 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
I am afraid my computer is going to have to go to the "doctor". I even purchased "Webroot Spysweeper". It found a lot of traces and some trojans but now the downloads are .ipg's and other junk. Can't seem to win with this one.
Discussion is locked
of programs suggested? A repair shop will charge $100-$150 to fix what you might be able to do free of charge.
Am using Gateway ME, Intel 1000MHz, Pentium III processor and motherboard, 128 mb memoru module, 20 GB 5M Ultra ATA Had drive. i downloaded and ran all suggeted programs - Spyblaster, spysweep, and Trojan Hunter. Trojan hunter "suspects" 3 files: \windows\system\smgrt.exe, suspicious UPX packed file in windows systems file; \windows\HWCONFJG.dll/70kB.exe, possible trojan downloader, and \windows\system\USTCSBUF.exe - possible trojan downloader.
We use Norton Internet Security 2005 which does not pick up these items.
Firstly, cookies were being downloaded in Temp Internet files; Later the downloads began to download as pictures - with my very limited knowledge i thought it was because any website was added to parental control blocking in NIS. I don't really know.
Tonight i deleted SMGRT from the programs that were running and so far tonight nothing out or the ordinary appeared in the temporary internet file - can't receive e-mail though.
I will go to the referenced site. Thank you for helping me - in spite of all of this. I really appreciate it this is all so new to me.
1. IMHO, you can spend $1,000s of dollars on utilities that are supposed to keep a system clean but it's like pouring money down a dark hole. Some may be pretty good in the beginning but unless it's updated daily/weekly, or each time it is run, it is only going to perform those function in which it was initially designed. I'll only believe there is a single utility worth having when I use it and know it has and will continue to eradicate anything thrown at it futuristically -- an impossibility in my opinion in our ever-changing world.
2. It appears you did not take to heart my information posted in the previous "thread" posted here. However, I do not understand your current plea as written unless it concerns invasions of some sort, but what do you mean by "downloads are .jpg's and other junk":
"It found a lot of traces and some trojans but now the downloads are .ipg's and other junk. Can't seem to win with this one."
3. Please let me chastise you in the form of helping you ask questions in the future. Please note that just above the text editor (where you enter a question on the forum) is the following paragraph, and if certain information is not present in your question, our reply may not be of much help:
Tip: If you are asking for help to troubleshoot a computer-related problem, please be sure to include all the necessary information (ie: operating system, model number, hardware, software, etc) that will help others identify your problem for a speedy resolution.
Note: You do have the option of using the hyperlink "Edit My Profile" on the right side of the main page to fill in applicable system information so that it is available any time you post a message. If we think we need to know more, we can look.
* * * *
1. You may experience any one or more of the following symptoms when deceptive software such as spyware or unauthorized adware is installed on the system, [Q827315]:
? When you start your computer, or when your computer has been idle for many minutes, your Internet browser opens to display Web site advertisements.
? When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
? Your Web browser's home page unexpectedly changes.
? Web pages are unexpectedly added to your Favorites folder.
? New toolbars are unexpectedly added to your Web browser.
? You cannot start a program.
? When you click a link in a program, the link does not work.
? Your Web browser suddenly closes or stops responding.
? It takes a much longer time to start or to resume your computer.
? Components of Windows or other programs no longer work.
WARNING: As always, make sure every utility you use is fully updated. In addition, if you've never been through an eradication process, you're in for a surprise.
2. First, please read the article concerning "Unsolicited Commercial Software."
3. Second, perform as a minimum the first five items listed below. And note, there may be enough intrusion to cause all kinds of frustration in getting these programs to install and then clean a system. If there is a huge amount of cleaning to perform, limit the amount removed at one time and run the program again. If the programs don't install correctly the first time, uninstall from the Add/Remove applet in the Control Panel and install again.
Note: If you try using CWShredder, HijackThis, as well Spybot S&D, Ad-aware and several other anti-spyware utilities and a trojan is installed which prevents their running, download PepiMK's "CoolWWWSearch.SmartKiller" removal tool, uncompress the zip file and run the program. In fact, this is the very first thing I would do anyway.
Caveat: Problems connecting? Try the "Computer Cops" site and find the files in question.
a. "Housecall."
Note: If Housecalls doesn't run for whatever reason, you might as well abort and go to the next and try this site later.
b. "Adaware." Your attention is invited to "Unable to Log On To Windows XP After Removing wsaupdater.exe."
c. Spybot S&D:
Note: Receiving an error "SO Exploit: . . ." (data source object) caused by the active secutity setting "Download unsigned ActiveX controls", it could be set to "Disable" or "Prompt" or ignore the produced error.
d. "CWShredder v1.59.1" or "CWShredder v2."
Warning: It is being reported in the "Virus Alerts" forum, "Testers from several security forums are reporting issues with the new CWShredder (version 2). It is recommended to use the original program until further notice."
e. "McAfee AVERTStinger."
f. "Hijack This" - 1 or "Hijack This" - 2.
Note: Posting a log concerning #f should only be at the direction of a forum moderator IMO. For your reading pleasure, "Hijack Removal", and the Viruses and Security Alerts Forum moderator's message concerning "HiJackThis log postings." In addition, you may find the site "Help2Go" informative concerning certain problematic items and receive recommendations but use their suggestions with caution or else. . .
4. Download and use "IIEFix" - a general purpose fix for Internet Explorer (Win 98/ME/2000/XP):
a. Registers Urlmon.dll, Mshtml.dll, Actxprxy.dll, Oleaut32.dll, Shell32.dll, Shdocvw.dll, [Q281679].
b. Refreshes Internet Explorer using IE.INF method. Note:
(1) "Unable to Install Internet Explorer 6 on Windows XP (Q304872)"
(2) "How to Reinstall or Repair Internet Explorer and Outlook Express in Windows XP (Q31837
"
c. Initiates "SFC /Scannow" (Win2K&XP), [Q310747].
5. The article [Q320454] discusses and contains information about the "Microsoft Baseline Security Analyzer" tool (MBSA) (click to see a screen shot) that centrally scans Windows-based computers for common security misconfigurations and generates a "report" (click to see an example).
6. "ShieldsUP" is the Internet's quickest, most popular, reliable, most powerful, complete and trusted free online Internet security checkup and information service where at this site you can check your system for vulnerability and begin learning about using the Internet safely.
7. Supplemental reading:
a. "Setting Up Security Zones."
b. "Chapter 27 - Security Zones."
c. "Changes to Functionality in Microsoft Windows XP Service Pack 2."
d. "Basic Spyware, Trojan And Virus Removal."
e. "Removal Instructions for . . ." is a helpful site that will be helpful in your learning more.
Think you maybe going on a bit of a witch hunt. Everything you see on your screen is downloaded to your computer - and a lot of the pictures you see are downloaded to your temp folder in jpg format, so these are not trojans.
As for deleting files which have been noted as suspect by your spyware program - most spyware programs allow these files to be "quarantined" - meaning they are deleted and a backup is made and stored in a safe folder just in case - if not backup the files manually and see how you go.
Regards
Peter
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic