S
skoolgirl28
Chuck said:On Fri, 3 Dec 2004 17:31:59 +0000, skoolgirl2
(e-mail address removed)
wrote:
-
I have a 2 month old computer that's connected to the internet by a
cable modem. Somehow, I am guessing one of the users of this computer
downloaded some kind of embedded file and now my computer runs all
screwy. I have downloaded Norton Anti-Virus, SpyBot, Yahoo Anti-Virus
and Ad-aware and still can't seem to remedey the problem. I als
tried
clearing my temporary internet files and cookies. I also keep getting
pop-ups for things saying that my computer is in danger. I can't keep
a start-up homepage and it always resets to either
http://win-eto.com/hp.htm?id=32729 or
http://t.swapx.cc/h.php?aid=20009. If anyone knows anything about
these symptoms, please post something so it can be remedied. All help
is appreciated. Thanks-
If you have a hijack or other spyware problem, you need HijackThis an
expert
advice. And when you run HJT, please post the URLs of your foru
post(s).
Start by downloading each of the following additional free tools:
CWShredder http://www.majorgeeks.com/download4086.html
HijackThis http://www.majorgeeks.com/download.php?det=3155
LSP-Fix http://www.cexx.org/lspfix.htm
WinsockXPFix http://www.spychecker.com/program/winsockxpfix.html
Stinger http://us.mcafee.com/virusInfo/default.asp?id=stinger
TrendMicro Engine http://www.trendmicro.com/download/dcs.asp
TrendMicro Signatures http://www.trendmicro.com/download/pattern.asp
TrendMicro Instruction
http://www.trendmicro.com/ftp/products/tsc/readme.txt
Create a separate folder for HijackThis, such as C:\HijackThis - cop
the
downloaded file there. Create a separate folder for the two TrendMicr
files,
such as C:\TrendMicro - copy the downloaded files there (unzipped i
necessary).
CWShredder has an install routine - run it. The other downloade
programs can
be copied into, and run from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and ru
CWShredder. Have
it fix all problems found.
Next, disable System Restore.
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run C:\TrendMicro\Sysclean.com. Delete any infectors found. Reboo
your
computer, and re enable System Restore.
Next, run AdAware again. First update it, configure for full scan
(http://forums.spywareinfo.com/index.php?showtopic=11150), then scan.
When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D again. First update it, then run a scan. Trus
Spybot,
and delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately.
Save the
HJT Log.
http://forums.spywareinfo.com/index.php?showtopic=227
http://forums.spywareinfo.com/index.php?showtopic=11150
Finally, have your HJT log interpreted by experts at one or more o
the
following security forums (and PLEASE post a link to your forum posts
here):
Aumha: http://forum.aumha.org/index.php
Net-Integration: http://forums.net-integration.net/
Spyware Info: http://forums.spywareinfo.com/
Spyware Warrior: http://spywarewarrior.com/index.php
Tom Coyote: http://forums.tomcoyote.org/
If removal of any spyware affects your ability to access the interne
(some
spyware builds itself into the network software, and its removal ma
damage your
network), run LSP-Fix and / or WinsockXPFIx.
Thanks Chuck so much for your help, Ill be sure to tell you and pos
how this all turns out