Guin:
Yes, indeed you can. In fact, you should.
When you run HijackThis it will generate a logfile, nothing more or less. As I said, copy the logfile and then post it.
DO NOT “FIX” ANYTHING UNTIL YOUR LOGFILE HAS BEEN INSPECTED.
I don’t know anything about virus-infected HijackThis zips, but if you haven’t already downloaded the file, then I recommend downloading from Dr. Derth’s site rather than the one I posted earlier, just to be on the safe side.
Okay, it’s been posted on the board, log is saved. Hopefully, it won’t require a ton of messing around.
I would just like to find out who creates these programs, or who’s in charge of them, or whatever. Then I would attach mouse traps to their fingers and toes, strap them into the most uncomfortable chair I could find, and force them to watch endless reruns of “Everybody Loves Raymond.”
I assume you’ve registered as longob.
I’m certainly no expert at analyzing these HijackThis files but it seems quite long to me (very many running processes) with some suspicious stuff in your WINNIT directory (like, for example, “hidserv.exe”?)
Let’s see what the experts have to say.
No, Guinastasia. My thread is here.
All of my Win XP folks are limited users. It’s the Win 98 machines that have problems with pops. Are you guys with big time problems running Win XP as an adinistrator?
Hmm. Should we set up an Admin account, and then disable Admin for all of the other users on the system?
I keep two admin accounts (ADMINISTRATOR and ADMIN) in case one gets screwed up. Run limited users for other accounts and only use administrative accounts to install programs or effect repairs.
For what it’s worth, here are a few more weapons you can add to your anti-spyware arsenal:
First, there’s Process Explorer by Sysinternals: It’s like a better version of Task Manager. It lets you look at every process running, including those Task Manager hides from you, and for each process it lets you see the full name, location, and manufacturer, as well as any files or registry keys that the program is using. It even lets you kill processes that Task Manager doesn’t want you to kill.
Another one I just found out about today is “FileMon” by the same company. It lets you see every file access on your computer in real time. It gets a bit confusing because background tasks like explorer.exe are reading and writing sometimes as many as a hundred times a second, so it’s easy to get lost. But it does apparently let you do filters so that you only get what you want to see, and it can highlight specific programs. I don’t have any spyware on this computer (hooray!), but I’m sure if I did it would stick out like a sore thumb with this thing. It doesn’t seem to track accesses to the registry, however.
For the popup’s have you tried disabling windows messenger service ?
Steve Gibson at http://www.grc.com/freepopular.htm has some handy little free utilities. Grab Shoot the Messenger and give it a try.
Control Panel
Administrative Tools
Services
Click on Messenger
Stop and disable it.
I got spam when I’d had a new PC connected to the net for less than a minute.
What is windows messenger service? I went in to disable it, and it said if disabled, it could ruin something that needed it.
Grrrr…I just want to get RID of these IE pop-ups! It kills me the amount of spyware programs we download, and it STILL sneaks in!!!
Another gizmo that is way cool is Crap Cleaner. It puts an icon on your desktop, you click it and it takes about 1 second to run. It cleans out all the crap from your system (temp files, history etc).
Guin, it sounds like you might have VX2. If so, then you need to get proper help to remove it (from the guys on the forum you’ve posted on). VX2 is extremely nasty and difficult to remove. CWS is a walk in the park next to VX2.
Also, as I’ve discovered when I got an infestation a couple of weeks ago, spyware is more than just irritating - it’s positively dangerous. There are keyloggers that log every single key you type and thus can find out credit card details, passwords etc. If you have put your credit card number into your computer since you got infected you might want to contact your bank to check everything’s ok.
From reading around on this subject I think there has been an increase in this stuff over the last two or three months (I’ve noticed a lot of threads here about it recently). Also it seems that even Firefox may be about to come under attack this year - as a result of it’s own increasing popularity:
http://news.com.com/Spyware+takes+aim+at+Mozilla+browsers/2100-7349_3-5569635.html
I’m no tech weenie but as I understand it wms in a network messaging thing built into windows so folks on a network can send bullshit back and forth. The port it operates thru is now open on your machine and that is where the popup crap is sneaking in from the net…it has nothing to do with spyware and shit stirring cookies.
I’ve disabled it on both of my windows machines and poof!!! those annoying popups are gone. Listen, to to grc.com and read Steve Gibsons blurb on wms, then download killthemessenger and be done with it. It works…really!!
Chris
Yep, the spyware log from Microsoft said Vx2. Oh shit, I hope this doesn’t mean a reformat.
I really, REALLY do not need this shit. Dammit!!!
Yes. Instant Messaging over a local area network.
It isn’t the pop up that you are annoyed by; it is a normal looking window with text.
Windows ships with it disable now, BTW.
Guin,
you can try posting your hijackthis log in GQ, you might get a quicker response than over on the other forum. I did that and Number helped me get rid of CWS - he seemed to know what he was doing.
I googled VX2 and here are removal instructions:
You might want adult supervision editing the registry.
Thanks-will do.
sigh
Absolutely-I do NOT feel comfortable mucking around in my registry!
Thanks so much, people.
And remember, Kids, “Automatic Updates” is your friend.
