bmcp said:
Hi,
I have a Dell Dimension running XP Home in a small home network. I try
and keep my machine clean with Spybot, Adaware 6.0 and Spyware blaster
all in conjenction with Macafee Internet security Suite 9.0, BUT, I
still think something has got in!! When I launch IE6, explorer runs
fine but I get another taskbar open at the bottom of my screen on top
of the normal taskbar. This additional taskbar has a number of links
including "make Money", "music", "Casino", "investing", "Travel",
"Mortgage" and six other search bars as well as the traditional serach
bar. Interestingly there is no traditional address bar at the top of
the page. This additional bar has a small red "X" in the corner but
this bar will not close, consequently I cannot get to my windows task
bar unless I move it before I launch IE. The only way to get rid of
this thing is to open task manager and end the IE process, although
the IE page closes as it should. Any ideas?
You are correct - you do have malware on your computer. Since you
mentioned Ad-aware 6.0 which is obsolete, I conclude that you haven't
got the latest versions and updated reference files of your antispyware
tools. With antispyware programs, it is crucial that all tools be the
latest versions using the latest reference files. Before you do
anything else, update all your antispyware software and make sure you
have the latest virus definitions from McAfee. I refer to other
antispyware tools in the steps below; you might want to get them while
you are still in Regular Mode updating your current tools.
Now run through these malware removal steps with your updated tools in
Safe Mode. To get to Safe Mode, repeatedly tap the F8 key as the
computer is starting up.
1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/
General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Malke
