Hi Dave
Comments inline:
Re: Attached
Here is where things stand.
1) I have run Norton, Earthlink Virus, and MSoft Beta Virus without finding
anything.
2) I have turned Earthlink "ScamBlocker" off and then back on and the
previously reported 'all sites are suspicious' behavior is gone.
3) IE is still running very slowly (takes 2 min 30 seconds CPU time to start
up IE and load my yahoo portal homepage as an example)
4) I have run Spybot and found only a bunch of cookie stuff plus two DSO
entries. I was then running through the steps defined at
http://forums.majorgeeks.com/showthread.php?t=35407 where I ran the Spybot
DSO fix, but am still getting two DSO entries reported. I am up to date with
my system so, as I understand things, MSoft's DSO exposures should be fixed.
At this point I am making the following conclusions.
1) The DSO problem might be the path into my computer, but probably isn't
the problem itself.
I would not consider the DSO findings in SpyBot a problem of concern or
cause As I understand, it is a bug in that program they are still trying to
resolve.
2) Given that I have seen NO funny stuff going on when IE isn't running, the
next step would actually seem to be to uninstall and reinstall IE - but
....
You have not mentioned if you have run other detection tools such as AdAware
or HijackThis. I will cover a few things regarding types of scumware that
you may not be aware of. SpyBot S&D detects and removes Spyware, NAV and
other anti-virus programs only deal with viruses and related types of warez.
That leaves adware, Trojans, hijackers, worms, parasites, and the many
variants of each, that can go undetected and continue to cause problems.if
the proper detection and removal tools are not used. Also, there are some
types of scumware and their variants that can actually hide in legitimate
files on your system, thus, they can not be detected when running the scans
while running Windows, they must be run from Safe Mode in order to allow the
files to be detected and removed. Some variants of scumware can actually
replicate itself repeatedly and keep returning with each new boot if they
are not properly removed.
It does not mean that the programs you have run are not good, it merely
means that you need to use them in Safe Mode, and use the other tools in
addition, to perhaps find and remove everything that might be causing the
problem. Until you have run the AdAware, and HiJackThis and posted your log
for expert review and corrections if necessary, you may not know for sure
that your system if totally clean. You may be surprised at what may still
be on your system.
I can only urge you to download and run the two programs below, and post the
HJT log per the instructions, so that you can make sure there are no other
types of warez that are causing the problem.
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
and AdAware and Spybot.
Download the newest version of HiJackThis here:
http://www.bleepingcomputer.com/files/hijackthis.php
(or Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX)
http://www.majorgeeks.com/download4392.html
Also visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
And be sure to use the HijackThis. Please DO NOT post your log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
Also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
3) The complexity of all this is really leading me to think that the very
nature of IE makes it not worth using - FIREFOX being the natural
alternative (or maybe Opera, I suppose). I would probably have already done
this except for the fact that it will irritiate my wife as she deals with
the browser changes (of course she can't use it all right now).
As for #3.
First, if your system is not 100% clean, it will not make any difference
which other browser you use, as the problems will only continue to compound
over time. Just changing browsers will not make any warez simply go away.
While you many not experience the same affects at the time, they will make
themselves felt in other ways. Assured.
Second, if you are going to continue to use Windows, you will need to keep
IE to install some updates which can't be downloaded and installed from the
hard drive. Thus, you should make sure that all is working properly anyway.
Also, don't be sold on the idea that all other browsers out there are
invulnerable to warez. This is a very unfortunate assumption on many
people's part, and it is totally untrue. While IE seems to be the bigger
target for such attacks, the growing market of other browsers are making
them a new source of lucrative income for those who are behind creation of
the junk in the first place. It all involves *huge* profits, and they are
now moving into the other programs as well. If you make a decision to move
to another browser, then I urge you make that decision based upon how well
the other browser will fit your daily needs, *not* based upon a sense of
total security.
I would like comments on option #2 vs. option #3.
I have been as honest and upfront as possible in answering your questions,
and provide information that I am in hopes will help resolve your problem.
However, the decision making is in your hands.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm