Ad-aware is finding new spyware every 2 minutes

[\Perverts or Policy?\]

For the past few weeks, my pc has been slow, locking up and something
changed the color of my toolbar. These problems have been resolved by
ad-aware (thank you Lavasoft) quarantining 237 items but subsequent scans
minutes later find 2-5 new suspected items. I can purge my hard drive and
start with a clean slate no problem because this computer is only for web
surfing (i did do some shopping and my email privacy has probably been
compromised.) Did ad aware not pick up all the suspects that first go or am
I being bombarded constantly when I web surf and I need to initiate scans
constantly?

 

[null]

For the past few weeks, my pc has been slow, locking up and something
changed the color of my toolbar. These problems have been resolved by
ad-aware (thank you Lavasoft) quarantining 237 items but subsequent scans
minutes later find 2-5 new suspected items. I can purge my hard drive and
start with a clean slate no problem because this computer is only for web
surfing (i did do some shopping and my email privacy has probably been
compromised.) Did ad aware not pick up all the suspects that first go or am
I being bombarded constantly when I web surf and I need to initiate scans
constantly?

Use Mozilla for browsing.


Art
http://www.epix.net/~artnpeg

 

[Heather]

For the past few weeks, my pc has been slow, locking up and something
changed the color of my toolbar. These problems have been resolved by
ad-aware (thank you Lavasoft) quarantining 237 items but subsequent scans
minutes later find 2-5 new suspected items. I can purge my hard drive and
start with a clean slate no problem because this computer is only for web
surfing (i did do some shopping and my email privacy has probably been
compromised.) Did ad aware not pick up all the suspects that first go or am
I being bombarded constantly when I web surf and I need to initiate scans
constantly?

Download SpywareBlaster (freebie) from Javacool and see if that doesn't make
a difference.....it stops spyware from landing on your computer.

Then, if needed, run Hijack This or CWShredder.....but you may find that SWB
does the trick.

Just opened the new Spybot 1.3.....it found more than the previous one. You
can find that one at Major Geeks.....(probably the other ones as well).

Heather

 

[\Perverts or Policy?\]

or

Download SpywareBlaster (freebie) from Javacool and see if that doesn't make
a difference.....it stops spyware from landing on your computer.

Then, if needed, run Hijack This or CWShredder.....but you may find that SWB
does the trick.

Just opened the new Spybot 1.3.....it found more than the previous one. You
can find that one at Major Geeks.....(probably the other ones as well).

Heather

cool, thank you both.

 

[f.long]

For the past few weeks, my pc has been slow, locking up and something
changed the color of my toolbar. These problems have been resolved by
ad-aware (thank you Lavasoft) quarantining 237 items but subsequent scans
minutes later find 2-5 new suspected items. I can purge my hard drive and
start with a clean slate no problem because this computer is only for web
surfing (i did do some shopping and my email privacy has probably been
compromised.) Did ad aware not pick up all the suspects that first go or am
I being bombarded constantly when I web surf and I need to initiate scans
constantly?

Possibly, Look2Me parasite.

Download kill2me at http://www.spywareinfo.com/~merijn/downloads.html.
If XP, "turn OFF restore points. If XP or W2K boot into safe mode,
and run kill2me. It is a good practice to run in "safe mode" with
"restore points" turned off, when using ad-aware, spybot, etc. when
you have a parasite that keeps coming back. Look2Me is a pretty well
written parasite, because it gets started before the explorer shell,
so it does not show up as a running process, and can not be removed
while the shell is running. It's entire job is to run in the
background, wait for an internet connection, and then repeatedly
download parasites, adware, and as much crap it can find out there.

F. Long

 

[\Perverts or Policy?\]

Possibly, Look2Me parasite.

Download kill2me at http://www.spywareinfo.com/~merijn/downloads.html.
If XP, "turn OFF restore points. If XP or W2K boot into safe mode,
and run kill2me. It is a good practice to run in "safe mode" with
"restore points" turned off, when using ad-aware, spybot, etc. when
you have a parasite that keeps coming back. Look2Me is a pretty well
written parasite, because it gets started before the explorer shell,
so it does not show up as a running process, and can not be removed
while the shell is running. It's entire job is to run in the
background, wait for an internet connection, and then repeatedly
download parasites, adware, and as much crap it can find out there.

F. Long

Great, thank you.

 

[Fei]

try this one : http://www.SeeMeMe.com/download/diagnose.exe and submit
your diagnose log file.

 

[Tom Randy]

On Thu, 13 May 2004 17:41:39 GMT, "\"Perverts or Policy?\""

Use Mozilla for browsing.

I'll second that but hey, I run Linux anyway...

 

[Nick FitzGerald]

For the past few weeks, my pc has been slow, locking up and something
changed the color of my toolbar. These problems have been resolved by
ad-aware (thank you Lavasoft) quarantining 237 items but subsequent scans
minutes later find 2-5 new suspected items. I can purge my hard drive and
start with a clean slate no problem because this computer is only for web
surfing (i did do some shopping and my email privacy has probably been
compromised.) Did ad aware not pick up all the suspects that first go or am
I being bombarded constantly when I web surf and I need to initiate scans
constantly?

Further to (or instead of) all the other advice...

Quite possibly you have some new scumware that Ad-aware is not detecting
yet that is re-introducing some components that it does.

Or you may just visit a bunch of dodgy sites and have had one or more of
the recent nasties that dumbs down your IE security zone settings. If
this is the case you should seriously consider using another browser
(actually, you should do that anyway _AND_ make sure that nothing else
you use is really just a few kilobytes of independently developed code
masquerading IE in front of you in different regalia...), but either way,
Disconnect your Internet connection, kill all IE instances, run Ad-aware
again and fix everything it knows about then run the Internet Options
control panel and reset each of the IE security zones to their defaults.
Now go back online, brose around a bit and re-check the IE security
settings -- if they've been altered from the defaults, the "Default
Level" button will not be greyed-out. If you have some kind of hi-jacker
resetting your IE security settings to a dumbed-down level it is very
dagerous to browse the net with IE _or_ to use any IE-based Email client
(Outlook, OE, etc) until you get the system properly fixed -- at this
point you need things like HijackThis and the "expert help" various
places offer to make sense of the HJT logs. This is described in many
other posts here so I'll skip the gory details...

 

[\Perverts or Policy?\]

Further to (or instead of) all the other advice...

Quite possibly you have some new scumware that Ad-aware is not detecting
yet that is re-introducing some components that it does.

Or you may just visit a bunch of dodgy sites and have had one or more of
the recent nasties that dumbs down your IE security zone settings. If
this is the case you should seriously consider using another browser
(actually, you should do that anyway _AND_ make sure that nothing else
you use is really just a few kilobytes of independently developed code
masquerading IE in front of you in different regalia...), but either way,
Disconnect your Internet connection, kill all IE instances, run Ad-aware
again and fix everything it knows about then run the Internet Options
control panel and reset each of the IE security zones to their defaults.
Now go back online, brose around a bit and re-check the IE security
settings -- if they've been altered from the defaults, the "Default
Level" button will not be greyed-out. If you have some kind of hi-jacker
resetting your IE security settings to a dumbed-down level it is very
dagerous to browse the net with IE _or_ to use any IE-based Email client
(Outlook, OE, etc) until you get the system properly fixed -- at this
point you need things like HijackThis and the "expert help" various
places offer to make sense of the HJT logs. This is described in many
other posts here so I'll skip the gory details...

I am drained. I did everything except switch to mozilla and am still getting
hijacked. I have to decide what to copy before purging my desktop
(again_) - I WANT to go linux but havent bought the how to book yet so I
think I can bear this a bit longer as my web surfing and emailing is tame
and all my site visits have been to all the standard news and shopping
sites. I don't pay bills and my credit card purchases are controlled. Does
still suck ass though.

Thank you Everybody.

 

[William W. Plummer]

I am drained. I did everything except switch to mozilla and am still getting
hijacked. I have to decide what to copy before purging my desktop
(again_) - I WANT to go linux but havent bought the how to book yet so I
think I can bear this a bit longer as my web surfing and emailing is tame
and all my site visits have been to all the standard news and shopping
sites. I don't pay bills and my credit card purchases are controlled. Does
still suck ass though.

Thank you Everybody.

Here's what I did. Go through the registry
HKLM/Software/Microsoft/Windows/CurrentVersion/Run and make sure you know
what each file is and what it does. If you don't, delete the file (not the
registry entry). What you'll find is many of those files are hidden and
deleted in Windows\System32 or Window\System etc. To handle this, boot into
safe mode (F8 button), get into a DOS box, connect to the directory and do
attrib -r -h -s evil.exe . You might just rename it to evil.xex rather
than deleting it in case you make a mistake and need to put it back.