Jump to content

Tarun

Experienced Members
 View Profile  See their activity

  • Posts

    2,122

  • Joined

  • Last visited

 Content Type 

Posts posted by Tarun

    Remove NAV Auto-Protect on boot

    in Software

    Posted

    He also said,

    I am working on a Windows 98 PC that had Norton AV 2001 installed.

    Had being past tense. :) Also, in his original post; everything he refers to is about Norton Anti-Virus which had been installed on the Windows 98 machine, but has since been uninstalled.

     

    Unfortunately with the Norton/Symantec products, they leave behind many traces of the application(s) that were once installed. From what he has described, that would appear to be the case here. Using SymNRT would effectively remove all of the leftover traces of any Norton/Symantec product.

    ok... what did it remove?

    in CCleaner

    Posted

    I noticed that Windows Explorer\File Manager no longer retained its settings on any of the systems I've used it upon.

    Can you please elaborate as to what you mean by this? Such information as what settings (exact is more helpful).

    Dial-up Options

    in Hardware

    Posted

    Short answer: Not really.

     

    Reason is because it could be the Microsoft services mentioned above, it could also be the software that is starting with the pc. You mentioned Tony's name so you must have posted a HijackThis log. I'll scan over it for any applications that want to connect to the Internet. :)

     

    Okay, checked it.

     

    Possible suspects:

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

     

    The first two are Symantec Internet "Security".

    UpdateManager is for Sonic CD/DVD burning software.

    SunJavaUpdateSched is for Sun Java to check for updates.

     

    Arovax and Windows Defender I also suspect as checking for updates.

     

    You can stop Sun Java through the Control Panel. Also, you can probably disable Sonic checking for updates through the application itself.

    Dial-up Options

    in Hardware

    Posted

    in msconfig, theres also a services tab.

    it might be in here, just be careful of what you disable!

     

    No no no. You do not ever alter a service through the MSConfig utility. Never. Ever. If you need to alter a service, you need to go through the services.msc. The reason is because with MSConfig and Hardware Profiles, you can disable services that may be vital to boot your computer. With the management console (services.msc) you cannot. Also, when you uncheck a service in the Services tab, it disables the service; though as I said above, it also risks disabling a service that could very well be vital to the computer.

     

    The "Disable All" button also worries me. It should not even be there as no reason exists to justify disabling "everything." Even if you choose to hide all the Microsoft services, it still shouldn't really be there because an inexperienced user may listen to another inexperienced user and end up disabling everything.

     

    --------------------

     

    Canary, it sounds to me like you have two applications that are wanting to connect to the Internet. It could be anything from Windows Automatic Updates, the Windows Time Server, or even other applications that you have installed that automatically check for updates.

    Splitting Threads

    in The Lounge

    Posted

    it'd also be nice to be able to rename the thread to help searching too, or if someone just does a typo.

    mr. g block that feature?

     

    Almost every bit of this forum runs on the defaults for an IPB install. That's why so many things are not enabled that many others already have enabled.

    Opera Ad Blocker

    in Software

    Posted

    For the sake of my sanity, i'm going to join in this s***ty conversation

    what gave you the idea that it keeps trying to reconnect to localhost? if a URL is redirected to localhost, it will try to go there once and then stop loading. because of the fact that our home computers do not have an HTTP server running, there is nothing on Port 80 which is what it tries to connect to. when there is nothing to connect to, it stops.

    I've run tests on my VPC along with a firewall to alert me to every single connection attempt made. That included to the web and to localhost. Even a page with one ad, it would sometimes attempt to connect more than once.

     

    Same thing with websites. if you type in, let's say my IP address in the website bar, your computer will try to establish a connection on port 80 with my computer. But, if there is nothing running on Port 80, then the program will stop trying to establish a connection and display a warning after 1 or 2 seconds.

    so if we have a specially made HOSTS file that can block the malware from getting to our computers, then how will the malware modify our HOSTS file? In my opinion, the HOSTS file is perfect for blocking ads, malware, and malicious sites because of the fact that it stops them BEFORE they can even get to our computers. It also works with every program on the computer so there's no point in getting expensive or resource hungy programs to do the job when we have 1 simple thing in the palm of our hands. And also if you're so worried about the HOSTS file, then get Spybot or SpywareBlaster. they supposedly have HOSTS file protection of some kind :mellow:.

    As stated in my previous post, malware can still alter and even replace your HOSTS file. Malware is an executable file, just like everything else you use. It sends a command line parameter to change the state of the HOSTS file from a read-only state to writable. After that it replaces it with whatever it wants. All it does is send the ATTRIB command along with -R. See this link on DOS Command: ATTRIB for more information.

     

    That's not very secure if it's that simple to disable the read-only attribute, is it?

     

    For stopping malware the best thing to use are SpywareBlaster for Firefox and IE. If you need more protection, use IE-SpyAd.

     

    For Ad-Blocking in IE you can also block ads with IE-SpyAd. This is a great utility to use, because it will block BOTH malware links AND advertisements in the IE browser! Now, do you need IE-SpyAd? Well, if you use IE and have valid concerns about malware, it would be a good idea. If you never use IE at all, or only use it for Windows Updates, then you probably won't need it. The choice is yours. Best of all, it's based off of the registry by adding domains and IP addresses to the Restricted Domains list. All of this is stored in the registry, so you won't have to worry about it slowing your connection or having any impact on your computer's performance. Awesome huh? :P

     

    It doesn't stop there! The maker of IE-SpyAd also has a way to block ads with Agnitum Outpost Professional Firewall. It's called AGNIS. AGNIS for Outpost is a ported version (Ported in this case, is that it was for other software and then carried over for another) of AGNIS for AtGuard and Norton Internet Security (and also Norton Personal Firewall). This list will integrate into your Outpost Pro firewall to help block ads of all kinds, including Flash, Javascript, even certain image sizes. You can replace them with the text [ad] or a 1x1 pixel transparent gif image.

     

    For Ad-Blocking in Firefox, you can use AdBlock Plus with FilterSet.G. Now, some of you are probably asking what's so great about AdBlock Plus and FilterSet.G. Well, let's look at the Google text ads, shall we? If you have the AdBlock Plus extension enabled, it actually comments out the Google text ads.

     

    <!-- GOOGLE BANNER -->
<script type='text/javascript'>

<!--

google_ad_client = "pub-2666250944335766";
google_ad_type = "text_image";
google_ad_channel ="3469252430";
google_alternate_ad_url = "www.example.com/advert/chitika_forums.htm";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = '728x90_as';
google_color_border = '2666B8';
google_color_bg = 'FFFFFF';
google_color_link = "000099";
google_color_url = '008000';
google_color_text = '000000';

//-->

</script>
<script type='text/javascript'
 src='http://pagead2.googlesyndication.com/pagead/show_ads.js'>
</script>
<!-- GOOGLE BANNER -->
</div>

     

    Did you notice these codes above: <!-- and //--> ? Those are HTML comment tags. What those do is hide any text that is between them. That's right, it's just like programming (because HTML is just another programming language after all!)

     

    So, how did it get there? Well, as a page loads, AdBlock Plus checks through a huge list that it has downloaded and enabled, thanks to FilterSet.G. It looks for keywords in URLs and other places within the generated page source code for any webpage. When it finds a match it comments it out. So when your page loads, you get to see the webpage without any nasty ads or bloat. Plus pages will load faster (and some quieter!). What's even cooler about AdBlock Plus is you can set it to automatically disable on certain webpages of your choice. :D

     

    I hope you've found this informative, John. :)

     

    To avoid that, I run a little app called eDexter. It substitutes a local image (the default is a 1 pixel, 43 byte gif) for blocked/redirected sites. I use it to avoid the "The page cannot be displayed" messages but, theoretically, it also speeds things up to load a very small local file rather than download larger files over the internet.

     

    My firewall does the same thing Glenn. Outpost Pro will find keywords and even key image sizes. It works wonders and does it so much faster and more efficiently than ZoneAlarm Pro attempted to do. When I was working on dialup years ago and made the switch to Outpost Pro, the pages were loading so much faster it was truly amazing. Over a 75% increase in pageload times.

    • Reference links:
      -
    IE SpyAd
    - AGNIS for Agnitum Outpost Professional Firewall
    - AdBlock Plus for Firefox Official website
    - AdBlock Plus for Firefox on Firefox Add-Ons
    - Filterset.G Updater for Firefox Official website
    - Filterset.G Updater for Firefox on Firefox Add-Ons

    Opera Ad Blocker

    in Software

    Posted

    I guess for some of you, it really is that hard to comprehend what Microsoft said about HOSTS files. That's pretty sad that you wouldn't investigate it at the very source. The place where the people who MADE this stuff would KNOW about it for certain.

     

    Now, here's the really funny part. I cite Microsoft KBs as my sources. Obviously they know how the HOSTS file works best. Everyone else cites unofficial websites that are merely speculating how the HOSTS files work. They tell you a load of crap because they want you to use their HOSTS file to block ads and other stuff that really does not need to be blocked. Steve Gibson of GRC doesn't understand this at all. This is why he too is laughed at by so many from the tech support world. If they knew how to use them properly, you would not see them being used for ad-blocking.

     

    Many of you also continue to talk about URLs. Well, what do you think typing www.google.com does? It contacts a DNS server to get an IP address. That's just like you looking up a store in the phone book to get the phone number. URL's are just a user-friendly name that redirects you to the Google website's IP address. The Internet operates via "dynamic" naming, where a human friendly name (www.google.com) is actually an alias for the real address, which is numeric. Pretty easy, isn't it? :)

     

    As andavari already stated hosts files like the MVPS Hosts don't block IP addresses they block URL's.

     

    No, that's incorrect. A HOSTS file doesn't block URLs. It redirects them to a specified IP address.

     

    Example. Google's IP address is 64.233.161.104. In your HOSTS file, if you want to be redirected to Google by typing in say pwned.com. So in your HOSTS file you would have the following:

    64.233.161.104 pwned.com

    Now, when you type pwned.com you are redirected to Google's website. That is what a HOSTS file is for, and that is what it is meant to do.

     

    If you block ads by making them redirect to localhost (that is the IP of 127.0.0.1 which is in the HOSTS file as a redirect also), they will continue to try and connect to your localhost, instead of simply being stopped from loading. They will try to load roughly three times or more before they finally give up. Is this really that hard to understand?

     

    HOSTS files are also not meant to block malware. Using a special HOSTS file to block ads or malware is false security and a waste. Malware can very easily modify your HOSTS file, even if you set it to read only. Frequently malware can edit your HOSTS file to redirect your browser to other unwanted websites. The CoolWebSearch hijackers are masters of altering your read-only HOSTS file. It even says so on Merijns website (see below). Malware can also redirect Windows to use a HOSTS File that has nothing to do with the one you keep updating.

     

     

    At the top of Merjin's website on the frontpage.

    Can't reach this page from a CWS infected computer? Try using http://216.180.233.162/~merijn/index.html.

     

    Also, under his download page.

    Did you get here from Cool-search.net, Linklist.cc, Drxcount.biz, Real-yellow-page.com, List2004.com?

    If you got directed here from Cool-search or another Coolwebsearch domain, please understand that I did not create Coolwebsearch or put it onto your browser . The information you have is FALSE.

     

    I provide a free service here to help people remove a trojan from their system, and naturally the people who created the trojan don't like that and try to discredit me. Don't believe everything you read.

     

    If you still don't trust me enough to allow me to help you, take your matters elsewhere and try other antispyware tools.

     

    Unable to download?

    If you are unable to download any of the files here and are redirected to a porn page, search page or just denied access to the file, try these alternate links that should always work:

     

    HijackThis direct download: http://216.180.233.162/~merijn/files/HijackThis.exe

     

    The redirection is probably because of a Coolwebsearch variant (CWS.Aff.Tooncomics or CWS.Dreplace) that intercepts your download to prevent downloading my programs.

    How did it intercept the download? The HOSTS file that it alters. HOSTS files are not meant to be used for ad blocking or added security, because they can very easily be overwritten; even if set to read-only.

     

    To further your education, you can read the following:

    Microsoft TCP/IP Host Name Resolution Order - A very good read that teaches you how the HOSTS file truly works and is meant to function.

    The History of DNS

    Differences Between the HOSTS and LMHOSTS Files in Windows NT

     

    If you have any further questions, feel free to ask.

    Microsoft Paint?

    in CCleaner Bug Reporting

    Posted

    It would depend on what programs you ran. There are some that will help uninstall things like Paint, Windows Messenger and more. There are programs like xp-AntiSpy and many others.

     

    Do you know what programs you used that may have caused this, or roughly what programs you ran when you encountered this issue?

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept