PDA

View Full Version : Nasty Spyware question



Lizzerd
03-31-04, 11:53 PM
I think there is some nasty Spyware on my parent's computer. I'll explaiin, and if anybody has advise, I'd love to hear it.

Whenever Internet Explorer is launched, the home page is (DON"T go here!) allaboutsearching.com. There is no "www" Again, DO NOT go to that site! I'll explain why soon.

Okay, so I go to Internet Options, select home page and enter for the purposes of this discussion, homepage.com. Launch IE again, goes to homepage.com. Close it, launch it, goes to the allaboutsearching site. Close IE, go to Internet Options and the home page is changed. Try again, etc... same results. I have run the shareware version of Ad Aware with the latest database and eliminated everything it found suspicious (known data miner cookies, processes, files, folders). They have Zone Alarm Pro firewall running full tilt boogie. I ran regedit and changed all references in the registry for allaboutsearching to homepage.com. But it kept coming back. And even back into the registry when I ran regedit again! I went back to Internet Options, set the home page to what they wanted and blocked the offending website. After a couple launches of IE, it came back again, but got stopped with a blank screen with the following in the address box (and DO NOT GO HERE EITHER!) http(colon slash slash)allaboutsearching (dot) com (slash) passthrough (slash )index.html?http(colon slash slash) homepage (dot) com/. I must add that this problem started occuring before Ad Aware and Zone Alarm Pro were installed.

The allaboutsearching web site seems to be a sort of search engine with a bunch of different categories. The problem is that one of them is Adult Entertainment and their grandkids use this computer when they visit.

What the heck is this? Should I try another Spyware detector? Help, please?

B3RACER1a
04-01-04, 12:13 AM
Did you delete all your cookies and temp internet files also? Adaware probably got them anyway, but I would say try that also. Other than that, I have no idea.

Cam
04-01-04, 12:21 AM
Google! (http://)

Another helpful link (http://boards.cexx.org/viewtopic.php?t=4815&highlight=allaboutsearching)

Lizzerd
04-01-04, 12:21 AM
Yep. Cookies, temp files, cache, all deleted.

Lizzerd
04-01-04, 01:53 AM
Well, duh... I did a search for allaboutsearching and found a bunch of stuff. Looks like it is a trojan that sneaked its way in to their computer. Thanks to all that helped.

Kiwifan
04-01-04, 05:27 AM
Hope you managed to get rid of it Lizzerd, there's some scum out there. :(

I use Adaware and Spybot as well as go here (broadband security) (http://www.dslreports.com/forum/security,1~root=security,1~mode=shut;start=0) as they have a very good forum dealing with stuff like this. There are some free and trial versions of spyware stuff if you search around Google. I've used Pest Patrol and Spy Hunter as well with good results.

Cheers, Rusty.

Rolling Chicane
04-01-04, 08:49 AM
Ad-aware is great.

Now add Spy-Bot Search & Destry from www.safer-networking.org to get rid of even more. Once you have fixed the home-page option, you can lock the start page in the immunize section (don't lock the control panel, though)

Then add Spyware Blaster from www.javacoolsoftware.com which BLOCKS scumware from ever being downloaded in the first place.

If you still have a problem, check out the hijack-this forum at www.net-integration.net .

All is free :)

Hyacinth
04-01-04, 01:06 PM
Another great place to go is the SpywareInfo Forums - they have a bunch of info on your problem:

SpywareInfo Forum (http://www.spywareinfo.com/forums/index.php?act=Search&CODE=show&searchid=5788bcb52b52f8eb8d9edae0ec111011&search_in=posts&result_type=topics&highlite=allaboutsearching)

They also have a Chat room, if you want to hook up with someone who can give you real-time help as you're working on the problem.

Hyacinth

Remember, Spybot and Adaware need to be updated daily if they're to do the job they were designed to do.

And more links to SpywareInfo's pages on preventing or removing hijackers can be found here. (http://www.spywareinfo.com/articles/hijacked/)

CART T. Katz
04-01-04, 01:32 PM
you mean DON'T GO THERE if you use ie.

those of us that have long since dropped that p-o-c browser should be relatively be safe.

Wabbit
04-01-04, 03:30 PM

Hyacinth
04-01-04, 03:51 PM
Cat got your tongue, Wabbit?

:D

Hyacinth

KLang
04-01-04, 04:20 PM
Cat got your tongue, Wabbit?

:D

Hyacinth

I think the spyware stole his post. :eek:

JLMannin
04-01-04, 05:06 PM
.

I agree with each and every point made in this post. It is not possible for me to refute anything Wabbit had to say here.

Well Done!! ;)

Lizzerd
04-01-04, 05:20 PM
Thanks everyone for the great info. I'll be going back to their place this weekend, and I'll let y'all know how it goes.

Hyacinth
04-01-04, 06:11 PM
Hey, one more thing, Lizzerd - tell your folks that under NO circumstances should they enter any personal info - credit card #s, banking, e-mail, or shopping passwords - ANYTHING - on their computer until this is completely fixed. Same goes for anyone who has unwanted programs running on their systems. There's no way of knowing where that info may be going.

Hyacinth

ChampcarShark
04-01-04, 06:51 PM
-----

I agree with wabbit.

Wabbit
04-01-04, 07:53 PM
Let me try this again (d*** proxy servers).

Flatten the machine. There is no way that you can possibly get all of the crap off the machine. They put in so many registry edits, and changes to files that you could never trust the machine again.

After you nuke the machine, load Spybot and Ad-aware (no one spy blocker can catch all the crap), and load Norton Internet Security. Between those three, you should be a little better protected.

It's definately worth the pain of a reload to know your machine is secure (as it can get).

eiregosod
04-01-04, 10:27 PM
http://www.lavasoftsupport.com/index.php?showtopic=23064

go to 2nd post there on how to delete it, requires adaware available from www.lavasoftusa.com

Jag_Warrior
04-15-04, 01:43 PM
Hey, one more thing, Lizzerd - tell your folks that under NO circumstances should they enter any personal info - credit card #s, banking, e-mail, or shopping passwords - ANYTHING - on their computer until this is completely fixed. Same goes for anyone who has unwanted programs running on their systems. There's no way of knowing where that info may be going.

Hyacinth

I opened my Favorites folder today and guess what I got?! :flame:

Seems like the whole world is having a problem with this particular virus or whatever it is. I assume I got the virus when I was at a conference and was using the hotel's broadband... but I dont' know.

Is wiping down the hard drive the only way to really get rid of this bastage? Most of the posts I've read on the linked forums seem to suggest having a hard time getting the fix to work long term.

Lizzerd, did the fix work for your parents' computer?

Lizzerd
04-15-04, 03:00 PM
Lizzerd, did the fix work for your parents' computer?

My brother visited them before I got back there. He went to the allaboutsearching site and found an Uninstall button. He did it, and it hasn't been back. He also ran something called Hijack This. All is okay.

devilmaster
04-15-04, 03:12 PM
Let me try this again (d*** proxy servers).

Flatten the machine. There is no way that you can possibly get all of the crap off the machine. They put in so many registry edits, and changes to files that you could never trust the machine again.

After you nuke the machine, load Spybot and Ad-aware (no one spy blocker can catch all the crap), and load Norton Internet Security. Between those three, you should be a little better protected.

It's definately worth the pain of a reload to know your machine is secure (as it can get).

I liked Wabbit's first post better ;)

Steve

Sean O'Gorman
04-15-04, 05:03 PM
Ah, spyware. :flame:

Ever since I cleaned up the abyss that was my dad's computer, I've been doing the same to the computers at work, and my friend's computer. My friend couldn't get ANYTHING to work without popups coming up. On my friend's computer, I uninstalled a half dozen programs, removed 75 items of spyware, and 68 virii. It has Windows ME so it still sucks, but at least it can actually function again.

mello
04-15-04, 05:29 PM
We were hijacked a couple weeks ago and no matter what I tried I couldn't get it out. Used all of the above programs. Finally a light bulb went off in my head (go figure) use restore. DUH! I went back to the day before and it wiped it all out. Running perfect. Gotta love this feature in XP.

flobee1kenobi
04-15-04, 11:03 PM
Hijack-this works great if you know exactly what you are looking for and deleteing, I've heard a few horror stories about inexperienced users having to start from scratch cause thye wiped out legitimate files :eek:

Don't forget to update your Windows today!! A new round of security holes were found :shakehead

Jag_Warrior
04-18-04, 05:25 PM
Thanks for the advice guys. I found one on my home computer too. Why do people do this sh!^?! I got that one cleaned out with some simple registry deletions. The laptop from work? Eh, that one has some problems. We've found no way to zap the trojan/hi-jacker... whatever it is. It's a problem, but not my problem. Notified the IT guy, told him I'm turning in the porn/gambling/on-line dating/MP3 searching laptop on Friday and picking up my new one. They will probably wipe it down and re-install the software. Or they can give it to the next guy in line for my hand-me-down and see how long it takes him to learn the wonders of Tawnee Stone (honest, my computer MADE me go there ;) ).

They need a reality show where they lock one of these geeks in a room with Mike Tyson on a day when his medication has run out. Sombeaches!