| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 36156 | 2003-08-01 16:10:00 | MusT read!!!...well,those with spyware should.........HA | metla (154) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 164523 | 2003-08-01 16:10:00 | Dunno if any of you remember but i posted about a computer i was working on a couple weeks ago that was infested with spyware that wasn't detected by any of the mainstream programs. had no luck resolving that case. However, much to my complete and utter amazement after clicking on the search button on my browser earlier tonight a toolbar of sorts popped up, I was in complete shock let me tell you, I know every file on my computer (sort of) and watch over her like a hawk. Once again it was a instance where the offending software was undetected by both spyware and ad-awere,i checked for bho's,reinstalled ie6,ran sfc,trawled thru the registry,yadda yadda yadda. I managed to find where the software was talking to www.searchv.com and the toolbar was titled something like "coolwebsearch"...released the 7/7/03 apparently Anyway,after googling the hell out of both those i discovered a little program called Hijackthis.And in the authors own words... HijackThis A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything. Currently at version 1.95 Basically instead of looking for specific programs it looks instead to where they will be hiding and leaves the removal up to the user, After running the scan it showed me at least 8 instances where this particular nasty was hiding, I checked the boxes and all was sitting pretty after a re-boot.....well, I had to re-install my video card drivers but that was fine by me. Anyway, an excellent tool ive added to my personal arsenal of essential programs. The guy’s site www.spywareinfo.com The download www.spywareinfo.com |
metla (154) | ||
| 164524 | 2003-08-01 21:59:00 | From what you have said it sounds like this programme is a script blocker, most anti virus progs do this for you. Have you been running anti virus software? |
roofus (483) | ||
| 164525 | 2003-08-01 23:54:00 | Yes, that HijackThis program is a really neat piece of work and I have recommended it here a few times. The author also has a Startup List program that tells you exactly what runs when you bootup. The only problem with the two programs is that you have to know your stuff in order to make any sense of it and they can be a bit dangerous in the hands of those who don't. Still, that is what Press F1 is for, isn't it? ;-) |
Susan B (19) | ||
| 164526 | 2003-08-02 01:34:00 | so run this by me again it searches for these greeblies and finds them but does not actually do anything with them? you do it manually? so if i was to do this test and then say find something but not actually do anything till i had some expert backup (PF1 or someone here at home) i could find and take note of where they are and get rid of them at a later date or found an easy method to get rid of them to the safety of me and the puter ...LOL ? is this correct or does it all have to be done there and then? and does it search for specific names / progs or specs? in the registry ? or just anywhere ? ? sounds good but a bit scary for a newbie like me who has a few glichs on their puter anyway.. beetle |
beetle (243) | ||
| 164527 | 2003-08-02 03:12:00 | Ill try and clarify it a bit for ya beetle. Rather then pinpointing specific instances of spyware/gremlins it instead shows everything that it can find in the areas its programed to look at. Not only will it show the nasties but the stuff you need to run your computer,its then up to the user to pick and choose which ones to remove,Removing the wrong ones will potentially cause no end of problems.Removing the stuff is as easy as ticking a box and hitting the remove button,The trick is in identifing what needs to be removed. Having said that,the offending entries were imo very obvious.I dont suggest using it unless there is software/nasties on ones puter that the mainstream programs(spybot/ad-awere) don't pick up. Here's the log file generated by the program(this is after i cleaned out the bad entries....if anyone sees some still in there that ive missed,then yell out) Logfile of HijackThis v1.95.1 Scan saved at 12:58:37 p.m., on 2/08/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Proxomitron Naoko-4\Proxomitron.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\FlashGet\flashget.exe C:\Documents and Settings\Speedwhipper\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (disabled by BHODemon) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\jccatch.dll (disabled by BHODemon) O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: FlashGet (HKLM) O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O17 - HKLM\System\CCS\Services\Tcpip\..\{FC8946F7-990C-4451-AB4C-893FBE93F852}: NameServer = 202.27.184.3 202.27.184.5 hmmm,now im wondering what O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - might be,think ill delete that one as well. :D |
metla (154) | ||
| 164528 | 2003-08-02 03:38:00 | Would any of these help (spybot.eon.net.au) to identify whats gone on behind your back. Cheers Murray P |
Murray P (44) | ||
| 164529 | 2003-08-02 05:16:00 | I use Lavasoft 6.0, and usually finds quite a lot of spyware. But does this program find most or just few of all the nasties on my computer? | DanielS (3390) | ||
| 164530 | 2003-08-03 06:46:00 | > I use Lavasoft 6 . 0, and usually finds quite a lot of spyware . But does this program find most or just few of all the nasties on my computer? Lavasoft's Adaware does quite a good job of finding the nasties, yes, but it is recommended that you also run Spybot Search and Destroy as well, to catch any that Adaware might miss . If there are unexplained things happening on your computer and you have run these two programs then HijackThis is an excellent tool for picking up things that those two programs have not caught . Unfortunately, unlike Adaware and Spybot, it usually takes an expert to identify what is legitimate and what is sinister but there are forums to assist with this . |
Susan B (19) | ||
| 164531 | 2003-08-03 10:50:00 | Yes thanks Susan B an interesting program to add to my arsenal. | mikebartnz (21) | ||
| 164532 | 2003-08-03 10:51:00 | No Roofus it is not a script blocker it would pay to read a little more about it. | mikebartnz (21) | ||
| 1 2 | |||||