I have run cwshredder, spybot s&d, and adaware6.0. This
got rid of cw hijacker, or so I thought. Two days later
while only logging on to MSN I was hijacked again.
Lavasoft adaware shows 8 attempts and changes when this
happens. Also noticed even when cw was removed machine
seemed to run slow. Any Ideas? And how can I bring up a
listing if what programs are actually running and
possibly connecting to this
problem.

Ctrl-Alt-Drl will bring up Taskmanager and allow you to see all the
processes that are currently running.

Process Explorer from www.sysinternals.com will do that too but it will also
reveal what the actual path is to the process.

Knowledge of what *should* be running will enable you to identify what
*should* be eliminated :-))

I also suggest to correctly firewall your box and have your AV up-to-date


"jaybird" > wrote in message
...
> I have run cwshredder, spybot s&d, and adaware6.0. This
> got rid of cw hijacker, or so I thought. Two days later
> while only logging on to MSN I was hijacked again.
> Lavasoft adaware shows 8 attempts and changes when this
> happens. Also noticed even when cw was removed machine
> seemed to run slow. Any Ideas? And how can I bring up a
> listing if what programs are actually running and
> possibly connecting to this
> problem.

Firewall is up and running also NAV2004 was just
installed and updated. I know about taskmanager but
don't know what is vital and what is not.
>-----Original Message-----
>Ctrl-Alt-Drl will bring up Taskmanager and allow you to
see all the
>processes that are currently running.
>
>Process Explorer from www.sysinternals.com will do that
too but it will also
>reveal what the actual path is to the process.
>
>Knowledge of what *should* be running will enable you to
identify what
>*should* be eliminated :-))
>
>I also suggest to correctly firewall your box and have
your AV up-to-date
>
>
>"jaybird" > wrote in
message
...
>> I have run cwshredder, spybot s&d, and adaware6.0. This
>> got rid of cw hijacker, or so I thought. Two days later
>> while only logging on to MSN I was hijacked again.
>> Lavasoft adaware shows 8 attempts and changes when this
>> happens. Also noticed even when cw was removed machine
>> seemed to run slow. Any Ideas? And how can I bring
up a
>> listing if what programs are actually running and
>> possibly connecting to this
>> problem.
>
>
>.
>

OK.
So then I suggest you use Process Explorer and look at the path of whatever
is running.
Then I would look up the exe and look at the properties to find the
Manufacturer. If it is something like Microsoft, or Symantec, or any other
'known' manufacturer, you can go by the assumption you at least *need* it,
because you use that software. (*vital* is another definition :-))
The ones that remain or cannot be accounted for as 'known', try and just end
the process in task manager to see if your system takes kindly to it, ie.
are you still in business.
You can also check out
http://www.liutilities.com/products/wintaskspro/processlibrary/ to see if
any of the processes you have running are listed and what they are for. That
may help weed out the bad ones.
Then you can get one of the 'startup monitor'-type programs to prevent them
from starting up next time around.
If it conserns a service that is running, you can disable that service.

hth (further)


"jaybird" > wrote in message
...
> Firewall is up and running also NAV2004 was just
> installed and updated. I know about taskmanager but
> don't know what is vital and what is not.
> >-----Original Message-----
> >Ctrl-Alt-Drl will bring up Taskmanager and allow you to
> see all the
> >processes that are currently running.
> >
> >Process Explorer from www.sysinternals.com will do that
> too but it will also
> >reveal what the actual path is to the process.
> >
> >Knowledge of what *should* be running will enable you to
> identify what
> >*should* be eliminated :-))
> >
> >I also suggest to correctly firewall your box and have
> your AV up-to-date
> >
> >
> >"jaybird" > wrote in
> message
> ...
> >> I have run cwshredder, spybot s&d, and adaware6.0. This
> >> got rid of cw hijacker, or so I thought. Two days later
> >> while only logging on to MSN I was hijacked again.
> >> Lavasoft adaware shows 8 attempts and changes when this
> >> happens. Also noticed even when cw was removed machine
> >> seemed to run slow. Any Ideas? And how can I bring
> up a
> >> listing if what programs are actually running and
> >> possibly connecting to this
> >> problem.
> >
> >
> >.
> >

Firewall is up and running also NAV2004 was just
installed and updated. I know about taskmanager but
don't know what is vital and what is not.
>-----Original Message-----
>Ctrl-Alt-Drl will bring up Taskmanager and allow you to
see all the
>processes that are currently running.
>
>Process Explorer from www.sysinternals.com will do that
too but it will also
>reveal what the actual path is to the process.
>
>Knowledge of what *should* be running will enable you to
identify what
>*should* be eliminated :-))
>
>I also suggest to correctly firewall your box and have
your AV up-to-date
>
>
>"jaybird" > wrote in
message
...
>> I have run cwshredder, spybot s&d, and adaware6.0. This
>> got rid of cw hijacker, or so I thought. Two days later
>> while only logging on to MSN I was hijacked again.
>> Lavasoft adaware shows 8 attempts and changes when this
>> happens. Also noticed even when cw was removed machine
>> seemed to run slow. Any Ideas? And how can I bring
up a
>> listing if what programs are actually running and
>> possibly connecting to this
>> problem.
>
>
>.
>

OK.
So then I suggest you use Process Explorer and look at the path of whatever
is running.
Then I would look up the exe and look at the properties to find the
Manufacturer. If it is something like Microsoft, or Symantec, or any other
'known' manufacturer, you can go by the assumption you at least *need* it,
because you use that software. (*vital* is another definition :-))
The ones that remain or cannot be accounted for as 'known', try and just end
the process in task manager to see if your system takes kindly to it, ie.
are you still in business.
You can also check out
http://www.liutilities.com/products/wintaskspro/processlibrary/ to see if
any of the processes you have running are listed and what they are for. That
may help weed out the bad ones.
Then you can get one of the 'startup monitor'-type programs to prevent them
from starting up next time around.
If it conserns a service that is running, you can disable that service.

hth (further)


"jaybird" > wrote in message
...
> Firewall is up and running also NAV2004 was just
> installed and updated. I know about taskmanager but
> don't know what is vital and what is not.
> >-----Original Message-----
> >Ctrl-Alt-Drl will bring up Taskmanager and allow you to
> see all the
> >processes that are currently running.
> >
> >Process Explorer from www.sysinternals.com will do that
> too but it will also
> >reveal what the actual path is to the process.
> >
> >Knowledge of what *should* be running will enable you to
> identify what
> >*should* be eliminated :-))
> >
> >I also suggest to correctly firewall your box and have
> your AV up-to-date
> >
> >
> >"jaybird" > wrote in
> message
> ...
> >> I have run cwshredder, spybot s&d, and adaware6.0. This
> >> got rid of cw hijacker, or so I thought. Two days later
> >> while only logging on to MSN I was hijacked again.
> >> Lavasoft adaware shows 8 attempts and changes when this
> >> happens. Also noticed even when cw was removed machine
> >> seemed to run slow. Any Ideas? And how can I bring
> up a
> >> listing if what programs are actually running and
> >> possibly connecting to this
> >> problem.
> >
> >
> >.
> >

You might try to clean the system again, while not connected tothe internet, install Zone Alarm, reconnect to the internet and wait for Zone Alarm to identify the process trying to access the internet. At least then you have a name to track.
Other than that, Search and Destroy can be configured to lock the registry and notify you if anything tries to write to it.
This is assuming that you have actually been succesful at cleaning the system, and are being identified and reinfected when you get back on the internet.
Reimage is good for the soul.

"jaybird" wrote:

> I have run cwshredder, spybot s&d, and adaware6.0. This
> got rid of cw hijacker, or so I thought. Two days later
> while only logging on to MSN I was hijacked again.
> Lavasoft adaware shows 8 attempts and changes when this
> happens. Also noticed even when cw was removed machine
> seemed to run slow. Any Ideas? And how can I bring up a
> listing if what programs are actually running and
> possibly connecting to this
> problem.
>

You might try to clean the system again, while not connected tothe internet, install Zone Alarm, reconnect to the internet and wait for Zone Alarm to identify the process trying to access the internet. At least then you have a name to track.
Other than that, Search and Destroy can be configured to lock the registry and notify you if anything tries to write to it.
This is assuming that you have actually been succesful at cleaning the system, and are being identified and reinfected when you get back on the internet.
Reimage is good for the soul.

"jaybird" wrote:

> I have run cwshredder, spybot s&d, and adaware6.0. This
> got rid of cw hijacker, or so I thought. Two days later
> while only logging on to MSN I was hijacked again.
> Lavasoft adaware shows 8 attempts and changes when this
> happens. Also noticed even when cw was removed machine
> seemed to run slow. Any Ideas? And how can I bring up a
> listing if what programs are actually running and
> possibly connecting to this
> problem.
>

wrote:
>
> Process Explorer from www.sysinternals.com will do that too but it will also
> reveal what the actual path is to the process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml




--
http://www.bootdisk.com/

wrote:
>
> Process Explorer from www.sysinternals.com will do that too but it will also
> reveal what the actual path is to the process.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml




--
http://www.bootdisk.com/

"Plato" <|@|.|> wrote in message
...
> wrote:
> >
> > Process Explorer from www.sysinternals.com will do that too but it will
also
> > reveal what the actual path is to the process.
>
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
>

out of curiousity,
do you mean I should go and fix his machine for him as well or do you mean
he's not capable of finding the tool based on the info I gave him?
given the fact he's got his nickers in a twist the way he has with his
machine, (in my mind) almost certainly and exclusively through rummaging the
net, I did not think for one second he needed a reference 'spot-on'.












>
>
>
> --
> http://www.bootdisk.com/
>
>

"Plato" <|@|.|> wrote in message
...
> wrote:
> >
> > Process Explorer from www.sysinternals.com will do that too but it will
also
> > reveal what the actual path is to the process.
>
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
>

out of curiousity,
do you mean I should go and fix his machine for him as well or do you mean
he's not capable of finding the tool based on the info I gave him?
given the fact he's got his nickers in a twist the way he has with his
machine, (in my mind) almost certainly and exclusively through rummaging the
net, I did not think for one second he needed a reference 'spot-on'.












>
>
>
> --
> http://www.bootdisk.com/
>
>

Ctrl-Alt-Drl will bring up Taskmanager and allow you to see all the
processes that are currently running.

Process Explorer from www.sysinternals.com will do that too but it will also
reveal what the actual path is to the process.

Knowledge of what *should* be running will enable you to identify what
*should* be eliminated :-))

I also suggest to correctly firewall your box and have your AV up-to-date


"jaybird" > wrote in message
...
> I have run cwshredder, spybot s&d, and adaware6.0. This
> got rid of cw hijacker, or so I thought. Two days later
> while only logging on to MSN I was hijacked again.
> Lavasoft adaware shows 8 attempts and changes when this
> happens. Also noticed even when cw was removed machine
> seemed to run slow. Any Ideas? And how can I bring up a
> listing if what programs are actually running and
> possibly connecting to this
> problem.

Firewall is up and running also NAV2004 was just
installed and updated. I know about taskmanager but
don't know what is vital and what is not.
>-----Original Message-----
>Ctrl-Alt-Drl will bring up Taskmanager and allow you to
see all the
>processes that are currently running.
>
>Process Explorer from www.sysinternals.com will do that
too but it will also
>reveal what the actual path is to the process.
>
>Knowledge of what *should* be running will enable you to
identify what
>*should* be eliminated :-))
>
>I also suggest to correctly firewall your box and have
your AV up-to-date
>
>
>"jaybird" > wrote in
message
...
>> I have run cwshredder, spybot s&d, and adaware6.0. This
>> got rid of cw hijacker, or so I thought. Two days later
>> while only logging on to MSN I was hijacked again.
>> Lavasoft adaware shows 8 attempts and changes when this
>> happens. Also noticed even when cw was removed machine
>> seemed to run slow. Any Ideas? And how can I bring
up a
>> listing if what programs are actually running and
>> possibly connecting to this
>> problem.
>
>
>.
>