Please help...security question!

TheMSsForum.com: The Microsoft Software Forum

Hi -

I am hoping someone can help me! I have been using my
Windows 98 computer fine for quite some time. In the
last 2 days when I access the internet, my Home page gets
changed to www.tooncomics.com everytime I restart - even
though I change it back every time and my Favorites menu
gets loaded with several links to this website as well.
I have run ad-aware from lavasoft and housecall from
trendmicro to clean this up and it is still happening. I
don't know how to find the program that is
loading/changing this information. Any help greatly
appreciated!
Top

Re: Please help...security question! by Galen

Galen
Sun Oct 19 01:19:31 CDT 2003

In news:036201c395e6$b8b08a20$a101280a@phx.gbl,
Frustrated in PA <anonymous@discussions.microsoft.com> had this to say:

> Hi -
>
> I am hoping someone can help me! I have been using my
> Windows 98 computer fine for quite some time. In the
> last 2 days when I access the internet, my Home page gets
> changed to www.tooncomics.com everytime I restart - even
> though I change it back every time and my Favorites menu
> gets loaded with several links to this website as well.
> I have run ad-aware from lavasoft and housecall from
> trendmicro to clean this up and it is still happening. I
> don't know how to find the program that is
> loading/changing this information. Any help greatly
> appreciated!

ToonComics is cleaned easily with AdAware which you can get here:

Ad-aware - Download.com - Free downloads, shareware, and more.:
http://download.com.com/3000-2094-10045910.html?legacy=cnet

--
Galen Gregory MS MVP Shell/User
Contact: galen_gregory (at) hotmail.com
Put [read] in the topic or it will NEVER be seen.



Top

Re: Please help...security question! by YoKenny

YoKenny
Sun Oct 19 01:26:41 CDT 2003

Frustrated in PA wrote:
> Hi -
>
> I am hoping someone can help me! I have been using my
> Windows 98 computer fine for quite some time. In the
> last 2 days when I access the internet, my Home page gets
> changed to www.tooncomics.com everytime I restart - even
> though I change it back every time and my Favorites menu
> gets loaded with several links to this website as well.
> I have run ad-aware from lavasoft and housecall from
> trendmicro to clean this up and it is still happening. I
> don't know how to find the program that is
> loading/changing this information. Any help greatly
> appreciated!

Looks like another new CoolWebSearch browser hijacker parasite.
http://forums.spywareinfo.com/index.php?showtopic=14174 documentation
http://www.spywareinfo.com/~merijn/cwschronicles.html information





Top

Re: Please help...security question! by Christopher

Christopher
Sun Oct 19 16:55:57 CDT 2003

"Galen Gregory" <galen_gregory@hotmail.com> wrote in message
news:uraP2jglDHA.2772@TK2MSFTNGP12.phx.gbl...
> In news:036201c395e6$b8b08a20$a101280a@phx.gbl,
> Frustrated in PA <anonymous@discussions.microsoft.com> had this to say:
> > I have run ad-aware from lavasoft and housecall from
> ToonComics is cleaned easily with AdAware

Apparently not this version. Frustrated in PA, first make sure you've gone
through the "Check for updates now" process right above the "-> start"
button in Ad-Aware. The most recent reference file is from today, 19 October
2003.

I find that running both Ad-Aware and Spybot Search & Destroy (
http://security.kolla.de ) will catch most any spy/adware, if both are
updated regularly. If Ad-Aware still doesn't catch it after the update,
Spybot takes about 11MB installed, and is well worth the download for a
number of other included utilities.

YoKenny seems to have covered this specific infection well enough, at least
after skimming over all the process lists. Hopefully these two programs will
help you keep clean thereafter. I run Proxomitron to help prevent infection
in the first place, but it's more trouble than I'd recommend, and I believe
there are easier solutions already posted in this group.


Good luck,
Chris Hance


Top

Re: Please help...security question! by Galen

Galen
Sun Oct 19 19:53:33 CDT 2003

I don't suppose you'd have any idea where this happened? I'd be interested
in infecting a local machine and then pulling it off-line to see if there's
a way to create either a VBScript or a fake-installer to remove this. I
browsed around with an ME box about an hour ago and found not one hide of
anything - without a firewall running and with full script permissions
allowed.

--
Galen Gregory MS MVP Shell/User
Contact: galen_gregory (at) hotmail.com
Put [read] in the topic or it will NEVER be seen.


"Christopher Hance" <chanceslost@programmer.net> wrote in message
news:%23ArQLyolDHA.1884@TK2MSFTNGP09.phx.gbl...
> "Galen Gregory" <galen_gregory@hotmail.com> wrote in message
> news:uraP2jglDHA.2772@TK2MSFTNGP12.phx.gbl...
> > In news:036201c395e6$b8b08a20$a101280a@phx.gbl,
> > Frustrated in PA <anonymous@discussions.microsoft.com> had this to say:
> > > I have run ad-aware from lavasoft and housecall from
> > ToonComics is cleaned easily with AdAware
>
> Apparently not this version. Frustrated in PA, first make sure you've gone
> through the "Check for updates now" process right above the "-> start"
> button in Ad-Aware. The most recent reference file is from today, 19
October
> 2003.
>
> I find that running both Ad-Aware and Spybot Search & Destroy (
> http://security.kolla.de ) will catch most any spy/adware, if both are
> updated regularly. If Ad-Aware still doesn't catch it after the update,
> Spybot takes about 11MB installed, and is well worth the download for a
> number of other included utilities.
>
> YoKenny seems to have covered this specific infection well enough, at
least
> after skimming over all the process lists. Hopefully these two programs
will
> help you keep clean thereafter. I run Proxomitron to help prevent
infection
> in the first place, but it's more trouble than I'd recommend, and I
believe
> there are easier solutions already posted in this group.
>
>
> Good luck,
> Chris Hance
>
>


Top

Re: Please help...security question! by alun

alun
Mon Nov 03 07:50:03 CST 2003

In article <#9EUVSqlDHA.2068@TK2MSFTNGP09.phx.gbl>, "Galen Gregory" <galen_gregory@hotmail.com> wrote:
>I don't suppose you'd have any idea where this happened? I'd be interested
>in infecting a local machine and then pulling it off-line to see if there's
>a way to create either a VBScript or a fake-installer to remove this. I
>browsed around with an ME box about an hour ago and found not one hide of
>anything - without a firewall running and with full script permissions
>allowed.

That's a good indication of a truly dishonest organisation behind this
program - people who got it, don't want it, and don't seem to remember
where they got it; people who want it, can't find it.

As irritating as Gator may be, for instance, you _can_ find their web site,
and they _do_ offer removal instructions. [Whether you trust an adware
company or not, of course, is up for debate; as is whether the Gator
removal process is complete and trustworthy.]

I've long advocated that the best method to stop popups is to complain to
the site that hosts the adverts, and then to stop visiting that site unless
they let you know that the popups are gone (I know I've complained many
times about the flashing "Winner" banner that seems to trigger my
migraines). If we can find out who's hosting the adware, and complain to
them, maybe we can stop them. Is there an "adware blocker"? Or a program
that advises you that you're about to visit a site that wants to install
adware, and offers you the chance not to?

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Top