computer woes...

[JanHammer]

Hey everybody - I need your help!

On boot-up, "Golden Palace" casino is running - but Ad-Aware and Spy-Bot cannot remove it.

What now?

Thanks...

 

[ycghiydvo]

More info please... Operating system, version if you know it, and your browser info would be a good start...

 

[JanHammer]

MS Windows 2000 Professional, 5.00.2195
MS Internet Explorer 6

 

[ycghiydvo]

Found this on the web... see if it will help you...

G'day,
Unfortunately, this is becoming more and more of a problem. I still have problems with these "low lifes" imposing their crap on my machine, despite the fact that I have all the current tools (zonealarm, adaware, AVG, spybot, homepage defender,bazooka, spyware blaster, webwasher, trojan detector...the list goes on)But I guess they are only effective against the then known threats- new ones pop up all the time. And if you followed the excellent links provided by abnormal (it may have fallen off the main page...)you will realise that to have any real fun or usefullness out of your internet experience you need activeX scripts enabled for IE5 and above- and that's where the problem starts.
So, here are a few tips (which will no doubt be expanded upon by other learned people on this forum):
1. always look at your startup programs ie click on start,click on run and type in msconfig and press ok. Select the startup folder. This is a place where programmes and scripts etc are loaded every time your computer boots up (that's why when you delete everything: it just pops up again when you next start your computer). You will see check boxes next to each one for the purpose of selecting or de-selecting. If you don't have a good feel for what should or shouldn't be there, then write down the list and post it here. A good guide for this is; if it just a hijack attempt, is that the offending url will be on there (ie www.casino or whatever it is called).
2 look at the boot options :
ie inb the same place click on the win.ini tab and click the [windows] listing. You will see entries like load= and run= : they should both contain empty strings.
3 Cross to the system.ini tab and select the [boot] option. Here the point of interest is that the shell=Explorer.exe line should be just that ..and not something like shell=explorer.exe msapp.exe %1 or similar.
4 if you do find names of files in these places, then run them through a good search engine like google and you will be surprised with all the help you will get from the hits.
5 A bit of detective work goes a long way.. I once solved a hijack for a friend by getting him to tell me when his problem started: we then used windows explorer to find files created and/ or modified on that date/time. Once isolated (renamed to *.old) the problem was near to being solved (*.hta files are a dead giveaway here)

 

[68.5]

Registry

Many times, it's all about the registry (but if you're not experienced, maybe find somebody who is because the registry is very important)...

Go to Start button -> Run, and type 'Regedit'.

Then, in the Registry, click on HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion -> Run

That's where there is a list of every program that runs when you start up your computer, and a VERY likely place for hackers to add their program. Mine currently only has one item (not including the one labeled 'Default) - the Synchronization Manager. Most other stuff is useless and should be deleted - but again, make sure with somebody who knows before deleting stuff.

It's also sometimes as simple as going to Control Panel -> Add Remove Programs and finding stuff that might (at first glance) look like a normal program, but is not (such as all the crap installed with Kazaa).

Good luck...

 

[WoodPeckr]

ycghiydvo, excellent advice

Had a similar problem a few months back. Was getting all kinds of pop-ups after just turning on my PC and doing nothing more, not even going on the internet. After checking my startup programs in msconfig I found a suspicious program called "win servrs," was inserted somehow, which was causing all these problems. Once removed everything was back to mormal. Ad-aware never caught it.

 

[ycghiydvo]

Don't mess with the registry...

unless you know what you are doing... there are other ways to try and get rid of this stuff, but the registry, if fouled up, will mean wiping your hard drive and reinstalling everything from scratch... I have done that and it is no fun...

If you really feel you have to go and do the registry thing, make sure you back it up and know where the back-up is just in case, but again, I do not recommend it...

Ad Aware and Spybot S&D are great programs, but like virus protection, they need to be updated constantly and can't catch everything...

 

[jwmorrice]

Another programme to consider is the free SpywareGuard. Someone here on Terb recommended it several months ago. Unfortunately, I can't credit that individual as I couldn't find the thread where it was mentioned.

Anyway, here's the link: http://www.wilderssecurity.net/spywareguard.html

jwm

 

[pico]

Be Carefull!!!

These new infections are being called "parasites" because they are not detected by AV software. If you don't remove them completely (for example the registry entries), they will reload themselves the next time you log on to the internet.

I had this happen to me a few months ago. I kept deleting the files and the toolbars/popups would always reappear the next day.

If you have an unwanted toolbar on your browser, do a google search for the company name (for example "looksmart", or some other such name) and you should be able to find a whole bunch of info on how to remove them.

"ycghiydvo" gives some great advice. Just be careful when you are working the the registry!!!

Good luck!

 

[oldjones]

Attn fellow MacSnobs: Any of this at all familiar? Do we minority computer users escape targetting again?
The fix sure sounds complicated and manly though doesn't it? Sorta like Darren McGavin descending to the cellar to fix the old coal furnace in Christmas Story.
Best of luck, janhammer Our differences get ignored by the big cyberworld so consistantly that I at least, take childish delight when it's an advantage.

 

[Alucard]

well it all has to do with what you have installed on your system. yeah you have a bunch of security programs but half of them make things worse by opening up more holes. I suggest you format

 

[Speedo]

I use a program called SpySweeper. I have the paid subscription version, and it runs in the background, giving me the option of updating definitions when they become available (much like anti-virus programs). Once a week, I schedule a sweep, and it will tell me what spyware is safe to get rid of, and what I need to retain.

Here's the link:

http://www.webroot.com/wb/products/spysweeper/index.php