January 11th, 2003, 03:02 PM
spyware? cannot delete files, registry, iGetNet,com
in my windows/system folder i have Winstart001.exe trying to connect to the internet via my firewall, i have blocked it which is not a problem really. however i recently installed a reg monitor proggy which is regularly brought into action by Winstart001.exe which is creating or modifying its registry entry (or creating new ones, i dunno, this is the n00bs section right? hehe). usually when i open a new web page.
i tried to find some info about this but i was unsucessful but my m8 dug this up from another forum
"Last night, I got a phonecall from a friend that wanted me to have a look at his PC. Thinking it was going to be an easy job, was an understatement! Internet Explorer would run but not access websites at all. I spent a total of 4hrs trying to get it up and running and failed!
It seems there is a new serious spyware component that can download itself and install, without your knowledge. The last advertising company that I can remember using this technique was RealNames, last year - no longer in operation. Now, there is one originating from the link below.
http://do-not-clickwww.ignkeywords.com url]<<<------ DO NOT CLICK ON THIS ADDRESS!!!!! (I have disabled this link for security reasons!!) - Currently, there is no known cure for this parasite. Ad-aware, Pest Patrol or any other spyware checker will not alert you or disable it. If you can 'BLOCK' this domain, then do so NOW! The uninstaller this company has on their website does not remove the spyware, browser functionality is still affected after using their removal tool.
The parasite will add 3 files to your system, and enter Registry entries. The main culprits come in the form of bho.dll and winstart.exe. The winstart.exe will execute upon restarting under msconfig. Deleting these files, does not get rid of this problem. Even un-installing your browser and re-installing will not cure this infection.
Many reports worldwide, concerning this spyware are growing. Some people have even gone to reformatting their systems. Their have been reports that it affects the search page of Internet Explorer and MSN Messenger.
Some ways of prevention are:
Do not trust a 'Certificate from IGN' as trusted - should you ever receive a dialogue of this description.
Be very careful of ActiveX Control downloads.
Do not click Yes to any popups asking for permission to download.
Make sure your Security settings are set to at least Medium or Higher.
Remember this is not a virus, so your Antivirus program will not detect it, nor will it show as an attack on a firewall program - this parasite comes directly through your browser, and render it useless!
P.S. - It looks like I will need to reformat my friends drive"
which doesn't exactly fill me with joy, especially as i have this file (winstart.exe) in my win/system folder also.
it is possibly to see that the bho.dll file mentioned in the quote is connected to iGetNet.com, now i dont know anything about this site and don't exactly want to go to their page whether it exists or not. but i checked other files in the system folder and found these others connected to iGetNet.com :
i can't delete any of these files - the .exe's just re-appear as soon as i access another web page, and the .dll's 'cannot be deleted, being used by another prog etc....'
bleugh well i'm at a lost end here so sould i be worried about these files? what can i do? how can i delete these files?
any help is muchos appreciated, thanks in advance
January 11th, 2003, 03:48 PM
Found a few entries on Google regarding Winstart.exe
Just few to start looking for info.. One gave the url fotr the removal of the Parasite..
Could you please advise of the OS that is concerned here yours and your friends, this may help us help you..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
January 11th, 2003, 04:45 PM
cheers for the links, i'm gonna check em out now.
i'm using Win XP, i don't know about the other guy - that was info found in another forum that i know nothing about.
January 11th, 2003, 10:00 PM
thanks a lot m8, links worked a treat *big grin here*