stuff I found today after I ran the beta ( not cookies guys)

C

charlievan

Well Hi everyone my question or plea for info is based on
the following info.
I have run XOFTSPY and it picks up 2
Then did pest patrol scan and got the rest

1st - CWS.homepage = Registry ValueBrowser Hijacker
software\microsoft\internetexplorer\search\da'
2nd - CWS.Smartsearch = Malware
C:\WINDOWS\system32|unistall.exe
3rd - gator/gain/claria/ - adware
C\windows\gator\trickler/3103_pic_fs_dump_3103.exe
4th - 180solutions - adware
c\temp\salm\.log
c\temp\salm\_kyf.dat
5th - IST bar - hijacker
c\program files\common files\totem shared
6th - media pass - adware
hkey_classes_root \interface\{00ada225-ea6c-4fb3-82

can anyone tell me how to clean it if it is a threat.
also I tried to run my xp pro in safe mode by hitting f8
which is what iI thought would do it can someone correct
me please, I am learning I hope to one day be as sharp
about all this as you are, LOL ( still growing )

charlie
 
E

Engel

Hello Charlivan

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then send
it to Ron Kinner as an attachment. He can probably
identify the problem and tell you how to get rid of it for
good.

Ron Kinner
(e-mail address removed)

Good luck

Engel
 
R

Ron Kinner

Thanks for the recommendation. He sent me his log. He
has a brand new virus called: VBS.Redlof.A

The two lines in his log that come from the virus:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = c:\Program
Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = c:\Program
Files\Common Files\Microsoft Shared\Stationery\Blank.htm

See:

http://securityresponse.symantec.com/avcenter/venc/data/vbs
..redlof.a.html

Appears it was just discovered 4/16.

Ron
 
C

charlievan

guys so what should I do about it I currently have all
microsoft and windows updates running and active, I have
symantic security also current as of 4/16/05, MASB,
spysweeper, these are active and running, these do not
include all the free and demo security programs I have to
get rid of crap, I need toknow what your opinions on these
programs are what should I keep and what should I dump,
XOFTspy,windows registry repair pro by 3B
software,Ccleaner, panicware pop up stopper,spybot s/d,
lavasoft ad-adaware SE personal, win cleaner 2002 and just
got Hijackthis and Bugoff.

P.S Ron should I delete with Hijack this the lines you
mentioned

charlie
 
C

charlievan

well never mind thanks ron that worked and I ran multiple
scans after restart the only thing I am finding is from
symantec keeps finding a cdt adware ( compressed and
unopened ) low threat tells me to just leave alone, its in
one of the backups I am considering deleting all previous
backups in doc/setting file and then backing up from
today.
what do you guys think.
charlie
 
C

charlievan

I quess this is a new problem after all or the patch does
not work it was included in the security updates that I
have been downloading on a regular basis, my system has
all the security features recomended by this forum and the
updates. once again thank you to Ron Kinner for your help
and support while I daily improve and learn new things
about the operation of this computer.And no he requested
my reg log and explained to me how to delete from my
system ( P.S really that was more than you could do,your
post did nothing answered no guestions, solved no problems
was just a sarcastic reference to Mr. Kinners post and
request for info to solve the problem) really lets think
about what we say in our posts if you are not part of the
solution then you are part of the problem, smells like
petty jealousy ( or however you spell that word)
charlievan

( >-----Original Message-----
 
P

plun

charlievan said:
I quess this is a new problem after all or the patch does
not work it was included in the security updates that I
have been downloading on a regular basis, my system has
all the security features recomended by this forum and the
updates. once again thank you to Ron Kinner for your help
and support while I daily improve and learn new things
about the operation of this computer.And no he requested
my reg log and explained to me how to delete from my
system ( P.S really that was more than you could do,your
post did nothing answered no guestions, solved no problems
was just a sarcastic reference to Mr. Kinners post and
request for info to solve the problem) really lets think
about what we say in our posts if you are not part of the
solution then you are part of the problem, smells like
petty jealousy ( or however you spell that word)
charlievan
Click to expand...

Hi

Sorry about that ! I am used to see HijackThis logs within
public boards for future references, not in private mail.

And it is a major problem with unpatched OS and nonupdated
anti virus programs.
 
R

Ron Chamberlin

Charlie,
When all is clean, make sure you have your Windows updates running, have a
firewall on, use a current up to date antivirus program and you should be in
pretty good shape.

Ron Chamberlin
MS-MVP
 
Top