DataMiners and Malware Problems

[steve]

I am having huge problems with DataMiners and Malware.
Despite the obvious sending of info to third parties they
are causing IE6 to become very unstable. IE will launch
by itself, my home page keeps changing, pop-ups
everywhere.

I use AdAware to get rid of the offending items but as
soon as I get back on the internet my system is full of
them again.

How do I stop them ?? Is there a security patch from MS
to stop them at the front door. My firewall is up and
active and working very well according to
http://www.grc.com/default.htm

I have downloaded and installed SP #1 a long time ago.

Thanks in advance ...... Steve

 

[Charlie Tame]

I am having huge problems with DataMiners and Malware.
Despite the obvious sending of info to third parties they
are causing IE6 to become very unstable. IE will launch
by itself, my home page keeps changing, pop-ups
everywhere.

I use AdAware to get rid of the offending items but as
soon as I get back on the internet my system is full of
them again.

How do I stop them ?? Is there a security patch from MS
to stop them at the front door. My firewall is up and
active and working very well according to
http://www.grc.com/default.htm

I have downloaded and installed SP #1 a long time ago.

Thanks in advance ...... Steve

From recent personal experience (please do wait for other replies) search
for a file called HOSTS (no extension) and remove or rename it
temporarily... see if that makes a difference. Please be sure you only do
this with a file called HOSTS, not with any others...

Charlie

 

[RayO]

Basically you've been tricked into installing a
parasite software. Firewall and various scans
will not help, since the system thinks you wanted
the software installed and running.

Here's what you do:

1) Go to IE's Tools, Internet Options,
Advanced, uncheck enable third-party
browser extensions. Click OK, then close IE.

2) Go to Windows Explorer and into your
WinXP folder, then Downloaded Program
Files. Remove anything suspecious there
in Downloaded Program Files. You can get
more info on modules there by right-clicking
them and checking their Properties.

3) Go to Start, Programs, check the
Startup folder items. See if there is
anything in there that's suspecious. If so,
move it to a temporary folder somewhere else.
If you know the name of the offending program,
you should also look for it in Add/Remove programs
in Control panel and remove it.

4) Run Regedit, goto HK_Local_Machine,
Software, Microsoft, Windows, CurrentVersion,
Run. Make a careful note of what's in the Run
folder there. Anything here starts automatically when you
start Windows. Again, remove anything that's
suspecious, but just be careful what you remove, and
make sure you can reverse the change later if necessary.
You may be able to do the same by running MSConfig and
unchecking suspecious startup program items there.
Just be careful with this.

5) Restart Windows, then go to Control panel, Internet Options
and reset your homepage there to your preferred URL.


RayO

 

[RayO]

BTW, also check the RunOnce and RunServices
registry keys in CurrentVersion. If you're unsure
about removing anything there, post here what you
see there.