Are they spying on me?

Printable View

July 28th, 2002, 11:58 AM
Petervz

Are they spying on me?

Hello my comp is lately very very slow, and there are automaticly starting a browser and 2 notepaths.

When i look into the properties of the browser, it says:

res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm#http://www.tampabaymart.com/vb/chann...ktopSearch.asp

What is this and how do i get my comp back to normal.

Tnx for all support.
July 28th, 2002, 01:17 PM
yan1

try using ad-aware it will show you and you can delete all the spy-ware installed in your computer .

its available at: http://www.lavasoftusa.com/
July 28th, 2002, 01:41 PM
Petervz

Tnx i ave dowloaded it an t's checking now.

In the notepaths that are openin when starting up are these senteces:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

mmm didn't help a thing. I removed all what was suspecious. But it is still he same.
July 28th, 2002, 02:43 PM
Petervz

MMM i think i found something:

I found a desktop.ini file in my programfiles.
When i deleted it, it multiplied like a cockroache. Now i have like 75 of them.....

Please please help me with this......
July 28th, 2002, 02:49 PM
neel

Desktop.ini is a feature of microsoft as fas as I know It enhances the layout of the directory. You should check your registery to. Local_machine/software/microsoft/windows/run runservices etc. for things you don't need to be started. Be carefull tho you don't delete important things, you can't just delete all. Also check current_user/software/microsoft/windows/run.
Hope that helps...
July 28th, 2002, 03:02 PM
chipmicroic

do not wory about desktop.ini or yu will worse the condition ,but run yur antivirus .
REMEMBER :- to run ADAWARE SW after accessing internet .
it serches for that cookies ,which ar making yur clicks ,even pasword public or to another
AVOID using KAAZA ,it sends yur password to a serevre
THANK YU

IF THE RED LIGHT OF HARD DISK IS GOING ON THEN YU HAVE A VIRUS OR A TORJAN
SOMETIMES SOME APPLICATION START LOGGING YUR INTERNET CONNECTION .
CHECK NEWLY INSTALL APPLICATION .
REMMEMBER HAVE A GOOD ANTI VIRUS & ALSO UPDATED
REMOVE FILE FROM start-up folder ,they slow down the computer
& also run scandisk & defrgment yur HD
July 28th, 2002, 03:30 PM
Petervz

I dont care about 1 desktop.ini, but now i have about 75.....how come?

I have Norton antivirus running with liveupdate.
July 28th, 2002, 05:17 PM
alittlebitnumb

What makes me suspicous is this entry:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell
32.dll,-21787 <--is this a server listening on a high port number?

Is this a trojan server? Get The Cleaner to see if it is... here is a link: www.moosoft.com
July 28th, 2002, 07:11 PM
Petervz

tnx for that prog, it found 10 of them.....

I also got this message

FILE: C:\hiberfil.sys

PROBLEM: I could not scan this file. Error Code 5: "Toegang geweigerd."(acces dienied)

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

FILE: C:\pagefile.sys

PROBLEM: I could not scan this file. Error Code 5: "Toegang geweigerd."(acces dienied)

SOLUTION: A common reason for this error is that Windows has locked the file for
SOLUTION: exclusive access. A swap file is a common example. Also, an antivirus
SOLUTION: program might be denying access to the file. In that case, you can
SOLUTION: temporarily disable the anti-virus to clean the trojan.

Are those files ok or not?
July 28th, 2002, 07:13 PM
avdven

Pagefile.sys is your Windows Pagefile (known as swap file in Win9x). Don't worry about that. The hiberfil.sys, I'm not really sure about, but is probably a hibernation file where all of your memory is stored when you computer goes into hibernation mode. You should be fine not being able to scan those two files.

AJ

Edit: Also, because of the Trojans you had, you may want to think about installing a software firewall which will let you filter out-going traffic so that you can ensure that you won't have any Trojan's accessing the 'net without your permission any more.
July 29th, 2002, 06:06 PM
punchthebaby

Okay, i think i see the problem.. First, as others have said, don't worry about Desktop.ini files.. they are put into individual directories so the computer remembers your visual settings (backgrounds and icon placement) in each folder.

Hiberfil.sys is also of no concern. This is, as stated, used to store information during hibernation.

Pagefil.sys is just as harmless, and crucial to your operating.

However, you should definately scan yr computer carefully for programs running on high port numbers (21787 ?) (I assume you're got winMe or higher, so just press Ctrl-Alt-Del to see a list of processes)... look for something you know shouldn't be there... unless that line in your INI file is just a standard system thing, in which case you're jst paranoid and should stop it.

And chipmicroic has no idea at all what he's talking about. dont listen to fire and brimstone when it comes to your computer, ESPECIALLY WHEN IT COMES IN ALL CAPS.
July 29th, 2002, 06:08 PM
xmaddness

Hey punch the baby, you need to change your signiture... It's screwing up the pages...
July 30th, 2002, 06:31 AM
|The|Specialist

P.S. If you have a existing firewall I'd suggest checking its properties and make sure that it is set on its highest security setting this will get rid of "some" of the unwanted things that you may encounter.
August 1st, 2002, 09:20 AM
briareus

-> Thank AVDVEN and PUNCHTHEBABY for their advice... but don't forget that if/when you get that firewall to filter outgoing traffic, read the alerts and descriminate between what really needs to get out and what doesn't. I see alot of firewalls configured that everything is enabled to get out. This is an exercise in futility, and amounts to security masturbation. ALSO, take a hard look at what you tend to surf for... do you swap files? do you use Kazaa and programs like that? Spot your potential security holes. Search the forum or online for known trojan ports. 21787 is not on my recently-updated trojportlist, but that doesn't mean a new malware isn't out there....

-> Look here: START -> SETTINGS -> NETWORK CONNECTIONS -> PROPERTIES, and make sure that unless you are using them, CLIENT for MICROSOFT, and FILE/PRINTER SHARING are disabled, leaving only TCP over IP protocol checked. (this is not to undo your present situation but rather to point to a better overall protocol. don't be afraid to search the forum or the net for WinME security config advice after you clear up your problems, there's no point in repeating them.)
August 16th, 2002, 02:05 PM
chipmicroic

You have spying eyes over , While accessing internet
your IP address is written , which site you have gone,on what time,
when you have login , when you are logout
All record & maintain , can be haned over to Govt.,when they needed

Even you go to any website your mouse clicks are recorded ,your mailing email address
are sell out to other website of relating product