Hi John
You probably have more than one scumware to deal with. Start here
McAfee Stinger
http://vil.nai.com/vil/stinger/
CWShredder
http://www.majorgeeks.com/download3019.html
If that does not resolve the problem:
You may have a hijacker, malware, spyware or other scumware on your system
causing this problem. Thus, in addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Although you may have already run one or more of the programs,
please do so again according to the instructions below. Be aware that, some
very aggressive and damaging variants of malware can replicate themselves
repeatedly, or mutate, if not removed properly. Please follow all
instructions carefully to be sure your system is thoroughly cleaned
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
and AdAware and Spybot.
Download the newest version of HiJackThis here:
http://www.bleepingcomputer.com/files/hijackthis.php
(or Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX)
http://www.majorgeeks.com/download4392.html
Also visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
And be sure to use the HijackThis. Please DO NOT post your log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of the
necessary steps to clean your system.
(Note: To avoid having your log deleted or ignored, you *must* do the two
things listed here:
(1) Don't post a HijackThis log until you have already done preliminary
scanning of your system for parasites. I recommend you go to QuickFix page
on this site -
http://aumha.org/a/quickfix.htm - and run all steps
indicated, exactly as specified. Make the HJT log your last step, then post
to one of the sites above if you are still having problems.
(2) In your post, please specify what precleaning you have done, and specify
the problem that is prompting you to run this log in the first place.)
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
Also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or ........
Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
Also.........
Courtesy of Jim Byrd -
Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these:
http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough
NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.
If these steps do not resolve your problem, or you need help with the above,
please post back to this thread with the details and any error messages.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm