Highjackthis and spyware removal resources and tips.

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I have often looked for fixes to spyware, adware and browser hijacker problems, and almost always come up with countless Google results to links leading to highjackthis logs. I'm posting this thread as a place for the experts to offer and add tips and resources to using highjackthis to do manual removal of hard to remove adware/spyware/malware problems.

To start, here's the link to what I believe JrzyCrim recently posted as being a current highjackthis version:

https://ssl.perfora.net/tools.radiospla ... ckThis.exe

I usually just download it from here because I like the instructions that are included:

http://tomcoyote.com/hjt/

His forums are another great place to get help with your highjack this logs.

Some definitions:

Running Processes: Processes that are active and running in the background and/or foreground on your computer. Some start automatically when you start you your computer and others start when you have applications running.

BHO: Browser helper objects. Some are good some are not. Often times you will find a lot of your problems related to one of these.

DPF: Downloaded Program Files. Basically same as above. Some are good and necessary, but others may be what are causing your problems.

A lot of things can be identified by searching Google.

Your running processes, for example can usually be searched by typing the executable file name into Google.

A quick resource to identify running processes is here and it's the one I use the most :
http://www.answersthatwork.com/Tasklist ... sklist.htm

Click the letter of the first letter of the filename and scroll 'til you find it.

To date the best resource I have found for BHO's (Browser Helper Objects) is here:

http://www.spywaredata.com/spyware/bho. ... ent_page=0

Unforunately this page is not indexed in a completely user friendly manner, but the list is exhaustive and I use it religiously. Basically, BHO's have a unique code similar to this format: {00000000-0000-0000-0000-000000000000} and include a path to a .dll (dynamic link library) file associated with it . At this particular resource, the files are indexed first numerically, then alphabetically by the unique code and unfortunately, you may need to search through several of the page links to get to where you can find yours. Once you do, you can find the .dll file listed in your log and it will be identified as either a parasite (in which case delete it), pending ( probably OK to delete, but might want to ask for advice) or good, in which case leave it alone.

I'm hoping that JrzyCrim will also shortly add his tips on using command prompts for taskill as that is a very handy tool to stop tasks when you can't access taskmanager. I've seen him use a dozen other tricks as well as labrego and MOC lately and hope others will contribute to this thread so people can better learn to understand how their computers work and how to fix them without having to reformat and start from scratch.

//added note: please do not post logs in this thread. Use this thread for tips and resources only - thanks
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

An added note based on what JrzyCrim pointed out here:

http://www.ozzu.com/sutra123821.html#123821

Although I won't necessarily say that I think that the hijackthis logs are "destroying" search engine results, I can certainly agree that they are frustrating, because there is a lot of reading involved to see if the solution offered fixes your problem.


That's another reason I started this thread. I would much rather see people learn to use and understand such a resourceful tool without having to post their logs all over creation to get help and answers. Although I've come to appreciate results that give answers with logs, I've also found myself frustrated when I'm looking for a quicker answer.

One thing, I'm sure all of us agree on is that you should regularly use spyware removal tools such as Adaware, Spybot S&D, CWShreader and others that have already been posted and suggested numerous times here at OZZU.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I'm pretty new to Hijack-This myself and basically fly it 'by the seat of my pants'. I rely on Google a lot for finding information about suspicious items or items I know nothing about. However, the more logs I examine the less I have to rely on Google. I am an experienced computer user and I can usually sort out the suspicious bits from the rest. Google, or your search engine of choice, can be a valuable tool in identifying possible threats.

If your interested in learning more about Hijack This, tutorials can be found here:
http://forums.majorgeeks.com/showthread.php?t=38752
http://hometown.aol.co.uk/jrmc137/hjttu ... torial.htm
http://www.bleepingcomputer.com/forums/ ... utorial=42

Forums related to spyware/malware/virus:
http://forums.spywareinfo.com/
http://computercops.biz/forum67.html
http://www.wilderssecurity.com/

As ATNO mentioned, a command line tool I use frequently is Taskkill. This is a command line utility that comes with Windows 2000/XP Pro. Frequently, spyware\malware related files will set a registry entry to execute at startup.

Typically they are found in Windows\System or Windows\system32 and sometimes are 'hidden files'. They usually have a random file name like MWWRQOEBN.EXE or try to appear as a legitimate system file such as MSCRON.EXE; the MS at the beginning an obvious attempt at subterfuge. They often prevent the user from using the tools necessary to get rid of them such as Task manager, Regedit, msconfig and AV programs. This is where taskkill comes in handy. Before you can delete a file, you have to close the program; kill the process. If you can't use Task manager you have to find another way. If you know the offending file is MWWRQOEBN.EXE, then open a command prompt and enter:
Code: [ Select ]
taskkill /F /IM MWWRQOEBN.EXE

For more info about the command line options for Taskkill, type taskkill /? at the command prompt.

From here you can delete the file. More often than not, the file has had it's read only and hidden attributes set. This makes it slightly more difficult to delete but not much. A command like this usually will take care of it:
Code: [ Select ]
del /F /A:H C:\windows\system32\MWWRQOEBN.EXE

The /F forces the deletion of read-only files and /A:H is for hidden files.

The only problem with this, however, is that the file will not always be hidden in every case and this command will produce an error if it is not.

Instead of wasting time determining if a particular file is hidden or not, I use the Attrib command before deleting.
Code: [ Select ]
Attrib -s -h -r C:\windows\system32\MWWRQOEBN.EXE
del C:\windows\system32\MWWRQOEBN.EXE
  1. Attrib -s -h -r C:\windows\system32\MWWRQOEBN.EXE
  2. del C:\windows\system32\MWWRQOEBN.EXE

This removes the system, hidden, and read only attributes. It will not produce an error if these attributes are already cleared. These two commands used in conjunction will work in every case.

For Windows 98/ME/XP Home users, taskkill isn't an option. However, there is another tool available:
PSkill

Just extract pskill.exe to your windows, system, system32, or any directory in your command path.

This is a command line utility similar to taskkill:
Code: [ Select ]
pskill MWWRQOEBN.EXE


That being said, there are many different ways to accomplish the same thing. I use the above methods. Use whatever methods that work and that you are comfortable with. MOC, in another thread, provided a link for Emergency Utilities:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

It's a small program that will create a copy of Taskman, Regedit, MSconfig in a directory C:\EmergencyUtils. They are named copy_of_taskman.exe, etc, so the problem program won't know to prevent them from running. Very useful if you want to use these programs.

Also, hijack this has it's own process manager which can be used to terminate processes. Config > Misc. Tools.

Once you know your system is clean, add all the items listed by Hijack-This to the ignore list. Check all the items and click 'Add checked to Ingore list'. This will make future diagnoses less cumbersome.

The ignore list can be edited by going to Config > Ignorelist.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2855

Post 3+ Months Ago

Jim wrote:
There was someone in another thread using XP and didn't have access to taskkill. It seemed to be missing but he was able to use pskill instead. I'm still curious what happened to it

It seems that taskkill.exe is included in WinXP Pro but not in some installations of WinXp Home Edition. (I don't have it in my home computer)

Or its possible that the directory may not be in the path of the system, so you may need to specify the full path: c:\windows\system32\taskkill.exe
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Nice job on this! If I have anything to add I will continue to edit this post.

SHOW IT ALL! Be sure that Windows is set to show hidden files and folders (in Windows Explorer, at Tools | Folder Options | View). In all Windows versions, reboot to Safe Mode. Then rerun the ?screening and cleaning? programs.

If you have Windows 98, run the System File Checker every now and then, to make sure that you do not have critical system files missing or damaged. (Click Start, click Run, type SFC, click OK.) In SFC, click on Settings, then Search Criteria, and restructure the folders listed so that the entire Windows folder and all of its subfolders, and the entire Program Files folder and all of its subfolders are included. Sometimes Win98?s SFC will give you confusing information on file overwrites; you just have to use your best judgment and common sense in sorting
through its messages.
SFC also exists in Windows XP, but it is a very different program. you have to have the windows XP disk installed during this error checker. And have to be logged on as the Administrator
If the cache folder becomes damaged or unusable, you can use the sfc /scannow to repair its contents.
SystemFIleChecker : Scans all protected system files immediately and replaces incorrect versions with correct Microsoft versions. This command may require access to the Windows installation source files.

Links for SpyWare Removal Tools:
Every removal tool under the Sun ,
Specific Trojan,and Backdoor,worms
http://www.majorgeeks.com/downloads31.html

As you can see we like MajorGeeks.lol they get the software we want !
l
All Free,and All have weekly updates:
AntiVir Personal Edition 6.27.00.03
Avast! Home Edition 4.1.412
AVG Free Edition 6.0 Build 754
http://www.majorgeeks.com/downloads29.html

This is the ermergency utility's download ,
that gives you an extra (Msconfig, Regedit, TaskManager)
http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

This Is a tool to repair your TaskBar (every problem)
http://www.kellys-korner-xp.com/taskbarplus!.htm

And just a great list of auto Reg entrys,and VB scripts
for repair purposes,after you have had your bout with
SpYWare !
http://www.kellys-korner-xp.com/xp_tweaks.htm

AIM FIX:
For all those that use AIM ,this is a tool that goes after
known AIM viruses in one consolidated removal tool. It is designed to end the virus processes, delete the files, and remove registry keys created by the virus.
http://www.majorgeeks.com/download4348.html


FirePanel XP 1.0.1710
For your exsisting Windows Firewall,
FirePanel XP is a tool that will configure & monitor your Windows Firewall activity, and keep tabs on what exactly you're being exposed to, in real-time.
http://www.majorgeeks.com/download4333.html

Here's a real good one (saved me alot of time)
Automatic Winsock Fix Utility (I have used it on every Micro OS)
Alot of times Virus's ,trojans,worms ,and the removal of
software ,and installing software can wrek havoc on your TCP/IP
your internet connection .This will restore all the regeistry back to
origainal config.

http://www.tacktech.com/display.cfm?ttid=257

Ad-Aware SE Tweak SE : This is new ,it's a plugin .
allows you to alter and "tweak" settings as well as make GUI alterations available to the user.

http://www.majorgeeks.com/download4351.html

This is a nice little tool to view all of your running processes
you get to see much more than what the Task Manager could show
and you get to find things while viewing it ? that you have no idea
were they came from .lol But thats the whole point ...to be able to see.

http://www.kellys-korner-xp.com/regs_edits/PrcView.zip
**********************************************************
This is ScumWare : I will keep this updated this is dated 09/20/04
this is software that is not what it says it is ,and this is the most recent list.

Instead of removing spyware, they install it. Some will even attack whatever genuine protection your computer may already have, leaving it wide open to hackers, viruses, spyware and every other kind of malware imaginable.

Worse, trying to remove the scumware in the usual way can often result in even more spyware being installed, so if you have installed anything on this list, please get some advice before trying to remove it.


AdDestroyer
AdProtector
Adware Agent
AdwareHunter
ADS Adware Remover
AdWare Remover Gold
AdwareSpy
AdwareX
AdwareX Eliminator
Anonymizer Spyware Killer
AntiSpy & PopStopper
BPS Spyware Remover
BPS Spyware & Adware Remover
Computer Shield
Drive Cleaner
eAcceleration
Easy Spyware Killer
Eblocs
Hacker Smacker
Internet AntiSpy
JC Spyware Remover & Adware Killer
Kazaa Platinum
Kazanon
Lop Uninstaller
MailWiper
MaxNetShield
MP3U
NetSpyProtector
NoAdware
NoSpyX
Online PC-Fix
PAL Spyware Remover
pcOrion
PC ToolWorks 2003
Popup Guard
Privacy Defender
PurityScan
PuritySweep
Real AdWareRemoverGold
ScanSpyware
SpyAssasin
SpyAssault
SpyBan
SpyBlast
SpyBlocs
SpyBouncer
SpyBurn
SpyClean
SpyCleaner
SpyDeleter
SpyDoctor
SpyEliminator
SpyFerret
Spy Gone
Spy Guardian Pro
SpyHunter
Spyinator
SpyKiller
SpyKiller 2004
SpyKillerPro
SpyMagic
Spyware & Pop-Up Utility
Spyware Annihilator
SpywareAssasin
SpywareBeGone
SpywareCleaner
Spyware Cleaner & Pop-Up Blocker
Spyware C.O.P.
SpywareCrusher
SpywareKilla
SpyWare Killer
SpywareNuker
SpywareRemover
Spyware Stormer
SpywareThis
SpywareZapper
SpyWiper
S Scanner
Stop-Sign
System Detective
The Shield
The Shield 2004
The Web Shield
TZ Spyware Adware Remover
VBouncer
Veloz
Virtual Bouncer
Virus Guard
Windows Antivirus 2004
XoftSpy
xp-AntiSpy
Xupiter Uninstaller
ZeroSpyware

**********************************************************
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Concerning Hijack This logs, a dead give away is the same items in the HKLM and HKCU Run, RunOnce and RunServices sections. No legitimate program is going to set itself for startup in all of these areas.. Example:

Code: [ Select ]
O4 - HKLM\..\Run: [SDKCprords] SDKc55rezzz.exe
O4 - HKCU\..\Run: [SDKCprords] SDKc55rezzz.exe
O4 - HKLM\..\RunServices: [SDKCprords] SDKc55rezzz.exe

O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
O4 - HKLM\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
O4 - HKCU\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
  1. O4 - HKLM\..\Run: [SDKCprords] SDKc55rezzz.exe
  2. O4 - HKCU\..\Run: [SDKCprords] SDKc55rezzz.exe
  3. O4 - HKLM\..\RunServices: [SDKCprords] SDKc55rezzz.exe
  4. O4 - HKLM\..\Run: [sdkupdate22] SDK0mCORE.exe
  5. O4 - HKCU\..\Run: [sdkupdate22] SDK0mCORE.exe
  6. O4 - HKLM\..\RunServices: [sdkupdate22] SDK0mCORE.exe
  7. O4 - HKLM\..\RunOnce: [sdkupdate22] SDK0mCORE.exe
  8. O4 - HKCU\..\RunOnce: [sdkupdate22] SDK0mCORE.exe


These items are all from the same log.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2855

Post 3+ Months Ago

This information is quoted from TonyKlein in cexx.org discussion boards, I think is useful for every one who wants to know how he/she got infected.

______________

So how did I get infected in the first place?

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed.
It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster

It will protect you from all spy/malware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer)
Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer.
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

There's a board at Wilderssecurity as well.

Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way.
It can't hurt to use both.

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

https://netfiles.uiuc.edu/ehowes/www/resource.htm

Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is http://www.wilders.org/


Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
______________
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

A good training program for HJT is available here:
http://forums.spywareinfo.com/index.php?showtopic=34

You need to register as a user first and then respond to the above thread. A hidden forum named "Boot Camp" will be made available to you. There are many resources available as well as practice logs, tutorials and tools.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Hey -- nice find. I'll have to play around in there over the weekend.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Steps to Take Before Posting your Hijack This Log

If you are not using the latest version of Hijack This, Version 1.98.2, please download it from:
  • http://tomcoyote.com/hjt/
  • http://www.majorgeeks.com/download3155.html

Do not run Hijack This from a temporary folder. HJT makes backups for items that are fixed. Any backups saved in a temporary folder run the risk of being deleted. Backups are important in case a previous fix needs to be restored. It's best to make a permanent folder: C:\HJT this for example. Any place other than a temporary folder is fine.


If you have your own anti-virus program, please update it and do a complete scan.


Use Trend Micro's Online scanner
http://housecall.trendmicro.com/houseca ... t_corp.asp
Housecall often finds things that popular AV programs miss.

Select your location and click go. If you have never used Trend Micro's online scanner before, you will have to install their active X component. After that is finished installing, the update engine and pattern file will begin downloading. If you are on a dialup connection, this will take several minutes but it's well worth the wait.

To use Housecall, you need one of the following browsers:
Microsoft Internet Explorer (version 4.0 or above)
Netscape Navigator (version 3.01 or above)

Check 'Auto Clean' and 'My computer' and click 'Scan'.


Download these two programs
  • Spybot Search and Destroy
  • AdAware
Install and update both. Reboot into Safe Mode and use one then reboot again into safe mode and run the other.

Here are instructions on how to use both programs:
  • Using Spybot - Search & Destroy
  • Using Ad-Aware SE

Go to add/Remove programs and check and see if you have any of the following programs. Remove them if present. These programs are known to be packaged with or are adware/spyware/malware:

  • Alexa Toolbar
  • Bargain Buddy
  • Bonzi Buddy
  • Comet Cursor
  • Date Manager
  • Download Accelerator Plus (Free version)
  • Hotbar
  • Huntbar
  • Kazaa
  • Memory Meter
  • My Search Bar
  • New.Net or NewDotNet
  • SearchSquire
  • SideFind or IS Technologies SideFind
  • Smiley Central
  • Weatherbug
  • WebHancer or WEBHANCER AGENT
  • WebSearch Toolbar
  • WildTangent
  • Winad
  • Windows SyncroAd or SyncroAd

If the folders for any of the above programs are still present, remove those as well. If you're not sure about a particular folder, ask about it in your post. More programs will be added in the future. Some programs on the list may not be removable via Add/Remove programs. Click on a specific entry for manual removal instructions or programs that will detect and remove these.

If you unsure about other programs on your computer, please search this database:
http://www.spywareguide.com/product_search.php

A partial search query generally works best: 'Bon' or 'Bud' will return Bonzi Buddy, for example. A full list can be viewed at this sight as well as different categories of adware/spyware/malware.


Finally, reboot normally. Run Hijack This, Scan and post the log. Make sure you post the complete log including the HJT version and Windows version information. Include a detailed description of the problems you are experiencing. When posting, use a descriptive topic title:

Hijack This Log - {Place Brief Description of the Problem Here}
(example: HijackThis Log - Windows constantly reboots)

If the particular problem that prompted you to post a log goes away after following the above steps, please post a fresh log anyway. Sometimes a problem will return after a reboot if it was not removed successfully. Once it has been determined your system is clean, additional follow-up steps will be given. It is important to follow any steps given to ensure a good 'fix'.

After posting your log, someone will analyze it as soon as possible and give you further instructions.

Please be patient. The analysis can sometimes take awhile. The time will depend on the amount of spyware/malware which is on your system. Hopefully the above steps will fix most, if not all, of the problems.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2855

Post 3+ Months Ago

Good one Jimmy, kudos ;)
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

I have just deleted my search and destroy. It couldnt rid me of all the spybots I want.

there is always a DSO exploit in my computer. what is it?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I think I know which one's you are talking about. I usually have two that always return. I've narrowed one down to TCP/IP settings and I think it has to do with the IE internet connection settings. The other appears to be related to Internet settings also, although I'm not sure what the DWORD does.. Regardless, it appears both DSO's are from MS and probably OK. I quit deleting them because they always return regardless.
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

Quote:
I think I know which one's you are talking about. I usually have two that always return. I've narrowed one down to TCP/IP settings and I think it has to do with the IE internet connection settings. The other appears to be related to Internet settings also, although I'm not sure what the DWORD does.. Regardless, it appears both DSO's are from MS and probably OK. I quit deleting them because they always return regardless.



yeap same here. I have 5 entries that keep coming back.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

The DSO exploit is always found because of a minor bug in Spybot S&D.

http://www.safer-networking.org/en/faq/36.html

It's really nothing to worry about.
  • madmonk
  • Mastermind
  • Mastermind
  • madmonk
  • Posts: 2115
  • Loc: australia

Post 3+ Months Ago

great link mate! guess it is time to patch my windows! :-)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Found another excellent resource this morning.

This very handy tool comes from Sysinfo.org:
http://sysinfo.org/bhoinfo.html

The BHOlist application is an online/offline tool that can be used for identifying spyware Browser Helper Objects and can be toggled to a Toolbar list for help in identifying Toolbar spyware / adware

You can load the lists from the online servers, but the key is you can dump the lists to your hard drive for use when online access is unavailable. I also like that you can toggle between BHOlist view and Toolbarlist view. The biggest thing to me is that it is searchable which to date I have not found on any online counterpart.

The status key is at the bottom of the above page link. X = spyware, L = legit and O = "open for debate"

The executable download can be found on the page:
http://www.spywareinfo.com/~merijn/files/bholist.zip

There is also a companion proggie BHODemon:
http://www.spywareinfo.com/downloads/bhod/

Another very handy BHO tool.

Enjoy!
  • nadaness
  • Newbie
  • Newbie
  • nadaness
  • Posts: 12
  • Loc: tejas

Post 3+ Months Ago

one of my favorite scanners is Bazooka Adware and Spyware Scanner. The scan takes roughly two seconds and it then produces a list of spyware on your computer. It will not remove the files for you, but it will produce a log file that shows you what files/keys triggered the alert as well as provide you with a link to a page that details how to manualy remove the piece of spy ware found.

http://www.kephyr.com/spywarescanner/
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

ATNO/TW wrote:
Found another excellent resource this morning.

This very handy tool comes from Sysinfo.org:
http://sysinfo.org/bhoinfo.html
...
Enjoy!


That's a very handy utility. I've been referencing Tony Kline's BHO list on the web but this makes the chore much easier. Thanks! :)
  • DaremoAlpha
  • Beginner
  • Beginner
  • DaremoAlpha
  • Posts: 39
  • Loc: Calgary Canada

Post 3+ Months Ago

I have that DSO thing too and was going to start asking about it as well, plus my computer keeps trying to change homepages on IE, even though I don't use IE it still bugs hell outta me with Spybot.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

CWShredder Returns To The Web

Quote:
CWShredder is back. Merijn has sold the source code and rights to CWShredder to Intermute. They have published an updated version at cwshredder.net. CWShredder still is a free download and now is being updated once again on a continuing basis to deal with new variants of the CWS hijacker.

Full Story

Download Page
  • radio
  • Born
  • Born
  • radio
  • Posts: 1

Post 3+ Months Ago

1st, thanks for the links back to my site :)
I was just checking the referrer logs and saw quite a few hits from ozzu.com (almost 1000 for October)

2nd, there's a patch available for the Spybot DSO bug.
http://www.majorgeeks.com/download4392.html
**version 1.3 final must be installed prior to using the patch**
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

*smiles -- thanks for the patch link radio and welcome to OZZU.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

radio wrote:
1st, thanks for the links back to my site :)
I was just checking the referrer logs and saw quite a few hits from ozzu.com (almost 1000 for October)

2nd, there's a patch available for the Spybot DSO bug.
http://www.majorgeeks.com/download4392.html
**version 1.3 final must be installed prior to using the patch**


Yes, welcome to ozzu. :)

I've seen that patch but it was removed from safer-networking.org:
http://www.safer-networking.org/files/spybotsd131tx.exe

That gave me the impression that it may not be ready for release. I searched safer-networking.org for info and couldn't find anything about the patch. Not sure what to think about it. *shrug*
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I just discovered on online Hijack This analysis tool. You can paste a copy of your HJT log into a text box or upload it and receive a detailed analysis.

http://hijackthis.de/en
  • Funny_Fuzz
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 1517

Post 3+ Months Ago

JrzyCrim wrote:
  • Alexa Toolbar
  • Bargain Buddy
  • Bonzi Buddy
  • Comet Cursor
  • Date Manager
  • Download Accelerator Plus (Free version)
  • Hotbar
  • Huntbar
  • Kazaa
  • Memory Meter
  • My Search Bar
  • New.Net or NewDotNet
  • SearchSquire
  • SideFind or IS Technologies SideFind
  • Smiley Central
  • Weatherbug
  • WebHancer or WEBHANCER AGENT
  • WebSearch Toolbar
  • WildTangent
  • Winad
  • Windows SyncroAd or SyncroAd


Oh my gosh! I never realised how many I had! I have half of those! *Gasp* :eek2:
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

Is Download Accelerator Plus an adware? I thought it brings up ads which are related only to the program window. And that also can be stopped by some tips I found here
http://tweakxp.com/article37278.aspx
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2855

Post 3+ Months Ago

Take a look a this pages pramitroy.

http://www.infopackets.com/freenewsarti ... pyware.htm
http://www.safer-networking.org/en/arti ... agers.html
http://research.sunbelt-software.com/th ... eatid=4615
  • pramitroy
  • Guru
  • Guru
  • pramitroy
  • Posts: 1284

Post 3+ Months Ago

To speak about performance I can see that DAP is nowhere criticized. But now I am more assured that it contains adware or is adware.
Well, I uninstalled it long ago reading this list by Jim
http://www.ozzu.com/sutra152935.html#152935
But now I can find no free download manager to choose. :(
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2855

Post 3+ Months Ago

hehe, yeah I know, I felt the same about DAP. I used it a long time too.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 66 posts
  • Users browsing this forum: No registered users and 80 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.