Spam on the box
Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Spam on the box

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    9

    Spam on the box

    Hi All,

    Greetings, i m having MS Antispyware, zonealarm and a couple of other safety stuff on my xp box, but as always i did visit some technical "might not waana visit" sites , and i ended up having some unwanted stuff on my box, some dialougues pop up every now and then,
    some IE pages open up pointing to unwanted sites.

    MS Antispyware is not able to detect nor is anti virus , but u know they are irritating.

    Request any pointers or help to remove such unwanted stuff.

    Regards

  2. #2
    Top Gun Maverick811's Avatar
    Join Date
    Oct 2001
    Posts
    852
    Have you tried scanning with any other spyware apps such as AdAware or Spybot? Sometimes certain adware/spyware won't be picked up by one scanner but will by another. Further, are your AV engine/DAT's and your antispyware apps fully updated?

    Were you using Internet Explorer as your web browser?
    - Maverick

  3. #3
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    Another thing you might want to download is the Google Toolbar, as I find it makes searching easier and has a built in pop-up blocker.
    Git R Dun - Ty
    A tribe is wanted

  4. #4
    Junior Member
    Join Date
    Oct 2004
    Posts
    9

    Lightbulb

    hi all,

    thank you all for your time, i will try with spybot once again, but i was looking for a little indepth stuff like ...
    a) is their a way to explicity determin any registry settings they make so that explicitly they can be delted.
    b) any specific ports to be blocke etc.

    although this is really not my domain but a little knowlege to tweak wont harm


    Thank you all once again.

  5. #5
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    a) is their a way to explicity determin any registry settings they make so that explicitly they can be delted.
    Well ... Spy and malware usually installs without you knowing it , so finding out which registry settings they perform can be difficult.

    As a solution you can use some third party apps. to monitor your registry on the fly ... it will tell you when a registry setting gets altered or when a new registry setting is needed when installing a program or app. (so if you are not installing an app or program then it will tell you when there is a change in the registry requested by something).

    There is also a script available on THIS SITE as a free alternative... There might be more free registry monitors available but you will have to google for them.

    b) any specific ports to be blocke etc.
    I'm not sure if Spyware uses any other port then port 80 (or your proxy port when you use one), but trojans and other nasty vermin use many different ports. a list can be found HERE ... But if you have a good anti-virus and a good firewall I don't think you need to worry , as any change to your ports normally gets reported by your firewall.

    Hope this helps to clarify things... Anyone feel free to add comments or more recommendations.

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  6. #6
    Junior Member
    Join Date
    Oct 2005
    Posts
    15
    a) is their a way to explicity determin any registry settings they make so that explicitly they can be delted
    In order to keep track of Registry changes by trojans/worms etc. and clean them you may use

    1. The Cleaner ( http://www.moosoft.com/products/cleaner/ )
    2. A-Squared ( http://www.emsisoft.com/en/software/free/ )
    For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled.

    Lets make Poverty a History
    http://www.makepovertyhistory.org/

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    If you want real time protection against any changes, check out these two programs:

    Process Guard

    and Winpatrol

    Also you should, seeing as how you are using IE (Get FireFox ) check out the HOSTS blocking file here:HOSTS FILE
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    I was forgetting about the free Regmon from Sysinternals to be found here.
    It does live monitoring of your registry, so you could keep an eye on what gets changed.

    C.
    Back when I was a boy, we carved our own IC's out of wood.

  9. #9
    Junior Member
    Join Date
    Oct 2004
    Posts
    9
    Wow,

    Thx buddies.. what i found was the following entries in the host files, hence not getting detected by probably any antispam softwares.

    I m trying to access the admin id and replace the file. I have not been able to succedd though

    127.0.0.1 www.igetnet.com
    127.0.0.1 code.ignphrases.com
    127.0.0.1 clear-search.com
    127.0.0.1 r1.clrsch.com
    127.0.0.1 sds.clrsch.com
    127.0.0.1 status.clrsch.com
    127.0.0.1 www.clrsch.com
    127.0.0.1 clr-sch.com
    127.0.0.1 sds-qckads.com
    127.0.0.1 status.qckads.com
    127.0.0.1 www.qoolaid.com
    127.0.0.1 www.qoologic.com
    127.0.0.1 www.CLKPrecision.com
    127.0.0.1 www.urllogic.com
    127.0.0.1 www.clkoptimizer.com
    127.0.0.1 www.isearch.com
    127.0.0.1 isearch.com
    127.0.0.1 www.idownload.com
    127.0.0.1 idownload.com
    127.0.0.1 www.mytotalsearch.com
    127.0.0.1 mytotalsearch.com
    127.0.0.1 www.lop.com
    127.0.0.1 lop.com
    127.0.0.1 www.websearch.com
    127.0.0.1 websearch.com
    127.0.0.1 www.page-not-found.net
    127.0.0.1 page-not-found.net
    127.0.0.1 www.isearchhere.com
    127.0.0.1 isearchhere.com
    127.0.0.1 xads.offeroptimizer.comm
    127.0.0.1 search.offeroptimizer.com
    127.0.0.1 ximages.offeroptimizer.com
    127.0.0.1 xlime.offeroptimizer.com
    127.0.0.1 xadsj-o.offeroptimizer.com
    127.0.0.1 xadsj.offeroptimizer.com
    127.0.0.1 www.offeroptimizer.com
    127.0.0.1 as.adwave.com
    127.0.0.1 sr.adwave.com
    127.0.0.1 www.adwave.com
    127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
    127.0.0.1 www.pacimedia.com
    127.0.0.1 www.pacimedia.com
    127.0.0.1 www.pacimedia.com

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    STOP!

    That looks OK to me, those are redirects to 127.0.0.1 which is your PC...............they won't go anywhere
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •