Michael said:
You can go to c:\windows\downloaded program files and see what's
there. But once a site runs an activeX control they pretty much have
full control of your system and could have put files anywhere. So
there's no totally foolproof way of ensuring it is removed except to
format your HDD. You could try running spybot or an antivirus program.
Michael
Formatting and reinstalling is way overkill for this. RG should do the
following troubleshooting:
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions;
2) remove spyware with Spybot Search & Destroy
(
www.safer-networking.org) and Ad-aware (
www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from
http://www.intermute.com/spysubtract/cwshredder_download.html. I would
not install the other Intermute programs, however. Alternately, there
are CoolWebSearch malware removal steps at
http://www.silentrunners.org/sr_cwsremoval.html. A combination of
HijackThis and About:Buster (
http://www.majorgeeks.com) works well in
removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
Malke