Sign in with
Sign up | Sign in
Your question

HijackThis problem

Last response: in Windows 95/98/ME
Share
Anonymous
July 17, 2005 5:27:14 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Greetings all,

Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM

Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
when I launch this it opens the splash screen.
If I hit on the top option 'Do Scan & Save Logfile' the process starts but
the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
enumeration " overprinted in Red. (I do have various bank URLs in my IE
Trusted Zone).

Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
Task' I can then continue.

All other applications seem to work fine, no virus detected (by f-prot),
ad-aware & spybot reports 'alexa' otherwise clear.

I have not submitted the HJT Logfile because, although it is produced, it is
blank (size 0 bytes).

Any ideas?

Rednelle

More about : hijackthis problem

Anonymous
July 17, 2005 5:27:15 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Instead of choosing the option to "Do Scan and save logfile", try the option to just
open the program; then just do a scan, and see if that works. If it does, then save
a logfile when done.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Greetings all,
>
> Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
>
> Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
> when I launch this it opens the splash screen.
> If I hit on the top option 'Do Scan & Save Logfile' the process starts but
> the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
> enumeration " overprinted in Red. (I do have various bank URLs in my IE
> Trusted Zone).
>
> Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
> Task' I can then continue.
>
> All other applications seem to work fine, no virus detected (by f-prot),
> ad-aware & spybot reports 'alexa' otherwise clear.
>
> I have not submitted the HJT Logfile because, although it is produced, it is
> blank (size 0 bytes).
>
> Any ideas?
>
> Rednelle
>
>
>
Anonymous
July 17, 2005 5:27:15 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

HijackThis Tutorial:
http://www.bleepingcomputer.com/forums/index.php?showtu...
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Greetings all,
>
> Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
>
> Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
> when I launch this it opens the splash screen.
> If I hit on the top option 'Do Scan & Save Logfile' the process starts but
> the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
> enumeration " overprinted in Red. (I do have various bank URLs in my IE
> Trusted Zone).
>
> Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
> Task' I can then continue.
>
> All other applications seem to work fine, no virus detected (by f-prot),
> ad-aware & spybot reports 'alexa' otherwise clear.
>
> I have not submitted the HJT Logfile because, although it is produced, it is
> blank (size 0 bytes).
>
> Any ideas?
>
> Rednelle
>
>
>
Related resources
Anonymous
July 18, 2005 12:00:24 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Glen,

Thanks for both your responses.

Launching HJT, just to scan, produced the same result as before -
application freeze in O15 section.
I read your tutorial, O15 section, looked at the 4 HighKeys, and found
hundreds of entries under Domains and Ranges.
As an experiment, after saving the old .reg file, I deleted them all - and
then ran HJT. HJT worked as advertised.
Logfile 7K posted separately, for expert analysis.

Thanks for your help thus far.

Rednelle

"glee" <glee29@spamindspring.com> wrote in message
news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> HijackThis Tutorial:
> http://www.bleepingcomputer.com/forums/index.php?showtu...
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > Greetings all,
> >
> > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
> >
> > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe
and
> > when I launch this it opens the splash screen.
> > If I hit on the top option 'Do Scan & Save Logfile' the process starts
but
> > the blue progress bar stops at about 95% travel with " O15 - Trusted
Zone
> > enumeration " overprinted in Red. (I do have various bank URLs in my IE
> > Trusted Zone).
> >
> > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
> > Task' I can then continue.
> >
> > All other applications seem to work fine, no virus detected (by f-prot),
> > ad-aware & spybot reports 'alexa' otherwise clear.
> >
> > I have not submitted the HJT Logfile because, although it is produced,
it is
> > blank (size 0 bytes).
> >
> > Any ideas?
> >
> > Rednelle
> >
> >
> >
>
Anonymous
July 18, 2005 12:00:25 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

What you probably found, under the Domains sub-key in the Registry, were Restricted
sites, which AFAIK Hijack This does not look at. It is the entries under Ranges
that would contain the Trusted Zone sites:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges
and possibly
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges

You can safely delete entries from Ranges, as there is no pressing need to have any
site in Trusted Zone....if needed, you can manually add sites through IE> Tools
menu> Security tab. Some find it helpful to add sites like Windows Update to the
Trusted Zone.

Was the Ranges key very large?

Out of curiosity, where did you post you HJ log?
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> Glen,
>
> Thanks for both your responses.
>
> Launching HJT, just to scan, produced the same result as before -
> application freeze in O15 section.
> I read your tutorial, O15 section, looked at the 4 HighKeys, and found
> hundreds of entries under Domains and Ranges.
> As an experiment, after saving the old .reg file, I deleted them all - and
> then ran HJT. HJT worked as advertised.
> Logfile 7K posted separately, for expert analysis.
>
> Thanks for your help thus far.
>
> Rednelle
>
> "glee" <glee29@spamindspring.com> wrote in message
> news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > HijackThis Tutorial:
> > http://www.bleepingcomputer.com/forums/index.php?showtu...
> > --
> > Glen Ventura, MS MVP Shell/User, A+
> > http://dts-l.org/goodpost.htm
> >
> >
> > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > Greetings all,
> > >
> > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
> > >
> > > Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe
> and
> > > when I launch this it opens the splash screen.
> > > If I hit on the top option 'Do Scan & Save Logfile' the process starts
> but
> > > the blue progress bar stops at about 95% travel with " O15 - Trusted
> Zone
> > > enumeration " overprinted in Red. (I do have various bank URLs in my IE
> > > Trusted Zone).
> > >
> > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
> > > Task' I can then continue.
> > >
> > > All other applications seem to work fine, no virus detected (by f-prot),
> > > ad-aware & spybot reports 'alexa' otherwise clear.
> > >
> > > I have not submitted the HJT Logfile because, although it is produced,
> it is
> > > blank (size 0 bytes).
> > >
> > > Any ideas?
> > >
> > > Rednelle
> > >
> > >
> > >
> >
>
>
Anonymous
July 18, 2005 1:36:33 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

glee says...

> What you probably found, under the Domains sub-key in
> the Registry, were Restricted sites, which AFAIK Hijack
> This does not look at. It is the entries under Ranges
> that would contain the Trusted Zone sites:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
> ion\Internet Settings\ZoneMap\Ranges
> and possibly
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
> sion\Internet Settings\ZoneMap\Ranges

> You can safely delete entries from Ranges, as there is
> no pressing need to have any site in Trusted Zone....if
> needed, you can manually add sites through IE> Tools
> menu> Security tab. Some find it helpful to add sites
> like Windows Update to the Trusted Zone.

Until recently I've been running IE 5.5, and used the
Trusted Zone for specific sites for which I wanted to allow
persistent cookies. The security level was set to Medium
just like the Internet Zone, so the only difference was
cookies. Now with IE6 I may have to do it differently,
but...

My HJT log includes one Range entry along with the list of
named sites I had entered:

O15 - Trusted IP range: http://207.211.39.119

Doing a reverse lookup on this, I find nothing. Of course I
can just delete it, but now I'm curious. In fact, this IP
does not show up in the list of trusted sites I see in
Tools/Security.

Any way to tell who this is, or how it got there? Does this
mean I've been keylogged from the beginning? :-)
Anonymous
July 18, 2005 3:10:23 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Go here:
http://www.aumha.org/search.htm
and in the upper right of the page, put in the IP address in the AumHa Whois Search
box (just the number, without the http)

For 207.211.39.119 it reports:

OrgName: ClearBlue Technologies
OrgID: CLEAR-1
Address: 125 Elwood Davis Road
City: Syracuse
StateProv: NY
PostalCode: 13219
Country: US
NetRange: 207.211.0.0 - 207.211.255.255
CIDR: 207.211.0.0/16
NetName: APPLIEDT-207-211
NetHandle: NET-207-211-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.APPLIEDTHEORY.COM
NameServer: NS2.APPLIEDTHEORY.COM
NameServer: NS3.APPLIEDTHEORY.COM
Comment:
RegDate:
Updated: 2002-09-06
TechHandle: NDA5-ARIN
TechName: DNS Administration
TechPhone: 1-315-453-2912
TechEmail: Hostmaster@appliedtheory.com
OrgTechHandle: HOSTM2-ARIN
OrgTechName: Hostmaster
OrgTechPhone: 1-315-453-2912
OrgTechEmail: hostmaster@clearblue.com
ARIN WHOIS database last updated 2005-07-14 19: 10
Enter ? for additional hints on searching ARIN's WHOIS database.
</paste>
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
news:Q7PCe.64883$R21.9027@lakeread06...
> glee says...
>
> > What you probably found, under the Domains sub-key in
> > the Registry, were Restricted sites, which AFAIK Hijack
> > This does not look at. It is the entries under Ranges
> > that would contain the Trusted Zone sites:
> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
> > ion\Internet Settings\ZoneMap\Ranges
> > and possibly
> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
> > sion\Internet Settings\ZoneMap\Ranges
>
> > You can safely delete entries from Ranges, as there is
> > no pressing need to have any site in Trusted Zone....if
> > needed, you can manually add sites through IE> Tools
> > menu> Security tab. Some find it helpful to add sites
> > like Windows Update to the Trusted Zone.
>
> Until recently I've been running IE 5.5, and used the
> Trusted Zone for specific sites for which I wanted to allow
> persistent cookies. The security level was set to Medium
> just like the Internet Zone, so the only difference was
> cookies. Now with IE6 I may have to do it differently,
> but...
>
> My HJT log includes one Range entry along with the list of
> named sites I had entered:
>
> O15 - Trusted IP range: http://207.211.39.119
>
> Doing a reverse lookup on this, I find nothing. Of course I
> can just delete it, but now I'm curious. In fact, this IP
> does not show up in the list of trusted sites I see in
> Tools/Security.
>
> Any way to tell who this is, or how it got there? Does this
> mean I've been keylogged from the beginning? :-)
>
>
Anonymous
July 18, 2005 3:10:24 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks for the info. None of that rings a bell, and google doesn't
help. So I'll just delete it.

glee says...
>
>
>Go here:
>http://www.aumha.org/search.htm
>and in the upper right of the page, put in the IP address in the
AumHa Whois
>Search
>box (just the number, without the http)
>
>For 207.211.39.119 it reports:
>
> OrgName: ClearBlue Technologies
> OrgID: CLEAR-1
> Address: 125 Elwood Davis Road
> City: Syracuse
> StateProv: NY
> PostalCode: 13219
> Country: US
> NetRange: 207.211.0.0 - 207.211.255.255
> CIDR: 207.211.0.0/16
> NetName: APPLIEDT-207-211
> NetHandle: NET-207-211-0-0-1
> Parent: NET-207-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1.APPLIEDTHEORY.COM
> NameServer: NS2.APPLIEDTHEORY.COM
> NameServer: NS3.APPLIEDTHEORY.COM
> Comment:
> RegDate:
> Updated: 2002-09-06
> TechHandle: NDA5-ARIN
> TechName: DNS Administration
> TechPhone: 1-315-453-2912
> TechEmail: Hostmaster@appliedtheory.com
> OrgTechHandle: HOSTM2-ARIN
> OrgTechName: Hostmaster
> OrgTechPhone: 1-315-453-2912
> OrgTechEmail: hostmaster@clearblue.com
> ARIN WHOIS database last updated 2005-07-14 19: 10
> Enter ? for additional hints on searching ARIN's WHOIS database.
></paste>
>--
>Glen Ventura, MS MVP Shell/User, A+
>http://dts-l.org/goodpost.htm
>
>
>"Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
>news:Q7PCe.64883$R21.9027@lakeread06...
>> glee says...
>>
>> > What you probably found, under the Domains sub-key in
>> > the Registry, were Restricted sites, which AFAIK Hijack
>> > This does not look at. It is the entries under Ranges
>> > that would contain the Trusted Zone sites:
>> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
>> > ion\Internet Settings\ZoneMap\Ranges
>> > and possibly
>> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
>> > sion\Internet Settings\ZoneMap\Ranges
>>
>> > You can safely delete entries from Ranges, as there is
>> > no pressing need to have any site in Trusted Zone....if
>> > needed, you can manually add sites through IE> Tools
>> > menu> Security tab. Some find it helpful to add sites
>> > like Windows Update to the Trusted Zone.
>>
>> Until recently I've been running IE 5.5, and used the
>> Trusted Zone for specific sites for which I wanted to allow
>> persistent cookies. The security level was set to Medium
>> just like the Internet Zone, so the only difference was
>> cookies. Now with IE6 I may have to do it differently,
>> but...
>>
>> My HJT log includes one Range entry along with the list of
>> named sites I had entered:
>>
>> O15 - Trusted IP range: http://207.211.39.119
>>
>> Doing a reverse lookup on this, I find nothing. Of course I
>> can just delete it, but now I'm curious. In fact, this IP
>> does not show up in the list of trusted sites I see in
>> Tools/Security.
>>
>> Any way to tell who this is, or how it got there? Does this
>> mean I've been keylogged from the beginning? :-)
>>
>>
>
Anonymous
July 18, 2005 3:10:24 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Using Google, I managed to come up with a couple of dead links which
formerly arrived at a couple of different online forums.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"glee" <glee29@spamindspring.com> wrote in message
news:eTjvzr6iFHA.1048@tk2msftngp13.phx.gbl...
> Go here:
> http://www.aumha.org/search.htm
> and in the upper right of the page, put in the IP address in the AumHa
> Whois Search
> box (just the number, without the http)
>
> For 207.211.39.119 it reports:
>
> OrgName: ClearBlue Technologies
> OrgID: CLEAR-1
> Address: 125 Elwood Davis Road
> City: Syracuse
> StateProv: NY
> PostalCode: 13219
> Country: US
> NetRange: 207.211.0.0 - 207.211.255.255
> CIDR: 207.211.0.0/16
> NetName: APPLIEDT-207-211
> NetHandle: NET-207-211-0-0-1
> Parent: NET-207-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1.APPLIEDTHEORY.COM
> NameServer: NS2.APPLIEDTHEORY.COM
> NameServer: NS3.APPLIEDTHEORY.COM
> Comment:
> RegDate:
> Updated: 2002-09-06
> TechHandle: NDA5-ARIN
> TechName: DNS Administration
> TechPhone: 1-315-453-2912
> TechEmail: Hostmaster@appliedtheory.com
> OrgTechHandle: HOSTM2-ARIN
> OrgTechName: Hostmaster
> OrgTechPhone: 1-315-453-2912
> OrgTechEmail: hostmaster@clearblue.com
> ARIN WHOIS database last updated 2005-07-14 19: 10
> Enter ? for additional hints on searching ARIN's WHOIS database.
> </paste>
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Peabody" <waybackKILLSPAM44@yahoo.com> wrote in message
> news:Q7PCe.64883$R21.9027@lakeread06...
>> glee says...
>>
>> > What you probably found, under the Domains sub-key in
>> > the Registry, were Restricted sites, which AFAIK Hijack
>> > This does not look at. It is the entries under Ranges
>> > that would contain the Trusted Zone sites:
>> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
>> > ion\Internet Settings\ZoneMap\Ranges
>> > and possibly
>> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVer
>> > sion\Internet Settings\ZoneMap\Ranges
>>
>> > You can safely delete entries from Ranges, as there is
>> > no pressing need to have any site in Trusted Zone....if
>> > needed, you can manually add sites through IE> Tools
>> > menu> Security tab. Some find it helpful to add sites
>> > like Windows Update to the Trusted Zone.
>>
>> Until recently I've been running IE 5.5, and used the
>> Trusted Zone for specific sites for which I wanted to allow
>> persistent cookies. The security level was set to Medium
>> just like the Internet Zone, so the only difference was
>> cookies. Now with IE6 I may have to do it differently,
>> but...
>>
>> My HJT log includes one Range entry along with the list of
>> named sites I had entered:
>>
>> O15 - Trusted IP range: http://207.211.39.119
>>
>> Doing a reverse lookup on this, I find nothing. Of course I
>> can just delete it, but now I'm curious. In fact, this IP
>> does not show up in the list of trusted sites I see in
>> Tools/Security.
>>
>> Any way to tell who this is, or how it got there? Does this
>> mean I've been keylogged from the beginning? :-)
>>
>>
>
Anonymous
July 18, 2005 5:38:49 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Glen,

The HKCU Ranges key was large. I realise now that I was probably looking at
entries put there by (me) / IE_SPYAD.

I posted the HJT logfile to 'bleepingcomputer' but there has been no reply -
probably because of some mistake I made.

I'll try and send you a copy of the HJT file; what remains doesn't look
obviously bad to me, but then I am no expert.

Thanks for all your help.

Rednelle


"glee" <glee29@spamindspring.com> wrote in message
news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
> What you probably found, under the Domains sub-key in the Registry, were
Restricted
> sites, which AFAIK Hijack This does not look at. It is the entries under
Ranges
> that would contain the Trusted Zone sites:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Ranges
> and possibly
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Ranges
>
> You can safely delete entries from Ranges, as there is no pressing need to
have any
> site in Trusted Zone....if needed, you can manually add sites through IE>
Tools
> menu> Security tab. Some find it helpful to add sites like Windows Update
to the
> Trusted Zone.
>
> Was the Ranges key very large?
>
> Out of curiosity, where did you post you HJ log?
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > Glen,
> >
> > Thanks for both your responses.
> >
> > Launching HJT, just to scan, produced the same result as before -
> > application freeze in O15 section.
> > I read your tutorial, O15 section, looked at the 4 HighKeys, and found
> > hundreds of entries under Domains and Ranges.
> > As an experiment, after saving the old .reg file, I deleted them all -
and
> > then ran HJT. HJT worked as advertised.
> > Logfile 7K posted separately, for expert analysis.
> >
> > Thanks for your help thus far.
> >
> > Rednelle
> >
> > "glee" <glee29@spamindspring.com> wrote in message
> > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > HijackThis Tutorial:
> > >
http://www.bleepingcomputer.com/forums/index.php?showtu...
> > > --
> > > Glen Ventura, MS MVP Shell/User, A+
> > > http://dts-l.org/goodpost.htm
> > >
> > >
> > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > Greetings all,
> > > >
> > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB
RAM
> > > >
> > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
HijackThis.exe
> > and
> > > > when I launch this it opens the splash screen.
> > > > If I hit on the top option 'Do Scan & Save Logfile' the process
starts
> > but
> > > > the blue progress bar stops at about 95% travel with " O15 - Trusted
> > Zone
> > > > enumeration " overprinted in Red. (I do have various bank URLs in my
IE
> > > > Trusted Zone).
> > > >
> > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I
'End
> > > > Task' I can then continue.
> > > >
> > > > All other applications seem to work fine, no virus detected (by
f-prot),
> > > > ad-aware & spybot reports 'alexa' otherwise clear.
> > > >
> > > > I have not submitted the HJT Logfile because, although it is
produced,
> > it is
> > > > blank (size 0 bytes).
> > > >
> > > > Any ideas?
> > > >
> > > > Rednelle
> > > >
> > > >
> > > >
> > >
> >
> >
>
Anonymous
July 18, 2005 5:44:55 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Did you try running HijackThis in Safe Mode?
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

Rednelle wrote:
> Greetings all,
>
> Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB RAM
>
> Downloaded HijackThis 1.99.1 zip which unzipped fine to HijackThis.exe and
> when I launch this it opens the splash screen.
> If I hit on the top option 'Do Scan & Save Logfile' the process starts but
> the blue progress bar stops at about 95% travel with " O15 - Trusted Zone
> enumeration " overprinted in Red. (I do have various bank URLs in my IE
> Trusted Zone).
>
> Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I 'End
> Task' I can then continue.
>
> All other applications seem to work fine, no virus detected (by f-prot),
> ad-aware & spybot reports 'alexa' otherwise clear.
>
> I have not submitted the HJT Logfile because, although it is produced, it
> is
> blank (size 0 bytes).
>
> Any ideas?
>
> Rednelle
Anonymous
July 18, 2005 10:00:11 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the AumHa forums
and website, who highly recommends it:

"It is a frequently-updated Registry patch that adds a long list of known
advertisers, marketers, and spyware pushers to the Restricted sites zone of
Internet Explorer. This filters much known adware and other malware from
your computer from the beginning - a more proactive approach than only using
adware-removing programs after the fact."

So, yes....the large Restricted sites zone would be from that application. Are you
sure it was the restricted sites that were causing your problem? How large was the
Trusted Zone section, in the Registry key I mentioned earlier?

I have not seen your HJT log, but I don't frequent the Bleeping forums. Post it on
the forums at aumha.net, where I check in regularly....along with PA Bear and his
merry band of experts. You must first register at the site, but that does not take
long.

Copy the log files and paste them into a new post here:
http://forum.aumha.org/viewforum.php?f=30
(Another good forum is: http://castlecops.com/forum67.html )

In your post, please state your problem, if any, and what you've done so far to fix
it.

See the "housekeeping" you should complete before you post your log:
http://aumha.org/forum/viewtopic.php?t=4075

A tutorial for using Hijack This is located here:
http://tomcoyote.com/hjt/
and an in-depth tutorial is here:
http://aumha.org/a/hjttutor.htm
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> Glen,
>
> The HKCU Ranges key was large. I realise now that I was probably looking at
> entries put there by (me) / IE_SPYAD.
>
> I posted the HJT logfile to 'bleepingcomputer' but there has been no reply -
> probably because of some mistake I made.
>
> I'll try and send you a copy of the HJT file; what remains doesn't look
> obviously bad to me, but then I am no expert.
>
> Thanks for all your help.
>
> Rednelle
>
>
> "glee" <glee29@spamindspring.com> wrote in message
> news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > What you probably found, under the Domains sub-key in the Registry, were
> Restricted
> > sites, which AFAIK Hijack This does not look at. It is the entries under
> Ranges
> > that would contain the Trusted Zone sites:
> > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\ZoneMap\Ranges
> > and possibly
> > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> > Settings\ZoneMap\Ranges
> >
> > You can safely delete entries from Ranges, as there is no pressing need to
> have any
> > site in Trusted Zone....if needed, you can manually add sites through IE>
> Tools
> > menu> Security tab. Some find it helpful to add sites like Windows Update
> to the
> > Trusted Zone.
> >
> > Was the Ranges key very large?
> >
> > Out of curiosity, where did you post you HJ log?
> > --
> > Glen Ventura, MS MVP Shell/User, A+
> > http://dts-l.org/goodpost.htm
> >
> >
> > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > news:D bedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > Glen,
> > >
> > > Thanks for both your responses.
> > >
> > > Launching HJT, just to scan, produced the same result as before -
> > > application freeze in O15 section.
> > > I read your tutorial, O15 section, looked at the 4 HighKeys, and found
> > > hundreds of entries under Domains and Ranges.
> > > As an experiment, after saving the old .reg file, I deleted them all -
> and
> > > then ran HJT. HJT worked as advertised.
> > > Logfile 7K posted separately, for expert analysis.
> > >
> > > Thanks for your help thus far.
> > >
> > > Rednelle
> > >
> > > "glee" <glee29@spamindspring.com> wrote in message
> > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > > HijackThis Tutorial:
> > > >
> http://www.bleepingcomputer.com/forums/index.php?showtu...
> > > > --
> > > > Glen Ventura, MS MVP Shell/User, A+
> > > > http://dts-l.org/goodpost.htm
> > > >
> > > >
> > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > > news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > > Greetings all,
> > > > >
> > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with 192MB
> RAM
> > > > >
> > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
> HijackThis.exe
> > > and
> > > > > when I launch this it opens the splash screen.
> > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
> starts
> > > but
> > > > > the blue progress bar stops at about 95% travel with " O15 - Trusted
> > > Zone
> > > > > enumeration " overprinted in Red. (I do have various bank URLs in my
> IE
> > > > > Trusted Zone).
> > > > >
> > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If I
> 'End
> > > > > Task' I can then continue.
> > > > >
> > > > > All other applications seem to work fine, no virus detected (by
> f-prot),
> > > > > ad-aware & spybot reports 'alexa' otherwise clear.
> > > > >
> > > > > I have not submitted the HJT Logfile because, although it is
> produced,
> > > it is
> > > > > blank (size 0 bytes).
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Rednelle
> > > > >
> > > > >
> > > > >
> > > >
> > >
> > >
> >
>
>
Anonymous
July 19, 2005 12:08:41 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Hi Robert,

No, I didn't try HJT in Safe Mode.

As I said in a previous post, once the HKCU Range keys were deleted HJT ran
to completion, and the log seems fine.

Would IE-SPYAD be responsible for the hundreds of entries (restricted sites)
in this part of the registry?
What is your opinion of this utility?

Rednelle




"PA Bear" <PABearMVP@gmail.com> wrote in message
news:#uJLqB8iFHA.2772@TK2MSFTNGP12.phx.gbl...
> Did you try running HijackThis in Safe Mode?
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE) & Security
Anonymous
July 19, 2005 4:40:48 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Glen,

I'll register with AumHa Forums and send you the latest log.
OldTimer on BleepingComputer read the first HJT log and gave advice - which
worked well.

I can't provide good answers to your detailed questions; I've lost my notes
and can't remember now exactly how many line items there were under HKLM and
HKCU ...... ZoneMap > Domains and Ranges (4 areas); nor what was in which
zone.
It seemed like hundreds. I had installed IE-SPYAD a year or two ago which,
as you say, would have added Restricted sites. I deliberately added about 6
bank URLs to IE > Tools > Security > Trusted sites. Anything else would have
arrived unintentionally.

However; all now seems well.

If, after reloading IE-SPYAD, I find the HJT freezes again in Section O-15
I will let you and the community know.

Thanks again for your help.

Rednelle




"glee" <glee29@spamindspring.com> wrote in message
news:o aKjzQ#iFHA.3960@TK2MSFTNGP12.phx.gbl...
> Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the
AumHa forums
> and website, who highly recommends it:
>
> "It is a frequently-updated Registry patch that adds a long list of known
> advertisers, marketers, and spyware pushers to the Restricted sites zone
of
> Internet Explorer. This filters much known adware and other malware from
> your computer from the beginning - a more proactive approach than only
using
> adware-removing programs after the fact."
>
> So, yes....the large Restricted sites zone would be from that application.
Are you
> sure it was the restricted sites that were causing your problem? How
large was the
> Trusted Zone section, in the Registry key I mentioned earlier?
>
> I have not seen your HJT log, but I don't frequent the Bleeping forums.
Post it on
> the forums at aumha.net, where I check in regularly....along with PA Bear
and his
> merry band of experts. You must first register at the site, but that does
not take
> long.
>
> Copy the log files and paste them into a new post here:
> http://forum.aumha.org/viewforum.php?f=30
> (Another good forum is: http://castlecops.com/forum67.html )
>
> In your post, please state your problem, if any, and what you've done so
far to fix
> it.
>
> See the "housekeeping" you should complete before you post your log:
> http://aumha.org/forum/viewtopic.php?t=4075
>
> A tutorial for using Hijack This is located here:
> http://tomcoyote.com/hjt/
> and an in-depth tutorial is here:
> http://aumha.org/a/hjttutor.htm
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > Glen,
> >
> > The HKCU Ranges key was large. I realise now that I was probably looking
at
> > entries put there by (me) / IE_SPYAD.
> >
> > I posted the HJT logfile to 'bleepingcomputer' but there has been no
reply -
> > probably because of some mistake I made.
> >
> > I'll try and send you a copy of the HJT file; what remains doesn't look
> > obviously bad to me, but then I am no expert.
> >
> > Thanks for all your help.
> >
> > Rednelle
> >
> >
> > "glee" <glee29@spamindspring.com> wrote in message
> > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > What you probably found, under the Domains sub-key in the Registry,
were
> > Restricted
> > > sites, which AFAIK Hijack This does not look at. It is the entries
under
> > Ranges
> > > that would contain the Trusted Zone sites:
> > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > > Settings\ZoneMap\Ranges
> > > and possibly
> > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> > > Settings\ZoneMap\Ranges
> > >
> > > You can safely delete entries from Ranges, as there is no pressing
need to
> > have any
> > > site in Trusted Zone....if needed, you can manually add sites through
IE>
> > Tools
> > > menu> Security tab. Some find it helpful to add sites like Windows
Update
> > to the
> > > Trusted Zone.
> > >
> > > Was the Ranges key very large?
> > >
> > > Out of curiosity, where did you post you HJ log?
> > > --
> > > Glen Ventura, MS MVP Shell/User, A+
> > > http://dts-l.org/goodpost.htm
> > >
> > >
> > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > news:D bedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > Glen,
> > > >
> > > > Thanks for both your responses.
> > > >
> > > > Launching HJT, just to scan, produced the same result as before -
> > > > application freeze in O15 section.
> > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and
found
> > > > hundreds of entries under Domains and Ranges.
> > > > As an experiment, after saving the old .reg file, I deleted them
all -
> > and
> > > > then ran HJT. HJT worked as advertised.
> > > > Logfile 7K posted separately, for expert analysis.
> > > >
> > > > Thanks for your help thus far.
> > > >
> > > > Rednelle
> > > >
> > > > "glee" <glee29@spamindspring.com> wrote in message
> > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > > > HijackThis Tutorial:
> > > > >
> > http://www.bleepingcomputer.com/forums/index.php?showtu...
> > > > > --
> > > > > Glen Ventura, MS MVP Shell/User, A+
> > > > > http://dts-l.org/goodpost.htm
> > > > >
> > > > >
> > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > > > news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > > > Greetings all,
> > > > > >
> > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with
192MB
> > RAM
> > > > > >
> > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
> > HijackThis.exe
> > > > and
> > > > > > when I launch this it opens the splash screen.
> > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
> > starts
> > > > but
> > > > > > the blue progress bar stops at about 95% travel with " O15 -
Trusted
> > > > Zone
> > > > > > enumeration " overprinted in Red. (I do have various bank URLs
in my
> > IE
> > > > > > Trusted Zone).
> > > > > >
> > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If
I
> > 'End
> > > > > > Task' I can then continue.
> > > > > >
> > > > > > All other applications seem to work fine, no virus detected (by
> > f-prot),
> > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
> > > > > >
> > > > > > I have not submitted the HJT Logfile because, although it is
> > produced,
> > > > it is
> > > > > > blank (size 0 bytes).
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > Rednelle
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> >
> >
>
Anonymous
July 19, 2005 4:40:49 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> snip
> If, after reloading IE-SPYAD, I find the HJT freezes again in Section O-15
> I will let you and the community know.

OK, that is info that needs to be passed onto the fellow who makes IE_SPYAD. I will
try to get the info to his attention, and see if there are any other reports of the
problem. Thanks.
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


> "glee" <glee29@spamindspring.com> wrote in message
> news:o aKjzQ#iFHA.3960@TK2MSFTNGP12.phx.gbl...
> > Re: IE_SPYAD.... here is a quote from MVP Jim Eshelman, founder of the
> AumHa forums
> > and website, who highly recommends it:
> >
> > "It is a frequently-updated Registry patch that adds a long list of known
> > advertisers, marketers, and spyware pushers to the Restricted sites zone
> of
> > Internet Explorer. This filters much known adware and other malware from
> > your computer from the beginning - a more proactive approach than only
> using
> > adware-removing programs after the fact."
> >
> > So, yes....the large Restricted sites zone would be from that application.
> Are you
> > sure it was the restricted sites that were causing your problem? How
> large was the
> > Trusted Zone section, in the Registry key I mentioned earlier?
> >
> > I have not seen your HJT log, but I don't frequent the Bleeping forums.
> Post it on
> > the forums at aumha.net, where I check in regularly....along with PA Bear
> and his
> > merry band of experts. You must first register at the site, but that does
> not take
> > long.
> >
> > Copy the log files and paste them into a new post here:
> > http://forum.aumha.org/viewforum.php?f=30
> > (Another good forum is: http://castlecops.com/forum67.html )
> >
> > In your post, please state your problem, if any, and what you've done so
> far to fix
> > it.
> >
> > See the "housekeeping" you should complete before you post your log:
> > http://aumha.org/forum/viewtopic.php?t=4075
> >
> > A tutorial for using Hijack This is located here:
> > http://tomcoyote.com/hjt/
> > and an in-depth tutorial is here:
> > http://aumha.org/a/hjttutor.htm
> > --
> > Glen Ventura, MS MVP Shell/User, A+
> > http://dts-l.org/goodpost.htm
> >
> >
> > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > news:D bgbd8$ekd$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > > Glen,
> > >
> > > The HKCU Ranges key was large. I realise now that I was probably looking
> at
> > > entries put there by (me) / IE_SPYAD.
> > >
> > > I posted the HJT logfile to 'bleepingcomputer' but there has been no
> reply -
> > > probably because of some mistake I made.
> > >
> > > I'll try and send you a copy of the HJT file; what remains doesn't look
> > > obviously bad to me, but then I am no expert.
> > >
> > > Thanks for all your help.
> > >
> > > Rednelle
> > >
> > >
> > > "glee" <glee29@spamindspring.com> wrote in message
> > > news:ecOn6nxiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > > What you probably found, under the Domains sub-key in the Registry,
> were
> > > Restricted
> > > > sites, which AFAIK Hijack This does not look at. It is the entries
> under
> > > Ranges
> > > > that would contain the Trusted Zone sites:
> > > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> > > > Settings\ZoneMap\Ranges
> > > > and possibly
> > > > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> > > > Settings\ZoneMap\Ranges
> > > >
> > > > You can safely delete entries from Ranges, as there is no pressing
> need to
> > > have any
> > > > site in Trusted Zone....if needed, you can manually add sites through
> IE>
> > > Tools
> > > > menu> Security tab. Some find it helpful to add sites like Windows
> Update
> > > to the
> > > > Trusted Zone.
> > > >
> > > > Was the Ranges key very large?
> > > >
> > > > Out of curiosity, where did you post you HJ log?
> > > > --
> > > > Glen Ventura, MS MVP Shell/User, A+
> > > > http://dts-l.org/goodpost.htm
> > > >
> > > >
> > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > > news:D bedcn$oif$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > > Glen,
> > > > >
> > > > > Thanks for both your responses.
> > > > >
> > > > > Launching HJT, just to scan, produced the same result as before -
> > > > > application freeze in O15 section.
> > > > > I read your tutorial, O15 section, looked at the 4 HighKeys, and
> found
> > > > > hundreds of entries under Domains and Ranges.
> > > > > As an experiment, after saving the old .reg file, I deleted them
> all -
> > > and
> > > > > then ran HJT. HJT worked as advertised.
> > > > > Logfile 7K posted separately, for expert analysis.
> > > > >
> > > > > Thanks for your help thus far.
> > > > >
> > > > > Rednelle
> > > > >
> > > > > "glee" <glee29@spamindspring.com> wrote in message
> > > > > news:uVHh0quiFHA.1204@TK2MSFTNGP12.phx.gbl...
> > > > > > HijackThis Tutorial:
> > > > > >
> > > http://www.bleepingcomputer.com/forums/index.php?showtu...
> > > > > > --
> > > > > > Glen Ventura, MS MVP Shell/User, A+
> > > > > > http://dts-l.org/goodpost.htm
> > > > > >
> > > > > >
> > > > > > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > > > > > news:D bdmbi$nad$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com...
> > > > > > > Greetings all,
> > > > > > >
> > > > > > > Running Windows 98FE with IE 5.5 SP2 on PentiumII 400MHz with
> 192MB
> > > RAM
> > > > > > >
> > > > > > > Downloaded HijackThis 1.99.1 zip which unzipped fine to
> > > HijackThis.exe
> > > > > and
> > > > > > > when I launch this it opens the splash screen.
> > > > > > > If I hit on the top option 'Do Scan & Save Logfile' the process
> > > starts
> > > > > but
> > > > > > > the blue progress bar stops at about 95% travel with " O15 -
> Trusted
> > > > > Zone
> > > > > > > enumeration " overprinted in Red. (I do have various bank URLs
> in my
> > > IE
> > > > > > > Trusted Zone).
> > > > > > >
> > > > > > > Using Ctrl+Alt+Del shows that HijackThis is [Not responding]. If
> I
> > > 'End
> > > > > > > Task' I can then continue.
> > > > > > >
> > > > > > > All other applications seem to work fine, no virus detected (by
> > > f-prot),
> > > > > > > ad-aware & spybot reports 'alexa' otherwise clear.
> > > > > > >
> > > > > > > I have not submitted the HJT Logfile because, although it is
> > > produced,
> > > > > it is
> > > > > > > blank (size 0 bytes).
> > > > > > >
> > > > > > > Any ideas?
> > > > > > >
> > > > > > > Rednelle
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > >
> > >
> >
>
>
Anonymous
July 19, 2005 6:03:55 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

It's Robear, please. <w>

It's not unusual to run HijackThis or any of the other anti-malware tools in
Safe Mode if they freeze when scanning in normal (Windows) mode.

IIRC the HijackThis entries in question pointed to sites in Trust Sites
zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
responsible, no. Some hijackers are well-known for putting
undesirable/unwanted domains in Trusted Sites zone.

I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
hijackware. I use it in combination with SpywareBlaster and MVP Mike
Burgess' custom hosts file.

Like all such tools, keep IE-SpyAd up-to-date:
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPY...
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

Rednelle wrote:
> Hi Robert,
>
> No, I didn't try HJT in Safe Mode.
>
> As I said in a previous post, once the HKCU Range keys were deleted HJT
> ran
> to completion, and the log seems fine.
>
> Would IE-SPYAD be responsible for the hundreds of entries (restricted
> sites)
> in this part of the registry?
> What is your opinion of this utility?
>
>> Did you try running HijackThis in Safe Mode?
Anonymous
July 19, 2005 7:53:32 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> I'll register with AumHa Forums and send you the latest log.
> OldTimer on BleepingComputer read the first HJT log and gave advice - which
> worked well.

If you are already receiving replies at Bleeping, I don't suggest starting a thread
elsewhere until you have concluded there, lest you confuse the issue with multiple
advice counteracting each other. Too many cooks......
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
Anonymous
July 19, 2005 9:16:33 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Glen,

Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and then
ran HJT again - it froze at O-15 again.
Perhaps there is currently a limit on the number of lines in a HJT logfile?
Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.

Rednelle

"glee" <glee29@spamindspring.com> wrote in message
news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > snip
> > If, after reloading IE-SPYAD, I find the HJT freezes again in Section
O-15
> > I will let you and the community know.
>
> OK, that is info that needs to be passed onto the fellow who makes
IE_SPYAD. I will
> try to get the info to his attention, and see if there are any other
reports of the
> problem. Thanks.
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
Anonymous
July 19, 2005 9:16:34 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the issue is
addressed in the ReadMe for IE-SPYAD:

https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt

See the section titled: "Why does HijackThis! freeze after I install IE-SPYAD?"

<quote>
Why does HijackThis! freeze after I install IE-SPYAD?
-----------------------------------------------------

If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may notice that
HJT appears to
"freeze" or "hang" while scanning your system. In actuality, HJT has not conked out,
nor is there a
problem with IE-SPYAD. What's happening is this:

HJT processes and scans the Registry for all Internet Explorer Security Zone
entries. Internet
Explorer stores entries for all security zones in the same "Domains" Registry key,
and HJT scans
this very same key when inspecting your system. Since IE-SPYAD adds over 8000
entires for the
Restricted sites zone, HJT has a lot of entries to sort through, and that simply
takes time. HJT
isn't actually frozen; it's only momentarily bogged down while processing all those
zone entries.

If you wait a bit, HJT will eventually present you with the buttons that you expect.
Depending on
the speed of your processor and the amount of memory your computer has, this could
take a few
seconds to a minute.

If the wait proves to be too long, then uninstall IE-SPYAD before you run HJT, and
reinstall it
after HJT finishes.
--------------------------------------------------
</quote>
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"Rednelle" <rednelle31@btinternet.com> wrote in message
news:D bjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> Glen,
>
> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and then
> ran HJT again - it froze at O-15 again.
> Perhaps there is currently a limit on the number of lines in a HJT logfile?
> Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
>
> Rednelle
>
> "glee" <glee29@spamindspring.com> wrote in message
> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
> > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > > snip
> > > If, after reloading IE-SPYAD, I find the HJT freezes again in Section
> O-15
> > > I will let you and the community know.
> >
> > OK, that is info that needs to be passed onto the fellow who makes
> IE_SPYAD. I will
> > try to get the info to his attention, and see if there are any other
> reports of the
> > problem. Thanks.
> > --
> > Glen Ventura, MS MVP Shell/User, A+
> > http://dts-l.org/goodpost.htm
>
>
Anonymous
July 19, 2005 9:16:35 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

<applause> Good work, glee! First I've heard of this.

FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
running HijackThis v1.99.1 in WinXP SP2.
--
~Robear

glee wrote:
> I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
> issue is addressed in the ReadMe for IE-SPYAD:
>
> https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
>
> See the section titled: "Why does HijackThis! freeze after I install
> IE-SPYAD?"
>
> <quote>
> Why does HijackThis! freeze after I install IE-SPYAD?
> -----------------------------------------------------
>
> If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
> notice that HJT appears to
> "freeze" or "hang" while scanning your system. In actuality, HJT has not
> conked out, nor is there a
> problem with IE-SPYAD. What's happening is this:
>
> HJT processes and scans the Registry for all Internet Explorer Security
> Zone
> entries. Internet
> Explorer stores entries for all security zones in the same "Domains"
> Registry key, and HJT scans
> this very same key when inspecting your system. Since IE-SPYAD adds over
> 8000 entires for the
> Restricted sites zone, HJT has a lot of entries to sort through, and that
> simply takes time. HJT
> isn't actually frozen; it's only momentarily bogged down while processing
> all those zone entries.
>
> If you wait a bit, HJT will eventually present you with the buttons that
> you expect. Depending on
> the speed of your processor and the amount of memory your computer has,
> this could take a few
> seconds to a minute.
>
> If the wait proves to be too long, then uninstall IE-SPYAD before you run
> HJT, and reinstall it
> after HJT finishes.
> --------------------------------------------------
> </quote>
>
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>> Glen,
>>
>> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
>> then
>> ran HJT again - it froze at O-15 again.
>> Perhaps there is currently a limit on the number of lines in a HJT
>> logfile?
>> Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
>>
>> Rednelle
>>
>> "glee" <glee29@spamindspring.com> wrote in message
>> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
>>> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
>>>> snip
>>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
>> O-15
>>>> I will let you and the community know.
>>>
>>> OK, that is info that needs to be passed onto the fellow who makes
>> IE_SPYAD. I will
>>> try to get the info to his attention, and see if there are any other
>> reports of the
>>> problem. Thanks.
>>> --
>>> Glen Ventura, MS MVP Shell/User, A+
>>> http://dts-l.org/goodpost.htm
Anonymous
July 20, 2005 12:32:02 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

After finding out that you and JAE use IE-SpyAd, I may try it myself. Can't get
much better recommendations than that. ;-) In fact, it may be what I need to add
to the machines at work too.

Is there a way to view the list of sites it adds to Restricted, prior to installing,
do you know?
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm


"PA Bear" <PABearMVP@gmail.com> wrote in message
news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
> <applause> Good work, glee! First I've heard of this.
>
> FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
> running HijackThis v1.99.1 in WinXP SP2.
> --
> ~Robear
>
> glee wrote:
> > I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
> > issue is addressed in the ReadMe for IE-SPYAD:
> >
> > https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
> >
> > See the section titled: "Why does HijackThis! freeze after I install
> > IE-SPYAD?"
> >
> > <quote>
> > Why does HijackThis! freeze after I install IE-SPYAD?
> > -----------------------------------------------------
> >
> > If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
> > notice that HJT appears to
> > "freeze" or "hang" while scanning your system. In actuality, HJT has not
> > conked out, nor is there a
> > problem with IE-SPYAD. What's happening is this:
> >
> > HJT processes and scans the Registry for all Internet Explorer Security
> > Zone
> > entries. Internet
> > Explorer stores entries for all security zones in the same "Domains"
> > Registry key, and HJT scans
> > this very same key when inspecting your system. Since IE-SPYAD adds over
> > 8000 entires for the
> > Restricted sites zone, HJT has a lot of entries to sort through, and that
> > simply takes time. HJT
> > isn't actually frozen; it's only momentarily bogged down while processing
> > all those zone entries.
> >
> > If you wait a bit, HJT will eventually present you with the buttons that
> > you expect. Depending on
> > the speed of your processor and the amount of memory your computer has,
> > this could take a few
> > seconds to a minute.
> >
> > If the wait proves to be too long, then uninstall IE-SPYAD before you run
> > HJT, and reinstall it
> > after HJT finishes.
> > --------------------------------------------------
> > </quote>
> >
> > "Rednelle" <rednelle31@btinternet.com> wrote in message
> > news:D bjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> >> Glen,
> >>
> >> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
> >> then
> >> ran HJT again - it froze at O-15 again.
> >> Perhaps there is currently a limit on the number of lines in a HJT
> >> logfile?
> >> Moral; uninstall IE-SPYAD before you use HijackThis - for the time being.
> >>
> >> Rednelle
> >>
> >> "glee" <glee29@spamindspring.com> wrote in message
> >> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
> >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
> >>> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> >>>> snip
> >>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
> >> O-15
> >>>> I will let you and the community know.
> >>>
> >>> OK, that is info that needs to be passed onto the fellow who makes
> >> IE_SPYAD. I will
> >>> try to get the info to his attention, and see if there are any other
> >> reports of the
> >>> problem. Thanks.
> >>> --
> >>> Glen Ventura, MS MVP Shell/User, A+
> >>> http://dts-l.org/goodpost.htm
>
Anonymous
July 20, 2005 12:50:10 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

You can right-click on ie-ads.reg > Edit > and take a look/see. (Check your
inbox.)

Tip: Put your glasses on!

BTW you'll prolly want IE-SpyAd2, glee.
--
~Robear

glee wrote:
> After finding out that you and JAE use IE-SpyAd, I may try it myself.
> Can't get much better recommendations than that. ;-) In fact, it may
> be
> what I need to add to the machines at work too.
>
> Is there a way to view the list of sites it adds to Restricted, prior to
> installing, do you know?
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
>> <applause> Good work, glee! First I've heard of this.
>>
>> FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
>> running HijackThis v1.99.1 in WinXP SP2.
>> --
>> ~Robear
>>
>> glee wrote:
>>> I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
>>> issue is addressed in the ReadMe for IE-SPYAD:
>>>
>>> https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
>>>
>>> See the section titled: "Why does HijackThis! freeze after I install
>>> IE-SPYAD?"
>>>
>>> <quote>
>>> Why does HijackThis! freeze after I install IE-SPYAD?
>>> -----------------------------------------------------
>>>
>>> If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
>>> notice that HJT appears to
>>> "freeze" or "hang" while scanning your system. In actuality, HJT has not
>>> conked out, nor is there a
>>> problem with IE-SPYAD. What's happening is this:
>>>
>>> HJT processes and scans the Registry for all Internet Explorer Security
>>> Zone
>>> entries. Internet
>>> Explorer stores entries for all security zones in the same "Domains"
>>> Registry key, and HJT scans
>>> this very same key when inspecting your system. Since IE-SPYAD adds over
>>> 8000 entires for the
>>> Restricted sites zone, HJT has a lot of entries to sort through, and
>>> that
>>> simply takes time. HJT
>>> isn't actually frozen; it's only momentarily bogged down while
>>> processing
>>> all those zone entries.
>>>
>>> If you wait a bit, HJT will eventually present you with the buttons that
>>> you expect. Depending on
>>> the speed of your processor and the amount of memory your computer has,
>>> this could take a few
>>> seconds to a minute.
>>>
>>> If the wait proves to be too long, then uninstall IE-SPYAD before you
>>> run
>>> HJT, and reinstall it
>>> after HJT finishes.
>>> --------------------------------------------------
>>> </quote>
>>>
>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
>>> news:D bjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
>>>> Glen,
>>>>
>>>> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
>>>> then
>>>> ran HJT again - it froze at O-15 again.
>>>> Perhaps there is currently a limit on the number of lines in a HJT
>>>> logfile?
>>>> Moral; uninstall IE-SPYAD before you use HijackThis - for the time
>>>> being.
>>>>
>>>> Rednelle
>>>>
>>>> "glee" <glee29@spamindspring.com> wrote in message
>>>> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
>>>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
>>>>> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
>>>>>> snip
>>>>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
>>>> O-15
>>>>>> I will let you and the community know.
>>>>>
>>>>> OK, that is info that needs to be passed onto the fellow who makes
>>>> IE_SPYAD. I will
>>>>> try to get the info to his attention, and see if there are any other
>>>> reports of the
>>>>> problem. Thanks.
>>>>> --
>>>>> Glen Ventura, MS MVP Shell/User, A+
>>>>> http://dts-l.org/goodpost.htm
Anonymous
July 20, 2005 12:59:16 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks, BRobear!

....glen

"PA Bear" <PABearMVP@gmail.com> wrote in message
news:%23RsI%23TMjFHA.708@TK2MSFTNGP09.phx.gbl...
> You can right-click on ie-ads.reg > Edit > and take a look/see. (Check your
> inbox.)
>
> Tip: Put your glasses on!
>
> BTW you'll prolly want IE-SpyAd2, glee.
> --
> ~Robear
>
> glee wrote:
> > After finding out that you and JAE use IE-SpyAd, I may try it myself.
> > Can't get much better recommendations than that. ;-) In fact, it may
> > be
> > what I need to add to the machines at work too.
> >
> > Is there a way to view the list of sites it adds to Restricted, prior to
> > installing, do you know?
> >
> > "PA Bear" <PABearMVP@gmail.com> wrote in message
> > news:%23MjinOKjFHA.3064@TK2MSFTNGP15.phx.gbl...
> >> <applause> Good work, glee! First I've heard of this.
> >>
> >> FWIW I use IE-SpyAd and I've not seen much of the delay Eric describes
> >> running HijackThis v1.99.1 in WinXP SP2.
> >> --
> >> ~Robear
> >>
> >> glee wrote:
> >>> I asked the owner of IE-SpyAd, MVP Eric Howes, and he replied that the
> >>> issue is addressed in the ReadMe for IE-SPYAD:
> >>>
> >>> https://netfiles.uiuc.edu/ehowes/www/res/ie-spyad.txt
> >>>
> >>> See the section titled: "Why does HijackThis! freeze after I install
> >>> IE-SPYAD?"
> >>>
> >>> <quote>
> >>> Why does HijackThis! freeze after I install IE-SPYAD?
> >>> -----------------------------------------------------
> >>>
> >>> If you run Merijn's HijackThis! (HJT) after installing IE-SPYAD, you may
> >>> notice that HJT appears to
> >>> "freeze" or "hang" while scanning your system. In actuality, HJT has not
> >>> conked out, nor is there a
> >>> problem with IE-SPYAD. What's happening is this:
> >>>
> >>> HJT processes and scans the Registry for all Internet Explorer Security
> >>> Zone
> >>> entries. Internet
> >>> Explorer stores entries for all security zones in the same "Domains"
> >>> Registry key, and HJT scans
> >>> this very same key when inspecting your system. Since IE-SPYAD adds over
> >>> 8000 entires for the
> >>> Restricted sites zone, HJT has a lot of entries to sort through, and
> >>> that
> >>> simply takes time. HJT
> >>> isn't actually frozen; it's only momentarily bogged down while
> >>> processing
> >>> all those zone entries.
> >>>
> >>> If you wait a bit, HJT will eventually present you with the buttons that
> >>> you expect. Depending on
> >>> the speed of your processor and the amount of memory your computer has,
> >>> this could take a few
> >>> seconds to a minute.
> >>>
> >>> If the wait proves to be too long, then uninstall IE-SPYAD before you
> >>> run
> >>> HJT, and reinstall it
> >>> after HJT finishes.
> >>> --------------------------------------------------
> >>> </quote>
> >>>
> >>> "Rednelle" <rednelle31@btinternet.com> wrote in message
> >>> news:D bjchg$asu$1@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
> >>>> Glen,
> >>>>
> >>>> Downloaded the latest IE-SPYAD, unzipped, installed (successfully) and
> >>>> then
> >>>> ran HJT again - it froze at O-15 again.
> >>>> Perhaps there is currently a limit on the number of lines in a HJT
> >>>> logfile?
> >>>> Moral; uninstall IE-SPYAD before you use HijackThis - for the time
> >>>> being.
> >>>>
> >>>> Rednelle
> >>>>
> >>>> "glee" <glee29@spamindspring.com> wrote in message
> >>>> news:uvWBDEHjFHA.3300@TK2MSFTNGP15.phx.gbl...
> >>>>> "Rednelle" <rednelle31@btinternet.com> wrote in message
> >>>>> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> >>>>>> snip
> >>>>>> If, after reloading IE-SPYAD, I find the HJT freezes again in Section
> >>>> O-15
> >>>>>> I will let you and the community know.
> >>>>>
> >>>>> OK, that is info that needs to be passed onto the fellow who makes
> >>>> IE_SPYAD. I will
> >>>>> try to get the info to his attention, and see if there are any other
> >>>> reports of the
> >>>>> problem. Thanks.
> >>>>> --
> >>>>> Glen Ventura, MS MVP Shell/User, A+
> >>>>> http://dts-l.org/goodpost.htm
>
Anonymous
July 20, 2005 1:41:19 AM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Thanks guys,

AL1 I'll not register with AumHa Forums this time round.

The end.

Rednelle


"glee" <glee29@spamindspring.com> wrote in message
news:#fnCyuJjFHA.3300@TK2MSFTNGP10.phx.gbl...
> "Rednelle" <rednelle31@btinternet.com> wrote in message
> news:D bisce$e11$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> > I'll register with AumHa Forums and send you the latest log.
> > OldTimer on BleepingComputer read the first HJT log and gave advice -
which
> > worked well.
>
> If you are already receiving replies at Bleeping, I don't suggest starting
a thread
> elsewhere until you have concluded there, lest you confuse the issue with
multiple
> advice counteracting each other. Too many cooks......
> --
> Glen Ventura, MS MVP Shell/User, A+
> http://dts-l.org/goodpost.htm
>
>
Anonymous
July 20, 2005 8:11:34 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

Robear, many thanks.

Rednelle

"PA Bear" <PABearMVP@gmail.com> wrote in message
news:#pix8wIjFHA.3960@TK2MSFTNGP12.phx.gbl...
> It's Robear, please. <w>
>
> It's not unusual to run HijackThis or any of the other anti-malware tools
in
> Safe Mode if they freeze when scanning in normal (Windows) mode.
>
> IIRC the HijackThis entries in question pointed to sites in Trust Sites
> zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
> responsible, no. Some hijackers are well-known for putting
> undesirable/unwanted domains in Trusted Sites zone.
>
> I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
> hijackware. I use it in combination with SpywareBlaster and MVP Mike
> Burgess' custom hosts file.
>
> Like all such tools, keep IE-SpyAd up-to-date:
> https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPY...
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE) & Security
Anonymous
July 20, 2005 9:28:38 PM

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

YW.

Rednelle wrote:
> Robear, many thanks.
>
> Rednelle
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:#pix8wIjFHA.3960@TK2MSFTNGP12.phx.gbl...
> > It's Robear, please. <w>
> >
> > It's not unusual to run HijackThis or any of the other anti-malware
> > tools in Safe Mode if they freeze when scanning in normal (Windows)
> > mode.
> >
> > IIRC the HijackThis entries in question pointed to sites in Trust Sites
> > zone, not Restricted Sites, and so MVP Eric Howe's IE-SpyAd would not be
> > responsible, no. Some hijackers are well-known for putting
> > undesirable/unwanted domains in Trusted Sites zone.
> >
> > I agree with Jim Eshelman that IE-SpyAd is a useful tool to avoid
> > hijackware. I use it in combination with SpywareBlaster and MVP Mike
> > Burgess' custom hosts file.
> >
> > Like all such tools, keep IE-SpyAd up-to-date:
> > https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPY...
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE) & Security
!