G
Guest
there is a file named ceres.dll on my computer. is there a way to delete it?
it has led to pop up ads while on the web.
it has led to pop up ads while on the web.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
C
Chuck
there is a file named ceres.dll on my computer. is there a way to delete it?
it has led to pop up ads while on the web.
If you're getting pop-ups, that file will probably be just another symptom at
best, and probably just the tip of the iceberg. Please do a thorough crapware
scan, including HijackThis and expert advice to interpret the HJT log.
Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware, CWShredder, and Spybot S&D have install
routines - run them. The other downloaded programs can be copied into, and run
from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Consider using an alternative browser, like Firefox, for the majority of your
browsing activities.
<http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61>
Block Internet Explorer ActiveX scripting from dangerous websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from running.
<http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
How did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339
http://www1.spywareinfo.com/articles/hijacked/prevent.php
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
When I ran the shredder it would not get rid of the infected files unless IChuck said:If you're getting pop-ups, that file will probably be just another symptom at
best, and probably just the tip of the iceberg. Please do a thorough crapware
scan, including HijackThis and expert advice to interpret the HJT log.
Start by downloading each of the following additional free tools:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware, CWShredder, and Spybot S&D have install
routines - run them. The other downloaded programs can be copied into, and run
from, any convenient folder.
First, run Stinger. Have it remove any problems found.
Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.
Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.
Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Finally, improve your chances for the future.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Consider using an alternative browser, like Firefox, for the majority of your
browsing activities.
<http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61>
Block Internet Explorer ActiveX scripting from dangerous websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from running.
<http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.
Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.
How did I get infected in the first place?
http://forums.net-integration.net/index.php?showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339
http://www1.spywareinfo.com/articles/hijacked/prevent.php
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOTn
actual address pchuck sonic net.
Chuck
agreed to pay $29 for the program. That is not free
C
Chuck
When I ran the shredder it would not get rid of the infected files unless I
agreed to pay $29 for the program. That is not free
Did you get CWS from MajorGeeks? If so, just skip CWS and move on to AdAware,
Spybot, and HijackThis. HJT is the essential step anyway.
That's news about CWS though. It used to be a totally free product, then it's
creator sold it to InterMute. I'll bet the folks at SWI Forums (PLEASE post
your HJT log there!) freak when you tell them IM is charging for the service
now.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
Chuck said:Did you get CWS from MajorGeeks? If so, just skip CWS and move on to AdAware,
Spybot, and HijackThis. HJT is the essential step anyway.
That's news about CWS though. It used to be a totally free product, then it's
creator sold it to InterMute. I'll bet the folks at SWI Forums (PLEASE post
your HJT log there!) freak when you tell them IM is charging for the service
now.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
The same thing happened with Noadware only they wanted 39.
C
Chuck
Dude, you've been Hijacked! I NEVER recommended Noadware! AdAware is free.
Noadware is crap.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Did you actually use the same links I provided?
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
Noadware is crap.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Did you actually use the same links I provided?
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
You can add spybot to that category also.
C
Chuck
You can add spybot to that category also.
Spybot is free too! You have a hijacker somewhere!
Ping the following websites please, and tell me what ip addresses you're
getting:
www.lavasoftusa.com
www.majorgeeks.com
www.safer-networking.org
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
Yes I clicked on them from your message.
Chuck said:Dude, you've been Hijacked! I NEVER recommended Noadware! AdAware is free.
Noadware is crap.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Did you actually use the same links I provided?
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
C
Chuck
You can add spybot to that category also.
Go to a friend who has internet access and a CD burner. Download these
programs, burn them to a CD, and go back to your computer.
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. AdAware, CWShredder, and Spybot S&D have install routines
- run them. The other downloaded programs can be copied into, and run from, any
convenient folder.
Disable System Restore.
<http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Install all programs while booted in Safe Mode.
Reboot and get on the network.
Run AdAware and Spybot - but just to get the latest updates.
Reboot into Safe Mode, and run each program to scan for problems.
Run Stinger.
Configure AdAware for a full scan.
<http://forums.spywareinfo.com/index.php?showtopic=11150>
Run AdAware.
Run Spybot.
Run HijackThis.
You have problems which are beyond my experience - I highly recommend you run
each program, produce your HJT log, and post to SWI Forums as quickly as
convenient.
Spyware Info: <http://forums.spywareinfo.com/>
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
I downloaded adware and it was helpful thanks. I can find the ceres files
but I can't delete them, Any ideas? So far none of the programs have gotten
rid of it.
but I can't delete them, Any ideas? So far none of the programs have gotten
rid of it.
C
Chuck
I downloaded adware and it was helpful thanks. I can find the ceres files
but I can't delete them, Any ideas? So far none of the programs have gotten
rid of it.
I just did a Yahoo search on "ceres.dll" and it appears to be _very bad stuff_.
HijackThis and expert advice is the essential diagnostic, but you need to run
AdAware and Spybot first. If you can get genuine versions (NOT ones that demand
$$$) of AA and SSD, and run successfully, run HJT and post your log at SWI
Forums.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
C
Chuck
Yes I clicked on them from your message.
Did you click on each individual link? I'm trying to figure out where we went
wrong, some experts in another forum are suspecting that the MajorGeeks
downloads may be problematic. But how about the AdAware and Spybot downloads -
did you do them from the links in my message?
Specifically, how did you end up with Noadware instead of AdAware? And Spybot,
which wanted money also?
Help us out here, what you provide may help others in the future.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
I am not sure how I ended up with Noadware since I was downloading so much.
I had spybot already and ran adware. They didn't get rid of it so I will try
hyjack. Thanks again.
I had spybot already and ran adware. They didn't get rid of it so I will try
hyjack. Thanks again.
C
Chuck
I am not sure how I ended up with Noadware since I was downloading so much.
I had spybot already and ran adware. They didn't get rid of it so I will try
hyjack. Thanks again.
OK, when you download from MajorGeeks, or any other third party freeware site,
PLEASE make sure you just click on the download links (select a mirror site from
the product page) - DO NOT click on any of the ads.
Please post a link to your expert forum (SWI Forum preferably) post here - I
would really like to follow this issue.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
I ran hijack and before it would remove the problems it asks for registration
# and to get that a page comes up requiring purchase for $39. Now what?
# and to get that a page comes up requiring purchase for $39. Now what?
C
Chuck
I ran hijack and before it would remove the problems it asks for registration
# and to get that a page comes up requiring purchase for $39. Now what?
You are getting bogus software.
Did you get a friend to download using a known clean computer?
When you downloaded HijackThis, did you go to THIS webpage:
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
and click ONLY on one of the links under Download Locations (MajorGeeks 1, 2, 3,
or 4)?
Can you do IM - either MSN Messenger or Yahoo Messenger - and I will push a
known good copy of HJT to you.
Look at Registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters], at the
contents of DataBasePath.
Have you used the Registry Editor before? If not, it's a scary tool, but it's
pretty simple once you get used to it. Here are a couple articles that might
help:
<http://www.microsoft.com/windowsxp/...home/using/productdoc/en/tools_regeditors.asp>
<http://www.annoyances.org/exec/show/registry>
The value of DataBasePath on most computers should be
%SystemRoot%\System32\drivers\etc
From Windows Explorer, find the folder that DataBasePath points to on your
computer. Is there a Hosts file in that folder? Use Notepad to open the Hosts
file. In it, you should find ONLY:
127.0.0.1 localhost
Look at the contents carefully! Does the window show the entire file? SCROLL
DOWN to the bottom of the file - and look for blank lines that make you think
you're seeing a blank file, followed by non-blank lines.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
G
Guest
It even says in the agreement statement that it will scan for free but it
will not remove the problem files unless you register and that is what
requires the payment.
will not remove the problem files unless you register and that is what
requires the payment.
Chuck said:I ran hijack and before it would remove the problems it asks for registration
# and to get that a page comes up requiring purchase for $39. Now what?
You are getting bogus software.
Did you get a friend to download using a known clean computer?
When you downloaded HijackThis, did you go to THIS webpage:
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
and click ONLY on one of the links under Download Locations (MajorGeeks 1, 2, 3,
or 4)?
Can you do IM - either MSN Messenger or Yahoo Messenger - and I will push a
known good copy of HJT to you.
Look at Registry key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters], at the
contents of DataBasePath.
Have you used the Registry Editor before? If not, it's a scary tool, but it's
pretty simple once you get used to it. Here are a couple articles that might
help:
<http://www.microsoft.com/windowsxp/...home/using/productdoc/en/tools_regeditors.asp>
<http://www.annoyances.org/exec/show/registry>
The value of DataBasePath on most computers should be
%SystemRoot%\System32\drivers\etc
From Windows Explorer, find the folder that DataBasePath points to on your
computer. Is there a Hosts file in that folder? Use Notepad to open the Hosts
file. In it, you should find ONLY:
127.0.0.1 localhost
Look at the contents carefully! Does the window show the entire file? SCROLL
DOWN to the bottom of the file - and look for blank lines that make you think
you're seeing a blank file, followed by non-blank lines.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
C
Chuck
I ran hijack and before it would remove the problems it asks for registration
# and to get that a page comes up requiring purchase for $39. Now what?
Forget MajorGeeks for now. Get HijackThis HERE: http://www.tomcoyote.com/hjt/
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
C
Chuck
It even says in the agreement statement that it will scan for free but it
will not remove the problem files unless you register and that is what
requires the payment.
HijackThis does NOT do this. This is bogus software. See my previous note -
get HJT from TomCoyote.
--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.