Hello jabuck

I'm posting a message in a new thread as you suggested.

I don't know if you need me to go over what the problem is again.

Let me know what you need and I'll post it.

Many thanks

David :-)

Is there a private message thing on this forum?

Yes there is a private message tool.Click "privite message" at the bottom right of my response post or click "my computing.net" on the left of the page and scroll to the bottom of the page.

And yes go over the problem again.

It won't let me send you a private message because I started the thread :-S

Apparently the only way I can send you a private message is for you to start a new thread and I can private message you from there.

The problem I'm having is that I was notified that Trojan Horse had appeared on my PC.

I placed it quarantine and did a number of scans on the PC e.g. ewido etc.

I ran Skybot in safe mode. I've ran MS antispyware as well and also ccleaner if I remember correctly and some other stuff too.

I ran HijackThis as well and have a record of the log.

Let me know if you need anything else.

Many thanks

David :-)

If you go to "My Computing Net" the PM feature is at the bottom of the page. You then simply head the message jabuck (case sensitive) and he will get it.

Having said that, this is a forum and we all like to benefit from what is going on. May I request that at least a summary is put on here. PM's are not intended as a substitute for posting problems the normal way.

DerekW

Thanks Derek, Ok d712 first things first.Several spyware protection programs feature "real time protecion" that works like an antivirus but must be turned off to let some of the removal tools work.Spybot and MS Antispyware have this function so follow the directions at the following link to turns them off.http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs

NextRun this free online scan from Panda

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it

Set up Ewido this way Ewido Setup Instructions reboot into Safe Mode and run Ewido

When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.

Please reboot into normal mode and post the ewido and the Panda log.

I will do that stuff sorry I haven't been able to, been busy.

Its late where I am (UK) and I'm off to bed soon. I'll try and do the stuff you suggest tomorrow.

Many thanks for your advice, I do appreciate it :-)

David

Hi

I've followed the instructions on Spybot but Resident Teatimer wasn't checked anyway... so there weren't any prompts.

After restarting will I need to switch back to default mode or do I keep it in advanced mode?

I've restarted the computer after following the instructions for spybot.

No messages came up or anything so I'm not sure if thats OK.

As the link is for TEMPORARILY disabling programs will I have to go back later and re-set it or do I leave it?

Thanks

P.S. I'm unsure of what I'm doing so I will be posting questions on this thread. I'll limit my posts to this thread instead of any others.

If there is any issue with my posts PLEASE let me know and warn me before deleting them.

If I break any rules it is out of inexperience rather than malice. I do need people's advice and appreciate it very much which is why I need it to be kept on the site and not deleted.

Thanks

I've followed the advice for MS Antispyware.

On ewido realtime protection was set to inactive anyway.

I don't know if thats because I have a 14 day trial.

I've gone into start\programs but can't see any of the other programs listed on

http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs

Please let me know if thers anything else I need to do.

Thanks

David

P.S. I'll reboot and try the Panda scan that jabuck suggested in response 5.

The Panda scan came up with no issues raised.

I remember now that I did the Panda scan a few days ago.

I already have ewido on the computer when I installed it a few days back on a 14 day trial.

I'll run that in safe mode now.

Thanks

David

Hello

This is the ewido report. It highlighted 7 things:

ewido security suite - Scan report

+ Created on: 21:38:29, 15/11/2005
+ Report-Checksum: DC911343

+ Scan result:

C:\Documents and Settings\David\Cookies\david@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup

C:\Documents and Settings\David\Cookies\david@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\David_2\Cookies\david_2@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup

C:\Documents and Settings\David_2\Cookies\david_2@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup

C:\Documents and Settings\David_2\Cookies\david_2@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\David_2\Cookies\david_2@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup

C:\Documents and Settings\David_2\Cookies\david_2@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup

::Report End

Apologies if this is a breach of any rules.

I'm not sure where warnings are posted on here so if you need to warn me can you do so in this thread?

Thanks

David

Looks like cookies to me David. I believe Spybot picked up the dialer for you. You might run that to see what it finds.

d712

Re #12. Your doing fine (the rules are not that bad)
but if you want some bedtime reading here's a link:
COMP NET RULES

They are in Home/Help and if JW is watching I think there's a case for making them more prominent.

DerekW

Hello

I've just run Spybot but it wasn't in safe mode. There were two problems that were highlighted:

Avenue A, Inc.: Tracking cookie (Internet Explorer: David)
Internet Explorer David): Cookie:david@atdmt.com/ ()

MediaPlex: Tracking cookie (Internet Explorer: David)
Internet Explorer David): Cookie:david@mediaplex.com/ ()

Both the problems were fixed.

Should I have run spybot in safe mode?

Thanks

David

I've run Spybot in safe mode and no problems were highlighted.

Should I run HijackThis now?

Also in order to go into safe mode, I went into start\run\msconfig and chose the BOOT.INI tab etc.

Now that I'm out of safe mode should I go into normal startup or selective startup in the General tab?

Also will I need to do anything to reverse the instructions I followed on this link

http://wiki.castlecops.com/Securing_Your_Computer:_Temporarily_Disable_Real_Time_Monitoring_Programs

as suggested in response number 1?

Many thanks

David

Yes,go back to msconfig and set it to normal mode and return the real time protection to your anti spyware.Restarting the computer will reset some of them the others you'll have to do it manually.

Purge System Restore by shutting it down and restarting it.

Then to create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.