Win32.Startpage.QQ???

[Nancy]

My EZ antivirus finds this, says it's infected, but won't clean it or
quarantine it. My CA Pest Patrol keeps alerting me to a CWS.Yexe, but
CShredder won't find it.

And MAS doesn't find either. I have the latest updates, but nothing's
working right.

Help?????

nancyeddy

 

[Guest]

Download Ccleaner, clean everything it finds in the registry and all the temp
files and stuff, don't be afraid

Download ad-aware se and spybot search and destroy (dont install tea timer)

Restart in safe mode and run all the programs you and I listed.

 

[Guest]

I've seen too many false positives to recommend anything from Computer
Associates (PestPatrol, EZ AV,etc.). PestPstrol told me my system was
infected with IstBar, but it wan't. It was detecting a legit MS .ocx
(ActiveX) file that was installed when I installed VB Learning Edition
(version 5) as IstBar since it wasn't signed. However, the file was created
BEFORE digital signing of ActiveX files was ever available to the public.
Not to mention that IstBar is a Hijacker, and my system was not hijacked.

I'd suggest using ewido
(http://www.download.com/3001-8022_4-10326287.html?idl=n), ad-aware
(http://www.download.com/3001-8022_4-10399602.html?idl=n), spybot
(http://www.download.com/3001-8022_4-10401314.html?idl=n), and Tremd Micro's
sysclean
(http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25991,
download from http://www.trendmicro.com/ftp/products/tsc/sysclean.com, and
download latest definition files from
http://www.trendmicro.com/download/viruspattern.asp). Make certain to not
remove checkmarks from both boxes listed under Additional Options menu when
installing ewido, do NOT use Spybot's Immunization feature (i.e., remove
checkmark for Immunization when installing Spybot), and place the
decompressed definition files from Trend Micro (lpt$vpn.xxx, where xxx =
latest definition fileset) in the same folder as the sysclean.com app. Be
sure to download the latest updates for every app before using them. Boot
into Safe Mode (press F8 before initial Windows screen during boot/reboot,
press F8 again to get to Advanced Options screen if neccessary, and choose
option that only states Safe Mode). Run a full system scan with every app,
one at a time, removing what it finds, and continuing until all apps have
been run.

I'm willing to bet that none of the apps find anything related to
CoolWebSearch. If so, then it's likely PestPatrol and EZ AV were giving
false positives. To be certain, Google the name y.exe and yexe, one at a
time, to see what changes they make and see if any have occurred on your
system. Chances are none of the changes have occurred, nor are any of the
additions to the registry.

Alan

 

[Nancy]

I've been using EZ antivirus for years without a problem. PestPatrol does
give false positives quite a bit, I'll agree. But I paid for both programs,
and don't have money to pay for another one right now. That's one reason
why I like MAS, and I also use the yahoo anti-spy on cassation.

nancyeddy

 

[Guest]

All the apps that I suggested are free.

Some of them are better than MSAS in certain areas, but overall MSAS is
usually rated the best by most users and security professionals.

Alan

 

[Guest]

May I simply stress how WRONG you are to not install TeaTimer!!.it's an
incredible feature,worth more,does more than Spybot itself.Anything tries to
change any part of your computer while TeaTimer is running,no way!!,it'll
stop it and throw a screen up asking YOU if you wish to allow it.I sincerely
wish I could have TeaTimer and scrap Spybot.Just one opinion on the subject.SS

 

[Dave M]

Probably a good function SS, but the problem is it COULD conflict with the Real
Time Protection in MSAS. So just be aware of that fact, I run two RTP AS
products myself.

Andy Mancheta lays it out as follows:
Any program that offers RealTime Protection can prevent Malware from being
removed as they can restore the settings when they detect changes so there
could be a conflict which is stopping the malware from being fully removed,
Running scans in safe mode where the real time protection isnt active or
disabling the real time protection while removing the malware would be the
best option, The real time protection applies to all these programs (
Winpatrol, Spywareguard, Spybot s&d (Teatimer option), Ad-Aware's Adwatch,
Microsoft Antispyware's Real Time Protection, SpySweeper, Counterspy, Spyware
Doctor etc.. )

 

[Bill Sanderson]

Tea Timer can also be a source of confusion, and cause difficulties that are
hard to straighten out on a remote basis. I believe that it has been the
source of some typical errors with Microsoft Antispyware when it monitors
\program files and prevents changes there which are routine in running the
program--definition updates and user choices.

--

 

[Guest]

Thx Dave and everyone else.One has to suppose we all have different ideas
when it comes to protection.I like the Tea Time,some don't and it has no
conflict with MSAS.However,I also use a program called Prevx Home Edition
which is free to home users.This program is so excellant as to be beyond
words(in my opinion)anything and everything that tries to get in or out of my
computer and Prevx hasn't already got my blessing is STOPPED COLD!!.You'd
have to try it yourself and form your own opinions but my computers will
never be without it again.I was a tester when Prevx was just being
formulated/created in beta version,so have a bit of a jump start on most
users.It can be a pain if you are an impatient person as will interfere/stop
most programs your downloading,letting you know exactly why it has stopped
the process and you can either allow or deny,Frankly,I don't mind the
interference because Prevx is the ultimate in computer protection.Again,just
my opinion.SS (Bruce)[email protected]

 

[Bill Sanderson]

PrevX is good--but Windows Defender should also do the kinds of things you
are describing, and less intrusively, because of the massive data collection
effort allowing it to give automatic passes to standard applications, while
blocking genuine malware.

 

[Guest]

Explain Windows Defender please.Location,etc,thx.Bruce

 

[Dave M]

Bill Sanderson perhaps meant Windows® Defender the new name for what will
replace MSAS from the development team

 

[Guest]

Okay,thanks for that Dave.Enjoy the rest of the weekend.Bruce

 

[Bill Sanderson]

Sorry--Windows Defender is the just-announced final product name for what we
are now testing as Microsoft Antispyware beta1. Beta2, which should be
re-branded as Windows Defender, is expected to be available before year end.

--

 

[Bill Sanderson]

We probably don't need to worry too much about the copyright symbol--they
did, in fact, get the rights to the name legitimately:

http://www.adamlyttle.com/view.php?m=25

(if not absolutely amicably...)
--

 

[Dave M]

Thanks for the post Bill. I've been wondering how many lawyers were sharpening
their pencils over this one since JoeM posted it, and now the answer is clear...
signed, sealed, and delivered on Oct. 26th, with all the Ts crossed and Is
dotted... lol

 

[Guest]

Thx.Indeed,I read about that in eWeek over the weekend.Is there a Beta 2
now??.My copy keeps telling me to get a new one at Microsoft as mine is due
to expire.But--even though I completely delete my present copy,go download it
again,I get the same one back,same settings too.Think MS is keeping good
track??,hehe.
Do inform please where and when a new version is available,like it,wish to
keep it.Thx.Bruce (SS)

 

[Bill Sanderson]

Thx.Indeed,I read about that in eWeek over the weekend.Is there a Beta 2
now??.My copy keeps telling me to get a new one at Microsoft as mine is
due
to expire.But--even though I completely delete my present copy,go download
it
again,I get the same one back,same settings too.Think MS is keeping good
track??,hehe.
Do inform please where and when a new version is available,like it,wish to
keep it.Thx.Bruce (SS)

I'm quite sure that there's a beta2 in use on desktops in Redmond now, but
it hasn't escaped to the outside world. Historically, new releases in this
beta have happened quite close to the expiry date of the previous
version--615 is July 18, as I recall, and I think the expiration of the 5.xx
series was July 31.

Andre has posted one report which states that it is possible that there'll
need to be an extension of the December 31 expiration date--that's perfectly
possible.

We'll all find out at about the same time. I'm quite sure that
beta2/Defender will make a large splash in the press, but I also believe
we'll probably get it in some automatic fashion--presumably through the
update process in the current beta. Previous updates have involved a popup
from the current beta product stating that an update is available and giving
you a yes/no choice about accepting the update. At times, by the time you
accept the prompt, the update servers have moved on, and the update isn't
available any longer. However, you could always go to Microsoft's site and
grab it directly. This'll be easy to do, I'm sure.

The fact that all your settings are retained is a strength/weakness of the
current product--it leaves most or all of the data/configuration files in
the installation folder intact when you remove the product. That's one
reason for the recipe I post too frequently involving deleting that folder
as part of a reinstallation process when something seems to have become
corrupted.

 

[Guest]

Thx for all the info Bill,good to know.Guess we just sit back and play the
waiting game.just like the slogan we had in the military "Hurry up and
wait",hehe.
regards.Bruce (SS)

 

[Bill Sanderson]

Mike Nash, of Microsoft, announced in yesterdays public chat about security,
that the target date for beta2 has shifted to the first half of 2006.
So--we'll see some rollout that will extend the expiration of the beta1
code, probably.
--