Sign in with
Sign up | Sign in
Your question

spyware/adware

Last response: in Windows XP
Share
Anonymous
January 5, 2005 4:29:21 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Help, I have 'isearch' spyware on my XP home system, I've downloaded
'Adaware' and 'Spybot'. They removed the toolbar and desktop icons but
'isearch' seems to have morphed and now appears floating behind the task bar
at the bottom of the screen. pop ups are worse than ever even with 'Yahoo'
popup blocker activated. I also have on my Add/remove programs a program with
no file size called 'adware & spyware', when I try and remove it I get
directed to a web site for 'nospyx'. I don't want to install SP2 until I'm
rid of this stuff. I'm still learning but I'm not daft, any help would be
greatly appreciated.
cheers Chris.

More about : spyware adware

January 5, 2005 4:59:17 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

ChrisN wrote:

> Help, I have 'isearch' spyware on my XP home system, I've downloaded
> 'Adaware' and 'Spybot'. They removed the toolbar and desktop icons but
> 'isearch' seems to have morphed and now appears floating behind the
> task bar at the bottom of the screen. pop ups are worse than ever even
> with 'Yahoo' popup blocker activated. I also have on my Add/remove
> programs a program with no file size called 'adware & spyware', when I
> try and remove it I get directed to a web site for 'nospyx'. I don't
> want to install SP2 until I'm rid of this stuff. I'm still learning
> but I'm not daft, any help would be greatly appreciated.
> cheers Chris.

You are very wise not to install SP2 until you get your computer clean
up. Ad-aware and Spybot are great, but you need to make sure they are
updated and that you do all scans with malware removal tools in Safe
Mode. You should run through the removal steps I will give you below.
In addition, I Googled for "remove isearch" and came up with this
promising link to instructions for manual removal from Computer
Associates:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=45...

General malware removal:

1) Scan in Safe Mode with current version (not earlier than 2003)
antivirus using updated definitions.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

HijackThis is an excellent tool to discover and disable hijackers, but
it requires expert skill. See below for HijackThis links. A combination
of HijackThis and About:Buster works well in removing the About:Blank
homepage hijacker. Again, this is an expert tool and novices should get
help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_downloa...
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/
http://www.spywareinfo.com/forums/

General:
http://forum.aumha.org/ - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
January 6, 2005 5:59:10 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

My homepage has been hijacked by Home Search and the program hijackthis was
unable to resolve my problem even in safe mode. Then in my add/remove
programs 2 programs Home Search Assistent & Shopping Wizard have been
installed and every time I try to uninstall them it takes me to their website
to uninstall them but it doesn't. Can anyone please help me I would greatly
appreciate your help.

Thank You
Related resources
Anonymous
January 6, 2005 11:54:55 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt333.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




"specter623" <specter623@discussions.microsoft.com> wrote in message
news:C9092DB8-2D40-4111-BDD2-207F188F9FC6@microsoft.com...
| My homepage has been hijacked by Home Search and the program hijackthis was
| unable to resolve my problem even in safe mode. Then in my add/remove
| programs 2 programs Home Search Assistent & Shopping Wizard have been
| installed and every time I try to uninstall them it takes me to their website
| to uninstall them but it doesn't. Can anyone please help me I would greatly
| appreciate your help.
|
| Thank You
Anonymous
January 8, 2005 3:49:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I've downloaded trend sysclean package and I've downloaded the latest
patterns and put them in the same folder.But everytime I try to run sysclean
it says Pattern file "LPT$VPN.*" is missing, Please download a copy. Is that
something I should worry about or did I do something incorrectly?
January 8, 2005 11:57:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

specter623 wrote:

> I've downloaded trend sysclean package and I've downloaded the latest
> patterns and put them in the same folder.But everytime I try to run
> sysclean it says Pattern file "LPT$VPN.*" is missing, Please download
> a copy. Is that something I should worry about or did I do something
> incorrectly?

Did you unzip the pattern file? You need to.

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
January 9, 2005 5:07:44 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

That error message indicates that you failed to extract the Pattern File from the pattern
File distribution ZIP file and place the Pattern File in the SAME directory as you placed
SYSCLEAN.COM.

--
Dave




"specter623" <specter623@discussions.microsoft.com> wrote in message
news:81DC5090-99AE-4B9A-8F36-169E17CEBBE1@microsoft.com...
| I've downloaded trend sysclean package and I've downloaded the latest
| patterns and put them in the same folder.But everytime I try to run sysclean
| it says Pattern file "LPT$VPN.*" is missing, Please download a copy. Is that
| something I should worry about or did I do something incorrectly?
!