Getting rid of spyware

[Pantsless]

After you have finally get rid of it, get this host file:

http://www.mvps.org/winhelp2002/hosts.htm

This will block most of those rodents, but you will need to check the site to update it often, it also blocks ads, the other you can use is:

http://www.spywareguide.com/blockfile.php

No idea which spyware it blocks but i am sure lots of them, use them both for double the protection

Also get Spybot Search and Destroy, see if that helps in getting rid of it

Have you actually changed your Hosts file? When I opened their HOSTS file every IP address is 127.0.0.1. This is the local loopback address for your network card.

 

[feher]

When I opened their HOSTS file every IP address is 127.0.0.1. This is the local loopback address for your network card.

I hope this helps

http://www.accs-net.com/hosts/what_is_hosts.html

Computers have a host address of their own - it is known as the "localhost" address, with an IP address of 127.0.0.1 which it uses to refer to itself. If you associate another computer's host name with your localhost IP address, you have effectively blocked that host since all attempts to access it will lead back to you. That is how we will block sites using the Hosts file. We will tell our computer that the IP address of the site we want to block is our own address. That way, our computer will not ever leave and go looking for the site we are blocking - which keeps that site from appearing because the computer thinks it has found the site and displayed it already.

I hope that makes sense

Have you actually changed your Hosts file?

nothing to change it blocks searchweb2.com and many others, just do a search for it, just put the host file (the zip file one) into the correct location:

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

You will be ask to over-write the original HOST file which is either empty or contains only comments in most cases.

 

[Red_Devil]

Thanks for the PM Mighty Mick. Got rid of it at long last. Oh how good it is to not have to hit refresh every page 100 times.

 

[mighty mick]

Thanks for the PM Mighty Mick. Got rid of it at long last. Oh how good it is to not have to hit refresh every page 100 times.

no worries red devil-04

glad to be of help.

 

[Pantsless]

I hope this helps

http://www.accs-net.com/hosts/what_is_hosts.html



I hope that makes sense



nothing to change it blocks searchweb2.com and many others, just do a search for it, just put the host file (the zip file one) into the correct location:

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

You will be ask to over-write the original HOST file which is either empty or contains only comments in most cases.

I just thought it was a bit dodgy when they started going on about running batch files to change the HOSTS file and then they happened to recommend buying spyware products down the bottom. If this HOSTS file is so good, why would I want to buy spyware stuff???

 

[feher]

I just thought it was a bit dodgy when they started going on about running batch files to change the HOSTS file and then they happened to recommend buying spyware products down the bottom. If this HOSTS file is so good, why would I want to buy spyware stuff???

I think what they are getting at is to get spyware removal programs if you already have some spyware remember they first have to find these spyware to block them, it could be a new one, and until the hosts file gets update it is useless, so you will need a product to clean it. You don't have to buy anything you don't want to.

The batch files looks find to me, nothing malicious in it that i could find, its just their if you can't access a website and you think the reason is because of the HOSTS file, all it does is rename it (so nothing is blocked), and then you can rename it back (so you can block again) if you wish. The other batch files look okay to me as well, it seems all they do is change the attribute of the HOSTS file so it can't be overwritten or you can change it back, this is done so if you do get spyware it can't keep overwritting your HOSTS file and blocking the spyware from accessing the net

 

[fishbowl]

Also - stop surfing porno sites.

That is how I got them or surf with Netscape

 

[Roobunny]

Thanks guys I ran the adaware program last night and it really worked well.

 

[Damp Squarie]

Thanks from me too. I installed ADAWARE and it detected 714 of the suckers which I promptly quarintined and deleted.

Can anyone recommend a free anti-virus software such as grisoft or similar?

 

[doggie doggie doggie]

havent been reading much of the thread so cant comment on what other people are saing but for me the spy sweeper does it for me.

 

[Frodo]

do a search on "spybot search destroy"

It's freee and excellent. Go for v 1.3

I donated $30 because its so good

 

[Leigh Roy]

oh wise feher, check your PMs please.

A 'vendor' called VX2 which is apparently malware or so says adaware is represented by a dll file called f0l00a3med in my system32 folder. Can't delete it and both spybot and ad-aware are having difficulty with it. I updated both programs and they've found more stuff, I have been following this thread and related issues for a while so I know a bit of stuff but going to Hoggy's sega megadrive emulator thread opened up a pandora's box of trouble for me. Both SB and A-A are going to try and deal with the unremovable(s) after a re-boot but I am doubtful that would work. I think an auto-dialer might be doing it, am I right?

 

[feher]

oh wise feher, check your PMs please.

hehe, Jim Boy will be upset

checked and sent

A 'vendor' called VX2 which is apparently malware or so says adaware is represented by a dll file called f0l00a3med in my system32 folder. Can't delete it and both spybot and ad-aware are having difficulty with it. I updated both programs and they've found more stuff, I have been following this thread and related issues for a while so I know a bit of stuff but going to Hoggy's sega megadrive emulator thread opened up a pandora's box of trouble for me. Both SB and A-A are going to try and deal with the unremovable(s) after a re-boot but I am doubtful that would work. I think an auto-dialer might be doing it, am I right?

If you want emulators from a safe site try:

www.zophar.net

And for that vx2, for others that may have it:

edit: My mistake with new versions of ad-aware its a add-on rather then plugin, updated link below:

http://www.lavasoft.de/software/addons/vx2cleaner.shtml
http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml

 

[Leigh Roy]

How on earth do I navigate zophar for roms?

the vx2 cleaner does say 'system clean' but then adaware finds it still. I tell it to remove the vx2 files and the pc does that mini-crash thingo (the OS acts like it's about to crash but closes down a lot of open programs and just puts you back to the desktop) and also strangely opens up my documents folder through the search tool. So I can start searching my folders from My Documents for some reason.

EDIT: The links you gave me in the PM to those messageboards are steeped in a hell of a lot of jargon, I'm going to try and put up with the pop-ups and crap so I can try not to stuff up the procedures.

If Jim Boy can offer any help I'll gladly take it.

 

[feher]

How on earth do I navigate zophar for roms?

They don't have roms, only emulators, sorry for the mis-understanding.

the vx2 cleaner does say 'system clean' but then adaware finds it still. I tell it to remove the vx2 files and the pc does that mini-crash thingo (the OS acts like it's about to crash but closes down a lot of open programs and just puts you back to the desktop) and also strangely opens up my documents folder through the search tool. So I can start searching my folders from My Documents for some reason.

EDIT: The links you gave me in the PM to those messageboards are steeped in a hell of a lot of jargon, I'm going to try and put up with the pop-ups and crap so I can try not to stuff up the procedures.

If Jim Boy can offer any help I'll gladly take it.

I'll PM you back with some more info, that may help, but Jim Boy probably has a better idea then me.

Here is another guide on spyware/adware/trojan removal:

http://forums.majorgeeks.com/showthread.php?t=35407

give it ago

I also strongly recommend you use a HOSTS file, I have provide a link to one earlier in this thread, also use Spybots SD to add to it, for extra protection. It is a pain to use at time, as it may block sites you don't want, but I rather put up with it.

 

[Leigh Roy]

Ta. Noticed a new folder in Program Files too - SED. It contains three exe's - se, sed and unst. Should I just delete this?

It is definitely one of the sites in Hoggy's thread. SmileyCentral keeps popping up and that was banner'd on one of the emu/rom sites. All I want to do is get the SNES cricket game, bloody hell.

 

[feher]

It is definitely one of the sites in Hoggy's thread. SmileyCentral keeps popping up and that was banner'd on one of the emu/rom sites. All I want to do is get the SNES cricket game, bloody hell.

sign up an account at:

www.cherryroms.com


It's their.

Ta. Noticed a new folder in Program Files too - SED. It contains three exe's - se, sed and unst. Should I just delete this?

Can you post the exact name of those 3 exe's.

 

[Leigh Roy]

C:\Program Files\SED

SE.exe - the icon looks like the old My Computer icon

SED.exe - typical window icon for an exe

unst.exe - recycle bin, typical icon for an uninstallation file if that's what it actually is. On this and the first one, there's a picture of a lamb or something on the side of the bin/monitor.

Weird.

 

[Leigh Roy]

Okay, clicking Run then going to msconfig from there. Looking at the Startup tab, there are Startup Items obviously.

SED is one of them, and I still can't get a-d-w-a-r-e to stop pestering me to connect to the web. Others that make me think they are not supposed to be there are cma and ctfmon. Program Files\Desksite\bin\cma.exe and Windows\System32\ctfmon.exe to be precise.

I can disable any and all the startup items but I want to see if I can get rid of SED and any others - I need to work out how to do that.

Still during all this, the VX malware thingo is still in my System32 folder, but after every Adaware attempt to move it (which is a failure), it changes it name to another bss5sjjtgibberish.dll sort of filename.

 

[Borgsta]

C:\Program Files\SED

SE.exe - the icon looks like the old My Computer icon

SED.exe - typical window icon for an exe

unst.exe - recycle bin, typical icon for an uninstallation file if that's what it actually is. On this and the first one, there's a picture of a lamb or something on the side of the bin/monitor.

Weird.

go to the add/remove programs section and see if SED is on it. If so uninstall it from there. If it aint there, then download hijackthis and try posting a log of all your information here.

You will probably need to work with the registry and remove it properly.

 

[SaveFeriss]

Any reccomendations on a good, free and easy to use Firewall?

Ive got an old version of Tiny here somewhere, but is there anything better?

 

[Pantsless]

Sygate is good.

 

[SaveFeriss]

Sygate @ 50% d/l now Pantsless.

As well as having Adaware & Spybot, I also have PC-cillin. Im thinking I wont need the PC-Cillin anymore maybe?

Has about 3 running proccesses, even when I shut it down from the task bar.

 

[Pantsless]

Sygate @ 50% d/l now Pantsless.

As well as having Adaware & Spybot, I also have PC-cillin. Im thinking I wont need the PC-Cillin anymore maybe?

Has about 3 running proccesses, even when I shut it down from the task bar.

I've never heard of PC-Cillin..I use the other two though.

 

[feher]

C:\Program Files\SED

SE.exe - the icon looks like the old My Computer icon

SED.exe - typical window icon for an exe

unst.exe - recycle bin, typical icon for an uninstallation file if that's what it actually is. On this and the first one, there's a picture of a lamb or something on the side of the bin/monitor.

Weird.

SED.exe looks like being adware, unst.exe could be anything, se.exe looks like being spyware. But can't find any info on how to remove them.

Sorry I don't know how to get rid of any of those. All I can suggest is to not visit that site, and wait a while so Adaware and Spybot update their def. pack, and try to scan again, also run those other virus/trojan scan online in safe mode.

You can find it here:

http://forums.majorgeeks.com/showthread.php?t=35407

Under: Alternative Scan's