J
Jan Works
To close this loop, I'd like to state that hijackware and its ilk are not
always the catch-all blame for every problem ... In my case (discussion
below) it was a corrupted registry key in the Accessibility module. Someone
in the XP forum pointed me in the right direction and I found a repair
routine that fixed it.
--
Jan
--------------------------------------------------------------------
Until you post a HijackThis log to an appropriate forum and are given the
"All Clear", hijackware remains the most likely problem IMHO, Jan.
--
~PA Bear
always the catch-all blame for every problem ... In my case (discussion
below) it was a corrupted registry key in the Accessibility module. Someone
in the XP forum pointed me in the right direction and I found a repair
routine that fixed it.
--
Jan
--------------------------------------------------------------------
Until you post a HijackThis log to an appropriate forum and are given the
"All Clear", hijackware remains the most likely problem IMHO, Jan.
--
~PA Bear
Jan said:I had to reinstall because the registry was hopelessly fouled. I think it
came about because I mapped a drive from the other computer and then made
the mistake of using the File & Setting Transfer wizard.... it created a
huge and unwieldy registry, with entries for programs that I never
intended to install on the new computer. It was easier to start all over
again, and yes, of course, I followed the procedures to avoid spyware and
applied all updates immediately. I routinely run AdAware, Spybot and
CWShredder... updating first, so I'm relatively certain I'm not
contaminated. I have also performed an XP repair. The only problems with
IE I have are when I try to access the MS support site--see my message to
R.Aldwinckle.
jan
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)PA Bear said:...I had to reinstall XP completely a couple of weeks ago and that's
when all this started.
Oh? Why did you have to reinstall XP? After reinstalling, did you
*immediately* take care of everything at the following page?
Before You Connect a New Computer to the Internet
http://www.cert.org/tech_tips/before_you_plug_in.html
My good buddy Robert Aldwinckle and I are seeing eye-to-eye on this,
Jan: Either your display settings are wrong or you've got some malware
which has "hijacked" the settings usually found in Accessibility. A
CoolWebSearch variant is most likely and the just-released Ad-aware SE
has been doing a good job on CWS so far:
http://www.lavasoftusa.com/support/download/. Make certain you seek
updates before each and every use, even "right out of the box" new.
<canned "hijackware" response>
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
Run these tools in the following order with nothing else running in
background:
1. CWShredder (fix all found)
2. Ad-Aware (fix all found)
3. Spybot (RTFM but generally fix everything in red)
Important: You *must* seek updates for Ad-Aware, Spybot, etc., before
each and every use, even "right out of the box". But even they can't
catch everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the
preferred tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
Also:
1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...
2. Update your virus definitions, enable Show Hidden Files(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)and then run a full system scan in Safe Modehttp://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,and follow all Removal steps.
WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.
3. Check in at Windows Update.
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
</canned "hijackware" response>