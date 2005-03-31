Windows Legacy OS forum

by denille / March 31, 2005 4:37 AM PST

Ok... I need assistance from the real Techie wizards.
My kids` computer is cracking under a problem Ive not detected before.
I`m running up to date PCCillin (always running) Virus scanner, and running Panda Active scan online... once a week or more as a back up.
I run SPybot S&D ...Spybot TeaTimer... WinPatrol...Adaware SE.
So as you can see...i do try and keep my PC`s clean.
Anyways... my kids PC was attacked 2 days ago with viruses...downloaders.
I did all the usual...including switching off System restore. Ran all the stuff I have, and it says the system is clean.
BUT...
Every time I try to run IE, it gets hijacked and rerouted, and then the pop ups start. Its so bad, I cant even get to ANY webpage any more..its all redirects.
This means, my kids computer is now useless for web surfing, and I cant even download Firefox...because it wont let us use the IE browser.
The wierdest thing is...
I run PCCillin, spybot, and adaware, and it says my system is clean....and if I try to reset the home page to "blank" or "default - MSN" in my Internet options, it just immediately rewrites and sends the IE browser to these fake web pages.
Please...PLEASE>.. anyone with decent, easy to understand, advice?

thanks

Read this prior posts.
by R. Proffitt Forum moderator / March 31, 2005 4:40 AM PST
Collapse -
Try that
by Sanrick / March 31, 2005 5:12 AM PST
In reply to: Read this prior posts.

Another thing you might need to do is before you clean your system, make sure you DSC the internet. Some of these hidden files, first thing they do when booting the system is look for the internet. So, try to unplug the internet for a few and then Run the softwares to clean it up.

Good luck

Collapse -
RE; Malware problem
by caktus / March 31, 2005 5:02 AM PST

What is the URL of the page to wich you are being redirected?

Have you tried looking in the System Configuation Utility? Run > type MSCONFIG > OK > select Startup tab > uncheck any reference to 'ads' or the page to wich you are being redirected > Apply > OK. (It may be necessary to restart the computer for any change to take effect)

or

Add or Remove Programs? Start > Control Panel > Add or Remove Programs > select any program that refers to 'ads' or the page to wich you are being redirected > select Remove and follow the prompts to complete the removal. (It may be necessary to restart the computer for the change to take effect)

Collapse -
Save yourself some headache
by matthewmanning / March 31, 2005 5:30 AM PST
In reply to: RE; Malware problem

Reformatting might save you some time on this one, and stop useing I/E until it gets patched up. This is what I had to do to get rid of the crap , after running every removal tool known to man and still had the problem.

Collapse -
Simplest and fast solution to spyware, malware
by scorpsteals / March 31, 2005 8:30 AM PST

Simplest solution to all spyware, malware is system restore. Make sure every time you have system restore points available. And whenever you have ben attacked by spyware run system restore and restore your computer to the day before your somputer started behaving indiferently. For those who want to know more about spyware removal using system restore read this
http://www.wintipz.com/XP/RestoreOperatingSystem.htm

Collapse -
update
by denille / March 31, 2005 10:32 AM PST

I`d like to thank everyone for their help.
So far, I have read every post, followed every link, and taken on board every suggestion.

I have used ALL of the programs suggested in the links, I even resorted to the excellen, but dangerous for the unadvanced user, Hijackthis.
I even downloaded the Microsoft Anti-spyware Beta program (this i s pretty damn excellent).
So far..
Spybot S&D
SpyBot TeaTimer
System Restore
Adaware SE
MS Anti SPyware
Stinger
CWShredder
PCCillin - Trend Micro
Panda Activescan.
Ive disabled, enabled, re-enabled, unplugged, replugged, switched off, switched on, rebooted, reset, hard reset, soft reset.

Ive cleaned almost everything...except ... Search Assistant.
No matter what I do, within 1 minute of rebooting, I get a pop up advert... and as soon as I run HijackThis, there they are again (after having removed them) 3 entries R0, and R1, related to search assistant.
Obviously, it is hiding somewhere, and after 8 hours solid... I have absolutely no idea where to look or what to do now.

I dont want to do a reformat..that is defeatism.. so far today I have removed and cleaned a total of 227 Malware, Adware, spyware, and Trojans.
I`m only ONE step away from a clean system...please..can ANYONE help?
HijackThis

Collapse -
denille
by roddy32 / March 31, 2005 10:43 AM PST
In reply to: update

Bring your HJT log to one of the forums that deals with search assistant everyday. There is more to getting get of it than just clicking the buttom on HJT. Please be patient with whichever one you bring it to though, they are busy.

http://www.computercops.biz/

http://forums.spywareinfo.com/

Collapse -
(NT) (NT) Don't forget to refomatt after none of this stuff works
by matthewmanning / March 31, 2005 10:30 PM PST
In reply to: denille
Collapse -
clean spyware
by BigMike / March 31, 2005 10:50 PM PST

After all cleaning / scanning programs are updated disconnect from internet...pull the plug. Then Explore to doc/set/user who is infected/
delete all cookies
now to local settings/ ~ you may have to go to tools /folder options/show all files so you can get to local settings ~
delete all temp files
delete all temp internet files
delete Recent files

Now add/remove programs
uninstall all search bars.

Got in to msconfig
google any entry that you are unsure of. remove what is unneeded.

scan with everything.
restart
double check msconfig in case something came back.
scan again this will remove anythig left behind.

And as mentioned before HiJackThis. Do not install it to a temp folder, make one for it.


M

Collapse -
Spybot and Hijackthis conflict
by bbobb / April 1, 2005 9:04 AM PST

If you have enabled Spybot's TeaTimer you'll get the occasional global settings change message. For example this will occur if you do a search for any file on your computer after installing spybot for the first time (you would click "allow" in this case). The problem with these messages is that some of them are incomplete, that is you only see a partial message in Spybot's dialog box. This particularly applies to the location of the file or registry entry. Spybot will immediately detect any changes you make with Hijackthis. If you interpret the question incorrectly and make the wrong selection (allow or deny) you could in fact be preventing Hijackthis from doing it's job. Disabling Spybot won't work, it will still remember the original settings and will prompt you for the change once it is enabled. As good as it is, I occasionally uninstall Spybot to complete the job, and then reinstall it.

