HolidayBuyer's Guide

Spyware, Viruses, & Security forum

General discussion

What is the Best Thing to Do?

by Idealsummerluv / December 16, 2004 7:58 PM PST

Hi,
I have a Dell Dimension 4600, running WindowsXp. I created this problem myself because I downloaded a few desktop themes and now have spyware. Also, maybe my kids added to this with their aim buddy icons/themes.

McAfee found a trojan "Exploit Byte Verify" in my daughter's settings. I can only quartine this file, not delete.


I also run adaware and spybot which have uncovered dso exploit, alexa, and wild tangent.

In the past, I got rid of spyware by signing onto windows and going into themes and deleting them. But when I try to sign onto my screen name, much of my computer screen is black!!!!! I simply cannot get into control panel and delete because I can't see.

My daughter has her screen name and is having the same problem. I can only sign onto xp with my son's screen name. (no black). But I cannot get into the themes I need to delete.

I've done a search on my computer for dso exploit, and so far it has found 56 files containing Dso Exploit. (searched hidden files/folders). These files all appear to be in documents/settings. The first part of the files say " fixes or checks" but the first few files say " statistics and configuration settings."


My questions are: Can I now go in and delete these files? Which ones should I not delete so I don't screw up my computer? Is there a way to delete multiples files at once? And would I do the same- search for alexa and wild tangent and delete them?

I am sorry for the long post and questions.

Idealsummerluv

Discussion is locked
You are posting a reply to: What is the Best Thing to Do?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: What is the Best Thing to Do?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Spybot files
by Idealsummerluv / December 16, 2004 8:03 PM PST

Sorry,

in looking further, I realize these files are logs from spybot. I don't have time to search alexa and wild tangent right now.

Idealsummerl

Collapse -
Hi
by roddy32 / December 16, 2004 8:42 PM PST

The WildTangent may be parts of your kids games. It is considered to be spyware by some but gets packaged in many new HP/Compaq computers and also some others. What I did on my Compaq was right click and exclude it from future scans. I have talked to some people and they had problems when it was deleted so I would NOT do that. Let Spybot "Fix" Alexa. Also let it "Fix" all the DSO Exploits but some of them may come back due to a bug in Spybot. The original DSO Exploit was a vulnerability that Microsoft issued a patch for at Windows Update some time ago so make sure that you have ALL critical updates from Windows Update installed. This my what you should also do about the DSO Exploit.That is a bug in Spybot. There has been a beta fix released for it. Just download it on top of your current version. It will change your version to 1.3.1TX After you download it, run Spybot S&D, let it fix the exploit, then reboot and run it again. It should be gone, if not, just put it into ignore until Spybot comes out with a permanent fix for it which should be soon. I'm not sure if the rebooting is totally necessary but it seems to work better that way.
http://www.majorgeeks.com/download4392.html

Good luck and please post back with your results.

Collapse -
Further about Wild Tangent
by MarkFlax Forum moderator / December 17, 2004 8:03 AM PST
In reply to: Hi

Wild Tangent is often required to play Shockwave Flash games from http://www.shockwave.com/

It is possible that one of your children registered on the shockwave site and periodically gets emails from them advertising new flash games.

They look very inviting, (I know from experience), and can be played online or downloaded and installed on your computer quickly and easily, but they need the user to sign up to Wild Tangent before they can be played.

If this is the case with you or your children, you will need to explain to them about the emails and to avoid downloading further flash games.

The trouble is, not all of the flash games from Shockwave need Wild Tangent, but it is difficult to decide which does or which doesn't until you attempt to play/install the game.

Mark

Collapse -
Thankyou, Still Stuck
by Idealsummerluv / December 18, 2004 8:17 AM PST
In reply to: Hi

Hi,

I wanted to thank you both for responding to my post.

Spybot reports nothing at this time. However, when I sign onto windowsxp on my screen name, it is still messed up with the black stuff. And that beautiful Christmas theme is still there.

When you run these spyware programs- don't they remove all spyware on the computer or is it only removing the spyware who is currently signed onto Windowsxp?

Like I said before, I cannot sign onto my screen name on windowsxp because there is too much black. And I had tried to change theme and also run a couple antispyware programs, but I couldn't see what the heck I was doing....................

Idealsummerluv

Collapse -
Try this
by roddy32 / December 18, 2004 8:34 AM PST
In reply to: Thankyou, Still Stuck

You may have something that neither McAfee, Ad-Aware OR Spybot can remove. We've got to know exactly what this screensaver is or where it is from or whatever other info you can give us. You COULD also try booting into safe mode and scanning all of the accounts with all three utilities. I realize that will take a while but unless you can get us a little more info, I'm not sure what else to tell you. You could also try a TrendMicro Housecall scan and make sure you choose "Auto Clean".

directions for safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/1999101916343139

Housecall
p://housecall.trendmicro.com/housecall/start_corp.asp

Collapse -
bad link
by roddy32 / December 18, 2004 8:37 AM PST
In reply to: Try this
Collapse -
We were hoping those suugestions would work
by MarkFlax Forum moderator / December 18, 2004 8:43 AM PST
In reply to: Thankyou, Still Stuck

but it seems not. Sorry.

Looking at your first post again, I am not entirely sure I understand the whole problem.

Is it just the Windows Welcome screen? Or is it your desktop as well after you have managed to log-on?

If it is just the Windows Welcome screen, (where the screen used to be blue, and all the users were listed with an icon besides each), then there are things you can do to change it.

I have posted some sites below for you to look at at your leisure. But I must warn that one or two of them suggest changes to the Windows registry, and for the inexperienced, changing the registry can be forboding and dangerous. You should back-up your registry, (Export it to a safe folder), before making any changes. Have a look at the Microsoft site for advice how to make changes to the registry; Click Here for the Microsoft site.

The first site is here: http://8help.osu.edu/772.html
This may solve your problem in the most simplest way.

The next site also looks promising; http://www.updatexp.com/tip12.html

And the third I found is here; http://www.iamnotageek.com/a/58-p2.php

Once you have been able to change the Welcome screen, perhaps then you can check your Display Properties in the Control Panel for any rogue Themes or Wallpapers/screensavers.

Good luck,

Mark

Collapse -
Ohh,
by MarkFlax Forum moderator / December 18, 2004 8:44 AM PST

And do what Roddy suggests, Happy

Mark

Collapse -
Seems Okay Now
by Idealsummerluv / December 20, 2004 11:32 PM PST

Hi,
When I'd signed onto Windows welcome screen, both the welcome screen and desktop had black portions, as well as the pages I tried to visit. For instance, my aol email was black.

I want to thank you guys for your feedback and suggestions. Could not seem to find where I'd downloaded those Christmas themes.

What I did this morning was to go on Windows xp and delete that user account, plus delete files associated with that account. (although I had option of windows saving thoses files). Then I created new user account with bascially the same name. It seems okay now. Do you think the spyware got deleted??????????


I would like to know how my sign got himself signed up as an administrator screen name. These kids are going to give me a heart attack some day.

Thanks,
Idealsummerluv

Collapse -
Seems Okay Now
by Idealsummerluv / December 20, 2004 11:33 PM PST

Hi,
When I'd signed onto Windows welcome screen, both the welcome screen and desktop had black portions, as well as the pages I tried to visit. For instance, my aol email was black.

I want to thank you guys for your feedback and suggestions. Could not seem to find where I'd downloaded those Christmas themes.

What I did this morning was to go on Windows xp and delete that user account, plus delete files associated with that account. (although I had option of windows saving thoses files). Then I created new user account with bascially the same name. It seems okay now. Do you think the spyware got deleted??????????


I would like to know how my son got himself signed up as an administrator screen name. These kids are going to give me a heart attack some day.

Thanks,
Idealsummerluv

Collapse -
Kids are
by roddy32 / December 20, 2004 11:53 PM PST
In reply to: Seems Okay Now

pretty smart LOL. I'm not really sure if deleting the account deletes the spyware but I'm sure someone else can answer that. I would suggest though, if you have not done it yet, to disable system restore which will clear any restore points that have been infected and then reenable it.

Collapse -
Thanks
by Idealsummerluv / December 23, 2004 8:51 PM PST
In reply to: Kids are

Ty Rod.

Merry Christmas.

Idealsummerluv

Collapse -
(NT) (NT) You're welcome, Merry Christmas.
by roddy32 / December 23, 2004 9:08 PM PST
In reply to: Thanks
Collapse -
Java.ByteVerify.exploit is NOT a virus !
by Marianna Schmudlach / December 18, 2004 11:14 AM PST

but rather a method to exploit a security vulnerability in the Microsoft Virtual Machine. This vulnerability arises as the ByteCode verifier in the Microsoft Virtual machine does not correctly check for the presence of certain malformed code when a Java applet is loaded. Attackers could exploit this vulnerability by creating malicious Java applets and inserting them into web pages. These web pages could be hosted on a site by a malicious web master, or could be sent to users as an attachment. To read more about this issue, and to download the necessary patches, please visit:

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

Collapse -
Undo.reg File for Cleaning Up Trojans
by Marianna Schmudlach / December 18, 2004 12:34 PM PST

because spyware and some viruses can damage the registry that causes .exe files to execute, please download the "Undo.reg" file from the link below to your desktop. Once it's there, shut down all background programs, then double click on the file to allow it to "merge" with your registry. It should fix the problems and allow .exe files to run again.

Undo.reg File for Cleaning Up Trojans
http://download.nai.com/products/MCAFEE-AVERT/stand_alone/undo.reg

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.