Persistent ADware Infection

agent_c

Distinguished
Apr 10, 2004
80
0
18,630
Archived from groups: microsoft.public.windows.inetexplorer.ie6.browser,microsoft.public.windowsxp.security_admin (More info?)

I am trying to determine the source of a persistent piece of adware,
which infects my computer on a daily basis.

Every day, sometimes more than once, I get an advisory from Norton
2005 that it has deleted 'access_now.exe' from my temporary
directory. This is the '0Cat Yellow Pages' browser redirect.

What want to know is; how can a 3rd party (I'm assuming a web site)
insert an _executable_ on my computer without my consent? Is there an
Active-X setting that I can adjust to prevent this?

I'm running a fully patched machine.

Thanks,

A_C
 
G

Guest

Guest
Archived from groups: microsoft.public.windows.inetexplorer.ie6.browser,microsoft.public.windowsxp.security_admin (More info?)

In addition to David's input, try to use a local user account that is not a
member of the local administrators group for daily basis. This is good
starting point to prevent potential malware littering everywhere, especially
key system folders.

HTH.


"Agent_C" wrote:

> I am trying to determine the source of a persistent piece of adware,
> which infects my computer on a daily basis.
>
> Every day, sometimes more than once, I get an advisory from Norton
> 2005 that it has deleted 'access_now.exe' from my temporary
> directory. This is the '0Cat Yellow Pages' browser redirect.
>
> What want to know is; how can a 3rd party (I'm assuming a web site)
> insert an _executable_ on my computer without my consent? Is there an
> Active-X setting that I can adjust to prevent this?
>
> I'm running a fully patched machine.
>
> Thanks,
>
> A_C
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windows.inetexplorer.ie6.browser,microsoft.public.windowsxp.security_admin (More info?)

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt359.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




"Agent_C" <Agent-C-hates-spam@nyc.rr.com> wrote in message
news:5d1ru0pqdm5pf7qvvje7mub6q93gdhfq78@4ax.com...
| I am trying to determine the source of a persistent piece of adware,
| which infects my computer on a daily basis.
|
| Every day, sometimes more than once, I get an advisory from Norton
| 2005 that it has deleted 'access_now.exe' from my temporary
| directory. This is the '0Cat Yellow Pages' browser redirect.
|
| What want to know is; how can a 3rd party (I'm assuming a web site)
| insert an _executable_ on my computer without my consent? Is there an
| Active-X setting that I can adjust to prevent this?
|
| I'm running a fully patched machine.
|
| Thanks,
|
| A_C
|
|
 

agent_c

Distinguished
Apr 10, 2004
80
0
18,630
Archived from groups: microsoft.public.windows.inetexplorer.ie6.browser,microsoft.public.windowsxp.security_admin (More info?)

Thanks very much. I'll monitor things over the next day or so to see
if this did the trick.

A_C


On Tue, 18 Jan 2005 17:03:21 -0500, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

>1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
>Create a directory.
>On drive "C:\"
>(e.g., "c:\New Folder")
>or the desktop
>(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
>Download Sysclean.com and place it in that directory.
>Download the Trend Pattern File by obtaining the ZIP file.
>For example; lpt359.zip
>
>Extract the contents of the ZIP file and place the contents in the same directory as
>sysclean.com.
>
>2) Update Adaware with the latest definitions.
>3) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>4) Reboot your PC into Safe Mode and shutdown as many applications as possible
>5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
>6) Restart your PC and perform a "final" Full Scan of your platform using both the
> Trend Sysclean utility and Adaware
>7) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
>8) Reboot your PC.
>9) Create a new Restore point
>
>
>* * * Please report your results ! * * *