Thanx for your response, you are right I know not what I do, but I do, do
what I know.I will certainly investigate your suggestions.
ImAnAmateur said:
Patricia,
I fought "roings" for over three hours today over the phone, so I hope I
can be of some help. First of all, this adware/spyware is VERY difficult to
remove. (It was successfully removed from the PC I was dealing with by
using Windows System Restore to restore the system back two days and then
download and run Lavasoft's AdAware WITH UPDATED DEFINITION FILES. AdAware
only added roings to its definition files on 16-May-2004.) The following
link has a manual removal method at the bottom of the page, but note that it
did NOT work for me - it may, however, work for you:
http://www.pestpatrol.com/PestInfo/r/roings_com.asp
Another fix I read that worked was to download and run a small (27 kb)
uninstall program from
www.errorplace.com (which has only two sentences and
one link on that site - no contact information, etc.).
Here's a detailed forum that suggests many possible solutions:
http://www.webhostingtalk.com/archive/thread/264974-1.html
Many of the websites suggest running HijackThis (HJT) and posting the
entire logfile from HJT to the message boards. Someone will get back to you
on what you need to do. I guess this is to help newbies fix their
problem(s) without creating new ones. Granted, I'm just another user who's
still learning about trojans, adware/spyware, and how Windows works so
awfully to allow such programs to install and run without a user's consent
or knowledge. (Short slam on Microsoft... sorry). The download site for
HijackThis is:
http://tomcoyote.com/hjt/
... which includes instructions on how to post the logfile, etc.
One last thing I can offer you is to delete any BHO entries that you do
not recognize. BHO stands for Browser Helper Objects. Unless you have
SPECIFICALLY installed the Google toolbar, Yahoo! companion, or some other
program that runs in the Internet Explorer toolbar, BHO's are mostly
harmful. They are used in this manner, presumably, because all BHO's load
automatically (from the Windows registry, I believe) when you start IE
(Internet Explorer), WITHOUT THE USER'S KNOWLEDGE. From my research today,
BHO's can be loaded using ActiveX controls that deceive users. Two examples
are installing a program by clicking "Cancel" on a dialog box in IE, or
installing in the background whenever you close a window - both WITHOUT the
user's knowledge or consent. Granted, I am not an expert and AM making the
assumption that ActiveX will allow such actions, but if true then Microsoft
really needs to re-evaluate the usefulness of ActiveX against its apparent
security flaws (at least, in IE). Oops... another slam at MS. Sorry.
Oh, I just thought of another tip I discovered today. Scan your hard
drive for a file called "Hosts" (no extension). If found, open it in
Notepad. Scroll to the bottom and find the entry "127.0.0.1 localhost".
The IP address 127.0.0.1 refers to your local machine (not any web server).
If there are any other entries below this one, you should probably delete
them. PLEASE USE YOUR OWN JUDGEMENT HERE. (If in doubt, copy Hosts to
another folder on your hard drive and rename it to Hosts.txt before making
changes. You can then make changes to the original Hosts file, and if
anything screws up, simply copy your backup and rename it back - overwriting
the file you modified.) The Hosts file also houses websites that you place
in the "Restricted sites zone" in Internet Explorer, I believe, so you may
not want to delete them from Hosts.
And finally, I'd strongly suggest using a browser OTHER THAN INTERNET
EXPLORER! ActiveX seems to be the primary method for maliciously spreading
adware/spyware (along with email attachments, including joke programs), and
only IE supports ActiveX. I suggest using Mozilla, which is totally free
and also includes a decent email client as an alternative to Outlook
Express.
Just a reminder... I could NOT find any website that could tell me, in a
straightforward manner, how to remove roings myself. Most forums contain
HijackThis logs that are confusing and fairly unique to each user, with
unique recommendations for removing roings and similar programs. The cure
for the PC I was dealing with was to use Windows System Restore (Start
Menu/All Programs/Accessories/System Tools/System Restore) to roll the
system back two days, download Lavasoft's AdAware version 6.0.1, UPDATE THE
DEFINITION FILES, and clean roings. I was told the entire process, from
System Restore to cleaning with AdAware, was very simple and required little
user interaction. I hope so very much that this helps you and is not too
much information for my FIRST post EVER! Good luck, Patricia.