PA
Tue Feb 08 09:26:27 CST 2005
Assuming AVG7 is running with up-to-date definitions, it sounds like you're
affected by hijackware, Looker.
Did you have MS AntiSpyware "fix" anything?
Dealing with Trojans & Hijackware
A. Removing Trojans and Trojanware with Sysclean
Create a new folder named Sysclean (e.g., C:\Program files\Sysclean or just
a desktop folder). Download 'Sysclean.com' from
http://www.trendmicro.com/download/dcs.asp to this folder. Download the
latest 'Controlled Pattern Release' (not 'Official Pattern Release') zip
file (e.g., lpt123.zip) from
http://www.trendmicro.com/download/pattern.asp
and extract its contents to the same folder. See the Readme text file for
instructions.
Delete Temporary Internet Files (IE Tools>Internet Options>General)
accepting the option to delete all offline content. Reboot and delete
contents of TEMP folders and Recycle Bin.
Close all running programs including your anti-virus application, go
offline, and run Sysclean. For best results, do nothing with the machine
until the scan completes.
WinXP only: If the scan shows any infections in System Restore files:
(1) create a new Restore Point (Start>Programs>Accessories>System
Tools>System Restore), then
(2) delete all but the most recent Restore Point
(Start>Programs>Accessories>System Tools>Disk Cleanup>More options [tab]).
Afterwards, update your own anti-virus application and perform another full
system scan.
B. Hijackware
Help with Hijackware (all are MS MVP sites)
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
Run the following tools in this order with nothing else running in
background:
1. CWShredder v2.13 (no updates available currently; choose Fix, not Scan)
2. Ad-Aware SE (Reconfigure per
http://aumha.org/forum/viewtopic.php?t=5877;
Fix all found)
3. Spybot (RTFM; Immunize first and then scan; Generally, fix everything in
red)
Important: You must seek updates for Ad-Aware, Spybot, etc., before each and
every use, even "right out of the box". But even they can't catch
everything, 24/7.
When all else fails, HijackThis
(
http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to
http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]
So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
Looker wrote:
> AVG 7.0.300 Its the free version.
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:%2359fxeZDFHA.3368@TK2MSFTNGP10.phx.gbl...
>> What version of AVG are you using?
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE) & Security
>>
>> Looker wrote:
>>> I just performed a fresh install of Windows XP w/sp2. I ran the computer
>>> for about a week using Zone alarm and AVG antivirus. I installed windows
>>> anti-spyware beta and now the windows security keeps turning off its
>>> firewall. It also wont recognize AVG or Zonealarm. Any one else have
>>> this
>>> problem. Know how to fix it.
>>> TIA.
>>> al...