Hi Sue - You need to search for and delete any HOSTS files on your computer
that the trojan has modified as shown on the Manual Removal instructions
page. There may be several and they may be located in places other than
that normal for HOSTS for your machine (such as \Windows\Help, for example)
as well as in the normal place. Normal location is:
Windows XP\2000 Location: - C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 98\ME Location: - C:\WINDOWS
If you ever want to use a HOSTS file for ad blocking or the like, you can
always create a new default as I outlined or just copy a good ad blocking
HOSTS file to that location in \drivers\etc such as the one here:
http://www.mvps.org/winhelp2002/hosts.zip from Mike Burgess' site. You can
read more about this here:
http://www.mvps.org/winhelp2002/hosts.htm I
would recommend it, as it also stops much "malware" from getting on your
system as well as ads.
If you want to take some additional steps to defend your machine, I would
suggest the following:
The best way to start is to get Ad-Aware 6.0, Build 162 or later, here:
http://www.lavasoftusa.com/support/download/. Update and run this regularly
to get rid of most "spyware/hijackware" on your machine.
Another excellent program for this purpose is SpyBot Search and Destroy
available here:
http://security.kolla.de/ SpyBot Support Forum here:
http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
using both normally. After fixing things with SpyBot S&D, be sure to
re-boot and rerun SpyBot again and repeat this cycle until you get a clean
"no red" scan.
Next, courtesy of Mike Burgess:
--Recommended Minimum Security Settings--
Close all instances of IE and OE
Control Panel | Internet Options
Click on the "Security" tab
Highlight the "Internet" icon, click "Custom Level"
1) "Download signed ActiveX scripts" = Prompt
2) "Download unsigned ActiveX scripts = Disable
3) "Initialize and script ActiveX not marked as safe" = Disable
4) "Installation of Desktop items" = Prompt
5) "Launching programs and files in a IFRAME" = Prompt
Click on the "Content" tab
Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply\Ok
Prevent your "HomePage" setting from being Hijacked
http://www.mvps.org/winhelp2002/ietips.htm
_____________________________
Mike Burgess
Information isn't free if you can't find it!
http://www.mvps.org/winhelp2002/
Then, from me:
You might want to consider installing the SpywareBlaster and SpywareGuard
here to help prevent this kind of thing from happening in the future:
http://www.wilderssecurity.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWare Blaster is not memory resident ... no CPU or
memory load - but keep it updated) The latest version as of this writing
will prevent installation or prevent the malware from running (837 parasites
as of this date) if it is already installed, and it provides information and
fixit-links for a variety of parasites.
http://www.wilderssecurity.net/spywareguard.html (Monitors for attempts
to install malware) Both Very Highly Recommended.
Good luck!
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In