If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#31
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Like zippy said update AdAware and Spybot *before* scanning and run them in
safe mode. If that still doesn't solve the problem the you can try CWShredder but don't be surprised if it doesn't work. The developer has quit maintaining it so depending on exactly what flavor you have that might not work. Give that a try first. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Michel" wrote in message ... My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot & SpywareBlaster have not detected it or removed it! What can I do?? "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
Ads |
#32
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
I meant just to disable it while doing the scans, then put it back on. I've
found this method the only way to completely rid the system. If he had to repair to a previous date, guess what he's going to get back? Coolweb. I thought you were the expert? Even Norton says to disable system restore......... "Walter Clayton" wrote in message ... Disabling system restore is a bad idea. The system may be in a bad shape now, but at it basically functions. If the spyware rip out goes awry SR may be the only way to get back to make a second attempt. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" wrote in message ink.net... Have you made sure that you updated products? Are you running these programs in safe mode? Have you disabled system restore *before* running these programs? Try these steps and see if they help. "Michel" wrote in message ... My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot & SpywareBlaster have not detected it or removed it! What can I do?? "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#33
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
;-)
Trust me or not. Disabling SR during the weed out is dangerous. Once the machine is clean *then* purge SR and snap a base line. Yes, if a system restore must be done because the weed out trashed the machine, then yes, you're back with the crapware but at least the system is usable so that you can try a different approach that won't leave the machine in worse shambles. Or to rephrase it, why do think Spybot, by default, takes a SR snapshot prior to altering anything on the system? Ripping some of this stuff out is dangerous and NT kernels are rather fragile in this regard. SR is the only graceful mechanism that people have to restore functionality if something in the TCP stack gets ripped out incorrectly leaving the machine DOA as far at getting on the 'net is concerned. Unless they happen to have the proper repair tools on hand in advance. Or if they hook the shell in such a manner that GUI fails on normal startup. Frankly I'm concerned about what Norton says. They have less than a stellar reputation. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" wrote in message ink.net... I meant just to disable it while doing the scans, then put it back on. I've found this method the only way to completely rid the system. If he had to repair to a previous date, guess what he's going to get back? Coolweb. I thought you were the expert? Even Norton says to disable system restore......... "Walter Clayton" wrote in message ... Disabling system restore is a bad idea. The system may be in a bad shape now, but at it basically functions. If the spyware rip out goes awry SR may be the only way to get back to make a second attempt. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" wrote in message ink.net... Have you made sure that you updated products? Are you running these programs in safe mode? Have you disabled system restore *before* running these programs? Try these steps and see if they help. "Michel" wrote in message ... My Internet Exp has been hijacked by CoolWebSearch and AdAware, Spybot & SpywareBlaster have not detected it or removed it! What can I do?? "Walter Clayton" wrote: Generally all I use is AdAware first followed by SpyBot. There's a lot of overlap in the two tools, but they also concentrate on non-overlapping areas. It's also wise to follow up with installing SpywareBlaster. None of these require run time presences although SpyBot will offer to install such. No harm in doing so and in some instances, especially with multi-user machines, a necessity. The biggest issue is remembering to run them periodically after checking for updates. The latter is one of the reasons, other than not changing usage habits, that people get reinfected. It's easier to avoid being click happy than it is to clean up the mess afterwards. There are instances where AdAware/SpyBot may be neutralized or unable to clean something. I handle those on a case by case basis since you're looking at going with some highly specialized tools that if misused will leave the machine unbootable (note that there is a nasty that the current version of AdAware had been cleaning incorrectly that would make it impossible to log on to the machine without taking corrective action). Depending on your level of expertise there are some tools that circumvent issues with removing nasties that are resident in memory even in safe mode. If an XP machine is being disinfected I use a bootable CD created using Bart's tools with fully updated AdAware, Trendmicro, McAfee and Kaspersky tools (all free versions) incorporated. This also allows me to correct any registry issues on the host machine without any major hassles other than knowing what parts of the registry need be hacked. The reason I include and run AV scanners is generally if some one has a load of spyware it's not unusual they'll have nastier stuff as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "Andrew" wrote in message ... I already know what Spyware can do and all to your computers but what is the best Spyware and Ad-aware remover programs out there I'm using Spybot 1.3 and Ad-aware 6.0 from Lavasoft and I heard having two good Spyware and Ad-aware remover programs that it will remove about 90% of Spyware and Ad-aware off your computer and keep it out. |
#34
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
I have been having challenges with adware.iefeatsl & winshow. Norton
identifies entries to remove from the registry(most of them not there) they also suggest that I delete files manually that norton will not. Bottom line is that I am going to have to delete alot of files to de-possess my IE. I have already deleted some of the files and noticed some system instability . My search function in explorer craters .(as an example) I have tried Spybot etc... No luck. Any suggestions? I am about to reload windows xp. I am looking into linux as well. thanks, "Chris Norred [MSFT]" wrote: Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future. This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years. A quote from Mr. Clayton: “I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.” Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077). In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do. To post a question or reply in this discussion, using the Web-based newsgroup reader: 1. Click Reply. 2. If prompted, sign in with your .NET Passport. 3. Edit the subject line if you like. 4. In the Reply form, type your message or question in the Message box. 5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post. 6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box. 7. Click Send. This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive (http://www.microsoft.com/windowsxp/e...s/archive.mspx). Truly Chris Norred Editor Windows XP Expert Zone Community |
#35
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Well I hear what you are saying. But I wouldn't want to have to restore to
a point where I had the scumware and have to start back at ground zero trying to get rid of it. I'd lose all my hair. Guess I've just got lucky with the way I have been doing it for a while. I have found that this Coolweb thingy has many variants and some variants are easier to get rid of with just adaware, spybot, CWShredder, and HijackThis. While on other computers I've worked on weren't quite so easy. The version I had even got past my firewall. Mistyped an address and got directed to a malicous website and before I knew it I had programs like NotePad and Windows Media player asking for permission to access the net through ZoneAlarm. Right then and there I knew something was wrong as these shouldn't have been asking for permission. I tried running Spybot, Adaware, and Hijack this, even from safe mode. But I was unable to get rid of it totally till I disabled system restore and then scanned in safe mode. It was still asking for permission. I usually use AVG free for virus scans, but this program is unable to scan in safe mode normally and was not detecting any viruses so I ran norton from CD, incase the variant I had disabled installed Scanners. This also found Trojan Downloader that was created on the same day as Coolweb. I'm thinking these two went hand in hand. I was still getting Pop-ups, programs still asking for permission. Once I disabled restore and then ran all these programs again it was able to quarentine most items.I was no longer getting all the pop-ups. Programs were no longer asking for permission. But I still had to manually remove Content.IE5. These infected items were found in the index dat file that Norton was unable to remove. Had to fix Notepad. So, I've found that even with Virus Scanners, spyware removal tools and a firewall doesn't mean you are protected 100%. To date, they still don't have software for Operator Error :-)) That's why now I've been very dilligent backing up to CD any information that I really really need, and something does go wrong, it's just as easy for me now to just do a clean install of XP rather than restore. Although this is a last resort. "Walter Clayton" wrote in message ... ;-) Trust me or not. Disabling SR during the weed out is dangerous. Once the machine is clean *then* purge SR and snap a base line. |
#36
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Yep, t'ain't nothing can be done about the person at the keyboard. BTDTBTTS
:-) Depending on how compotent you are you can do what I do when I'm on site. Go to http://www.nu2.nu and grab Bart's PE. You'll need either a standard retail/oem CD (not a restore set) or an I386 directory on disk. Following the instructions and you can create a stand alone XP environment that has AdAware, command line AV scanners, and other tools you feel you need. It's a lot easier to nail some of the tricker variants that load themselves in safe mode. And since it has full networking support you can push data across a network to another machine if things get really nasty. I've tussled with some of the more willey varieties myself and never had to disable SR. I have hand massaged the registry and clipped nasties off the drive either in safe mode when AdAware and Spybot were prohibited from correcting the registry (and that gets tricky with an active nasty :-) or via Bart's. TrendMicro has stepped up to the plate and offers a free tool (http://www.trendmicro.com/download/dcs.asp) that I've started to use. Also there's a tool at http://www.silentrunners.org/ that identifies stuff launching with the system that isn't part of a default virgin install. Use extremely care when interpreting the results. Some people have unintentionally shot themselves in the foot extremely badly (flat lined the system) when hacking the wrong thing out of the registry. Couple that with http://www.sysinternals.com/ntw2k/fr...autoruns.shtml and, if you're really compotent at ftp://ftp.kaspersky.ru/utils/ you'll find a Trojan Finder tool that will let you determine what is preventing you from terminating a task. It will also let you kill tasks. There's some other handy stuff there as well. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "zippy" wrote in message ink.net... Well I hear what you are saying. But I wouldn't want to have to restore to a point where I had the scumware and have to start back at ground zero trying to get rid of it. I'd lose all my hair. Guess I've just got lucky with the way I have been doing it for a while. I have found that this Coolweb thingy has many variants and some variants are easier to get rid of with just adaware, spybot, CWShredder, and HijackThis. While on other computers I've worked on weren't quite so easy. The version I had even got past my firewall. Mistyped an address and got directed to a malicous website and before I knew it I had programs like NotePad and Windows Media player asking for permission to access the net through ZoneAlarm. Right then and there I knew something was wrong as these shouldn't have been asking for permission. I tried running Spybot, Adaware, and Hijack this, even from safe mode. But I was unable to get rid of it totally till I disabled system restore and then scanned in safe mode. It was still asking for permission. I usually use AVG free for virus scans, but this program is unable to scan in safe mode normally and was not detecting any viruses so I ran norton from CD, incase the variant I had disabled installed Scanners. This also found Trojan Downloader that was created on the same day as Coolweb. I'm thinking these two went hand in hand. I was still getting Pop-ups, programs still asking for permission. Once I disabled restore and then ran all these programs again it was able to quarentine most items.I was no longer getting all the pop-ups. Programs were no longer asking for permission. But I still had to manually remove Content.IE5. These infected items were found in the index dat file that Norton was unable to remove. Had to fix Notepad. So, I've found that even with Virus Scanners, spyware removal tools and a firewall doesn't mean you are protected 100%. To date, they still don't have software for Operator Error :-)) That's why now I've been very dilligent backing up to CD any information that I really really need, and something does go wrong, it's just as easy for me now to just do a clean install of XP rather than restore. Although this is a last resort. "Walter Clayton" wrote in message ... ;-) Trust me or not. Disabling SR during the weed out is dangerous. Once the machine is clean *then* purge SR and snap a base line. |
#37
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Linux will simply leave you with a different set of vulnerabilities and a
hefty learning curve initially. Staying with Windows and switching to a different browser, although less of a learning curve, will simply change the vulnerabilities with regard browser hijacking. They are alternatives, but for the average user, not what I would call as attractive as some people would like to think. Go to http://www.trendmicro.com/download/dcs.asp and download the Sysclean package. You'll also need the template file linked on the same page. Read the instructions on how to run this. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "mbrennen" wrote in message ... I have been having challenges with adware.iefeatsl & winshow. Norton identifies entries to remove from the registry(most of them not there) they also suggest that I delete files manually that norton will not. Bottom line is that I am going to have to delete alot of files to de-possess my IE. I have already deleted some of the files and noticed some system instability . My search function in explorer craters .(as an example) I have tried Spybot etc... No luck. Any suggestions? I am about to reload windows xp. I am looking into linux as well. thanks, "Chris Norred [MSFT]" wrote: Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future. This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years. A quote from Mr. Clayton: “I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.” Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077). In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do. To post a question or reply in this discussion, using the Web-based newsgroup reader: 1. Click Reply. 2. If prompted, sign in with your .NET Passport. 3. Edit the subject line if you like. 4. In the Reply form, type your message or question in the Message box. 5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post. 6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box. 7. Click Send. This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive (http://www.microsoft.com/windowsxp/e...s/archive.mspx). Truly Chris Norred Editor Windows XP Expert Zone Community |
#38
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Walter: NAV found a trojan horse called pwsteal.banker.b on my machine. NAV
has denied access to the file but NAV always generates a pop up. It seems to me that the trojan horse is succesfully isolated but a program is constantly calling for it....therefore the NAV popup. The suggested Symantec fix says to repair the registry in safe mode. I've never edited the registry before. I have a couple of questions: 1) how do you backup the registry in WinXP Home Edition, and 2) Symantec says to delete certain values after navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft NT\CurrentVersion\Winlogon\Notify\f3dsl and to HKEY_LOCA-MACHINE\System\CurrentControlSet\Control. I can't seem to find these. Are these in XP? Thanks, "Walter Clayton" wrote: First thing is to try running Norton in safe mode (reboot the machine, start tapping F8 while the BIOS is POSTing to get the boot menu then take the safe mode option. If you can't get to safe mode that way, use msconfig (start-run-msconfig) boot.ini tab. Enable the safeboot option and leave the option for minimal boot set. If you have to use msconfig to force safemode don't forget to reverse the process in order to return to normal mode). Run NAV in that environment. If that still fails, I need to know specifically what NAV is calling the nasties. There's some other free tools and options that can be used, but stay with what you have at present. Depending on exactly what you've been hit with you may have to be talked through manual removal. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "novice77" wrote in message ... Could you tell me how to get rid of adware from my pc. Norton scan tells me I have 9 threatning files but can't delete them. "vtx" wrote: |
#40
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Depends on why it wants access.
--=20 ---------------------------------------------------------- 'Not happy John! Defending our democracy', http://www.smh.com.au/articles/2004/...392635123.html "Airman" wrote in message = ... I have been using ZoneAlarmPro firewall and from time to time receive = an=20 alert: "Microsoft Windows Based Script Host is trying to connect to = the=20 internet..." - no information is available... so I have been denying access but I wonder if this is an authentic = Microsoft=20 Update download - and should be allowing access. =20 "Harry Ohrn" wrote: =20 "The Unknown P" ( ) wrote in message=20 ... How in God's name do you think this is going to differ from the = numerous=20 NG's and the posts pertaining to this topic. In short this is not = only a=20 waste of space but a little redundant as we have been dealing with = thousands of questions pertaining to spyware\adware for years. If = this=20 supposed eXPert has anything to add he or she can feel free to = answer the=20 questions posted in any number of these NG's as the rest of us=20 unrecognized or unheralded individuals do. Please don't go out of = your way=20 for us or the general public. Like any of the people who reply to = these=20 NG's it is at our conveniance and we certainly don't need your = majesty to=20 point this out to us. }:~) --=20 There are three types of people in computing, those that can count = and=20 those that can't. =20 Who dumped in your Cheerio's this morning?. There are any number of = non=20 Microsoft newsgroups on Usenet that you can post your valuable = knowledge to.=20 If you dislike the way that Microsoft wishes to use their groups = then=20 perhaps you should just move on over. =20 --=20 =20 Harry Ohrn MS-MVP [Shell/User] www.webtree.ca/windowsxp =20 =20 =20 |
#41
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
You can read the message as
"A program is trying to connect ... " Not helpful. Need the program name. WSH is a program that hosts other = programs. --=20 ---------------------------------------------------------- 'Not happy John! Defending our democracy', http://www.smh.com.au/articles/2004/...392635123.html "Airman" wrote in message = ... I have been using ZoneAlarmPro firewall and from time to time receive = an=20 alert: "Microsoft Windows Based Script Host is trying to connect to = the=20 internet..." - no information is available... so I have been denying access but I wonder if this is an authentic = Microsoft=20 Update download - and should be allowing access. =20 "Harry Ohrn" wrote: =20 "The Unknown P" ( ) wrote in message=20 ... How in God's name do you think this is going to differ from the = numerous=20 NG's and the posts pertaining to this topic. In short this is not = only a=20 waste of space but a little redundant as we have been dealing with = thousands of questions pertaining to spyware\adware for years. If = this=20 supposed eXPert has anything to add he or she can feel free to = answer the=20 questions posted in any number of these NG's as the rest of us=20 unrecognized or unheralded individuals do. Please don't go out of = your way=20 for us or the general public. Like any of the people who reply to = these=20 NG's it is at our conveniance and we certainly don't need your = majesty to=20 point this out to us. }:~) --=20 There are three types of people in computing, those that can count = and=20 those that can't. =20 Who dumped in your Cheerio's this morning?. There are any number of = non=20 Microsoft newsgroups on Usenet that you can post your valuable = knowledge to.=20 If you dislike the way that Microsoft wishes to use their groups = then=20 perhaps you should just move on over. =20 --=20 =20 Harry Ohrn MS-MVP [Shell/User] www.webtree.ca/windowsxp =20 =20 =20 |
#42
|
|||
|
|||
ReBooting Laptops/Notebooks
My Recent Laptop I Just Borrowed Just Keeps Rebooting It Gets To The Loading
Bar Then Stops How Can I Stop This, I Also Cannon Enter Setup, Please Help |
#43
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
Registry back up is part of system restore. Just force a manual system
restore point before proceeding. Counter to Symantec instructions, disabling SR is not a good idea at this point. Regardless, looking at the instructions the Symantec has, yes those registry keys will be present on HE when you're machine is infected. I noticed you typoed some of the branches so double check. I'm still amazed that Symantec expects people to have to hack the registry. :-/ There's a couple of free tools you can try as well. One is the sysclean tool from TrendMicro located at http://www.trendmicro.com/download/dcs.asp - download the 'damage cleanup engine template (link on the same page) and follow the instructions or their online scanner at http://housecall.trendmicro.com/ - you can also try Panda's online scanner at http://www.pandasoftware.com/actives..._principal.htm -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "GaryC" wrote in message ... Walter: NAV found a trojan horse called pwsteal.banker.b on my machine. NAV has denied access to the file but NAV always generates a pop up. It seems to me that the trojan horse is succesfully isolated but a program is constantly calling for it....therefore the NAV popup. The suggested Symantec fix says to repair the registry in safe mode. I've never edited the registry before. I have a couple of questions: 1) how do you backup the registry in WinXP Home Edition, and 2) Symantec says to delete certain values after navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft NT\CurrentVersion\Winlogon\Notify\f3dsl and to HKEY_LOCA-MACHINE\System\CurrentControlSet\Control. I can't seem to find these. Are these in XP? Thanks, "Walter Clayton" wrote: First thing is to try running Norton in safe mode (reboot the machine, start tapping F8 while the BIOS is POSTing to get the boot menu then take the safe mode option. If you can't get to safe mode that way, use msconfig (start-run-msconfig) boot.ini tab. Enable the safeboot option and leave the option for minimal boot set. If you have to use msconfig to force safemode don't forget to reverse the process in order to return to normal mode). Run NAV in that environment. If that still fails, I need to know specifically what NAV is calling the nasties. There's some other free tools and options that can be used, but stay with what you have at present. Depending on exactly what you've been hit with you may have to be talked through manual removal. -- Walter Clayton - MS MVP(WinXP) Associate Expert http://www.microsoft.com/windowsxp/expertzone Any technology distinguishable from magic is insufficiently advanced. http://www.dts-l.org http://support.microsoft.com/servicedesks/fileversion/default.asp| "novice77" wrote in message ... Could you tell me how to get rid of adware from my pc. Norton scan tells me I have 9 threatning files but can't delete them. "vtx" wrote: |
#44
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
I had a big problem with spyware awhile back... to this day I don't know how
it got on my PC. I work for a Huge national ISP in tech support, and see spyware problems every day. I had been able to steer clear of it, and considered people who actually got spyware to be doing so out of ignorance.... Well, I got humbled. It started installing itself one day, and I installed Spybot AND Adaware to get rid of it.... but it kept coming back. I worked for many hours to try and get rid of it... but it kept downloading more, and more spyware... I finally found that one called TVMedia was the one that spybot could never remove because it was always "in use"... yet it didn't show in the task list in 2k. So, I got the kill.exe file from the support tools, and had to do a kill -f on it. That closed it to where I could delete the exe file. Just to make sure, I also set my run keys in the registry to read only, and left the spyware folders there, and set them to read only as well. Haven't had a problem since... I believe I also added the key for BHOs in IE to read only as well. I'll just have to remember where it is in there next time I need to install a plugin so I can temporarily turn on write access. What would really be a big help would be the ability to turn off certain terrible features in IE... It would eliminate a lot of annoyances... For instance... to be able to disable the javascript event that fires when you close a window. That would keep them from immediately reopening another page on close. Disabling the ability to change the homepage using page code would be nice. Another huge problem is when spyware replaces the Winsock files with their own versions... Then, of course, spyware removal tools remove those files and totally break the internet connection (if the spyware itself doesn't do that first). We get sooo many calls/day about connections broken due to this. Anyway, there ends my story/rant. |
#45
|
|||
|
|||
Ask Windows XP Expert Walter Clayton About Spyware
My computer has so much spy-ware on it I'd prefer just to reformat the hard
drive and start fresh. The only problem is I bought my HP desktop with XP already installed and I don't have a disc. Can I reformat my drive without getting rid of XP? "Chris Norred [MSFT]" wrote: Hello and welcome to our first Ask-the-Experts discussion, moderated by the Windows XP Expert Zone Community. This is a new trial effort and our goal is to make it easy for you to ask questions and find answers on a specific topic from a recognized expert in the online community. We’ll continue this discussion in the newsgroups for one week and our volunteer expert will select one or two questions each day and respond. Other experts and users online may also chime in with advice. At the end of the week, we hope to have a single thread filled with good information that can be preserved for the benefit of other users in the future. This week, our expert host is volunteer MVP Walter Clayton who will be discussing the topic of spyware and adware and his experience helping users in the newsgroups deal with spyware issues. Walter is an IT professional from Frankfort, Kentucky. He is a self-trained computing pro with 20 years of experience, and he has been helping people in the online community for many years. Walter is a recipient of the Microsoft Most Valuable Professional (MVP) award for his volunteer efforts helping Windows users over the past five years. A quote from Mr. Clayton: “I enjoy working the newsgroups because it forces me to think and learn. Everyday I get a slightly different perspective on something or see a new situation or problem. There is also the challenge of keeping communication skills sharp. Determining the answer to a problem, and communicating it in the newsgroups can present its own set of challenges, especially at times when the wrong answer can leave the user in a no-boot situation.” Our Ask the Experts discussion is different from the live chats hosted on the Windows XP Expert Zone Community site (http://communities2.microsoft.com/ho...iteid=34000077). In these discussions, you may not get an immediate answer. The hosts will check-in at a time convenient for them and answer questions. You can post a question any time. Then you may want to add the discussion to your Favorites list in Internet Explorer (Click Favorites, and then click Add to Favorites). You should check back later in the day, or the next day, to see if your question has been answered. Click the Refresh button to see if any new posts were added while you have been reading. If you’re more comfortable using Outlook Express or another newsreader, please do. To post a question or reply in this discussion, using the Web-based newsgroup reader: 1. Click Reply. 2. If prompted, sign in with your .NET Passport. 3. Edit the subject line if you like. 4. In the Reply form, type your message or question in the Message box. 5. Review the text you typed in the Body box to make sure it says what you want; you cannot revise your message after you click Post. 6. To receive e-mail notification when someone posts to this thread, select the Notify me of replies check box. 7. Click Send. This is a new trial effort and your feedback and assistance are appreciated. We’ll keep links to these discussions in the Windows XP Expert Zone Community Columns Archive (http://www.microsoft.com/windowsxp/e...s/archive.mspx). Truly Chris Norred Editor Windows XP Expert Zone Community |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 02:56 PM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 2 | July 22nd 04 11:13 AM |
I click on my spyware exe and Windows begins to install Windows Office XP | Snapper | The Basics | 5 | July 22nd 04 10:09 AM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 7 | July 16th 04 08:20 PM |
How do I remove Spyware? | Julian Milano | General XP issues or comments | 5 | July 16th 04 04:18 PM |