Spyware???

T

Tom Bowman

Hi,

There are two icons with these properties
"C:\Program Files\Internet Explorer\iexplore.exe"
http://www.casinopalazzo.com/index.php?sourceid=100730
that keep reappearing on my desktop.

I ran Ad-aware 6.0 and Spybot Search & Destroy and found other spyware but
the programs did not delete these.

Also did a search in the registry for "casinoplaza" and "casino" but found
nothing.

Any ideas how to eliminate the cause of this which I guess is somewhere on
my hard drive?

BTW, using Windows XP SP1 and running Norton in the background.

Thanks!

Tom
 
P

PA Bear

Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also:

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957

--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
 
G

Guest

Download CWShredder http://www.majorgeeks.com/downloads31.html
if it does'nt workout that way download Hijack This
Download Hijack This http://www.majorgeeks.com/downloads31.html

Please’ post your Hijack This Logs, in any of the following “Expert Forumsâ€
http://forum.aumha.org/viewforum.php?f=30
http://www.wilderssecurity.com/forumdisplay.php?f=26
http://forums.spywareinfo.com/
http://computercops.biz/forums.html
http://boards.cexx.org/
http://www.techsupportforums.com/
http://forums.techguy.org/
http://forums.net-integration.net/index.php
http://forums.tomcoyote.com/index.php?s=ee20672a32e5b13837eb98d5e43b840f&showforum=27
 
H

H Leboeuf

Add this tool to your arsenal
More: Complete list by variant with up-to-date information.
http://www.merijn.org/cwschronicles.html
More: Removal tool: http://www.merijn.org/files/cwshredder.zip

Read this: "So how did I get infected in the first place?"
http://forums.net-integration.net/index.php?showtopic=3051


If all fails then:
Go to http://www.spywareinfo.com/downloads.php#det
Download "Hijack This!" [freeware] or download direct (below):
http://www.merijn.org/files/hijackthis.zip

If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip

Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Click: "Save Log" (generates "hijackthis.log")

Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates "startuplist.txt")

Next, go to the below location:
http://www.spywareinfo.com/forums/

Sign in, then copy and paste both files in your message.

HijackThis Quick Start Help
http://www.tomcoyote.org/hjt/

The Tutorial if you want to know more about the results or the .log file.
http://www.merijn.org/htlogtutorial.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ICONS 2
Freqeunt Computer crashes-adware or spyware? 1
After Removing Malware Web Page Cannot Be Displayed 7
please recommend spyware blocker 5
Spyware fixes makes images on certain sites break 1
Darn Spyware 4
Spyware corrupted iI.E 6.0 4
hijacked !!! 3

Top