Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (
http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(
http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to
http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
Are You Ready for WinXP SP2?
http://www.microsoft.com/athome/security/protect/default.aspx
WinXP SP2 Release Notes
http://support.microsoft.com/default.aspx?scid=kb;en-us;835935
AumHa Forums
http://forum.aumha.org
Ard said:
Sorry if I am posting this to the wrong group, but I am a bit new to
this...
I've been looking up info about the supposed spyware that comes with AIM
including the ones mentioned in the subject line. I know weatherbug is
fairly innocent and possibly the others are as well, but I'm not really
interested in having them on my hard drive.
What exactly does each program do, how can I get rid of them, and with
what
version did AIM start installing this junk? I'm also looking to remove
references to it from my registry, if possible. The most annoying theng
about these useless junk add-ons is they are nearly impossible to get rid
of.
Any help would be appreciated.
Ard Rhi
