Back to square 1

[craigathus]

Hi guys

I'm almost at my wit's end.

I'm not sure if I should post this topic here...but here goes.

After having some problems with smitfraud-c and getting much needed and appreciated help from (askey127), my machine seemed fine for a day or two.

Since the Smitfraud-c problems, I've been extra careful about where I visit on the net, however now I'm getting new problems (spy & adware) that keep changing settings in (SpywareBlaster) to do with Internet Explorer protection.

And something keeps trying to stuff up (modify) my Hosts files.

My PC came with a (OEM Recovery Disk) If I use it will my machine be like new again? without any nasties causing me pain?

I realize that I'll need to save pictures etc to a CD or DVD.

[YoKenny]

After having some problems with smitfraud-c and getting much needed and appreciated help from (askey127), my machine seemed fine for a day or two.

Smitfraud infections mutate faster than New York Cockroaches breed and unless you have ALL Microsoft Updates applied to your operating system then it will be infected faster than a New York minute.

 

My PC came with a (OEM Recovery Disk) If I use it will my machine be like new again? without any nasties causing me pain?

Yes but physically disconnect the system from the Internet connection you have then insure you FORMAT the hard drive after you have saved your favorite pictures to CD or other large capacity storage.

 

This way the system won't be infected quickly as there are nasties out on the Internet that can infect a system in a matter of minutes.

 

You can order a Windows Service Pack 2 CD from Microsoft which I did that enables you to install SP2 much faster.

http://www.microsoft.com/windowsxp/downloa...us/default.mspx

 

It took about 5 days to arrive for me.

 

By the way, I installed Windows Defender and WinPatrol that monitor modifications to the HOSTS file and you can accept or deny the modifications with either one of them.

[CTskifreak]

As much as it sucks to uninstall an OS, then reinstall it, having a clean system from the beginning allows you to reinstall the things you want to, with none of the left behind crap from older stuff.

 

If you want a very thorough clean, use Active@ KillDisk. It might be a little over the top, but nothing will be left.

 

AJ

[Andavari]

Time for a new HijackThis log I'd say!

[craigathus]

Time for a new HijackThis log I'd say!

Hi Andavari.

I thought about doing that, but I'm starting to feel like a dog chasing it's tail.

I have been doing some home work, and six items in the block list in (SpywareBlaster) to do with Internet Explorer protection keep being mysteriously unchecked.

 

5 of these items are.

BFast.............................Cookie

Commission Junction..........Cookie

Commission Junction (4).....Cookie

FastClick.........................Cookie

FastClick (2)....................Cookie

The last item I forgot the make a note of , the phone rang and...

 

And (Norton AV 2007) keeps finding and removing these.

Security.URLRedir..............Security Risk

Adware.SystemProcess.......Adware

 

Do you think I should Post a HJT Log before following the spyware removal guide?

AVG Anti-Spyware & SUPERAntiSpyware both come up clean.

 

I Almost forgot! I have WinPatrol and when Norton is removing those two items I mentioned above, WinPatrol warns me that my Hosts file has been changed! and do I Accept or Deny the change?

I chose Deny, however am I denying the changes that Norton may be making during it's removal of (Security.URLRedir & Adware.SystemProcess)?

[Andavari]

Those cookies are mainly to advertising websites.

 

I'd suggest first updating all your anti-malware software, then running some full system scans in Safe Mode with both your anti-virus and anti-spyware. Probably best to run the scans when you won't be using your system because they'll most likely take a long time to complete.

 

Edit:

One way to find out if your HOSTS file is actually being changed is to download some free/GPL MD5 checksum software like SummerProperties, then save into a text document what the HOSTS file MD5 checksum is and compare it to when your anti-malware states it has changed. Note that some anti-malware will see some entries in a safe HOSTS file as malicious, such is the case with Spybot-S&D and even the new Adware 2007.

 

To view the MD5 checksum with SummerProperties you just right click a file, select Properties, and then select the tab named Checksums.

[craigathus]

Thanks for the advice Andavari

I just finished running (BitDefender Online Virus Scan), and it found nothing, I forgot to save a copy of the scan

Updating all "Anti-Malware Software" I always check for updates as soon as I connect to the Internet , and Windows "Automatic-Updates" keeps Windows up to date.

Now as for running (Anti-Virus & Anti-Spyware) in Safe Mode? I've got no idea how to do that

[Andavari]

Now as for running (Anti-Virus & Anti-Spyware) in Safe Mode? I've got no idea how to do that

You reboot into safe mode, here's a Microsoft article on how to do that with Windows XP. Then you just run your anti-malware scans.

[craigathus]

You reboot into safe mode, here's a Microsoft article on how to do that with Windows XP. Then you just run your anti-malware scans.

 

Thanks Andavari

I'll do all that tomorrow after work.