IE is Spamming Me!

[Guest]

I was able to FINALLY disable & actually uninstall a large portion of Messenger by going to Kim Komando's website & following the instructions she laid out. Unfortunately, the 1st couple of "fixes" didn't work, and I ultimately had to rely on the last one to do the trick. Here is the URL: http://www.komando.com/tips_show.asp?showID=4970

This stopped MOST of the problem.

However IE is still "hijacking" my browser on occasion. Another window opens that is generated BY IE and it is an ad for... guess what... software to stop ads. Or it is "search assistant" or some other similar BS.

And when I take a look in Task Manager (control-alt-del) I see that there are TWO versions of IE running.

For those who are late to the party, I have already posted about my exploits in this area a few weeks back.**** So PLEASE do not bother telling me about installing Spybot, Spysweeper, and any other anti-spyware programs, because it's been done.**** And the culprit has ultimately been found to be IE/Messenger.

As I mentioned, I've been able to stop the Messenger Spam, but not the IE spam. So how do I stop the IE spam?

I really don't want to have to wipe my HD & reinstall everything just to keep MS from taking over my PC.

Thanks,

~SubMariner~

 

[Jan Il]

Hi SubMariner

It is likely you have parasites, spyware, adware, malware, or hijackware on
your system causing the problem, which your antivirus will not detect, as it
does not have the same definitions.

It is a good rule of thumb that, when you have a problem with some form of
junkware on your system, that you make a clean sweep with all programs to be
sure there are no others lurking on your system to show up as well. It is
simply good protection maintenace for your machine.

Download and install, then you *MUST* update the programs prior to running
to be sure they have the latest definitions, then run the programs below.
They are free and very effective. Be sure to run both SpyBot and Adaware,
as what one does not detect the other may. It is important that you do all
the steps and follow all directions carefully:

#########IMPORTANT#########
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:

http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
#########IMPORTANT#########

Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html

It is important that you run the programs in the order that they are listed
here. The first three programs will clear your machine of all other items so
that you can have a clear HiJackThis Log for the experts to read and analyze
for you.

CWShredder: Free
http://tinyurl.com/2l9kl

SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2

AdAware: Free
http://www.lavasoftusa.com/support/download/

HiJackThis: - Free

Go to
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
and download HiJackThis. Unzip to a folder other than your Desktop or the
Temp folder, doubleclick HiJackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.

Open the copy of your log in NotePad and make a copy. Then you can go here
to post you log:

Jim Eshelman's site here:
AumHa Forums - HiJackThis section:
http://forum.aumha.org/

<<DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>

You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log

Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer

HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42


Hope this helps.

Jan

Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html

 

[C. A. Upsdell]

I was able to FINALLY disable & actually uninstall a large portion of

Messenger by going to Kim Komando's website & following the instructions she
laid out. Unfortunately, the 1st couple of "fixes" didn't work, and I
ultimately had to rely on the last one to do the trick. Here is the URL:
http://www.komando.com/tips_show.asp?showID=4970

This stopped MOST of the problem.

However IE is still "hijacking" my browser on occasion. Another window

opens that is generated BY IE and it is an ad for... guess what... software
to stop ads. Or it is "search assistant" or some other similar BS.

IE is your browser: it cannot hijack itself. And MS is not trying to take
over your PC. You clearly have scumware on your PC created by parties other
than MS, and you have to go back to SpyBot, Ad-Aware etc. to clean the
scumware out.

I also wonder how up-to-date your PC is: do you have all the latest
updates, esp. the security updates?

 

[Guest]

If you have tried everything and have been having trouble this long, you may
want to post a Hijack This log @ one of the Forums for expert advice.

Download the program into its own folder, open it and click on Scan. This
will produce the Log. DONT FIX ANYTHING. Copy and Paste Log to one of the
Forums. You will have register, but it only takes a few minutes.

Hijack This - http://tomcoyote.com/hjt
alternate download link
Hijack This http://aumha.org/a/quickfix.htm (link on this page)


FORUMS - EXPERTS TO READ YOUR HJT LOG
http://forums.tomcoyote.org/
http://forums.spywareinfo.com/
http://computercops.biz/forums.html
http://boards.cexx.org/
http://www.techsupportforums.com/
http://forums.techguy.org/
http://forums.net-integration.net/index.php

I was able to FINALLY disable & actually uninstall a large portion of

Messenger by going to Kim Komando's website & following the instructions she
laid out. Unfortunately, the 1st couple of "fixes" didn't work, and I
ultimately had to rely on the last one to do the trick. Here is the URL:
http://www.komando.com/tips_show.asp?showID=4970

This stopped MOST of the problem.

However IE is still "hijacking" my browser on occasion. Another window

opens that is generated BY IE and it is an ad for... guess what... software
to stop ads. Or it is "search assistant" or some other similar BS.

And when I take a look in Task Manager (control-alt-del) I see that there

are TWO versions of IE running.

For those who are late to the party, I have already posted about my

exploits in this area a few weeks back.**** So PLEASE do not bother telling
me about installing Spybot, Spysweeper, and any other anti-spyware programs,
because it's been done.**** And the culprit has ultimately been found to be
IE/Messenger.

As I mentioned, I've been able to stop the Messenger Spam, but not the IE

spam. So how do I stop the IE spam?

I really don't want to have to wipe my HD & reinstall everything just to

keep MS from taking over my PC.

 

[Guest]

Already done. See previous msgs.

~SubMariner~

 

[Jan Il]

Hi SubMariner

OK......then you may have the latest and nastiest of the variants. Here are
two removal tools that have come about in the last few days that seems to
work on these new variants. The latest is the coolwebsearch infection that
uses a hidden dll to reinfect. It replicates itself over and over if not
removed properly.

IMPORTANT!!
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN
FILES. THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES
ARE ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT

http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip

res://C:\WINDOWS\<random name>.dll/sp.html#<random number>
http://www.hsremove.com/

Then run the HiJackThis again and post a new log to the sites I gave you
before for this. It is important that you run these files in the Safe Mode
and with Hidden Files Enabled so that the scanners can find all the files
that are trying to hide.

Please post back if you have any questions and let us know how things go.


Hope this helps.

Jan

Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm