Helpfull fix's for Spyware and Hijackers:

To get started, let's run both of these online scans and move on to the next step;

I think this new Spyware scanner should be the first to run on-line or off:
http://www.trendmicro.com/spyware-scan/

Let's run this root kit scanner removal tool. It will be FREE until October 1, 2005.

http://www.f-secure.com/blacklight/

Just download to any where and run it!!

Trend Micro's Housecall Online Virus Scan
( http://housecall.antivirus.com/ )

Panda Software's ActiveScan Online Virus Scan
( http://www.pandasoftware.com/activescan/ )

There are many ways for someone to hijack your browser. The hijacker could be a .dll file an .exe file a .reg file or a combination of any of these. One might find it in the root C:/ directory or C:/Windows or C:/Windows/system or just about any other directory. There is no constant, everything is variable, the only certain thing is that it is getting through a security loophole on your computer, be it security settings or a lack of patches and updates.

1) First thing to do....click tools...Windows update..... and download all critical updates and reboot. Let's start with Ad-ware SE from:
http://majorgeeks.com/download.php?det=506

2) Second is to download and install Spywareblaster. http://www.javacoolsoftware.com/spywareblaster.html

3) Third download and install Spywareguard. http://www.javacoolsoftware.com/sgdownload.html

These programs take up very little resources and run un-noticed in the background.

4) Fourth download and install Spybot Search and Destroy. http://security.kolla.de/

Always check for updates before running. Click the immunize button..... and while you're there (at this page) you can lock your homepage if you want to. As with an anti-virus program - check for updates at least once a week, with all the above programs.

5) Fifth download Regprot. http://www.diamondcs.com.au/index.php?page=regprot

It's so easy to use, you forget it's there. Once installed it just runs in the background. You'll forget all about it, until a dialer, hijacker, trojan etc, gets through your defences and tries to put a run key etc, in your registry - up pops a box asking if you want to allow the new key. Obviously you say no (make a note of the name and location of the file which is trying to run so that you can delete it) but now you've been alerted to something trying to sneak in behind your back and you can deal with it. If you install new software or some updates from Microsoft and the box pops up - you will ACCEPT the keys.

None of this can guarantee 100% that you won't be hijacked - but it will certainly go a long way.

6) Make sure you have a firewall.
These are popular firewalls:
Kerio Personal Firewall FREE http://www.kerio.com/kpf_download.html
Tiny Personal Firewall
Sygate Personal Firewall PRO
Sygate Personal Firewall FREE http://smb.sygate.com/buy/download_buy.htm
McAfee Personal Firewall
Black Ice Defender
Zone Alarm Pro
Zone Alarm Firewall FREE http://www.zonelabs.com/store/content/home.jsp

Compare them before you decide: http://www.agnitum.com/php_scripts/compare2.php

7) Get you a anti-virus software.
Download free AVG anti virus software. http://www.grisoft.com

8) Download Hijackthis at
http://aumha.org/downloads/hijackthis.zip

Unzip, doubleclick HijackThis.exe, and hit "Scan". After the scan has finished the "scan" button will turn into a "save log" button. Save the log file and post it here.

I found this great web site for help with hijack log:

Hijackthis analyse:

Acsell has written the following tutorial to show you how to analyse your own hijackThis log..........

http://hometown.aol.co.uk/jrmc137/hjttutor...al/tutorial.htm

Shore-up your IE security settings:

the "default" settings are not enough to properly protect your machine. In other cases, the new rash of Trojans will actually lower your security settings for the "Internet Zone", thus bypassing any security you thought you had.

To reset your machine to the Default Level:

Close all instances of Internet Explorer and Outlook Express Control Panel | Internet Options | Click on the "Security" tab Highlight the "Internet" icon, click "Default Level"
you really need to setup the "Internet  and Restricted Zones" with a custom level.
Next: Click on the "Content" tab, Click the "Publishers" button
Highlight and click "Remove" any unknowns, click Ok
Click on the "Advanced" tab
Uncheck: "Install on demand (other)", click Apply/ Ok..................

To test your setup after making the above changes go to:

http://bcheck.scanit.be/bcheck/


That's about it for now!!!!

I just downloaded RegProt and got this...not sure what to do with it. Looks suspicious but so do a lot of other registry files! Should I keep?

An important entry has been ADDED to the registry!
HKEY=HKEY_CLASSES-ROOT
PATH=vbsfile\shell\open\command
NAME=
DATA=%SystemRoot%\System32\WScript.exe "%1"%*

WScript.exe of itself is a standard windows file, and poses no threat. More on it HERE.

Thanks Lynnville...I suppose when I se those %...\% type signs, my mind for some reason automatically thinks-"bad stuff". Are you a bluegrass fan? I myself enjoy it...especially the old ones from Ralph and Carter Stanley and some of Monroe's songs. More currently, the Isaacs are a favorite as well.

Thanks for that link, by the way.

Hello Moon,

I was reading the thread and am okay with all the other stuff as I run them every other day

QUOTE

Fifth download Regprot

I followed your instructions for this program. It unzipped and downloaded correctly it ran and came up with two thing referring to my AV program.

However, just for laghs, I pushed Control>Alt>Delete. Regprot was not running. Any hints?

Thanks from Francis ravaged Florida,

Chris

under processes, you don't see regprot.exe running??

No sir.

Chris

I'm new & not sure if I'm in the right spot here but I am running Norton anti-virus. I keep geeting a report of randreco.exe trying to access the internet. Norton blocks it. However no matter how many times I click to block it, it keeps coming back. Is it save to just delete the file form windows or is the file necessary?

sorry for the spelling errors. getting is wrong as is save should be safe & form should be from

The bad news is that randreco.exe is spyware/malware. The good news is that it (and related files) can be found and repaired by using the FREE Spybot Search & Destroy program mentioned at the top of this forum.

Glad you have an interest in bluegrass, Elijah. I wish more people did. I've been pickin' banjo for around 55 years. I pick with anyone in the area I can get together with that wants to 'jam'. I played with Joe Isaacs recently at Red Lick (on Hwy. 421 SE of Berea, KY).

Hello, I have a question. I ran the spyware scan programs which seem to detect numerous spyware items. Then I ran windows search, including "hidden" files. Why doesn't the spyware or adware show up? I hesitate to spend money on removal of programs when I should be able to delete them myself, only that didn't work. why? I am free of viruses according to McAffee And Symantec. I managed to delete the "extra" bars for search engines, and guess what...the "helping you faster pop-up still pops up, only empty of ads. weird? Would running RESTORE set back to day I bought computer get rid of them? Thanks, BigLiz

I would say let Spybot do it for you, Liz. It's very reliable.

D.

Regprot usually works fine, I had it off for the install of SP2 and was surprised it still gave me the Registry key alerts. Had to answer Yes (quickly) a lot during the install of SP2.

I'm keeping it, however I note there is no uninstall feature. Moon, can you provide the info to uninstall in case that is ever necessary. I know how to use Regedit and backup reg.

Sp2 installed fine, no problem. I have e-machine S2482, about 1 year old.

Thanks,
jaker

I didn't see the best prevention method I know of.... stop using internet explorer

http://www.getfirefox.com

Found removal instructions in Google for Regprot. Simple enough!

http://www.wilderssecurity.com/showthread.php?t=51341

This thread gives more info on Regprot, maybe not the best choice.

jaker

Microsofts NEW anti spyware program MUST be checked out!!! Its still in BETA testing but this has to be one of the best and most comprehensive anti spyware products on the market. This is a 180 day evaluation copy. I know its Microsoft but they acually BOUGHT this program from GIANT software.

Download it here

http://www.microsoft.com/downloads/details...&displaylang=en

Trojan horse BackDoor.Small.28 got thru Zone Alarm, new MS beta, Spybot S & D, Adaware, Stinger and AVG (freeware). Jerkey cusor alerted me and only AVG and Reg Edit found it. Only AVG deleted it. So much for trusted sites and distrust of e-mail. Regards

As mentioned, nothing is 100% that you won't get some nasties from time to time - but stay after it. I also like RegistryProt !!!

Appreciate your feedback !!!

as a newbie to the internet could someone please tell me if i need all this stuff that was put on my pc
adaware
microsft anti spyware
registry mechanic 5.0
registry fix
ccleaner
cw shredder
avg 7 anti virus
it just seems a lot to put on a computer
running xp home sp2
firefox
dial up

Hi all newbies, welcome to SAF

dragonfire, if someone puts all this on your computer, I'll guess it was infected some time before

Better let them there, even if you don't use them, so if some day you been infected again by a malware/virus that blocks your internet connection, you have them on your disk. Just keeping them updated is a wise decision.

Personally, I am using AVG free + ZoneAlarm Spyware Blaster and Spyware Guard. Once a week, (or when I suspect something), I run AdAware SE and Spybot S&D.

Safe browsing habits are also important

btw colhutch, using Firefox instead of IE will not guarantee you are safe from infection, only from browser hijacking at this moment. I am saying this because it may confuse some people at a firs sight.

Chris

Thanks moon for this... as you can see, you have started a very interesting topic

g'day there,
This is my first post in here , am wondering whats this little icon comes up when I am reading a thread thats says knows what internet browser I am using etc ??

G'day kacee...welcome to SAF.

That's just a joke program. Only you can see the info it shows. It's not visible to others.

Download Ad Aware SE Personal for free on the internet. Great for Spyware removal.

This is my first post here....I am seriously thinking about getting into computer security as a service (that would be in the future). There are very many free sources of info on the net, some good, some.....
Anyway, please check out Browzar. It is a standalone browser that you can take anywhere on your memory stick. It is a single exe approx 264 kb in size, has no bells and whistles (which many of you may not like), but is very secure in it's simplicity (you don't need to have a browser installed on your computer). It does create some temps on your drive but deletes them when you quit surfing and close the app. I have firefox and ie as well, but I need to constantly compare to stay on top of things. Another thing people may want to consider is "hardening" windows. It does not really require expertise per - se, but they are simply automated files which can be run to tighten windows settings without adding extra software. This seems like a great forum, and hope I can learn and contribute. One last thing, all the free software is not created equal, and there is no substitute for simply taking the time to read all the good info on the net (white papers, forums like this and yes, believe it or not ...Microsofts own site. The actually have links themselves to Ad-Aware etc...so they know that there software isnt perfect. Hackers love big new targets, so I would imagine Vista will be a bullseye at first, just like XP. Be careful not to be overconfident with unix/linux/apple or whatever...they are great OS's but hackers have had a field day with them lately as well.

Hi justMarkhere Welcome to SAF. Yes we do have a great place here, so stop back when you can.

Lorraine

link not working

SpywareGuard: http://www.javacoolsoftware.com/sgdownload.html
SpywareBlaster: http://www.javacoolsoftware.com/sbdownload.html

Link now working

Chris

7) Get you a anti-virus software.
Download free AVG anti virus software. http://www.grisoft.com


on the site it says its a 30 days free trial, wat do u do after the 30 days?

Hi Omario

That's a free Trial Version You can use it free for 30 days, then if you want to keep it, you have to buy it. I don't think VGA has a free version any more..they only have free support for free AVG Anti-Virus Free Edition 7.1 through February 18,

Lorraine

I found this Link, it does have free versions...VGA

Thanks for the link,
downloading now

Nice list! Thanks for it

The only guaranteed way to remove viruses is to reformat and reinstall windows. However there are two things you can try. First reboot and tap the F8 key then select Safe Mode With Networking. Start Internet Explorer, search for Bitdefender Online Scan and run it.


________________
Mark Sullivan

Jamesfranklin: Sorry to contradict you, but in the vast majority of cases there is no need to wipe the hard drive. Look at our Malware forum. SAFs experts there have, never in my memory, had to tell a poster to reformat. Even the utlimate poison of infections, Root Kits (are you listening, Sony Corp.?), now in many cases can be removed safely. There are some that require reformat, that is true, but in the statistical scheme of things that is a rare item.

yep...very rare to need to wipe and reinstall. in the cases that do need to be wiped a simple format often isn't enough. they need low level format i.e. wiped with 0's.