PDA

View Full Version : =7 Spyware



Advent
28th January 2005, 10:07 AM
For some reason, SpyBot Search and Destroy doesn't seem to find the spyware I've got. Neither does Ad-Aware SE.. =/

Any other programs that might do the job?

Xv_raven_vX
28th January 2005, 11:18 AM
A few questions...


Do you have the newest version of Ad-aware?

If neither one of them detect it, how do you know you have it in the first place?

What is the program doing on your computer? (Pop ups, running slow, weird programs being downloaded, et cetera)

I'll need some more information before I can give you the answer.

Advent
29th January 2005, 10:59 AM
I downloaded Ad-Aware a couple of weeks ago.. January 7th, I think.

The program changes my starting site to "about:blank", which is a search page with kagillion popups.

Simplicity
29th January 2005, 04:08 PM
I've got the same problem and have had it for many, many months. As of yet, I still haven't gotten rid of it. Though I am starting to wonder, I've found some files that look suspicious - deleted them, and they automatically return 3 to 4 seconds later.

So I'm going to defrag everything... Kill my computer! Muahaha.

Yes, I've found no cure for it.

redneckrider
29th January 2005, 07:04 PM
ok what you need is yahoo spyware....it works for me...destroys everything....dont have link to lazy to look sorry

Xv_raven_vX
29th January 2005, 07:36 PM
Alright then I assume you have the most updated version of it. I have had this before, it's just a matter of finding where it is.

If ad-aware and spybot are not catching it, then it must be removed manually. If you don't know which programs are the bad ones, I can point them out if you can do a few things for me. You can send everything to me through email if you prefer that the things on your computer not be exposed onto GUA. If it's not a problem then just put them on your next post.

1.) Right click on start and go to explore.

2.) Scroll down and take screen shots of the following expanded folders:

- Program files (take a screen shot of all the folders under program files. Don't worry about expanding the folders within the folders, I will know just by looking at it.)

- Common Files (this is located under program files, sometimes bad programs will put themselves in there.)

- Depending on the version of windows you have... XP has 2 folders named "windows", if you have XP, expand the windows folder at the very bottom of the list instead of the first one shown. If you have a windows version under XP, then just click on the only windows folder there is.

- cookies Go to your cookies folder, and delete them all except one named "INDEX", everything can go. (A Cookie on the Internet refers to a piece of information sent by a web server to a web browser that the browser software is expected to save and to send back to the server whenever the browser makes additional requests from the server. Cookies contain information like login or registration information, online websites that you've visited, user preferences, and so on. So in a nutshell, it records what you do online. It is always a good idea to keep your cookies cleared out because sometimes there are bad cookies.)

3.) This one is based on how long this has been going on. If this has only been going on a few days, weeks or even 1 or 2 months. Go to start, click on search. Run a search for anything created between the date of when it started up untill now. If you don't know when it started, make your best guess. Specify that you want your computer to search for all files and folders. Where it says "look in", you will have it search on your hard drive ( c: ). Also specify that you want it to search for anything created between the two dates or whenever you think it started. When it is does bringing up everything created, order everything from current date down. If there are a lot of results, just take a few screen shots. If you don't understand how to do this, let me know and I will try to evaluate it better.


4.) Go to start and then click on run. Type in "Regedit" and press enter. It will then take you to a window in your registry editor, expand the folder that says "HKEY_LOCAL_MACHINE", then expand the folder under that that says "SOFTWARE", take a screen shot of that expanded folder.




When I look through all your pictures, I will make a list of all the bad programs that I find and I will provide proper instructions to remove each one safely.

Advent
30th January 2005, 03:39 AM
http://img.photobucket.com/albums/v514/Mars05/screenshot5.gif
http://img.photobucket.com/albums/v514/Mars05/screenshot4.gif
http://img.photobucket.com/albums/v514/Mars05/screenshot3.gif
http://img.photobucket.com/albums/v514/Mars05/screenshot2.gif
http://img.photobucket.com/albums/v514/Mars05/screenshot1.gif

Thanks so much for your help!

Xv_raven_vX
30th January 2005, 01:25 PM
This is the list of programs that I found:


Bigfix (program files and registry)

This link should be helpful http://www.stanford.edu/dept/itss/services/bigfix/remove-installer.html


MyWay (program files and registry)

I’ve had this on my computer before too. I’m surprised that ad-aware did not catch this.

1. Click on Start > Settings > Control Panel > Add/Remove Programs
2. Scroll through the program listings until you find the entry for "MyWay Speedbar" and then click "Remove". This will clean out most of the installed program.
3. Click on "My Computer".
4. Navigate to the main directory structure where the MyWay Speedbar was installed. Usually this is "C:\Program Files\". If you can't find it click on Start > Search > For Files or Folders and type in "MyWay".
5. Delete the folder "C:\Program Files\MyWay"
6. Click on Start > Run and type "regedit", then click "OK".
7. Scroll down to the folder named: 'HKEY_CLASSES_ROOT"
8. Move to the sub folder "Interface". MyWay inserts two registry keys here, both of which can be removed by deleting the folders:

Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC} Interface\{0494D0D6-F8E0-41AD-92A3-14154ECE70AC}
9. Move to the sub folder "TypeLib". There is another registry key here, that can be removed by deleting the folder:

TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
10. Restart your Computer to allow the new registry settings to take effect.

Ad-Aware can also remove the MyWay Speedbar and all registry keys.
Source: http://www.scumware.com/apps/scumware.php/action::view_article/article_id::1063294991/topic::Scumware,-Spyware,-Adware-&-Malware-Applications/

SearchUpgrader (common files and in registry)
This is what is causing your homepage changes.
Delete the SearchUpgrader folder in the common files folder (under program files). Next, go to your registry editor, under local machine, scroll down and delete the one that says SearchUpgrader. This program is associated with a program called “keenvalue” Ad-aware caught this on my computer few days ago.


Mirabilis (registry)

http://www.mirabiliz.com/content.php?op=articles&id=9

It took a little bit of research to find this, this link should be helpful. This program is located in the registry so you can just go there and delete it.


Learn2.com (program files)

I couldn’t find any information on this particular program online. Google decided to bring up several things including “learn2 cook”, but I have dealt with this at a friends house. It is associated with adware programs, so it would be a good idea to delete it.


Kazaa

I know this is a program for downloading music and movies and so on, however just a warning to you, kazaa has been known to put programs onto peoples computers. Considering the things you download from it has to come from another source on the internet. I’m not saying you HAVE to delete it. The program itself causes no harm, but personally I myself wouldn’t use it because of all the bad reports I have read. Besides you have Ares, why do you need kazaa too?

Regarding your “windows” folder.

I see a few things that I’m not liking, but I need to see the details of each one. So if you could, please go back to the windows folder, right click and select view, and then details and take a screen shot or 2. Right off hand, I can see a few programs that will probably need to be taken out. But I will need to see the details before I can make a better decision.


Xhrmy (registry)

Xhrmy.exe is a process associated with an adware application. It automatically downloads advertisements from an online location and displays them on your desktop. I would delete this if I were you.


Search Relevancy (program files and registry)

Delete both folders in the program files and registry with the name “search relevancy”

http://securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html


Megasear toolbar (program files)

This one was on one of the school computers a few months ago and they had me remove it. I went to this link: http://spyware.pcwash.com/antispyware/spyware/spyware-MegaSearch-Toolbar.aspx.htm

It worked. Just scroll down and delete what it tells you to. Or you can download the removal program they have and it will take care of it for you.

If that link wasn’t helpful, here is another one that might be helpful when removing this program http://www.scanspyware.net/info/MegaSearchToolbar.htm

If you don’t understand how to remove this through these websites, let me know and I can explain it to you myself. It’s just a boring explanation so I was hoping to skip it. However I will do it if it is needed.


Trillian

Not a potential threat, I just wanted you to be aware of some of the things trillian can bring and to be careful. http://www.pestpatrol.com/pestinfo/t/trillian_rape_1_0.asp



Some of the programs I found have been removed with ad-aware several times. You might want to uninstall ad-aware and re-download it from here: http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button . Also be sure that you are removing the bad programs properly when you run the scans from ad-aware. You need to right click and select the feature that says “select all objects”, then hit next.

I noticed a lot of programs throughout your computer that allow you to play games off the internet. Also programs that you can download things off of. To let you know, most spyware and adware comes from something that you downloaded. If you’re playing games constantly and downloading them onto your computer, it might be a good idea to stop if you don’t want this stuff on your computer. Anyway, I hope that this helped you in some way, if the problem persists, let me know and I will ask for a further evaluation on your computer. If it continues, it would probably be a lot deeper, but I would still be able to find it.

-Andrew

Advent
30th January 2005, 01:51 PM
Either you're crazy, or a genius. Either way, THANK YOU SO MUCH!

I'll do most of them tomorrow, since I just don't have the time right now.

http://img.photobucket.com/albums/v514/Mars05/screenshit.jpg

Problem #1

now, how do I find those two interface\{1241235128139513589135} folders? Do I have to scroll through them all?

How do I find that Xhrmy registry?




You know, you really should be a proffessional adware seeker person thingy.. THANK YOU SO FUCKING MUCH!

Xv_raven_vX
30th January 2005, 02:11 PM
Either you're crazy, or a genius. Either way, THANK YOU SO MUCH!

I'll do most of them tomorrow, since I just don't have the time right now.

http://img.photobucket.com/albums/v514/Mars05/screenshit.jpg

Problem #1

now, how do I find those two interface\{1241235128139513589135} folders? Do I have to scroll through them all?

How do I find that Xhrmy registry?




You know, you really should be a proffessional adware seeker person thingy.. THANK YOU SO FUCKING MUCH!

Haha, you are very welcome. By the way, I do have my own business in SpyWare and Adware removal. I started a home business a few weeks ago.

Alright now then, to find the 2 interface folders, do the following:


1.) Go to start, run, type in regedit.
2.) Under the "HKEY_CLASSES_ROOT" you will need to scroll down quite a ways, but you will see a folder called "interface", expand it.
3.) You will then need to scroll through that santa-sized list and find the two registry keys named {0494D0D4-F8E0-41AD-92A3-14154ECE70AC} and {0494D0D6-F8E0-41AD-92A3-14154ECE70AC}. Once you find them, delete them.

The other folder is under the same category, HKEY_CLASSES_ROOT.
You will need to scroll waaaayyyyyy down and find a folder called TypeLib. Expand it, and find the registry key named {0494D0D0-F8E0-41AD-92A3-14154ECE70AC}

I'm pretty sure you can just click on, edit, find and paste the key name into the registry finder, and it will find it for you. If not, take a look anyway just to be sure. If I can do anything else to help, let me know.


Edit: Sorry, I'm a dumbass, I didn't look at that other screen shot untill after I posted this.

Alright with that screen shot. You will probably find that a lot of those programs won't be able to be deleted because it says that message. In order to delete them, you need to prevent them from running. In order to do that. Press, Ctrl-Alt-Delete. Click on the "processes" tab. Scroll down untill you see the process that the program is running through and press "end task". If you aren't sure which process the program(s) you can't delete are running through, send me a screen shot of the processes running in your list and I will tell you which process are which.

Simplicity
5th February 2005, 10:10 AM
Yes, Kazzaa isn't too nice. If you need a downloading program, I find that WinMX works great.

MCeley
5th February 2005, 10:46 AM
I had some trouble with spyware the other day and if you goto the Microsoft webpage you can download their latest anti-spyware program that is very effective. I used it and found 43 spywares on my computer and it also catches them as they're trying to install as well. You can get it here (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en). It's the best out of all the programs I've tried as of recent. Good luck man.

Elentári
5th February 2005, 02:42 PM
Apart from programs such as Ad-Aware and Spybot S&D it's a good idea to have Spyware Blaster (http://www.javacoolsoftware.com) - it stops spyware from running if it is installed and doesn't let it install if it isn't. It works well in addition to those other programs, as a measure of prevention.

Advent
5th February 2005, 03:04 PM
Since my question's been answered, I thank you all (especially you, raven!) and am closing this thread.