This message pops up about every 15 seconds and asks me to log onto the internet.
A little help please.
A little help please.
You (or a program) are attempting to retrieve information from webnews.somoslosmuchachos.com.ar
- Thread starter Gaard
- Start date
Download some spyware removal tool (e.g. spybot search and destroy) and run it. Definately sounds like malware.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
What version is your Norton (2003, 2004, 2005?) The 2004 and 2005 both can detect certain amounts of spyware/adware if you've gone through and fully configured your options. So start with this:
1) get the latest Intelligent Updater and also run a Live Update so you have the latest defs and engine stuffs
2) make sure the Heuristics are maxed out (aka "Bloodhound") and that it's set to scan within compressed files, no exceptions
3) run a scan with Norton and does it find any threats? If so, what threats?
Also, are Ad-Aware and Spybot finding anything major? If so, what are they finding.
Besides that, please
1) download and run Hijack This and post the text from the logfile here
2) open a command-prompt box (Start > Run > cmd) and run this command: net user Administrator Gaard@AT to set your system's hidden Administrator account with the password Gaard@AT, so its powers are protected by a decent password.
3) for gosh sakes enable the Windows Firewall in Control Panel, or install ZoneAlarm or something
edit: and if you're on dial-up, all that ought to take you a while, so I'm going to the grocery store for a few minutes
1) get the latest Intelligent Updater and also run a Live Update so you have the latest defs and engine stuffs
2) make sure the Heuristics are maxed out (aka "Bloodhound") and that it's set to scan within compressed files, no exceptions
3) run a scan with Norton and does it find any threats? If so, what threats?
Also, are Ad-Aware and Spybot finding anything major? If so, what are they finding.
Besides that, please
1) download and run Hijack This and post the text from the logfile here
2) open a command-prompt box (Start > Run > cmd) and run this command: net user Administrator Gaard@AT to set your system's hidden Administrator account with the password Gaard@AT, so its powers are protected by a decent password.
3) for gosh sakes enable the Windows Firewall in Control Panel, or install ZoneAlarm or something
edit: and if you're on dial-up, all that ought to take you a while, so I'm going to the grocery store for a few minutes
Spybot finds a couple of things. Something like DSO EXPLOIT and I think the other thing was something like MEDIAPLEX or something like that.
I'm a little embarrassed to say my Norton's is 2002.
I'll go get that Hijack and report back.
I think I'll install ZoneAlarm, too.
I remember the days when you didn't have to worry about this crap.
I'm a little embarrassed to say my Norton's is 2002.
I'll go get that Hijack and report back.
I think I'll install ZoneAlarm, too.
I remember the days when you didn't have to worry about this crap.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
BTW check in Internet Explorer > Tools > Synchronize and click the Setup button and see if there's an entry in the scheduler, that might be where it's all coming from. But still a good idea to close whatever hole it came in through, etc.
- Oct 25, 1999
- 29,554
- 430
- 126
Past SpyBod an Adaware you should try this: Link to: Basic Steps in cleaning Internet "Junk".
You might find the culprit with a Proccess viewer, this page (in the middle) has a link to a progarm that let you see the runing proccesses and what run them.
Link to: Internet infestation -Or, how you are getting Internet "Junk" in and compromise your Computer/Network?
:sun:
You might find the culprit with a Proccess viewer, this page (in the middle) has a link to a progarm that let you see the runing proccesses and what run them.
Link to: Internet infestation -Or, how you are getting Internet "Junk" in and compromise your Computer/Network?
:sun:
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Are you sure you've got Service Pack 2 installed? Start > Run > winver to check. Your IE and Windows show out-of-date. Not that I'm suggesting installing SP2 until you've got the thing definitely 100% clean...
Ok anyway, my usual solution to system compromise is to Drop The Bomb On It with a complete nuking and reinstallation of Windows. Goes over like a lead balloon with most folks but it works 100% of the time and completes in just a few hours without too much hair loss. If you want to do that, just start here, get your resources lined up in advance and burned to CD, back up your data somewhere safe, and off you go
If you prefer to stand and fight against the malware, then here goes:
1) get your Administrator-class accounts secured with strong passwords, so that a Microsoft Baseline Security Analyzer scan shows they're not weak/blank. Non-expiring's ok here, but not weak/blank.
2) disable System Restore (how?) so the bugs cannot hide there and come back out later.
3) download LSPFix and WinSockFix from JackMDS's page here to use in case the following procedures break your Internet connectivity
4) Get your ZoneAlarm firewall going, or enable the Windows Firewall (called the Internet Connection Firewall in WinXP RTM or WinXP SP1, see Windows Help if you need help finding where to enable it)
5) Uninstall Norton 2002
6) Reboot into Safe Mode, clear your Internet Explorer cache, and delete the following files that HJT found, if still present:
After all that, reboot into normal mode, install your Norton trialware or whatever, thoroughly configure it, update it, and run an exhaustive scan to see how it came out. Also post another HJT logfile and see if it looks better now
Start > Run > winver to check. Your IE and Windows show out-of-date. Not that I'm suggesting installing SP2 until you've got the thing definitely 100% clean...Ok anyway, my usual solution to system compromise is to Drop The Bomb On It with a complete nuking and reinstallation of Windows. Goes over like a lead balloon with most folks
but it works 100% of the time and completes in just a few hours without too much hair loss. If you want to do that, just start here, get your resources lined up in advance and burned to CD, back up your data somewhere safe, and off you go If you prefer to stand and fight against the malware, then here goes:
1) get your Administrator-class accounts secured with strong passwords, so that a Microsoft Baseline Security Analyzer scan shows they're not weak/blank. Non-expiring's ok here, but not weak/blank.
2) disable System Restore (how?) so the bugs cannot hide there and come back out later.
3) download LSPFix and WinSockFix from JackMDS's page here to use in case the following procedures break your Internet connectivity
4) Get your ZoneAlarm firewall going, or enable the Windows Firewall (called the Internet Connection Firewall in WinXP RTM or WinXP SP1, see Windows Help if you need help finding where to enable it)
5) Uninstall Norton 2002
6) Reboot into Safe Mode, clear your Internet Explorer cache, and delete the following files that HJT found, if still present:
- C:\WINDOWS\System32\mssw32.exe
- C:\WINDOWS\System32\CMMON32.EXE
- O4 - HKLM\..\Run: [Start Upping] mediaplayer32.exe
- O4 - HKLM\..\Run: [start uploading] crsss.exe
- O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKLM\..\RunServices: [Start Upping] mediaplayer32.exe
- O4 - HKLM\..\RunServices: [start uploading] crsss.exe
- O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKCU\..\Run: [start uploading] crsss.exe
- O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKCU\..\RunServices: [start uploading] crsss.exe
- O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
- O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
- O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.co...ols/toolbar/lexico.cab
- O17 - HKLM\System\CCS\Services\Tcpip\..\{125ED11F-555A-4E83-BBC4-9AEDC52670DA}: NameServer = 216.65.160.3 216.65.160.4
- O17 - HKLM\System\CCS\Services\Tcpip\..\{125ED11F-555A-4E83-BBC4-9AEDC52670DA}: NameServer = 216.65.160.3 216.65.160.4
After all that, reboot into normal mode, install your Norton trialware or whatever, thoroughly configure it, update it, and run an exhaustive scan to see how it came out. Also post another HJT logfile and see if it looks better now
Originally posted by: mechBgon
Are you sure you've got Service Pack 2 installed?
Ok anyway, my usual solution to system compromise is to Drop The Bomb On It with a complete nuking and reinstallation of Windows. Goes over like a lead balloon with most folks
If you prefer to stand and fight against the malware, then here goes:
1) get your Administrator-class accounts secured with strong passwords, so that a Microsoft Baseline Security Analyzer scan shows they're not weak/blank. Non-expiring's ok here, but not weak/blank.
2) disable System Restore (how?) so the bugs cannot hide there and come back out later.
3) download LSPFix and WinSockFix from JackMDS's page here to use in case the following procedures break your Internet connectivity
4) Get your ZoneAlarm firewall going, or enable the Windows Firewall (called the Internet Connection Firewall in WinXP RTM or WinXP SP1, see Windows Help if you need help finding where to enable it)
5) Uninstall Norton 2002
6) Reboot into Safe Mode, clear your Internet Explorer cache, and delete the following files that HJT found, if still present:
and fix these items in HJT:
- C:\WINDOWS\System32\mssw32.exe
- C:\WINDOWS\System32\CMMON32.EXE
Now search your computer for files with the name HOSTS (it's in C:\WINDOWS\SYSTEM32\DRIVERS\ETC\ and has no extension, just a file called "HOSTS") and check that it has only one entry, for 127.0.0.1 LOCALHOST. If it doesn't, fix it so it does (use Notepad to open this file).
- O4 - HKLM\..\Run: [Start Upping] mediaplayer32.exe
- O4 - HKLM\..\Run: [start uploading] crsss.exe
- O4 - HKLM\..\Run: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKLM\..\RunServices: [Start Upping] mediaplayer32.exe
- O4 - HKLM\..\RunServices: [start uploading] crsss.exe
- O4 - HKLM\..\RunServices: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKCU\..\Run: [start uploading] crsss.exe
- O4 - HKCU\..\Run: [Microsoft Windows W32 Services] mssw32.exe
- O4 - HKCU\..\RunServices: [start uploading] crsss.exe
- O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
- O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
- O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.co...ols/toolbar/lexico.cab
- O17 - HKLM\System\CCS\Services\Tcpip\..\{125ED11F-555A-4E83-BBC4-9AEDC52670DA}: NameServer = 216.65.160.3 216.65.160.4
- O17 - HKLM\System\CCS\Services\Tcpip\..\{125ED11F-555A-4E83-BBC4-9AEDC52670DA}: NameServer = 216.65.160.3 216.65.160.4
After all that, reboot into normal mode, install your Norton trialware or whatever, thoroughly configure it, update it, and run an exhaustive scan to see how it came out. Also post another HJT logfile and see if it looks better now
Ok, I'll report back in a month.
Seriously, it'll take me a while. I'll do it, but it'll take me a while.
One thing before I start, what do you mean by 'fix'?
Thanks for the help mB.
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
To give an example, here's my HJT 1.99 window if I run a Scan only. I checkmarked some items in this picture (not really problem items, just for illustration) and then I would click the Fix button down below to remove those. I would be doing this in Safe Mode when fixing, and in regular Windows mode to check that the junk stayed gone.
Gaard here...back online with a lean mean fighting machine.
I ended up going with Plan A. (I reformatted and reinstalled XP)
Norton's is maxed out. As is XP. ZA is installed.
Clean as a whistle.
Thanks for the help.
I ended up going with Plan A. (I reformatted and reinstalled XP)
Norton's is maxed out. As is XP. ZA is installed.
Clean as a whistle.
Thanks for the help.
This has nothing to do with the topic, but if you are Indian, then your username is making me smirk.
The J
Senior member
- Aug 30, 2004
- 755
- 0
- 76
Find your HOSTS file again. Right-click on it and click Properties in the pop-up menu. There should be something that says "[ ] Read-Only" or something like that. Check the box next to it and click Apply, then OK. This should stop some things from getting into that file, which is a common way spyware is put on your system.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter