Security compromized

[Guest]

My current xp-pro installation is a couple of weeks old. I have tried all the way to play it as safe as possible, yet I have still been compromized. Getting my e-mail often halts. I realize that they are able to switch my lan settings and thus block/halt e-mail processing ... no big deal. It happens but my virus-system does not respond ?????
Another typical reaction from an 'attack' is that my google-settings will be changed. For the time beeing the array of languages that can be choosen in google/ajustment has been added 'hacker, bora bora bora, Elmer fjot' .... still no big deal, except that someone is taking a security leak on me.
I have tried beforehand to download security-patches to be ready for a new clean installation... but it will take something of an advanced university degree not to run wild in the several 100 MB worth of choises. A sensible collection (service-pack) may probably be purchased in the US or Canada on CD. Inspite of different attempts it has not yet been possible to download (separated from an installation) a servicepack that my system will install when I choose to.

Is this the best the world leading software producer has to offer? Or have I fallen victim to some distasteful but persistent online 'eat or be eaten' game?

 

[Sadie]

Hello,Carsten,

What sounds likely is you either have a trojan onboard
which is diverting your settings,or a general browser
hijacking.These pests can add entries to the hosts
file,mess with winsock lsps and drop active x controls
into I.E/the registry without you even noticing.

This is becoming a stock answer,I am afraid,but please
download HijackThis!

http://www.spywareinfo.com/~merijn/downloads.html

(it is possible your browser will be diverted/the site
will be blocked.Don't panic,just head to any of these
specialist forums,and they will provide an alternate
direct download link.)

Expert assistance in removing these pests provided here:

http://www.spywareinfo.com/forums/index.php?showforum=30
http://computercops.biz/forum67.html
http://forum.aumha.org/viewforum.php?f=30
http://forums.net-integration.net/index.php?showforum=32
http://cexx.org

Here is a list of useful applications you might like to
copy and paste,for future reference:

Spybot Search And Destroy.An amazingly sophisticated
piece of freeware.So much more that just a spyware
hunter:
http://safer-networking.org/

CWShredder:
http://www.computercops.biz/zx/phoenix22/cws.zip

Free DOS version of f-secure Anti-virus
http://www.f-secure.com/download-purchase/tools.shtml

Free Trojan and porn-dialler seeking programme
http://www.emsisoft.com/en/

Stop rogue active x controls getting onto your P.C. in
the first place (works spectacularly well alongside
Spybot)
http://www.javacoolsoftware.com/spywareblaster.html

Purchased version of Norman Anti-Virus.Revolutionary
sandbox technique/heuristic analysis,will run in safemode:

http://www.norman.com/products_nvc.shtml

Sygates free firewall,wholly compatible with Norman:

http://smb.sygate.com/products/spf_standard.htm

Lots of free tools to control cookies,scripts etc;

http://www.analogx.com/contents/download/system.htm

There are many more protective gadgets out there!

Sadie

-----Original Message-----
My current xp-pro installation is a couple of weeks old.

I have tried all the way to play it as safe as possible,
yet I have still been compromized. Getting my e-mail
often halts. I realize that they are able to switch my
lan settings and thus block/halt e-mail processing ... no
big deal. It happens but my virus-system does not
respond ?????

Another typical reaction from an 'attack' is that my

google-settings will be changed. For the time beeing the
array of languages that can be choosen in
google/ajustment has been added 'hacker, bora bora bora,
Elmer fjot' .... still no big deal, except that someone
is taking a security leak on me.

I have tried beforehand to download security-patches to

be ready for a new clean installation... but it will take
something of an advanced university degree not to run
wild in the several 100 MB worth of choises. A sensible
collection (service-pack) may probably be purchased in
the US or Canada on CD. Inspite of different attempts it
has not yet been possible to download (separated from an
installation) a servicepack that my system will install
when I choose to.

Is this the best the world leading software producer has

to offer? Or have I fallen victim to some distasteful but
persistent online 'eat or be eaten' game?

 

[Guest]

Hi Sadi

Thank you for a swift and through reply
What's my updated (free) AVG antivirus good for if it does not detect the stuff
My subscription on Norman antivirus ran out - anyway, I never used it. You probably have an idea of how slow your mashine gets when you first add the whole line of security-patches and then include sandbox/heuristics in the antivirus.

I had a needed focus on spam on this latest installation. I realize that the pest I encountered is in the category spyware ... a line of defence I havn't paid attention to before (it seems relatively harmless).

Thank
Carsten

 

[Guest]

I ran HijackThi
Not much of this looks as if it would be a good idea to delete.
Moan and groa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlink
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dl
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.oc
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\avgcc32.exe /STARTU
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartu
O4 - HKLM\..\Run: [nwiz] nwiz.exe /instal
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.ex
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.ex
O4 - HKCU\..\Run: [Spamihilator] "e:\Programmer\Spamihilator\spamihilator.exe
O4 - Startup: PowerReg Scheduler.ex
O4 - Global Startup: Microsoft Office.lnk = E:\Programmer\Microsoft Office\Office\OSA9.EX
O4 - Global Startup: Symantec WinFax Starter Port.lnk = E:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EX
O9 - Extra button: Related (HKLM
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)