recently my com got some spyware....the website it pop up is a porn web. it only appear once a day.and it happened anytime in a day.


the website for the porn is http://204.177.92.193.....
the title of the web is xxx....

can anyone tell me wat is this. is the web a virus or a spyware? pls help mi solve the problem..thx..and i am using ad-aware6 n spysweeper.


is the virus/spyware call teenxxx(tinybar) ?

Is ad-aware updated?

If you dont have a anti virus running, I suggest you get one now.

http://www.grisoft.com/us/us_index.phpAvg Antivirus (http://www.grisoft.com/us/us_index.php) <-- Free anti virus

And if you dont have a firewall running, you should get one also.

Sygate Personal Firewall (http://download.com.com/3000-2092-10049526.html?part=82835%20&subj=dlpage&tag=button)

Zone Alarm (http://www.zonelabs.com/store/content/home.jsp)

Both are free.

Good luck

Check your Host file...(Do a search in Windows (assuming that's what you're running), and open the file with Notepad. If there are any IP Addresses listed at the bottom of the text other that the loopback, delete them (unless you added them yourself). This is a common solution that AdAware and similar proggies miss. Hope this helps.......

The name of the file is Hosts, I made a typo up top....so sorry

where is the hosts files?? Wazz?? wat do i do after finding the file?? i cant find the file..

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=251911#post694894) by Wazz
Check your Host file...(Do a search in Windows (assuming that's what you're running), and open the file with Notepad. If there are any IP Addresses listed at the bottom of the text other that the loopback, delete them (unless you added them yourself). This is a common solution that AdAware and similar proggies miss. Hope this helps.......

Hrm...... I'm going to have to question this... Deleting entries in your hosts file is an adware solution? This is the first time I've heard of that. There are virii/spyware/adware out there that modify this file, however they actually edit the registry entry on where the file is stored and create a new file located elsewhere on the drive that is now referenced as the hosts file. You would have to find the new location in your registry and edit the hosts file in that location not the default file, also this is for a very small number of pieces of malware, in these cases you will find your nameservers have been changed and common pages -- google being a big on are being redirected. The hosts file is actually a very useful file and I would never tell someone to just go delete all the entires other than the loopback. This file stores local, for lack of a better term, dns entries. It allows you to add references for your LAN so you can refer to them by name rather than by address (yes you can use computer name, but this allows for other names, more logical ones), also it allows you to save yourself some bandwidth. For a home computer this might not be a thing, however if you have 5000 computers and they're all hitting your DNS server because the users use the name instead of the IP, you could easily push out a hosts file to all the systems with the set-up for some of the more commonly used ones. It is also a way to restrict the websites that a user visits. You can, in a cheesy way, block access to certain domains. You can also use it as a defence against pop-ups and built in ads, Spybot does a great job of updating this file to stop ads and pop-ups. However saying just aimlessly go in and delete all but your loopback entry is just bad advice.

Samueltoon:

As for your problem I'd suggest you check out www.safer-networking.org - Spybot S&D tends to usually be a bit ahead of AdAware and find a few more problems.

Try Spybot Search & Destroy. It cleans them out, protects IE & Hosts files & "immunizes" the registry.

Just found an XXX site that removes the security from IE and adds itself into the 'restricted sites'.

huh dcongram??Just found an XXX site that removes the security from IE and adds itself into the 'restricted sites'.??
how to i do?

i think i the spyware is teenxxx(tinybar).
but spy sweeper does not seem to be able to clear the adware out..
i scaned the fist timeand i deleted the teenxxx(tinybar) away.
but the second time i try again after restarting my computer.. the teenxxx(tinybar) was found again..
can anybody tell me how to remove teenxxx(tinybar) ?
thx

You are correct HTRegz, that is why I asked him if he made any entries to the Hosts file himself. To clear up my post a bit.....What I'm talking about is actually a "false" redirect that is caused by "malicious" entries in the Hosts file. I have however come across redirects that I would consider adware....I hope this clears this up a bit.

Just a question of clarification PLease..

The "Pop-Up" we are discussing here is a web page.. not a message box type popup? ie are we discussing a popup that could be activated on certain webpages that samueltoon is visiting.. in this case all the spyware removal in the world won't stop it.. a popup/under blocker a step towards a solution.. If it is just a message display (ie Net Send Messenger - popup) and Assuming that it is Win 2k or XP then disabling the Messenger Service is a good move..

samueltoon: when posting messages for help.. the telling what your operating system is helps us to help you..
And can I repeat (I think I am the third one) Get Spybot S&D (HTRegz gave a link) download the updates as well.. and give it a run around your system.. ..
I was going to as for a screen shot of one of these popups.. later perhaps.. not in pervert mode just yet..

Cheers

my com is window xp..
256ram...
1.8ghz..
40gb
what else u want to know?
i already have Spybot S&D but it does not find out the files 4mi..

One word: Update Spybot. (OK, two words).
Cheers,
cgkanchi

how to update?

Start spybot and click the check for updates button. Then click the download updates button after it tells you what updates exist.
Cheers,
cgkanchi

Ok now I will ask.. can you get a screen shot of one of these pop-ups..please .. oh as a JPG and pop it in with your next reply..
You know If road rules were like virii and parasite software, we would have to re-apply for our licences every 2nd day..

Cheers

samueltoon -
SpyBot S&D should remove the TinyBar spyware with no problem. When I scan, I've noticed "TinyBar" in the Status Bar, as SpyBot checks against its database. Are you running verison 1.2? Do you have SpyBot set to run all available checks? There are also a couple of settings to block all known bad products and block bad browser downloads - in other words, block known bad web sites. You should check your setting options as well, to ensure you are getting the most out of the program. But, as noted earlier, you really need to make sure you update the reference files. You CAN have the program do this automatically - under Settings.

Good luck. V.

by the way
what is a hosts file...?
i accidentally delete my hosts file..
without the hosts file will it affect my computer?

A host file is a file that computers use to find domain names. For example, the line
63.146.109.212 antionline.com
will tell your computer that 63.146.109.212 is antionline.com. That way, when you type antionline.com, it won't have to check a DNS server, it'll just go straight to the IP in the hosts file.
It *shouldn't* affect your computer in any way. The reason for this is that windows doesn't really (AFAIK) need a hosts file. However, just try typing "ping localhost" without the quotes in a DOS prompt or a run dialog. If it pings fine it should look something like this:

Pinging somename [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms


If not, it should looks something like this:

Pinging somename [127.0.0.1] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

If it fails, look for a file called hosts.bak in c:\windows\system32\drivers\etc and rename this file to hosts. If you can't find the file, follow these instructions:

Create a new file called hosts in C:\windows\system32\drivers\etc using notepad.
Type the line:
127.0.0.1 localhost
in it and save.
Reboot and you're fine.

Cheers,
cgkanchi