Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I googled "hijackthis download" and every site i got came up This page cannot be displayed. However Im writing here and i just checked my email, regular surfing, and none of that. Anyone know whats up?
Try this website http://www.spywareinfo.com/downloads.php?cat=sp#det The folks at spywareinfo can assit you with your log, and there is no restrictions about posting the log there. HTH
0 
Try this: dial down to "HiJack This zipped"http://www.spywareinfo.com/~merijn/downloads.html
Give a man a fish and you feed him for a day;
Teach a man to fish and you feed him for a lifetime;
Then industry pollutes the water and kills all the fish....
0
hey ESKILED,
Tuf's link worked for me.
In fact, I'm downloading v1.98 as we speak.
Not sure what the hang up is on your end.
You might check your hosts file and see if there's anything creepy hiding in there.
If you've used SpyBot's Hosts File add-on then you will unfortunately see many, many sites directed to 127.0.0.1. (which is a good thing).
That will just make it harder to find the "good sites" that might have been redirected.
If you've never modified your hosts file and you see lots of secruity and related sites directed to 127.0.0.1, then yes you have a little problem on your hands.
Let us know how you come out.
GOOD LUCK!
AOSCLAY
PEBKAC
0
eskiled, This is just a possibility but look at your hosts file (no extension) and see if anything other then what's shown below between the lines. The hosts file (no extension) is located in the C:\Windows\System32\drivers\etc directory (folder). When you find it right click it and choose open with Notepad. Make a copy of it and post back with the copy of your hosts file. Do Not make any changes yet. Below between the lines is what the generic hosts file for Windows XP looks like.
____________________________________________# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host127.0.0.1 localhost
____________________________________________
There are some viruses/trojans that alter the hosts file so that you can't update your AV Program or reach any AV web sites or Spyware Removal sites.
Tufenuf
0
I go to all the trouble of writing an elaborate response about the hosts file and I look up and see that TufEnuf's faster on the keyboard. He has FINGERS OF FLAME!
:)
Oh, well, so I will simplify.
Okay, ESKILED,
using what Tuf's explained to you, understand that any address directed to 127.0.0.1 will be unavailable. 127.0.0.1 is actually the computer you are sitting at.
Some anti-spyware utilities use this to keep you away from known "bad sites."
Some viruses and worms use this to block access to security sites.
Yee-Haw.
GOOD LUCK!
AOSCLAY
Monkies Can't Do This
0
127.0.0.0 localhost
127.0.0.1 and.doxdesk.com
127.0.0.2 auditmypc.com
127.0.0.3 boards.cexx.org
127.0.0.4 bulletproofsoft.net
127.0.0.5 camtech2000.net
127.0.0.6 cexx.org
127.0.0.7 computercops.us
127.0.0.8 ct7support.com
127.0.0.9 doxdesk.com
127.0.0.10 eblocs.com
127.0.0.11 enigmasoftwaregroup.com
127.0.0.12 forum.aumha.org
127.0.0.13 free-spyware-scan.com
127.0.0.14 free-web-browsers.com
127.0.0.15 grc.com
127.0.0.16 grisoft.com
127.0.0.17 hackfaq.org
127.0.0.18 hazeleger.net
127.0.0.19 javacoolsoftware.com
127.0.0.20 kellys-korner-xp.com
127.0.0.21 kephyr.com
127.0.0.22 lavasoft.de
127.0.0.23 lavasoftusa.com
127.0.0.24 lurkhere.com
127.0.0.25 majorgeeks.com
127.0.0.26 merijn.org
127.0.0.27 mjc1.com
127.0.0.28 moosoft.com
127.0.0.29 mvps.org
127.0.0.30 net-integration.net
127.0.0.31 noadware.net
127.0.0.32 no-spybot.com
127.0.0.33 onlinepcfix.com
127.0.0.34 pchell.com
127.0.0.35 pestpatrol.com
127.0.0.36 safer-networking.org
127.0.0.37 secure.spykiller.com
127.0.0.38 secureie.com
127.0.0.39 security.kolla.de
127.0.0.40 spybot.info
127.0.0.41 spychecker.com
127.0.0.42 spychecker.com
127.0.0.43 spycop.com
127.0.0.44 spyguard.com
127.0.0.45 spykiller.com
127.0.0.46 spyware.co.uk
127.0.0.47 spyware-cop.com
127.0.0.48 spywareinfo.com
127.0.0.49 spywarenuker.com
127.0.0.50 spywareremove.com
127.0.0.51 spywareremove.com
127.0.0.52 stopzillapro.com
127.0.0.53 sunbelt-software.com
127.0.0.54 thiefware.com
127.0.0.55 tomcoyote.org
127.0.0.56 unwantedlinks.com
127.0.0.57 webattack.com
127.0.0.58 wilders.org
127.0.0.59 www.auditmypc.com
127.0.0.60 www.bulletproofsoft.net
127.0.0.61 www.cexx.org
127.0.0.62 www.computercops.us
127.0.0.63 www.ct7support.com
127.0.0.64 www.doxdesk.com
127.0.0.65 www.eblocs.com
127.0.0.66 www.enigmasoftwaregroup.com
127.0.0.67 www.free-spyware-scan.com
127.0.0.68 www.free-web-browsers.com
127.0.0.69 www.grc.com
127.0.0.70 www.grisoft.com
127.0.0.71 www.hackfaq.org
127.0.0.72 www.hazeleger.net
127.0.0.73 www.javacoolsoftware.com
127.0.0.74 www.kellys-korner-xp.com
127.0.0.75 www.kephyr.com
127.0.0.76 www.lavasoft.de
127.0.0.77 www.lavasoftusa.com
127.0.0.78 www.lurkhere.com
127.0.0.79 www.majorgeeks.com
127.0.0.80 www.merijn.org
127.0.0.81 www.mjc1.com
127.0.0.82 www.moosoft.com
127.0.0.83 www.mvps.org
127.0.0.84 www.net-integration.net
127.0.0.85 www.noadware.net
127.0.0.86 www.no-spybot.com
127.0.0.87 www.onlinepcfix.com
127.0.0.88 www.pchell.com
127.0.0.89 www.pestpatrol.com
127.0.0.90 www.safer-networking.org
127.0.0.91 www.secureie.com
127.0.0.92 www.security.kolla.de
127.0.0.93 www.spybot.info
127.0.0.94 www.spychecker.com
127.0.0.95 www.spychecker.com
127.0.0.96 www.spycop.com
127.0.0.97 www.spyguard.com
127.0.0.98 www.spykiller.com
127.0.0.99 www.spyware.co.uk
127.0.0.100 www.spyware-cop.com
127.0.0.101 www.spywareinfo.com
127.0.0.102 www.spywarenuker.com
127.0.0.103 www.spywareremove.com
127.0.0.104 www.spywareremove.com
127.0.0.105 www.stopzillapro.com
127.0.0.106 www.sunbelt-software.com
127.0.0.107 www.thiefware.com
127.0.0.108 www.tomcoyote.org
127.0.0.109 www.unwantedlinks.com
127.0.0.110 www.webattack.com
127.0.0.111 www.wilders.org
0
wait i tihnk i get it so
127.0.0.26 merijn.org
shou8ld be there (thats the hijackthis download page i believe) and because it is i get page cant be displayed?
Dont worry havent done anything yet...
0
eskiled, Remove everything below 127.0.0.1 localhost so that your hosts file looks like the one I posted in my Response Number 8. After you remove all those other entries and close Notepad save the changes. That first entry "127.0.0.0 localhost" are you sure it isn't "127.0.0.1 localhost"? If it is "127.0.0.0" and you don't have "127.0.0.1 localhost" leave it there.
That's the reason you can't get to any of those sites.
Tufenuf
0
yes im sure i copied it directly from the notepad, and i just checked again and its right? So i should delete everything below "0 localhost" or below "1 and.doxdesk.com"???Thanks...
0
eskiled, Please post the entire hosts file(the whole thing) before I can tell you what to remove. Your hosts file should look exactly like the one I posted in my Response Number 8 when you're done removing the bad entries. I'll be here for a little while yet and we'll get this corrected.
Tufenuf
0
eskiled,
Or, since you're pretty much ditching the hosts file anyway. Re-name it "HOSTS.old" If for some reason, (program of some kind) you need that hosts. You can re-name it back, to just "HOSTS" Unlikely, but you never know, with networks, work computers ;-), ect.
Just an opinion
CrazyOne
p.s. If this is a work computer, shhh, I didn't say that ;-) That also goes for parents computers. Later :-)
0
Hey ESKILED,
This is the bad news...Even if you remove those entries in your hosts file, whatever parasite put them there is likely to recreate them everytime you reboot so long as its still "alive".
I'm not sure what bug is the cause of this modification. Versions of Gaobot (a worm) do this, but target a different list of sites. Your "blocked" sites are very spyware/adware specific and less "anti-virus" oriented.
Interesting...
You even have sites that aren't security sites at all but commonly offer the download of anti-spyware products. Nice list you have there.
FEEL FREE TO POST YOUR HIJACK THIS LOG (if you have some version of it already). I'd be interested in seeing it.
If you don't have Hijack This because you can't get to it, do the following:
Delete those offending entries, save the changes, and go download Hijack This before you reboot.
Removing those entries should hold until your next reboot. Or they may not come back at all (but I doubt it).
Good luck.
Feel free to post your log!
AOSCLAY
PEBKAC
0
Hey ESKILED,
PS:
And yes, to simplify things, you can rename your hosts file to
hosts.old
as CrazyOne suggested.
It won't hurt anything and you can change it back when you're done. This might be the easiest tempory fix just to get you going.
Let us know
GOOD LUCK!
AOSCLAY
PEBKAC
0
aosclay, I wish I knew if he had the normal, generic Windows XP items above the entries he posted. If he does he would only have to delete what's below 127.0.0.1 localhost, save the changes, close notepad then right click the hosts file, choose Properties and mark it "read only". This would prevent whatever malware has changed it from changing it again. He could then get to those sites and download spyware rmoval programs, HijackThis etc. Hopefully we'll be able to get his problems corrected.
Tufenuf
0
Tufenuf,
If this person/program/nastie, modified their "HOSTS.SAM" file. By dropping the extension, and adding the entries. Then yes, they would have those entries you listed. But, if a completely new "HOSTS" file was made, they wouldn't be there. Just an observation.
Yes, to what you said about the hosts file. But, things don't always work, as planned sometimes.
CrazyOne
p.s. Yes AOSCLAY, those problems, can be a hard one to figure *the sig*
0
there are few people on this earth that know what PEBKAC means...
:)
AOSCLAY
This is harder than it looks
0
Below is the HiJackThis log and I already posted the FULL hosts file. Thanks for your support so far :)!
Logfile of HijackThi v1.98.0
Scan saved at 7:38:25 PM, on 7/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\interMute\PopSubtract\PopSub.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://broadband.zoomtown.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [LimeShop] C:\Program Files\LimeShop\LimeShoprun.exe /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\interMute\PopSubtract\PopSub.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_7947.dll' missing
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_42.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08f59260b05ae2e40119/netzip/RdxIE601.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cabSo what does all that mean?
0
"there are few people on this earth that know what PEBKAC means..."
Problem Exists Between Keyboard And Chair.
Had to answer.eskiled
These are bad and can be prevented with SpywareBlaster.
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
iSearch Toolbar
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08f59260b05ae2e40119/netzip/RdxIE601.cab
Netster
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
MediaTickets InstallerAre you now able to download antispyware tools?
Download Ad-Aware and update it.
http://www.lavasoftusa.com/support/download/From lavasoft faqs.
Use the Custom Scan with Memory and Both registry scans ON for your first scan.
I keep it at that setting.Also.... make sure that you activate IN-DEPTH scanning before you proceed.
Actually you should always use IN-DEPTH scanning whichever mode you choose.
This will be made a default setting in Ad-aware 6.2 when released.Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
"Let Windows remove files in use after reboot."
Next...
Run Ad-aware 6.Mark the objects you wish to eliminate for removal. All of them.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose to Next to remove the chosen objects.
Finally.....Reboot
Online scan, set it to auto clean.
http://www.ravantivirus.com/scan/
0
PEBKAC - heh - (I had been wondering)
We have nothing against ideas. We're against people spreading them. - General Augusto Pinochet of Chile
0
There is another method of getting HijackThis. It worked for me, it may work for you. Do a Google search for "hijackthis" and clicked on "Cached" next to the URL of the page, listed under the description (In this case, the URL is www.spywareinfo.com/~merijn/downloads.html). This will take you to Google's cache of the page. Scroll down until you see the "Official Downloads" list. The second entry is HijackThis. Currently, there are several mirrors for HijackThis listed below the general app info. I used the ComputerCops mirror which works just fine. Obviously, the SpywareInfo mirror seems to be down.
0  |
 Anyone using Spy Sweeper?
|
how to block a site
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
