I just want to share my recent experience..


I know this isn't photography but without my computer there will be no photography!!

While brousing a site online Norton antivirus software told me I hade a malicious script. I exited the search and ran Norton scan. When I tried to go back online my home page was changed to a advertisement page. I then got pop ups telling me I had spyware installed and where to go to get a fix. I tried several packages including McAfee spyware software and then tried one Scottes recommended "Ad Aware" McAfee found 2 spyware programs and I eliminated them. Ad Aware found 56 spy programs and I eliminated them. I still had the problem. It appeares that Internet Explorer is corrupt and Win XP will not let me del it. Scottes also recommended another brouser "Mozolla" and that works well with no problems but I still cannot use Internet Explorer. I tried to reload XP but it won't let me saying that the previous installation was incomplete. :evil:
I guess I will now have to purchase a full version of XP (current XP is a upgrade) and try to reload XP on top of what I have, hoping not to loose too much. Or I may have to format and start from nothing.

I spent 31 years in the Computer industry. I HATE COMPUTERS :D

But I cannot live with out one!!!!@#@#$%%^^^&


JZ

Sorry I just realized that I posted in the wrong forum :oops: :oops: :oops:

CDS can you plz move this to gen chat :oops: :oops: :oops:

Before you do all that, try to go into Tools>Internet Options and restore all the defaults.
Then go into:
Start>Run> type "msconfig">Enter and check what's in your Start Up. Uncheck anything you don't absolutely need to run your computer. Reboot. If that solves your problem, then add back items one at a time and check to see if the problem recurs. Than just leave out(uncheck) the offending program.
Good Luck,
Scott

Jerry,..

Describe the symptoms of the "malicious script"?

I've had a few run ins in the past... :roll:

spybot usually finds what adaware doesnt on my machine
http://www.download.com/Spybot-Search-Destroy/3000-8022-10289035.html?tag=lst-0-3

can you see any trends in the names, file names, or ads being displayed?

for a short time, get another browser to use, http://www.mozilla.org/products/firefox/ would be a good choice, and you can skin it to look just like ie, at least to hold you over till you get ie fixed...

check you program files for anything super weird, sometimes they create folders and such in there to hang out, i had a toolbar that stashed itself in there ones, pissed me to hell off...finally i found the darn file...

I agree with Scott and Blinking, setting IE back to defaults and running BOTH Adaware and Spybot. Spybot can be a nuisance somteimes asking you if this or that is allowed to make Registry changes, but that can save you a lot of grief too. With Spybot you can also "immunize" your computer, blocking scads of malware automatically.

Your Browser probably got "hijacked" and Spybot may be able to recover it and block future attempts.

I spent 31 years in the Computer industry. I HATE COMPUTERS :D

JZ

:

You need one of these :D :D :

http://www.machineco.com/Press_Screw-type&Fly_mech_10t_die-cutting2.JPG

Friend of mine runs a tuning shop. When computers, cordless phones etc. start playing up he shows them to the fly press. If they still play up, he puts them in the fly press and exerts something like 15 tons of pressure to them. As he says, "That told it !!"

:D :D

Cheers

Ian

Thanks for the replies. Norton said it detected a Malishous script when the problem occured but wouldn't find it or delete it. The symptom is that when useing internet explorer it goes to a advertisement page and I get pop ups saying I have spyware intsalled and it showes where to get software to handle it. I used McAfee Spyware software, Ad Aware and now I tried Spy Bot. The system works fine if I use Mozilla as a brouser but after setting IE to the correct home page it is changed back to the advertisement page. All spyware tell me I am clean. I guess the IE is thaken over by a spyware but I cannot clean it.

Warning Warning Warning,, don't go there T

This is where IE is sending me no matter what option for home page I set. It will work once and then changes back to this link below

res://zgysw.dll/index.html#96676 don't go Here

I guess I am stuck with Mozilla or a full reload of XP


Ian,,,,,I like your idea better and better!! :lol:

JZ

2 weeks ago it took me 4 days to get rid of the spyware my daughter exploded on my computer (and hers, but I haven't fixed hers yet). I downloaded 3 spyware programs. None got rid of it. I finally found the offender, Clientman, and did a search for it, which gave me the files and registry entries it makes to stay on your system. Had to delete each on individually. Just when I thought I had it beat it would repopulate itself within seconds. Did more searchs, found more files, finally got rid of them. And it just drives me nuts that you pay for someones spyware program that claims to remove all, and it doesn't!!

My daughter is not allowed on my computer anymore!!

Jackie

Jerry,

Give this a try;
http://www.spywareinfo.com/~merijn/cwschronicles.html

Use mozilla to go there.. the spyware scripts will block acces to this site..
I'm afraid what you are describing sounds a lot like the CWS virus -spyware... but there are soooo many variations it is certainly hard to say for sure.

Anyway.. this site is one man's battle against the single most malicious spyware out there... if it works for you PAY HIM VIA PAYPAL!!!

He is worth it. (i did :) )

For those unaffected but interested in a good read.. you may want to check this out too... it is quite an Epic battle going on.. it's like the cold war but more exciting :wink:

lol,.. Jery read this page;

http://www.spywareinfo.com/~merijn/index.html

June 18, 2004:
Please stop emailing me about the new CWS variant that hijacks you to res://<random>.dll/sp.html#96676. I am aware of this new thing, but it's a beast to remove.
A solution is being worked on, see this thread on the SWI forums.

If it's not working for you, or it's too complicated, I heard from several people that this workaround works as well:
Open the DLL you get hijacked to in Notepad
Select all content (Ctrl-A) and delete it
Save the file and exit Notepad
Find the file in Explorer, right-click it, select Properties, put a checkmark in 'Read-Only' and click OK.
If you can't find the DLL file, make sure your settings allow you to view "Hidden files". Open up any explorer windows and click on "Tools", "Folder Options", "View" and be sure to check off "Show Hidden Files and Folders".

So yes.. you have the CWS trojan on board.. and it is the single most malicious spyware/trojan in the wild... and.. it seems you have the very latest version.

Jerry, jerry, jerry... what software were you trying to downlaod a hack for? Capture1?? :roll:

lol,.. Jery read this page;

http://www.spywareinfo.com/~merijn/index.html

Jerry, jerry, jerry... what software were you trying to downlaod a hack for? Capture1?? :roll:

Yes it appears I have it. Trying to figure where I got it :? I was searching for photography, got a porn site, hit X to leave and I think that is when I got the Norton MSG about the malishous script..

I think at this point I will only use Mozilla and stay away from IE. Maybe someone will find a fix for spyware this virus. I think it is time for me to get the full version of XP and re-load everything from scratch. That way I can recover easier if antivirus or anti spyware doesn't fix a problem..

Sorry Guys, I cannot tell you for sure where I got it, but if you find fyour home pade hijacked and you keep going to the above address, Just change brousers right then and save a bunch of headaches!! until a fix is found.

JZ

Just an update..

I reloaded Win XP and the problem is still there. Evidently it only adds what is missing and does not over write everything even though it took 1 hour to load...

JZ

Did you try the fix listed above?

Alternatively.. I am sure CWS Shredder will incorporate an automated fix in the near future.

CDS, thanks for the link.. Yes I did go there but it appears they don't have a fix for this one yet!! Lots of ideas but no one clames to have found a fix :?

I can bide my time now that I have Mozilla :D

I suspect McAfee will have a fix soon also...

Jerry

Jerry, one last thing. After you download AdAware, click the "check for updates now" link on the starting page of the program. Even if you downloaded the program 5 minutes ago, there will most likely be an updated database which might include a remedy for the stuff you're dealing with.

Thanks Tom. Yep I updated them all and tried that,,
McAfee
Ad Aware
Spybot
CWShredder
+ 2 others I forgot :?

Why is it these folks think we would purchase from their site when they trash our brouser???? I wish I had a way to flood their site with e-mail and let them see how it feels. I did sent them a bunch of mail but it is just ooo much trouble :? My e-mail wasn't very nice :lol:


Think I'll send another x rated e-mail........
JZ

I found the company that put out the spyware I was infected with, and first sent them a threatening email, and then everytime their spyware redirected me to another page, I copy and pasted the url into an email and sent that to them too. Needless to say, they got quite a bit of mail from me - but I figure they eventually put me on their block sender list.

Jackie

Jerry,

About a month ago, my adult son's 1 week old laptop was taken over by adware, rendering it almost totally useless, opening page after page of crap. I couldn't remember the sites to download AdAware or Spybot, & did a Google search. I was directed to sites which just didn't look right & fortunately didn't download from there. When I finally got to the correct sites, I was able to download the programs, & get rid of all the garbage.

Make sure that you are downloading Spybot from a site you're familiar with. I used cnet.com. Download AdAware direct from the vendor at www.lavasoft.com.

Also, some viruses hide in Windows XP System Restore & the only way I know around that is to disable System Restore. Obviously, back up any critical files, just in case, disable it, then run all your adware/spyware/virus programs, and hopefully, you'll be back in business. Also Symantec has a free web-based virus detection program you can try to run, & I assume McAfee & others do also.

Good luck

As law and law enforcement happy as the US is, I've often wondered why more hasn't been done about the authors of spyware, adware, malware, worms and viruses. Their works are certainly damaging enough, and you could even consider it as a form of terrorism.

It's also surprising that none have been lynched, mobbed, assasinated, beat up, drive by mowed down, blown up, tortured, maimed or burned at the stake.

What I have heard though, is that if caught, when released they are assured of a high paying job at Symantec, McAffee, Microsoft or the NSA.

Strange world... :roll:

Update

Could not believe it. I was in Compusa and the Microsoft rep was there!! I talked to him about my problem and he didknow that there was one. It was discovered last Thur. ( I think that is when I got mine) He thought Spybot had a fix but I tried it and it did not :( He did feel that Spybot was one of the best spyware removal programs out...Its aslo free. They ask for a donation and they will get one when they do in fact fix my problem. I guess I will still just wait and ck for updates every so ofter. He did say that the spyware software should be run with the system in the safe mode!!!!! in order to catch everything..

JZ

Well, I wish that you'd find a solution soon. Other than that, I must say that I'm pleasantly surprised that the MS rep recommended Spybot. I run it occasionally, as well as AdAware and seek out updates frequently.

You need to eradicate this monster, that's for certain.

PS - I downloaded a new update for Adaware yesterday, but I don't know how old it is. You may wish to check.

Safe mode. Thank you Jerry, that's a valuable tip.

I feel daft asking this..
Just out of curiousity, would an fdisk, format and reinstall sort it?

I feel daft asking this..
Just out of curiousity, would an fdisk, format and reinstall sort it?


Yep,, that would do it...my problem is my XP is an update so I would have to install win98 first then XP,,take a bunch of time. I think if I don't get a fix soon I will buy a full version of XP,, Take about a hour and half to install then have to reinstall all programs :? ,, probably most of a day..

Boy would I like to get ahold of those #$$%%^^&

I did sent 100 repeat E-mails to the address at the bottom of the add page screen :D :D :D :D :D :D

Might send 100 more.. Also sent some to the major folks on the ad page,, such as Gateway, Dell, etc..

JZ

Yes.. the drastic measures will certainly sort it.. the trick is to solve the problem wihout creating days of work for yourself with reistalling etc...

Spybot - Search & Destroy - worked miracles for me .... that and uninstall IE, its crAP!! only use Mozillas Firefox!

Good luck

Jerry - just to let you know that AdAware has a new update, dated June 27, 2004. With any luck, it includes your problem.

Update

A recent update and scan by Spybot fix'd the problem for 2 tries with IE :(

It keeps coming back.......%^%^&**((

If the experts don't get a fix this week I think I'm getting a full ver of xp and starting with "Format" :D

At least Mozilla works....

Also found out that my XP firewall was not available.. Something trashed that also.. I did install norton firewall..


Tried to use Foxfire.. It wouldn't connect with the internet :?

JZ

Update

A recent update and scan by Spybot fix'd the problem for 2 tries with IE :(

It keeps coming back.......%^%^&**((

If the experts don't get a fix this week I think I'm getting a full ver of xp and starting with "Format" :D

At least Mozilla works....

Also found out that my XP firewall was not available.. Something trashed that also.. I did install norton firewall..


Tried to use Foxfire.. It wouldn't connect with the internet :?

JZ

Oh man.....

That's bad. Whatever it was/is, its more than just spyware. Its a freakin' virus IMHO!

7/2/04

UPDATE

Loaded a update for AD Aware and it appears to have resolved the IE home page changing issue for me.. The IE forewall is still not available and I can't reload it.. Think I will stick with Firefox until the IE forewall problem is fix's

JZ

Some preventative tips.

Products:
AdAware, SpyBot, and SpyWareBlaster

Settings:
Disable "Active-X" completely!
Replace MS' poor excuse for Java with the real Sun Java.

Jerry, have you tried running Regedit? Delete every occurance of the offending url from your registry, see if that does anything.

Great thread ....

I had NO IDEA :shock: that I had some of those malicious programs on my PC.

Best regards,
Andy

That UPDATE I didn't want to give. Couldn't fix the XP firewall problem..Bought full ver of XP. Did a format and reload!!! Put in Norton PC security before going on line for first time. Took better part of first day.

THEN!!!! While re- loading my pictures the monitor blew up :?

Yep it said POP!!! and quit..

Got new monitor now :D , new software , new hard drive,, new every anti something software I can load :lol: As of now everything seems ok.. But I now need another back up hard drive.. For some reason I cannot get the system to recognize but one HD. I think it is because the second one has a system on it..:?

I just finished processing a few pic's for a test.. Wow a lot of work because of a virus!!

Ok I can do photography again :D :D

JZ :?


Lets hope this thread dies a quick and natural death!! :D

Well, when some system problem has forced me to clean install everything, replace or upgrade some components(s), get some new goodies, it's a bummer in the beginning, but in the end it's "Clean machine! New goodies! He-he-he!" :D

...as long as I didn't lose any valuable data...

Congratulations on surviving the ordeal and coming out roses!