Spyware help needed please...........

[Philip J. Cook]

Help desperately needed for following problem:

I seem to have some spyware on my PC - its come from:

http://searchweb2.com/passthrough/newpass2.html

1. I have run adaware,
2. purchased software called PAL spyware remover
3. I run Norton Firewall and Antivirus s/w

But I still cannot get rid of the search bar which appears in IE6.0 and also
a very annoying pop search bar with icons that appears just above the task
bar everytime I run IE6.0.

Does anyone know anything about spyware from this source Searchweb2? How can
I delete this once and for all from my PC
many thanks
philip

 

[Frank Saunders, MS-MVP]

Help desperately needed for following problem:

I seem to have some spyware on my PC - its come from:

http://searchweb2.com/passthrough/newpass2.html

1. I have run adaware,
2. purchased software called PAL spyware remover
3. I run Norton Firewall and Antivirus s/w

But I still cannot get rid of the search bar which appears in IE6.0
and also a very annoying pop search bar with icons that appears just
above the task bar everytime I run IE6.0.

Does anyone know anything about spyware from this source Searchweb2?
How can I delete this once and for all from my PC
many thanks
philip

See
Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated with the program's update function
before every use, even when just downloaded. There's also a lot more to do
than just those two programs. CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

If nothing there helps, please post back to this thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Vanguardx]

See
Dealing with Unwanted Malware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

<snip>

In addition, you could also run the free scanner from PestPatrol.com or
SpywareSweeper.com (note that both may [and usually do] report false
positives). Sorry, but I'm not visiting a site that you have already
declared will [attempt to] download malware, especially since the link
appears to be a redirect to somewhere else. This toolbar doesn't
identify itself so you could give it a name?

http://spywarewarrior.com/viewtopic.php?t=1151
http://spywarewarrior.com/viewtopic.php?t=1152
http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

[PA Bear]

More thorough measures are required:

Dealing with Trojans & Hijackware

A. Trojans

1. Check in at Windows Update and install all critical updates & reboot.

2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

3. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow *all* Removal steps, including editing the Registry if directed.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then:

Disk Cleanup > More options > Delete all but the most recent Restore
Point.

B. Hijackware

Help with Hijackware (MS MVP sites all)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder v1.59.1 (no updates available currently; fix all found)

2. Ad-Aware SE (reconfigure per Post #2 in
http://aumha.org/forum/viewtopic.php?t=5877; fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

WinXP SP2: What's New for Internet Explorer and Outlook Express
http://www.microsoft.com/windowsxp/sp2/ieoeoverview.mspx

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/default.mspx

There is no 'silver bullet' solution to hijackware
http://go.microsoft.com/fwlink/?LinkId=33131

 

[Guest]

While I was on vacation my computer was infected with and hijacked by
"about:blank". I've run Spybot S&D and Ad-Aware. I've read this thread and
intend to go to auhma.org and scan my machine there (tomorrow at work).

Meanwhile I can't get Internet Explorer 6 to run. I've uninstalled,
reinstalled, downloaded the program again from microsoft.....even erased the
whole directory and tried reinstalling. Nothing works. Whenever I double
click the shortcut the program gives me an error message and won't
boot/connect to the internet.

Help....any ideas?
Thanks
Doreen

 

[Don Varnau]

Hi,
About blank can be difficult to remove.
Start with: http://www.pchell.com/support/aboutblank.shtml
Then see this thread http://snipurl.com/9o98 Something in either my post or
Jim Byrd's post should help.

Regards,
Don

 

[PA Bear]

And the error message is...?

While you were on vacation, someone using your computer may have infected it
with About:Blank, Doreen. The hijacking cannot take place without user
input.

The online scan at http://www.aumha.org/a/noads.htm is very, very
rudimentary. Getting an "all clear" there in no way means the machine is
spyware-free.

Uninstalling/reinstalling IE won't help: The Operating System (Windows) is
what's been hijacked.

Can you open IE if you boot into Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)?

I'd download HijackThis from
http://forum.aumha.org/downloads/hijackthis.zip. Save the zip file to a
floppy or CD and then install it on the problem machine in its own dedicated
folder (e.g., C:\Program files\HijackThis). Enable 'Show Hidden Files'
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and boot into Safe Mode; run HijackThis and save your log. Register at
http://forum.aumha.org/ and post your log to the HT forum there.

If at all possible, also run a full system anti-virus scan per this post
before running HT: http://aumha.org/forum/viewtopic.php?t=5878

Mention your thread here in your post to Aumha Forums.

 

[PA Bear]

....or
http://www.google.com/ie?q="about:blank"+site:aumha.org&num=20&hl=en&lr=&safe=off&c2coff=1
(pick one)

 

[Guest]

PA Bear, thanks SO much for your response! Now I don't feel so "all alone"
running around in circles <s>

I had scanned my machine with HiJack This. Today I rescanned in safe mode. I
didn't see anything "deadly" in the log, but after I write this I'll go over
to aumha.org and post a brief description of the problem, the gist of what
I've tried so far and the resulting (scan) log.

I CAN boot up IE6 in safe mode, but (of course) can't access any web page.
THIS was a surprise to me....what does it mean? That the IE program is ok and
the problem lies elsewhere? When I boot my machine normally and try to start
the problem I get the error message: "This program has performed an illegal
function and will be shut down". There's nothing to be done but chose
"close". Then I get another pop up message...would the details there help?

I also ran McAfee's Stinger in safe mode....nothing found.

What should I do next?
Again, thanks so much for your help....I would be lost without it.
Doreen

 

[it_exprt]

Start->>Settings->>Control Panel->>Add/Remove Programs SELECT TH
TOOLBAR YOU WISH TO REMOVE AND CLICK THE ADD/REMOVE COMMAND BUTTON


-
it_expr