Repeating site

[Shel Holtz]

I'm trying to help my son who's in the US Army at Ft.
Campbell, KY (101st Airborne). Here's his problem.

A site he's never visited keeps popping up. Even when the
browser is completely closed, it'll open and go to this
site. If he minimizes, if he goes to another site --
nothing stops it. (The site, www.stopfakeids.com, looks
legit. I went there on my PC and had no problems.)

He has tried the following (in additon to rebooting):

* Run Spykiller
* Cleared his history
* Unchecked third-party extensions in Internet Options
* Reset IE to default settings

Nothing seems to help, and I'm stumped. Any thoughts on
how to fix this?

Thanks!

 

[LuckyStrike]

Shel -

First thing is to Un-Install Spykiller. It is a rogue Spyware Application.
See here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

false positives work as goad to purchase; this application is bundled in
MaxNetShield (same company) as spyware protection [A: 6-26-04 / U: 6-26-04]

After that we'll get to the rest, when you've truly cleaned the machine. Use
in the following order, CWShredder, Ad-Aware, and then Spybot S&D. Update
the programs immediately upon installation. Have Ad-Aware and CWShredder fix
all that it finds. Have SpyBot S&D *only fix items which are displayed in
red*. Run the programs one at a time, a couple of times. Also, run them in
safe mode if there are persistent pests.

Ad -Aware
http://www.lavasoftusa.com/support/download/
Ad-Aware Tutorial (might help if you look through this)
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48
Ad-Aware VX2 Cleaner Plug-In
http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

CWShredder (cleans all Cool Web Search malware)
http://www.spywareinfo.com/~merijn/downloads.html
If the Authors site is unable to be accessed, then the following two sites
offer his programs as well.
http://www.majorgeeks.com/download4086.html
http://www.snapfiles.com/get/coolwebshredder.html
CWShredder Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=47

Spybot S&D
http://www.safer-networking.org/index.php?page=download
Spybot Tutorial (Must Read)
http://www.safer-networking.org/index.php?page=tutorial
Other tutorials for Spybot S&D (Also must read)
http://www.bleepingcomputer.com/forums/index.php?showtutorial=43
http://tomcoyote.com/SPYBOT/index1.php
http://tomcoyote.com/SPYBOT/index2.php


HTH -
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
------------------------------------------------------------

 

[LuckyStrike]

I should have also added that setting IE to default settings is one of the
worst things possible. See here:

How to surf the Internet more safely with Internet Explorer
http://www.infinisource.com/techfiles/surf-safe.html
Also installing the Explorer 5 Power Tweaks Web Accessory on this page is a
good idea, as it makes adding sites to the restricted zone a one-click deal.
Then any bad site can be added instantly, and they are left powerless to use
lax security settings in the IE Internet zone to do their dirty work.

More useful info on Parasites, spyware malware basics:
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.mvps.org/winhelp2002/unwanted.htm
https://netfiles.uiuc.edu/ehowes/www/main-nf.htm
http://www.cert.org/tech_tips/before_you_plug_in.html
The Parasite Fight; Quick Fix Protocol
http://www.aumha.org/a/quickfix.htm
So how did I get infected in the first place?
http://boards.cexx.org/viewtopic.php?t=957

More tests, etc.
Other vulnerability tests:
Jason's Toolbox Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/
Qualys' Free Browser Checkup
http://browsercheck.qualys.com/
MyNetWatchman - WinPopUP Tester
http://www.mynetwatchman.com/winpopuptester.asp

Firewall tests: (YMMV
Sygate Technologies Stealthscan
http://scan.sygatetech.com/prestealthscan.html
PortScan from Hackerwatch.org
http://www.hackerwatch.org/probe/
ShieldsUp ports and security tests
http://www.grc.com/x/ne.dll?bh0bkyd2

Site which links to various tests
Security-Ops
http://www.security-ops.tk/

How to disable Windows Messenger Service or WinPopup
http://www.opentechsupport.net/forums/archive/topic/11211-1.html
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
------------------------------------------------------------