Hmmm, well like I said, Computers suck. I have tried
everything. All spyware, addware, anti trojan, virus and
worm programs, cant get this stupid ie hijacking off.
Also, when I type anything in the address bar and hit go.
this other window opens up, mainly of porn or other usless
crap. I got a homepage unlocker. Didnt work either.
Plus to boot, whenever I open up any windows. (ie.
c:windows, or C:Windows/Program Files) After about one
min. the stupid things just stop responding, if I open
task mannager and end task the whole computer freezes.
Again I have tried everything. Nothing works. Please
Please help. Thanks.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure you check for
updates and then run the programmes in safe mode.

You can go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous
versions are NO LONGER SUPPORTED and will not be updated...]

AdAware is available at www.lavasoft.de. Make sure you check for updates
every time you use it.

To be most effective, you must run AdAware while Windows is in safe mode.

Modern malware uses more than one process, and these processes are
'co-dependent'. In other words, when one processes detects that the other
has been shut down, it automatically restarts its sibling, often using a
different name.

Disable the ability of suspect processes to start automatically by using
MSCONFIG (startup tab) before booting into safe mode. Use the information
at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the boot menu options
appear. Select 'safe mode'. After you are in safe mode, check to make sure
the suspect processes did not start up. If they did start up, we are going
to have to track down *where* they are coming from before going any further.
An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down as many malware
processes as possible, start AdAware. AdAware, when run using default
settings, simply does not cope with new 'intelligent' malware. Make sure
'activate in depth scan' is enabled. Select 'use custom scanning options'
and then click on the 'customize' button. Turn on the following scan
options - scan within archives, active processes, registry (including deep
scan), IE favorites and hosts file. You must also turn on the following
option via the 'tweak' button:

Cleaning engine: 'automatically try to unregister objects prior to deletion'

IMPORTANT: Before letting AdAware delete malware, write down on a piece of
paper exactly where the malware is stored. You will need to delete those
directories after AdAware has done its work, but ONLY IF IT IS NOT A
STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the option 'select
drives/folders to scan'. Click on 'select'. Scan your entire hard drive.
Also do the following:

Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your temp folder will
change depending on your name) - sometimes programmes can be hidden in
there - watch out for mysterious *.exe files or *.dll files in those
folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual objects
there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no
style sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be difficult
and it is only a BANDAID. Nothing gets fixed. There is software that
depends on 'third party browser extensions" to work, including Acrobat,
Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your operating system,
create a new restore point. Your old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if you operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility).

If you are still having problems:

You can go to the link below to check your system for parasites and
hopefully identify your problem (supplied by Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a free programme
which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this programme,
please get the advice of those more experienced before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine your system and
*create a results log for experts to examine* is HijackThis, available from:
http://209.133.47.12/~merijn/files/HijackThis.exe (direct download)

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/


--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!


"dark" > wrote in message
...
> Hmmm, well like I said, Computers suck. I have tried
> everything. All spyware, addware, anti trojan, virus and
> worm programs, cant get this stupid ie hijacking off.
> Also, when I type anything in the address bar and hit go.
> this other window opens up, mainly of porn or other usless
> crap. I got a homepage unlocker. Didnt work either.
> Plus to boot, whenever I open up any windows. (ie.
> c:windows, or C:Windows/Program Files) After about one
> min. the stupid things just stop responding, if I open
> task mannager and end task the whole computer freezes.
> Again I have tried everything. Nothing works. Please
> Please help. Thanks.

Follow this procedure:

Update your anti-virus app and then run a full-system virus scan.

Use CWShredder, the CoolWeb removal tool, available here:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/CWShredder.exe
http://aumha.org/downloads/cwshredder.zip

In addition, install Ad-Aware 6 free edition, start it, click its 'Check for
Updates' link in the app to install updates, then use it to scan your system, and
remove what it finds.
Ad-Aware:
http://www.lavasoftusa.com/support/download/

Install, update and run SpyBot Search & Destroy, scan your system, and then remove
the items in RED only.
SpyBot S&D:
http://www.safer-networking.org/index.php?page=download

Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder, doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button.
Press that, save the log somewhere you can find it (Desktop, My Documents, or
similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forum.aumha.org/
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.

A tutorial for using Hijack This is located here:
http://tomcoyote.com/hjt/
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"dark" > wrote in message
...
> Hmmm, well like I said, Computers suck. I have tried
> everything. All spyware, addware, anti trojan, virus and
> worm programs, cant get this stupid ie hijacking off.
> Also, when I type anything in the address bar and hit go.
> this other window opens up, mainly of porn or other usless
> crap. I got a homepage unlocker. Didnt work either.
> Plus to boot, whenever I open up any windows. (ie.
> c:windows, or C:Windows/Program Files) After about one
> min. the stupid things just stop responding, if I open
> task mannager and end task the whole computer freezes.
> Again I have tried everything. Nothing works. Please
> Please help. Thanks.

Thanks, I will try it in hopes it works. I will let you
know.


>-----Original Message-----
>
>IMPORTANT: Before trying to remove spyware, download a
copy of LSPFIX from
>the URL below - some malware can kill your internet
connection when it is
>removed, and this software should get things going for
you again:
>http://www.cexx.org/lspfix.htm
>
>IMPORTANT: After obtaining the software below, make sure
you check for
>updates and then run the programmes in safe mode.
>
>You can go to the link below to check your system for
parasites (supplied by
>Doxdesk.com):
>http://inetexplorer.mvps.org/parasite.htm
>
>Malware removal (beginners guide):
>
>First, go to Control Panel, add/remove programs. Check
for malware entries
>and use the uninstall programs.
>
>Second, get AdAware. [..Warning: AdAware is now version
6.181. All previous
>versions are NO LONGER SUPPORTED and will not be
updated...]
>
>AdAware is available at www.lavasoft.de. Make sure you
check for updates
>every time you use it.
>
>To be most effective, you must run AdAware while Windows
is in safe mode.
>
>Modern malware uses more than one process, and these
processes are
>'co-dependent'. In other words, when one processes
detects that the other
>has been shut down, it automatically restarts its
sibling, often using a
>different name.
>
>Disable the ability of suspect processes to start
automatically by using
>MSCONFIG (startup tab) before booting into safe mode.
Use the information
>at the URL below as a guide:
>
>http://www2.whidbey.com/djdenham/Uncheck.htm
>
>Reboot your computer and hold down the F8 key until the
boot menu options
>appear. Select 'safe mode'. After you are in safe mode,
check to make sure
>the suspect processes did not start up. If they did start
up, we are going
>to have to track down *where* they are coming from before
going any further.
>An experienced computer technician can use programme such
as AutoStart
>Viewer for in-depth diagnosis:
>http://www.diamondcs.com.au/index.php?page=asviewer
>
>While still in safe mode, and after you have shut down as
many malware
>processes as possible, start AdAware. AdAware, when run
using default
>settings, simply does not cope with new 'intelligent'
malware. Make sure
>'activate in depth scan' is enabled. Select 'use custom
scanning options'
>and then click on the 'customize' button. Turn on the
following scan
>options - scan within archives, active processes,
registry (including deep
>scan), IE favorites and hosts file. You must also turn on
the following
>option via the 'tweak' button:
>
>Cleaning engine: 'automatically try to unregister objects
prior to deletion'
>
>IMPORTANT: Before letting AdAware delete malware, write
down on a piece of
>paper exactly where the malware is stored. You will need
to delete those
>directories after AdAware has done its work, but ONLY IF
IT IS NOT A
>STANDARD WINDOWS DIRECTORY.
>
>After running AdAware, run it again, this time using the
option 'select
>drives/folders to scan'. Click on 'select'. Scan your
entire hard drive.
>Also do the following:
>
>Empty your IE cache and your other temporary file
folders, eg:
>c:\windows\temp (if using Windows 98) or C:\Documents and
>Settings\<name>\Local Settings\Temp (the path to your
temp folder will
>change depending on your name) - sometimes programmes can
be hidden in
>there - watch out for mysterious *.exe files or *.dll
files in those
>folders.
>
>Go to IE Tools, Internet Options, Temporary Internet
Files {Settings
>Button}, View Objects, Downloaded Programme Files. Check
for unusual objects
>there.
>
>Go to IE Tools, Internet Options, Accessibility. Make
sure there is no
>style sheet chosen (under User Style Sheet - format
documents using my style
>sheet). If the option is turned on, turn it OFF.
>
>It is possible to turn off third party extensions (Enable
third-party
>browser extensions (requires restart) at IE tools,
internet options,
>advanced) to disable *all* plug-ins but troubleshooting
will be difficult
>and it is only a BANDAID. Nothing gets fixed. There is
software that
>depends on 'third party browser extensions" to work,
including Acrobat,
>Microsoft Money, and many other programmes.
>
>Once your computer is clean, and if it applies to your
operating system,
>create a new restore point. Your old ones may, of
course, be infected with
>the malware and therefore cannot be used. Run disk
cleanup to remove old
>restore points (if you operating system has this option
you will find it on
>the 'more options' tab of the disk cleanup utility).
>
>If you are still having problems:
>
>You can go to the link below to check your system for
parasites and
>hopefully identify your problem (supplied by Doxdesk.com):
>
>http://inetexplorer.mvps.org/parasite.htm
>
>Download and run the latest version of "Cool Web Shredder"
>http://www.merijn.org/files/CWShredder.exe
>
>The more experienced user can try Spybot. Again, it is a
free programme
>which can be downloaded from: http://spybot.eon.net.au/.
Warning: it is NOT
>a good programme for the inexperienced. If you want to
use this programme,
>please get the advice of those more experienced
before 'fixing' anything
>that it finds.
>
>Another excellent programme that allows you to examine
your system and
>*create a results log for experts to examine* is
HijackThis, available from:
>http://209.133.47.12/~merijn/files/HijackThis.exe (direct
download)
>
>MS have released a limited KB article regarding what they
call 'deceptive
>software'.
>http://support.microsoft.com/default.aspx?scid=kb;EN-
US;827315
>
>Here is advice specific to:
>
>home page hijackings
>http://inetexplorer.mvps.org/answers.htm#home_page
>
>pop-up ads
>http://inetexplorer.mvps.org/data/popup.htm
>
>search engine hijackings
>http://inetexplorer.mvps.org/answers4.htm#search_engine
>
>
>--
>Hyperlinks are used to ensure advice remains current
>_______________________________________
>Sandi - Microsoft MVP since 1999 (IE/OE)
>http://inetexplorer.mvps.org/
>
>
>--
>
>Regards
>
>Steven Burn
>Ur I.T. Mate Group
>www.it-mate.co.uk
>
>Keeping it FREE!
>
>
>"dark" > wrote in
message
...
>> Hmmm, well like I said, Computers suck. I have tried
>> everything. All spyware, addware, anti trojan, virus
and
>> worm programs, cant get this stupid ie hijacking off.
>> Also, when I type anything in the address bar and hit
go.
>> this other window opens up, mainly of porn or other
usless
>> crap. I got a homepage unlocker. Didnt work either.
>> Plus to boot, whenever I open up any windows. (ie.
>> c:windows, or C:Windows/Program Files) After about one
>> min. the stupid things just stop responding, if I open
>> task mannager and end task the whole computer freezes.
>> Again I have tried everything. Nothing works. Please
>> Please help. Thanks.
>
>
>.
>