Spyware in Internet Explorer 6

Spyware in Internet Explorer 6
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Spyware in Internet Explorer 6 Merv 11-16-2005
Posted by =?Utf-8?B?TWVydg==?= on November 16, 2005, 3:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
For the past two days I cannot access my Home page. Instead a message
entitled VIRUS INFECTION with a moving cockroach fills the screen telling me
I'm infected by spyware and offers to sell me SPYWARE WIZARD. SPYBOT Search
and Destroy runs nightly on my computer as well as NAV and show no spyware. I
have also run ADAWARE with the same result I have deleted all temporary
internet files and all cookies Yet I cannot prevent this message coming up
whenever I try to access my Home page or any home page. How can I delete this
message permanently? Also aside from the annoyance does it represent any
more serious threat to my system security? Thanks for your assistance.

Posted by David H. Lipman on November 16, 2005, 3:59 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| For the past two days I cannot access my Home page. Instead a message
| entitled VIRUS INFECTION with a moving cockroach fills the screen telling me
| I'm infected by spyware and offers to sell me SPYWARE WIZARD. SPYBOT Search
| and Destroy runs nightly on my computer as well as NAV and show no spyware. I
| have also run ADAWARE with the same result I have deleted all temporary
| internet files and all cookies Yet I cannot prevent this message coming up
| whenever I try to access my Home page or any home page. How can I delete this
| message permanently? Also aside from the annoyance does it represent any
| more serious threat to my system security? Thanks for your assistance.

Is that Ad-aware SE v1.06 and SpyBot Search and Destroy v1.4 ?

If not, remove the old version and install the new version.
* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

* SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser
Helper Objects
that may be on the PC.

* BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one
Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.
It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus
Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Phil Weldon on November 16, 2005, 4:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
What you have is most likely adware for a 'rogue' anti-spyware application
(see http://www.spywarewarrior.com/rogue_anti-spyware.htm )
that is trying to persuade you to buy the product. Have you ever visited
the spywarewizard.com site? "Spyware Wizard' is on the suspect list.

And, as David H. Lipman asked, are you using the most up-to-date version of
Adaware with the most recent definitions? David's suggestions are always
good, but the simplest and first step you use from his list should be the
LavaSoft AdAware suggestion. Then, while you are at it, is is always good
to check for other malware that may have crept in.

Phil Weldon


| For the past two days I cannot access my Home page. Instead a message
| entitled VIRUS INFECTION with a moving cockroach fills the screen telling
me
| I'm infected by spyware and offers to sell me SPYWARE WIZARD. SPYBOT
Search
| and Destroy runs nightly on my computer as well as NAV and show no
spyware. I
| have also run ADAWARE with the same result I have deleted all temporary
| internet files and all cookies Yet I cannot prevent this message coming up
| whenever I try to access my Home page or any home page. How can I delete
this
| message permanently? Also aside from the annoyance does it represent any
| more serious threat to my system security? Thanks for your assistance.



Posted by karl levinson, mvp on November 17, 2005, 7:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
In addition to the other advice, such as spybot search & destroy or
ad-aware, I would suggest that your system may very well be missing
important patches. Go to http://windowsupdate.microsoft.com to be sure you
are up to date. If running Windows 2000 or XP, enable the Automatic Updates
service and make sure you are running either Windows Service Pack 4, or XP
Service pack 2 or [less secure] SP 1.

Keep in mind that not everything spybot and ad-aware finds is necessarily
something to freak out about. Registry values in most cases are no big
deal. Spyware usually does not mean keystroke logger or virus and the two
shouldn't be confused.


> For the past two days I cannot access my Home page. Instead a message
> entitled VIRUS INFECTION with a moving cockroach fills the screen telling
> me
> I'm infected by spyware and offers to sell me SPYWARE WIZARD. SPYBOT
> Search
> and Destroy runs nightly on my computer as well as NAV and show no
> spyware. I
> have also run ADAWARE with the same result I have deleted all temporary
> internet files and all cookies Yet I cannot prevent this message coming up
> whenever I try to access my Home page or any home page. How can I delete
> this
> message permanently? Also aside from the annoyance does it represent any
> more serious threat to my system security? Thanks for your assistance.



Similar ThreadsPosted
help cant run internet explorer... October 21, 2006, 7:24 am
Re: Internet Explorer 7 Released December 19, 2006, 5:56 pm
RE: Internet Explorer 7 Released December 19, 2006, 11:29 pm
Internet Explorer Hijack September 20, 2007, 9:19 am
Internet Explorer Vulnerability Problematic September 21, 2006, 5:24 am
Virus- launches Internet Explorer September 27, 2008, 1:30 pm
help! Internet Explorer ignoring my HOSTS file July 25, 2005, 2:26 pm
All Internet Explorer searches are redirected to morwillsearch.com December 15, 2005, 4:15 pm
Trojan found; Internet Explorer shuts down May 10, 2006, 11:28 am
July 27th - Internet explorer closing down July 27, 2006, 5:22 pm

The site map in XML format XML site map

Contact Us | Privacy Policy