graysky Posted December 23, 2004 Share Posted December 23, 2004 I always use Mozilla for browsing, and every now and then I'll use windows update via IE. Anyway, internet explorer seems to have new button bars on it now. I ran both Spybot and Adware and neither of them found anything wrong. Can someone tell me by these screenshots what I'm infected with and how to remove it?Thanks. BTW, the button bars are under eachother such that if you click on one, the other will appear. If you click any button on one, a registration box pops up. God, I hate IE.Thanks! Link to comment Share on other sites More sharing options...
red_house Posted December 23, 2004 Share Posted December 23, 2004 The first thing to do is to look in Add/Remove Programs to see if they have entries there. Link to comment Share on other sites More sharing options...
Radimus Posted December 23, 2004 Share Posted December 23, 2004 can you not rightclick the bar and turn off those search barsthen go into add/remove progs and uninstall them Link to comment Share on other sites More sharing options...
graysky Posted December 23, 2004 Author Share Posted December 23, 2004 The first thing to do is to look in Add/Remove Programs to see if they have entries there.Didn't even think to look there... sure enough "Search Bar" was there and I uninstalled it. Check out the install.log from this thing:They should find the guy who coded this and castrate him so he can't pass on his devious genes to another generation.Title: Search Bar InstallationSource: d:\temp\1129A.exe | 12-23-2004 | 09:13:38 | 691168Made Dir: C:\Program Files\Search BarFile Copy: C:\Program Files\Search Bar\UNWISE.EXE | 05-24-2001 | 12:59:30 | | 162304 | 432c52a3RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\Search BarRegDB Val: Search BarRegDB Name: DisplayNameRegDB Root: 2RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\Search BarRegDB Val: C:\PROGRA~1\SEARCH~1\UNWISE.EXE C:\PROGRA~1\SEARCH~1\INSTALL.LOGRegDB Name: UninstallStringRegDB Root: 2File Copy: C:\WINDOWS\system32\AcsProxy.lib | 02-12-2004 | 18:07:20 | | 1736 | eab613c9File Copy: C:\WINDOWS\system32\AcsProxy.dll | | | | 53248 | cc9cb293File Copy: C:\WINDOWS\system32\VIC32.DLL | 10-14-2002 | 20:40:36 | 5.40.0.0 | 229376 | 9b064161File Copy: C:\WINDOWS\system32\ImgConv.dll | 05-11-2003 | 18:31:16 | 1.0.0.0 | 49152 | 1979ba9eFile Copy: C:\WINDOWS\system32\videos.dat | 12-17-2003 | 12:38:06 | | 207 | efe095f9File Copy: C:\WINDOWS\system32\ezines.dat | 12-17-2003 | 12:37:48 | | 435 | 5691ef28File Copy: C:\WINDOWS\system32\paysites.dat | 12-17-2003 | 12:38:02 | | 1641 | ed4a8a61File Copy: C:\WINDOWS\system32\chat.dat | 12-17-2003 | 12:37:50 | | 638 | f70443d1File Copy: C:\WINDOWS\system32\home.dat | 12-17-2003 | 12:37:48 | | 506 | a3d92337File Copy: C:\WINDOWS\system32\pics.dat | 12-17-2003 | 12:38:04 | | 644 | abb8a72bFile Copy: C:\WINDOWS\system32\Cshtp32.ocx | 09-04-2002 | 15:10:28 | 3.60.0.3630 | 124192 | fbe300fbFile Copy: C:\WINDOWS\system32\unregister.exe | 12-12-2003 | 10:55:04 | 1.0.0.0 | 69632 | 68f24739File Copy: C:\WINDOWS\system32\srchbar.dll | 02-24-2004 | 19:42:14 | 1.0.0.0 | 1265664 | e4f03649File Copy: C:\WINDOWS\system32\srchbar.dll.manifest | 12-11-2003 | 10:27:14 | | 658 | 22de056aRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Val: Search BarRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\Implemented CategoriesRegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}RegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\InprocServer32RegDB Val: C:\WINDOWS\system32\srchbar.dllRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\InprocServer32RegDB Val: ApartmentRegDB Name: ThreadingModelRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\ProgIDRegDB Val: Searchbar.SrchBarRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\ProgrammableRegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\TypeLibRegDB Val: {150186C0-A2C6-4B1B-BCEB-AE17D9F25AB1}RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\VERSIONRegDB Val: 1.0RegDB Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\ApprovedRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 2RegDB Key: Software\Microsoft\Internet Explorer\ToolbarRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 1RegDB Key: SOFTWARE\Microsoft\Internet Explorer\ToolbarRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 2RegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 8145e001ee4ed011bfe900aa005b4383100000000000000001e032f401000000RegDB Name: {01E04581-4EEE-11D0-BFE9-00AA005B4383}RegDB Type: 4RegDB Root: 1RegDB Old: 8145E001EE4ED011BFE900AA005B4383100000000000000001E032F401000000RegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 21bf5c0e5fd1d011830100aa005b438322001c000800000006000000010000000000000000000000000000004c0000000114020000000000c0000000000000468100000010000000a0725d31433fc301f005f9d195c0c301709ab345433fc301000000000000000001000000000000000000000000000000610114001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c000000000000000000000000000000000000005c00310000000000de2ee1a01000444f43554d457e310000440003000400efbede2e03638c2f554e1400000044006f00630075006d0065006e0074007300200061006e0064002000530065007400740069006e0067007300000018004a00310000000000de2ee2a0100041444d494e497e310000320003000400efbede2ee1a08c2f554e14000000410064006d0069006e006900730074007200610074006f007200000018005600310000000000de2ef8a011004641564f52497e3100003e0003000400efbede2ee1a08c2f6d4e140028004600610076006f00720069007400650073000000407368656c6c33322e646c6c2c2d31323639330018003600310000000000de2ef8a010004c696e6b7300220003000400efbede2ee7a08c2f6d4e140000004c0069006e006b00730000001400000060000000030000a05800000000000000766d776172656f6e6879706572313RegDB Name: {0E5CBF21-D15F-11D0-8301-00AA005B4383}RegDB Type: 4RegDB Root: 1RegDB Old: 21BF5C0E5FD1D011830100AA005B438322001C000800000006000000010000000000000000000000000000004C0000000114020000000000C0000000000000468100000010000000C00D206CC16EC40100C8CF68166EC40100596C6CC16EC401000000000000000001000000000000000000000000000000530114001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C000000000000000000000000000000000000005C00310000000000F53041081000444F43554D457E310000440003000400EFBEF5304108F43000281400000044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E0067007300000018003C00310000000000F530020B10007371756973687900260003000400EFBEF530020BF4300028140000007300710075006900730068007900000016005600310000000000F530070B11004641564F52497E3100003E0003000400EFBEF530030BF4300028140028004600610076006F00720069007400650073000000407368656C6C33322E646C6C2C2D31323639330018003600310000000000F530050B10004C494E4B5300220003000400EFBEF530050BF4300028140000004C0069006E006B00730000001400000000000000RegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 110000004c00000000000000340000001f0001006e00000001000000a0060000a00f000005000000220400002600000002000000a1060000a00f000004000000a1000000c403000003000000a00200003600000006000000a1040000d800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e18c0a03fa12469bee7fe5452f4cb10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000RegDB Name: ITBarLayoutRegDB Type: 4RegDB Root: 1RegDB Old: 110000004C00000000000000340000001F0000005000000001000000A0060000A00F000005000000620400002600000002000000A1060000A00F000004000000A1000000A00F000003000000A00200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000Self-Register: C:\WINDOWS\system32\ImgConv.dllSelf-Register: C:\WINDOWS\system32\Cshtp32.ocxSelf-Register: C:\WINDOWS\system32\srchbar.dllExecute Program: C:\WINDOWS\system32\unregister.exeFile Tree: C:\WINDOWS\Prefetch\toolbar.exe*File Tree: C:\WINDOWS\Prefetch\uninst~1.exe*File Tree: C:\WINDOWS\Prefetch\unregi~1.exe*File Tree: d:\temp\toolbar.*RegDB Tree: Software\E-Ventures N.V.\Search BarRegDB Root: 1*** Installation Started 12/23/2004 9:14 ***Title: Search Bar InstallationSource: d:\temp\112A3.exe | 12-23-2004 | 09:14:42 | 691168File Overwrite: C:\Program Files\Search Bar\UNWISE.EXE | 05-24-2001 | 12:59:30 | | 162304 | 432c52a3RegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\Search BarRegDB Val: Search BarRegDB Name: DisplayNameRegDB Root: 2RegDB Old: Search BarRegDB Key: Software\Microsoft\Windows\CurrentVersion\Uninstall\Search BarRegDB Val: C:\PROGRA~1\SEARCH~1\UNWISE.EXE C:\PROGRA~1\SEARCH~1\INSTALL.LOGRegDB Name: UninstallStringRegDB Root: 2RegDB Old: C:\PROGRA~1\SEARCH~1\UNWISE.EXE C:\PROGRA~1\SEARCH~1\INSTALL.LOGFile Overwrite: C:\WINDOWS\system32\AcsProxy.lib | 02-12-2004 | 18:07:20 | | 1736 | eab613c9File Copy: C:\WINDOWS\system32\AcsProxy.dll | | | | 53248 | cc9cb293File Overwrite: C:\WINDOWS\system32\VIC32.DLL | 10-14-2002 | 20:40:36 | 5.40.0.0 | 229376 | 9b064161File Overwrite: C:\WINDOWS\system32\ImgConv.dll | 05-11-2003 | 18:31:16 | 1.0.0.0 | 49152 | 1979ba9eFile Overwrite: C:\WINDOWS\system32\videos.dat | 12-17-2003 | 12:38:06 | | 207 | efe095f9File Overwrite: C:\WINDOWS\system32\ezines.dat | 12-17-2003 | 12:37:48 | | 435 | 5691ef28File Overwrite: C:\WINDOWS\system32\paysites.dat | 12-17-2003 | 12:38:02 | | 1641 | ed4a8a61File Overwrite: C:\WINDOWS\system32\chat.dat | 12-17-2003 | 12:37:50 | | 638 | f70443d1File Overwrite: C:\WINDOWS\system32\home.dat | 12-17-2003 | 12:37:48 | | 506 | a3d92337File Overwrite: C:\WINDOWS\system32\pics.dat | 12-17-2003 | 12:38:04 | | 644 | abb8a72bFile Overwrite: C:\WINDOWS\system32\Cshtp32.ocx | 09-04-2002 | 15:10:28 | 3.60.0.3630 | 124192 | fbe300fbFile Overwrite: C:\WINDOWS\system32\unregister.exe | 12-12-2003 | 10:55:04 | 1.0.0.0 | 69632 | 68f24739File Overwrite: C:\WINDOWS\system32\srchbar.dll | 02-24-2004 | 19:42:14 | 1.0.0.0 | 1265664 | e4f03649File Overwrite: C:\WINDOWS\system32\srchbar.dll.manifest | 12-11-2003 | 10:27:14 | | 658 | 22de056aRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Val: Search BarRegDB Old: Search BarRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\Implemented CategoriesRegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}RegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\InprocServer32RegDB Val: C:\WINDOWS\system32\srchbar.dllRegDB Old: C:\WINDOWS\system32\srchbar.dllRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\InprocServer32RegDB Val: ApartmentRegDB Name: ThreadingModelRegDB Old: ApartmentRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\ProgIDRegDB Val: Searchbar.SrchBarRegDB Old: SearchBarToolbar.SearchBarRegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\ProgrammableRegDB Val: RegDB Root: 0RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\TypeLibRegDB Val: {150186C0-A2C6-4B1B-BCEB-AE17D9F25AB1}RegDB Old: {7C9E9A74-1922-409E-AB46-E48784336C3A}RegDB Key: CLSID\{0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}\VERSIONRegDB Val: 1.0RegDB Old: 2.0RegDB Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\ApprovedRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 2RegDB Old: Search BarRegDB Key: Software\Microsoft\Internet Explorer\ToolbarRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 1RegDB Old: Search BarRegDB Key: SOFTWARE\Microsoft\Internet Explorer\ToolbarRegDB Val: Search BarRegDB Name: {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1}RegDB Root: 2RegDB Old: Search BarRegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 8145e001ee4ed011bfe900aa005b4383100000000000000001e032f401000000RegDB Name: {01E04581-4EEE-11D0-BFE9-00AA005B4383}RegDB Type: 4RegDB Root: 1RegDB Old: 8145E001EE4ED011BFE900AA005B4383100000000000000001E032F401000000RegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 21bf5c0e5fd1d011830100aa005b438322001c000800000006000000010000000000000000000000000000004c0000000114020000000000c0000000000000468100000010000000a0725d31433fc301f005f9d195c0c301709ab345433fc301000000000000000001000000000000000000000000000000610114001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c000000000000000000000000000000000000005c00310000000000de2ee1a01000444f43554d457e310000440003000400efbede2e03638c2f554e1400000044006f00630075006d0065006e0074007300200061006e0064002000530065007400740069006e0067007300000018004a00310000000000de2ee2a0100041444d494e497e310000320003000400efbede2ee1a08c2f554e14000000410064006d0069006e006900730074007200610074006f007200000018005600310000000000de2ef8a011004641564f52497e3100003e0003000400efbede2ee1a08c2f6d4e140028004600610076006f00720069007400650073000000407368656c6c33322e646c6c2c2d31323639330018003600310000000000de2ef8a010004c696e6b7300220003000400efbede2ee7a08c2f6d4e140000004c0069006e006b00730000001400000060000000030000a05800000000000000766d776172656f6e6879706572313RegDB Name: {0E5CBF21-D15F-11D0-8301-00AA005B4383}RegDB Type: 4RegDB Root: 1RegDB Old: 21BF5C0E5FD1D011830100AA005B438322001C000800000006000000010000000000000000000000000000004C0000000114020000000000C0000000000000468100000010000000A0725D31433FC301F005F9D195C0C301709AB345433FC301000000000000000001000000000000000000000000000000610114001F50E04FD020EA3A6910A2D808002B30309D19002F433A5C000000000000000000000000000000000000005C00310000000000DE2EE1A01000444F43554D457E310000440003000400EFBEDE2E03638C2F554E1400000044006F00630075006D0065006E0074007300200061006E0064002000530065007400740069006E0067007300000018004A00310000000000DE2EE2A0100041444D494E497E310000320003000400EFBEDE2EE1A08C2F554E14000000410064006D0069006E006900730074007200610074006F007200000018005600310000000000DE2EF8A011004641564F52497E3100003E0003000400EFBEDE2EE1A08C2F6D4E140028004600610076006F00720069007400650073000000407368656C6C33322E646C6C2C2D31323639330018003600310000000000DE2EF8A010004C696E6B7300220003000400EFBEDE2EE7A08C2F6D4E140000004C0069006E006B00730000001400000060000000030000A05800000000000000766D776172656F6E687970657231300RegDB Key: Software\Microsoft\Internet Explorer\Toolbar\WebBrowserRegDB Val: 110000004c00000000000000340000001f0001006e00000001000000a0060000a00f000005000000220400002600000002000000a1060000a00f000004000000a1000000c403000003000000a00200003600000006000000a1040000d800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e18c0a03fa12469bee7fe5452f4cb10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000RegDB Name: ITBarLayoutRegDB Type: 4RegDB Root: 1RegDB Old: 110000004C00000000000000340000001F0001006E00000001000000A0060000A00F000005000000220400002600000002000000A1060000A00F000004000000A1000000C403000003000000A00200003600000006000000A1040000D800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002E18C0A03FA12469BEE7FE5452F4CB1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000Self-Register: C:\WINDOWS\system32\ImgConv.dllSelf-Register: C:\WINDOWS\system32\Cshtp32.ocxSelf-Register: C:\WINDOWS\system32\srchbar.dllExecute Program: C:\WINDOWS\system32\unregister.exeFile Tree: C:\WINDOWS\Prefetch\toolbar.exe*File Tree: C:\WINDOWS\Prefetch\uninst~1.exe*File Tree: C:\WINDOWS\Prefetch\unregi~1.exe*File Tree: d:\temp\toolbar.*RegDB Tree: Software\E-Ventures N.V.\Search BarRegDB Root: 1 Link to comment Share on other sites More sharing options...
red_house Posted December 23, 2004 Share Posted December 23, 2004 At least you know how much regediting you need to do! Glad you got it - I found some info on "Find Whatever Now" but I, inadvertently, knocked off my connection on the way back here so I'll need to find it again. It should, also, have an entry in Add/Remove - it calls itself FWN apparentlyTry this - http://www.scanspyware.net/info/FindWhateverNow.htmI'm not too confident concerning the provenance of the site but you may learn something.Yes I thought so. The drop-down box is a giveaway ... it doesn't get a very good report here - http://www.spywarewarrior.com/rogue_anti-spyware.htmbut, at least they give you instructions for the manual removal of your problem. Link to comment Share on other sites More sharing options...
Radimus Posted December 23, 2004 Share Posted December 23, 2004 and check out spywareblaster... it can prevent many of these apps from installing Link to comment Share on other sites More sharing options...
Yzöwl Posted December 23, 2004 Share Posted December 23, 2004 Now, for an interesting project, all you need to do is go through the install log, and remove all CLSIDs, copied files, REG keys, values and directories, that I guarantee haven't been removed in the uninstall routine. Link to comment Share on other sites More sharing options...
red_house Posted December 23, 2004 Share Posted December 23, 2004 I second that Radimus. Good advice for anyone, it's an excelent programme - and its stablemate "Spywareguard" - http://www.javacoolsoftware.com/spywareguard.htmlDon't spoil his day Yzöwl, it's probably as bad as it can get. Link to comment Share on other sites More sharing options...
benners Posted December 23, 2004 Share Posted December 23, 2004 You can always uncheck enable third party browser extensions in Advanced Internet options, this disables Browser Help Objects so they shouldn't appear.I am not sure whether it stops all the s***e from being installed though. Link to comment Share on other sites More sharing options...
N1K Posted December 25, 2004 Share Posted December 25, 2004 You could use Ad Aware SE and Spybot S&D in combination..I think that this two programs would be able to clean up your system from this unwanted stuff.. Link to comment Share on other sites More sharing options...
geekzster Posted December 26, 2004 Share Posted December 26, 2004 there is a handy little app called hijackthis, very handy when it comes to removing unwanted software even when spybot and adaware won'tbeware, MOST of the items it lists are legitimate! I cannot stress this enough. you have been warned. but we ARE looking for anomalies, now aren't we?however, it does show you what is running, and is a critical tool in removing spyware. all of my domain clients have it hidden on the c drive in case my regularly scheduled scans miss something and I have to go in manually.get hjt here: http://www.merijn.org/files/hijackthis.zip (56k friendly)it would be wise to read this tutorial: http://www.spywareinfo.com/~merijn/htlogtutorial.htmlfor researching what HJT finds, go here: www.sysinfo.orgas well as http://startup.iamnotageek.com/to cross reference startups.also remember that google is your friend. with hjt use the same common sense that you would using regedit. most of what you will see is legit....you are looking for anomalies. nuff said.also, hjt has an option to save your log file. Link to comment Share on other sites More sharing options...
tarquel Posted December 26, 2004 Share Posted December 26, 2004 beware, MOST of the items it lists are legitimate! I cannot stress this enough. you have been warned. but we ARE looking for anomalies, now aren't we?I second that - be very careful with this program - in fact, I'd say use it when everything else fails - you can complete mess up the IE engine in windows and, naturally, the rest of windows if you arent careful with it.As mentioned, try CWShredder, Spybot, Adware SE (see the personal download link further down the page) and SpywareBlaster & SpywareGuard from Javacool Software for the best protection and removal out there.If no luck with all that, then try the HiackThis prog. Remember to up date all of them before scanning as they *may* only be effective after this has been done.Good luck.N.P.S. Its good to remember that with the exception of Google/MSN/Yahoo/etc. toolbar's, that pretty much all "free" toolbar will most likely contain some sort of spyware or tracking methods in them. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now