Hit by spyware

  • Thread starter Thread starter ~~Alan~~
  • Start date Start date
A

~~Alan~~

I have a windows 2000 system that has been hit with spyware! More
specifically, IE's homepage has been changed and no matter what I do to
change it back, it gets changed back to about: blank.

It's not really a blank page, but rather a page with links to hundreds of
shopping locations. I know there is something in the registry that keeps
doing this to me, but where can I look?

But the problem get better. I was able to download and install Ad-Aware.
Before I ran Ad-Aware, I was able to at least browse to other pages, but now
it stays on this shopping page.

I'm going to have to install Firefox if I want to continue and I do, but
this really needs to get fixed.

Thanks for your help.
~alan
 
~~Alan~~ fumbled, fiddled and fingered:
I have a windows 2000 system that has been hit with spyware! More
specifically, IE's homepage has been changed and no matter what I do
to change it back, it gets changed back to about: blank.

It's not really a blank page, but rather a page with links to
hundreds of shopping locations. I know there is something in the
registry that keeps doing this to me, but where can I look?

But the problem get better. I was able to download and install
Ad-Aware. Before I ran Ad-Aware, I was able to at least browse to
other pages, but now it stays on this shopping page.

I'm going to have to install Firefox if I want to continue and I do,
but this really needs to get fixed.

Thanks for your help.
~alan
Click to expand...

look here

http://www.akadia.com/services/about_blank_virus.html
 
Hi Alan:

Use Adaware SE in Safe Mode and follow the below instructions...


1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt406.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Reboot your PC into Safe Mode and shutdown as many applications as possible
3) Using the Trend Sysclean utility and Adaware, perform a Full Scan of your platform
and clean/delete any infectors found
4) Restart your PC and perform a "final" Full Scan of your platform


* * * Please report back your results * * *

--
Dave






| I have a windows 2000 system that has been hit with spyware! More
| specifically, IE's homepage has been changed and no matter what I do to
| change it back, it gets changed back to about: blank.
|
| It's not really a blank page, but rather a page with links to hundreds of
| shopping locations. I know there is something in the registry that keeps
| doing this to me, but where can I look?
|
| But the problem get better. I was able to download and install Ad-Aware.
| Before I ran Ad-Aware, I was able to at least browse to other pages, but now
| it stays on this shopping page.
|
| I'm going to have to install Firefox if I want to continue and I do, but
| this really needs to get fixed.
|
| Thanks for your help.
| ~alan
|
|
 
Wow that's complicated for what looks like an easy removal from:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 
George Hester fumbled, fiddled and fingered:
Wow that's complicated for what looks like an easy removal from:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Click to expand...

Guy in work got hit by the same malware and every time you delete it
from the Run key it reinserts itself. I tried all ways until using that
method.
 
That's normally because the call is elsewhere also. Should also check:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Also check Startup programs and system.ini

But there is also another location in the registry so maybe that method of removal at the link you gave is not so complcated after all. Sorry Steve.
 
George:

SYSTEM.INI is not interpreted by the Win2K OS.
It is a legacy construct held for compatibility issues with older applications.

--
Dave




That's normally because the call is elsewhere also. Should also check:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Also check Startup programs and system.ini

But there is also another location in the registry so maybe that method of removal at the
link you gave is not so complcated after all. Sorry Steve.
 
Yes I know but Windows 2000 will still pick up info in there as a legacy app. And so some spyware does this. Seen it
before. It still needs to be checked.
 
OK, Win2K won't use nor interperate it. However *any* application can be written to use it,
or WIN.INI, at will but the OS will not interpret the "LOAD=" and "RUN=" directives. They
are infector loading vectors in Win9x/ME.

--
Dave




Yes I know but Windows 2000 will still pick up info in there as a legacy app. And so some
spyware does this. Seen it
before. It still needs to be checked.
 
I used the Trend system Dave Lipman suggested and that did the trick.

thanks all for your help and suggestions.

~alan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Fixing dents on a car door at home 8
Avast Antivirus Was Spying On You with Adware (Until This Week) 11
How is everyone doing? 23
New online GDPR and cookie laws 5
Please Help! Virus? Avast, Firefox, Windows update quit working 4
Spyware reported by Windows? 11
Has anyone found a solution to the "googleads.g.doubleclick.net" backclick problem? 17
Online grocery shopping 11

Back
Top