - Similar pages

Microsoft Help & Updates

Fix Microsoft Errors, Free Download - Tell us what your problem is today
www.pcmightymax.net/cgi-bin/view.cgi/zen411/download.html - 9k - Similar pages

UK Residents: Save on Gas and Electricity Costs

UK Residents: Save on Gas and Electricity Costs. Instantly Compare Prices from Top UK Energy Sites and Services. Find out how much you can save by switching.
showtheplanet.co.uk/find.php - 9k - Similar pages

Find Bargain Holidays and Last Minute Deals

Take a short break or a long holiday. Compare the best bargains and last minute deals from the UK's top travel sites, tour operators, accomodations and trip planners.
showtheplanet.co.uk/find.php - 9k - Similar pages

UK Broadband Internet: Compare Top Broadband Plans

Compare the UK's top broadband providers. Find the best plan for you. Search and Compare multiple provider sites.
showtheplanet.co.uk/find.php - 9k - Similar pages

UK Residents: UK Adult Dating Services Online

Online Dating Services in the UK. Compare Information from Multiple Sites. Search and Compare the UK's top Services, Shops and Sites.
showtheplanet.co.uk/find.php - 9k - Similar pages

SEARCH for Casino - FIND the best casino site!

Play Poker, BlackJack, Slots, Roulettes, Bingo online because we feature the World's Best Casinos.
www.punchnet.com/entertainment.htm - 9k - Similar pages

Software Escrow

I had searched for Advance Nav..

would hijackthis be of help maybe? there seems to be quite a few people talking about it on here...?

The msn messeneger is still also not performing right.

Regards,

Steve

p.s. have changed the word on one of the search results as :

The message body contains the following prohibited content: 'S e'ex'  You must remove this content before submitting your post.


 

zbestwun2001

3 Apprentice

 • 

8.8K Posts

March 2nd, 2005 15:00

Sounds like you have a bit more going on than the run of the mill everyday Spyware.

Let's see what's shakkin'?

Go to here and do an online scan and delete whatever it finds. Be sure to highlight the drives you want to have searched.
After that could you please go to here
and download AdAwareSE and delete what it finds. Then while using
AdAware, click on add-ons and get their plug-in for the VX2 variant,
and run that and delete what it finds.
After that go to here
and download SpyBot and run that and delete what it finds.
Now go to
here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.

Post the log that it generates here.

Steve

Was this post helpful?

View All

Top