Dealing with Trojans & Hijackware
A. Trojans
1. Check in at Windows Update and install all critical updates & reboot.
2. Download and run Stinger (
http://vil.nai.com/vil/stinger/); then...
3. Update your virus definitions, enable Show Hidden Files
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if
directed.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:
Disk Cleanup > More options > Delete all but the most recent Restore
Point.
B. Hijackware
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder v1.59.1 (no updates available currently; fix all found)
2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(
http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to
http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
Are You Ready for WinXP SP2?
http://www.microsoft.com/athome/security/protect/default.aspx
WinXP SP2 Release Notes
http://support.microsoft.com/default.aspx?scid=kb;en-us;835935
AumHa Forums
http://forum.aumha.org
Hi!
HbInst.exe is trying to access the Internet I was told by Zone Alarm.
Curious by this I searched for info and found out that it is a Hotbar
feature. I had problems with adware's before which required a
re-install of XP...
So I told Zone Alarm (ver 5.1.011.000) to remember not to allow this
program to access the Internet. I also blocked it in the programs list
provided by ZA.
I searched for some registry keys (see thread:
http://groups.google.com/[email protected]&rnum=7)
to see if I had any of the software installed on my machine, but I was
lucky not to have it. I also changed the attribute on the file folders
keeping the installer and DLL's in order to be able to delete the
files and finally emptied the Trash bin.
Hope fully this will keep HB from my machine...
BR
andes
