A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » The Basics
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Ask Windows XP Expert Walter Clayton About Spyware



 
 
Thread Tools Display Modes
  #31  
Old August 8th 04, 02:27 PM
Walter Clayton
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Like zippy said update AdAware and Spybot *before* scanning and run them in
safe mode. If that still doesn't solve the problem the you can try
CWShredder but don't be surprised if it doesn't work. The developer has quit
maintaining it so depending on exactly what flavor you have that might not
work.

Give that a try first.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Michel" wrote in message
...
My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot &
SpywareBlaster have not detected it or removed it! What can I do??

"Walter Clayton" wrote:

Generally all I use is AdAware first followed by SpyBot. There's a lot of
overlap in the two tools, but they also concentrate on non-overlapping
areas. It's also wise to follow up with installing SpywareBlaster. None
of
these require run time presences although SpyBot will offer to install
such.
No harm in doing so and in some instances, especially with multi-user
machines, a necessity. The biggest issue is remembering to run them
periodically after checking for updates. The latter is one of the
reasons,
other than not changing usage habits, that people get reinfected. It's
easier to avoid being click happy than it is to clean up the mess
afterwards.

There are instances where AdAware/SpyBot may be neutralized or unable to
clean something. I handle those on a case by case basis since you're
looking
at going with some highly specialized tools that if misused will leave
the
machine unbootable (note that there is a nasty that the current version
of
AdAware had been cleaning incorrectly that would make it impossible to
log
on to the machine without taking corrective action).

Depending on your level of expertise there are some tools that circumvent
issues with removing nasties that are resident in memory even in safe
mode.
If an XP machine is being disinfected I use a bootable CD created using
Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky
tools (all free versions) incorporated. This also allows me to correct
any
registry issues on the host machine without any major hassles other than
knowing what parts of the registry need be hacked. The reason I include
and
run AV scanners is generally if some one has a load of spyware it's not
unusual they'll have nastier stuff as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Andrew" wrote in message
...


I already know what Spyware can do and all to your computers but what
is
the best Spyware and Ad-aware remover programs out there I'm using
Spybot
1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware
and Ad-aware remover programs that it will remove about 90% of Spyware
and Ad-aware off your computer and keep it out.




Ads
  #32  
Old August 8th 04, 04:48 PM
zippy
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

I meant just to disable it while doing the scans, then put it back on. I've
found this method the only way to completely rid the system. If he had to
repair to a previous date, guess what he's going to get back? Coolweb. I
thought you were the expert?
Even Norton says to disable system restore.........

"Walter Clayton" wrote in message
...
Disabling system restore is a bad idea. The system may be in a bad shape
now, but at it basically functions. If the spyware rip out goes awry SR

may
be the only way to get back to make a second attempt.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"zippy" wrote in message
ink.net...
Have you made sure that you updated products? Are you running these
programs in safe mode? Have you disabled system restore *before*

running
these programs? Try these steps and see if they help.
"Michel" wrote in message
...
My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot

&
SpywareBlaster have not detected it or removed it! What can I do??

"Walter Clayton" wrote:

Generally all I use is AdAware first followed by SpyBot. There's a

lot
of
overlap in the two tools, but they also concentrate on

non-overlapping
areas. It's also wise to follow up with installing SpywareBlaster.

None
of
these require run time presences although SpyBot will offer to

install
such.
No harm in doing so and in some instances, especially with multi-user
machines, a necessity. The biggest issue is remembering to run them
periodically after checking for updates. The latter is one of the

reasons,
other than not changing usage habits, that people get reinfected.

It's
easier to avoid being click happy than it is to clean up the mess
afterwards.

There are instances where AdAware/SpyBot may be neutralized or unable
to
clean something. I handle those on a case by case basis since you're

looking
at going with some highly specialized tools that if misused will

leave
the
machine unbootable (note that there is a nasty that the current

version
of
AdAware had been cleaning incorrectly that would make it impossible

to
log
on to the machine without taking corrective action).

Depending on your level of expertise there are some tools that

circumvent
issues with removing nasties that are resident in memory even in safe

mode.
If an XP machine is being disinfected I use a bootable CD created

using
Bart's tools with fully updated AdAware, Trendmicro, McAfee and

Kaspersky
tools (all free versions) incorporated. This also allows me to

correct
any
registry issues on the host machine without any major hassles other
than
knowing what parts of the registry need be hacked. The reason I
include

and
run AV scanners is generally if some one has a load of spyware it's

not
unusual they'll have nastier stuff as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Andrew" wrote in message
...


I already know what Spyware can do and all to your computers but
what

is
the best Spyware and Ad-aware remover programs out there I'm using

Spybot
1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good

Spyware
and Ad-aware remover programs that it will remove about 90% of

Spyware
and Ad-aware off your computer and keep it out.







  #33  
Old August 8th 04, 05:48 PM
Walter Clayton
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

;-)

Trust me or not. Disabling SR during the weed out is dangerous. Once the
machine is clean *then* purge SR and snap a base line. Yes, if a system
restore must be done because the weed out trashed the machine, then yes,
you're back with the crapware but at least the system is usable so that you
can try a different approach that won't leave the machine in worse shambles.

Or to rephrase it, why do think Spybot, by default, takes a SR snapshot
prior to altering anything on the system?

Ripping some of this stuff out is dangerous and NT kernels are rather
fragile in this regard. SR is the only graceful mechanism that people have
to restore functionality if something in the TCP stack gets ripped out
incorrectly leaving the machine DOA as far at getting on the 'net is
concerned. Unless they happen to have the proper repair tools on hand in
advance. Or if they hook the shell in such a manner that GUI fails on normal
startup.

Frankly I'm concerned about what Norton says. They have less than a stellar
reputation.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"zippy" wrote in message
ink.net...
I meant just to disable it while doing the scans, then put it back on.
I've
found this method the only way to completely rid the system. If he had to
repair to a previous date, guess what he's going to get back? Coolweb. I
thought you were the expert?
Even Norton says to disable system restore.........

"Walter Clayton" wrote in message
...
Disabling system restore is a bad idea. The system may be in a bad shape
now, but at it basically functions. If the spyware rip out goes awry SR

may
be the only way to get back to make a second attempt.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"zippy" wrote in message
ink.net...
Have you made sure that you updated products? Are you running these
programs in safe mode? Have you disabled system restore *before*

running
these programs? Try these steps and see if they help.
"Michel" wrote in message
...
My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot

&
SpywareBlaster have not detected it or removed it! What can I do??

"Walter Clayton" wrote:

Generally all I use is AdAware first followed by SpyBot. There's a

lot
of
overlap in the two tools, but they also concentrate on

non-overlapping
areas. It's also wise to follow up with installing SpywareBlaster.

None
of
these require run time presences although SpyBot will offer to

install
such.
No harm in doing so and in some instances, especially with
multi-user
machines, a necessity. The biggest issue is remembering to run them
periodically after checking for updates. The latter is one of the
reasons,
other than not changing usage habits, that people get reinfected.

It's
easier to avoid being click happy than it is to clean up the mess
afterwards.

There are instances where AdAware/SpyBot may be neutralized or
unable
to
clean something. I handle those on a case by case basis since you're
looking
at going with some highly specialized tools that if misused will

leave
the
machine unbootable (note that there is a nasty that the current

version
of
AdAware had been cleaning incorrectly that would make it impossible

to
log
on to the machine without taking corrective action).

Depending on your level of expertise there are some tools that
circumvent
issues with removing nasties that are resident in memory even in
safe
mode.
If an XP machine is being disinfected I use a bootable CD created

using
Bart's tools with fully updated AdAware, Trendmicro, McAfee and
Kaspersky
tools (all free versions) incorporated. This also allows me to

correct
any
registry issues on the host machine without any major hassles other
than
knowing what parts of the registry need be hacked. The reason I
include
and
run AV scanners is generally if some one has a load of spyware it's

not
unusual they'll have nastier stuff as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently
advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"Andrew" wrote in message
...


I already know what Spyware can do and all to your computers but
what
is
the best Spyware and Ad-aware remover programs out there I'm
using
Spybot
1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good
Spyware
and Ad-aware remover programs that it will remove about 90% of
Spyware
and Ad-aware off your computer and keep it out.








  #34  
Old August 8th 04, 07:51 PM
mbrennen
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

I have been having challenges with adware.iefeatsl & winshow. Norton
identifies entries to remove from the registry(most of them not there) they
also suggest that I delete files manually that norton will not. Bottom line
is that I am going to have to delete alot of files to de-possess my IE. I
have already deleted some of the files and noticed some system instability .
My search function in explorer craters .(as an example) I have tried Spybot
etc... No luck. Any suggestions? I am about to reload windows xp. I am
looking into linux as well.

thanks,

"Chris Norred [MSFT]" wrote:

Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future.

This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years.
A quote from Mr. Clayton:
“I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.”

Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077).

In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do.

To post a question or reply in this discussion, using the Web-based newsgroup reader:
1. Click Reply.
2. If prompted, sign in with your .NET Passport.
3. Edit the subject line if you like.
4. In the Reply form, type your message or question in the Message box.
5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post.
6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box.
7. Click Send.

This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive
(http://www.microsoft.com/windowsxp/e...s/archive.mspx).
Truly
Chris Norred
Editor
Windows XP Expert Zone Community




  #35  
Old August 8th 04, 09:20 PM
zippy
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Well I hear what you are saying. But I wouldn't want to have to restore to
a point where I had the scumware and have to start back at ground zero
trying to get rid of it. I'd lose all my hair. Guess I've just got lucky
with the way I have been doing it for a while. I have found that this
Coolweb thingy has many variants and some variants are easier to get rid of
with just adaware, spybot, CWShredder, and HijackThis. While on other
computers I've worked on weren't quite so easy. The version I had even got
past my firewall. Mistyped an address and got directed to a malicous
website and before I knew it I had programs like NotePad and Windows Media
player asking for permission to access the net through ZoneAlarm. Right
then and there I knew something was wrong as these shouldn't have been
asking for permission. I tried running Spybot, Adaware, and Hijack this,
even from safe mode. But I was unable to get rid of it totally till I
disabled system restore and then scanned in safe mode. It was still asking
for permission. I usually use AVG free for virus scans, but this program is
unable to scan in safe mode normally and was not detecting any viruses so I
ran norton from CD, incase the variant I had disabled installed Scanners.
This also found Trojan Downloader that was created on the same day as
Coolweb. I'm thinking these two went hand in hand. I was still getting
Pop-ups, programs still asking for permission. Once I disabled restore and
then ran all these programs again it was able to quarentine most items.I was
no longer getting all the pop-ups. Programs were no longer asking for
permission. But I still had to manually remove Content.IE5. These infected
items were found in the index dat file that Norton was unable to remove.
Had to fix Notepad. So, I've found that even with Virus Scanners, spyware
removal tools and a firewall doesn't mean you are protected 100%. To date,
they still don't have software for Operator Error :-)) That's why now I've
been very dilligent backing up to CD any information that I really really
need, and something does go wrong, it's just as easy for me now to just do a
clean install of XP rather than restore. Although this is a last resort.

"Walter Clayton" wrote in message
...
;-)

Trust me or not. Disabling SR during the weed out is dangerous. Once the
machine is clean *then* purge SR and snap a base line.



  #36  
Old August 8th 04, 11:53 PM
Walter Clayton
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Yep, t'ain't nothing can be done about the person at the keyboard. BTDTBTTS
:-)

Depending on how compotent you are you can do what I do when I'm on site. Go
to http://www.nu2.nu and grab Bart's PE. You'll need either a standard
retail/oem CD (not a restore set) or an I386 directory on disk. Following
the instructions and you can create a stand alone XP environment that has
AdAware, command line AV scanners, and other tools you feel you need. It's a
lot easier to nail some of the tricker variants that load themselves in safe
mode. And since it has full networking support you can push data across a
network to another machine if things get really nasty.

I've tussled with some of the more willey varieties myself and never had to
disable SR. I have hand massaged the registry and clipped nasties off the
drive either in safe mode when AdAware and Spybot were prohibited from
correcting the registry (and that gets tricky with an active nasty :-) or
via Bart's.

TrendMicro has stepped up to the plate and offers a free tool
(http://www.trendmicro.com/download/dcs.asp) that I've started to use. Also
there's a tool at http://www.silentrunners.org/ that identifies stuff
launching with the system that isn't part of a default virgin install. Use
extremely care when interpreting the results. Some people have
unintentionally shot themselves in the foot extremely badly (flat lined the
system) when hacking the wrong thing out of the registry. Couple that with
http://www.sysinternals.com/ntw2k/fr...autoruns.shtml and, if you're
really compotent at ftp://ftp.kaspersky.ru/utils/ you'll find a Trojan
Finder tool that will let you determine what is preventing you from
terminating a task. It will also let you kill tasks. There's some other
handy stuff there as well.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"zippy" wrote in message
ink.net...
Well I hear what you are saying. But I wouldn't want to have to restore
to
a point where I had the scumware and have to start back at ground zero
trying to get rid of it. I'd lose all my hair. Guess I've just got lucky
with the way I have been doing it for a while. I have found that this
Coolweb thingy has many variants and some variants are easier to get rid
of
with just adaware, spybot, CWShredder, and HijackThis. While on other
computers I've worked on weren't quite so easy. The version I had even
got
past my firewall. Mistyped an address and got directed to a malicous
website and before I knew it I had programs like NotePad and Windows Media
player asking for permission to access the net through ZoneAlarm. Right
then and there I knew something was wrong as these shouldn't have been
asking for permission. I tried running Spybot, Adaware, and Hijack this,
even from safe mode. But I was unable to get rid of it totally till I
disabled system restore and then scanned in safe mode. It was still
asking
for permission. I usually use AVG free for virus scans, but this program
is
unable to scan in safe mode normally and was not detecting any viruses so
I
ran norton from CD, incase the variant I had disabled installed Scanners.
This also found Trojan Downloader that was created on the same day as
Coolweb. I'm thinking these two went hand in hand. I was still getting
Pop-ups, programs still asking for permission. Once I disabled restore and
then ran all these programs again it was able to quarentine most items.I
was
no longer getting all the pop-ups. Programs were no longer asking for
permission. But I still had to manually remove Content.IE5. These infected
items were found in the index dat file that Norton was unable to remove.
Had to fix Notepad. So, I've found that even with Virus Scanners,
spyware
removal tools and a firewall doesn't mean you are protected 100%. To date,
they still don't have software for Operator Error :-)) That's why now
I've
been very dilligent backing up to CD any information that I really really
need, and something does go wrong, it's just as easy for me now to just do
a
clean install of XP rather than restore. Although this is a last resort.

"Walter Clayton" wrote in message
...
;-)

Trust me or not. Disabling SR during the weed out is dangerous. Once the
machine is clean *then* purge SR and snap a base line.




  #37  
Old August 9th 04, 12:10 AM
Walter Clayton
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Linux will simply leave you with a different set of vulnerabilities and a
hefty learning curve initially. Staying with Windows and switching to a
different browser, although less of a learning curve, will simply change the
vulnerabilities with regard browser hijacking. They are alternatives, but
for the average user, not what I would call as attractive as some people
would like to think.

Go to http://www.trendmicro.com/download/dcs.asp and download the Sysclean
package. You'll also need the template file linked on the same page. Read
the instructions on how to run this.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"mbrennen" wrote in message
...
I have been having challenges with adware.iefeatsl & winshow. Norton
identifies entries to remove from the registry(most of them not there)
they
also suggest that I delete files manually that norton will not. Bottom
line
is that I am going to have to delete alot of files to de-possess my IE. I
have already deleted some of the files and noticed some system instability
.
My search function in explorer craters .(as an example) I have tried
Spybot
etc... No luck. Any suggestions? I am about to reload windows xp. I am
looking into linux as well.

thanks,

"Chris Norred [MSFT]" wrote:

Hello and welcome to our first Ask-the-Experts discussion, moderated by
the Windows XP Expert Zone Community. This is a new trial effort and our
goal is to make it easy for you to ask questions and find answers on a
specific topic from a recognized expert in the online community. We’ll
continue this discussion in the newsgroups for one week and our volunteer
expert will select one or two questions each day and respond. Other
experts and users online may also chime in with advice. At the end of the
week, we hope to have a single thread filled with good information that
can be preserved for the benefit of other users in the future.

This week, our expert host is volunteer MVP Walter Clayton who will be
discussing the topic of spyware and adware and his experience helping
users in the newsgroups deal with spyware issues. Walter is an IT
professional from Frankfort, Kentucky. He is a self-trained computing pro
with 20 years of experience, and he has been helping people in the online
community for many years. Walter is a recipient of the Microsoft Most
Valuable Professional (MVP) award for his volunteer efforts helping
Windows users over the past five years.
A quote from Mr. Clayton:
“I enjoy working the newsgroups because it forces me to think and learn.
Everyday I get a slightly different perspective on something or see a new
situation or problem. There is also the challenge of keeping
communication skills sharp. Determining the answer to a problem, and
communicating it in the newsgroups can present its own set of challenges,
especially at times when the wrong answer can leave the user in a no-boot
situation.”

Our Ask the Experts discussion is different from the live chats hosted on
the Windows XP Expert Zone Community site
(http://communities2.microsoft.com/ho...iteid=34000077).

In these discussions, you may not get an immediate answer. The hosts will
check-in at a time convenient for them and answer questions. You can post
a question any time. Then you may want to add the discussion to your
Favorites list in Internet Explorer (Click Favorites, and then click Add
to Favorites). You should check back later in the day, or the next day,
to see if your question has been answered. Click the Refresh button to
see if any new posts were added while you have been reading. If you’re
more comfortable using Outlook Express or another newsreader, please do.

To post a question or reply in this discussion, using the Web-based
newsgroup reader:
1. Click Reply.
2. If prompted, sign in with your .NET Passport.
3. Edit the subject line if you like.
4. In the Reply form, type your message or question in the Message box.
5. Review the text you typed in the Body box to make sure it says what
you want; you cannot revise your message after you click Post.
6. To receive e-mail notification when someone posts to this thread,
select the Notify me of replies check box.
7. Click Send.

This is a new trial effort and your feedback and assistance are
appreciated. We’ll keep links to these discussions in the Windows XP
Expert Zone Community Columns Archive
(http://www.microsoft.com/windowsxp/e...s/archive.mspx).
Truly
Chris Norred
Editor
Windows XP Expert Zone Community





  #38  
Old August 9th 04, 06:07 AM
GaryC
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Walter: NAV found a trojan horse called pwsteal.banker.b on my machine. NAV
has denied access to the file but NAV always generates a pop up. It seems to
me that the trojan horse is succesfully isolated but a program is constantly
calling for it....therefore the NAV popup. The suggested Symantec fix says
to repair the registry in safe mode. I've never edited the registry before.
I have a couple of questions:

1) how do you backup the registry in WinXP Home Edition, and

2) Symantec says to delete certain values after navigating to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft NT\CurrentVersion\Winlogon\Notify\f3dsl
and to HKEY_LOCA-MACHINE\System\CurrentControlSet\Control. I can't seem to
find these. Are these in XP?

Thanks,

"Walter Clayton" wrote:

First thing is to try running Norton in safe mode (reboot the machine, start
tapping F8 while the BIOS is POSTing to get the boot menu then take the safe
mode option. If you can't get to safe mode that way, use msconfig
(start-run-msconfig) boot.ini tab. Enable the safeboot option and leave
the option for minimal boot set. If you have to use msconfig to force
safemode don't forget to reverse the process in order to return to normal
mode).

Run NAV in that environment.

If that still fails, I need to know specifically what NAV is calling the
nasties. There's some other free tools and options that can be used, but
stay with what you have at present. Depending on exactly what you've been
hit with you may have to be talked through manual removal.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"novice77" wrote in message
...
Could you tell me how to get rid of adware from my pc. Norton scan tells
me I have 9 threatning files but can't delete them.



"vtx" wrote:



  #39  
Old August 10th 04, 12:31 AM
Airman
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

I have been using ZoneAlarmPro firewall and from time to time receive an
alert: "Microsoft Windows Based Script Host is trying to connect to the
internet..." - no information is available...
so I have been denying access but I wonder if this is an authentic Microsoft
Update download - and should be allowing access.

"Harry Ohrn" wrote:

"The Unknown P" ( ) wrote in message
...
How in God's name do you think this is going to differ from the numerous
NG's and the posts pertaining to this topic. In short this is not only a
waste of space but a little redundant as we have been dealing with
thousands of questions pertaining to spyware\adware for years. If this
supposed eXPert has anything to add he or she can feel free to answer the
questions posted in any number of these NG's as the rest of us
unrecognized or unheralded individuals do. Please don't go out of your way
for us or the general public. Like any of the people who reply to these
NG's it is at our conveniance and we certainly don't need your majesty to
point this out to us. }:~)
--
There are three types of people in computing, those that can count and
those that can't.


Who dumped in your Cheerio's this morning?. There are any number of non
Microsoft newsgroups on Usenet that you can post your valuable knowledge to.
If you dislike the way that Microsoft wishes to use their groups then
perhaps you should just move on over.

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp




  #40  
Old August 10th 04, 12:38 AM
David Candy
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Depends on why it wants access.

--=20
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/...392635123.html

"Airman" wrote in message =
...
I have been using ZoneAlarmPro firewall and from time to time receive =

an=20
alert: "Microsoft Windows Based Script Host is trying to connect to =

the=20
internet..." - no information is available...
so I have been denying access but I wonder if this is an authentic =

Microsoft=20
Update download - and should be allowing access.
=20
"Harry Ohrn" wrote:
=20
"The Unknown P" ( ) wrote in message=20
...
How in God's name do you think this is going to differ from the =

numerous=20
NG's and the posts pertaining to this topic. In short this is not =

only a=20
waste of space but a little redundant as we have been dealing with =


thousands of questions pertaining to spyware\adware for years. If =

this=20
supposed eXPert has anything to add he or she can feel free to =

answer the=20
questions posted in any number of these NG's as the rest of us=20
unrecognized or unheralded individuals do. Please don't go out of =

your way=20
for us or the general public. Like any of the people who reply to =

these=20
NG's it is at our conveniance and we certainly don't need your =

majesty to=20
point this out to us. }:~)
--=20
There are three types of people in computing, those that can count =

and=20
those that can't.

=20
Who dumped in your Cheerio's this morning?. There are any number of =

non=20
Microsoft newsgroups on Usenet that you can post your valuable =

knowledge to.=20
If you dislike the way that Microsoft wishes to use their groups =

then=20
perhaps you should just move on over.
=20
--=20
=20
Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp
=20
=20
=20

  #41  
Old August 10th 04, 12:40 AM
David Candy
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

You can read the message as
"A program is trying to connect ... "

Not helpful. Need the program name. WSH is a program that hosts other =
programs.

--=20
----------------------------------------------------------
'Not happy John! Defending our democracy',
http://www.smh.com.au/articles/2004/...392635123.html

"Airman" wrote in message =
...
I have been using ZoneAlarmPro firewall and from time to time receive =

an=20
alert: "Microsoft Windows Based Script Host is trying to connect to =

the=20
internet..." - no information is available...
so I have been denying access but I wonder if this is an authentic =

Microsoft=20
Update download - and should be allowing access.
=20
"Harry Ohrn" wrote:
=20
"The Unknown P" ( ) wrote in message=20
...
How in God's name do you think this is going to differ from the =

numerous=20
NG's and the posts pertaining to this topic. In short this is not =

only a=20
waste of space but a little redundant as we have been dealing with =


thousands of questions pertaining to spyware\adware for years. If =

this=20
supposed eXPert has anything to add he or she can feel free to =

answer the=20
questions posted in any number of these NG's as the rest of us=20
unrecognized or unheralded individuals do. Please don't go out of =

your way=20
for us or the general public. Like any of the people who reply to =

these=20
NG's it is at our conveniance and we certainly don't need your =

majesty to=20
point this out to us. }:~)
--=20
There are three types of people in computing, those that can count =

and=20
those that can't.

=20
Who dumped in your Cheerio's this morning?. There are any number of =

non=20
Microsoft newsgroups on Usenet that you can post your valuable =

knowledge to.=20
If you dislike the way that Microsoft wishes to use their groups =

then=20
perhaps you should just move on over.
=20
--=20
=20
Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp
=20
=20
=20

  #42  
Old August 10th 04, 08:47 PM
Dax
external usenet poster
 
Posts: n/a
Default ReBooting Laptops/Notebooks

My Recent Laptop I Just Borrowed Just Keeps Rebooting It Gets To The Loading
Bar Then Stops How Can I Stop This, I Also Cannon Enter Setup, Please Help
  #43  
Old August 10th 04, 11:13 PM
Walter Clayton
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

Registry back up is part of system restore. Just force a manual system
restore point before proceeding. Counter to Symantec instructions, disabling
SR is not a good idea at this point.

Regardless, looking at the instructions the Symantec has, yes those registry
keys will be present on HE when you're machine is infected. I noticed you
typoed some of the branches so double check.

I'm still amazed that Symantec expects people to have to hack the registry.
:-/

There's a couple of free tools you can try as well. One is the sysclean tool
from TrendMicro located at http://www.trendmicro.com/download/dcs.asp -
download the 'damage cleanup engine template (link on the same page) and
follow the instructions or their online scanner at
http://housecall.trendmicro.com/ - you can also try Panda's online scanner
at http://www.pandasoftware.com/actives..._principal.htm

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"GaryC" wrote in message
...
Walter: NAV found a trojan horse called pwsteal.banker.b on my machine.
NAV
has denied access to the file but NAV always generates a pop up. It seems
to
me that the trojan horse is succesfully isolated but a program is
constantly
calling for it....therefore the NAV popup. The suggested Symantec fix
says
to repair the registry in safe mode. I've never edited the registry
before.
I have a couple of questions:

1) how do you backup the registry in WinXP Home Edition, and

2) Symantec says to delete certain values after navigating to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
NT\CurrentVersion\Winlogon\Notify\f3dsl
and to HKEY_LOCA-MACHINE\System\CurrentControlSet\Control. I can't seem
to
find these. Are these in XP?

Thanks,

"Walter Clayton" wrote:

First thing is to try running Norton in safe mode (reboot the machine,
start
tapping F8 while the BIOS is POSTing to get the boot menu then take the
safe
mode option. If you can't get to safe mode that way, use msconfig
(start-run-msconfig) boot.ini tab. Enable the safeboot option and leave
the option for minimal boot set. If you have to use msconfig to force
safemode don't forget to reverse the process in order to return to normal
mode).

Run NAV in that environment.

If that still fails, I need to know specifically what NAV is calling the
nasties. There's some other free tools and options that can be used, but
stay with what you have at present. Depending on exactly what you've been
hit with you may have to be talked through manual removal.

--
Walter Clayton - MS MVP(WinXP)
Associate Expert
http://www.microsoft.com/windowsxp/expertzone
Any technology distinguishable from magic is insufficiently advanced.
http://www.dts-l.org
http://support.microsoft.com/servicedesks/fileversion/default.asp|


"novice77" wrote in message
...
Could you tell me how to get rid of adware from my pc. Norton scan
tells
me I have 9 threatning files but can't delete them.



"vtx" wrote:




  #44  
Old August 11th 04, 01:55 PM
Pres_Fltsimbuff
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

I had a big problem with spyware awhile back... to this day I don't know how
it got on my PC. I work for a Huge national ISP in tech support, and see
spyware problems every day. I had been able to steer clear of it, and
considered people who actually got spyware to be doing so out of
ignorance.... Well, I got humbled.

It started installing itself one day, and I installed Spybot AND Adaware to
get rid of it.... but it kept coming back. I worked for many hours to try and
get rid of it... but it kept downloading more, and more spyware... I finally
found that one called TVMedia was the one that spybot could never remove
because it was always "in use"... yet it didn't show in the task list in 2k.

So, I got the kill.exe file from the support tools, and had to do a kill -f
on it. That closed it to where I could delete the exe file. Just to make
sure, I also set my run keys in the registry to read only, and left the
spyware folders there, and set them to read only as well. Haven't had a
problem since... I believe I also added the key for BHOs in IE to read only
as well. I'll just have to remember where it is in there next time I need to
install a plugin so I can temporarily turn on write access.

What would really be a big help would be the ability to turn off certain
terrible features in IE... It would eliminate a lot of annoyances... For
instance... to be able to disable the javascript event that fires when you
close a window. That would keep them from immediately reopening another page
on close. Disabling the ability to change the homepage using page code would
be nice.

Another huge problem is when spyware replaces the Winsock files with their
own versions... Then, of course, spyware removal tools remove those files and
totally break the internet connection (if the spyware itself doesn't do that
first). We get sooo many calls/day about connections broken due to this.

Anyway, there ends my story/rant.
  #45  
Old August 12th 04, 03:39 PM
pdthorin
external usenet poster
 
Posts: n/a
Default Ask Windows XP Expert Walter Clayton About Spyware

My computer has so much spy-ware on it I'd prefer just to reformat the hard
drive and start fresh. The only problem is I bought my HP desktop with XP
already installed and I don't have a disc. Can I reformat my drive without
getting rid of XP?

"Chris Norred [MSFT]" wrote:

Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future.

This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years.
A quote from Mr. Clayton:
“I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.”

Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077).

In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do.

To post a question or reply in this discussion, using the Web-based newsgroup reader:
1. Click Reply.
2. If prompted, sign in with your .NET Passport.
3. Edit the subject line if you like.
4. In the Reply form, type your message or question in the Message box.
5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post.
6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box.
7. Click Send.

This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive
(http://www.microsoft.com/windowsxp/e...s/archive.mspx).
Truly
Chris Norred
Editor
Windows XP Expert Zone Community




 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
I click on my spyware exe and Windows begins to install Windows Office XP Snapper The Basics 5 July 22nd 04 02:56 PM
I click on my spyware exe and Windows begins to install Windows Office XP Snapper The Basics 2 July 22nd 04 11:13 AM
I click on my spyware exe and Windows begins to install Windows Office XP Snapper The Basics 5 July 22nd 04 10:09 AM
How do I remove Spyware? Julian Milano General XP issues or comments 7 July 16th 04 08:20 PM
How do I remove Spyware? Julian Milano General XP issues or comments 5 July 16th 04 04:18 PM






All times are GMT +1. The time now is 08:20 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004-2024 PCbanter.
The comments are property of their posters.