Address Bar Problem

Whiskeyman--Eric Howes' statement on this flips and flops a little
At one point in his ReadMe file
http://www.spywarewarrior.com/uiuc/res/ie-spyad.txt
he says
"SpywareBlaster and IE-SPYAD don't conflict, although they do overlap in some ways. Both IE-SPYAD and SpywareBlaster in a sense de-fang Internet Explorer, making it safer to use. IE-SPYAD targets problematic web sites and domains. SpywareBlaster targets specific ActiveX controls. SpywareBlaster doesn't make IE-SPYAD irrelevant; there are plenty of nasty sites covered in IE-SPYAD that SpywareBlaster doesn't address in any way. Nor does IE-SPYAD render SpywareBlaster unnecessary. Each has a role. In fact, I don't see any reason why you can't use both. "
But then later he says
"My advice is to choose ONE program to maintain your Restricted sites list. Using more than one simply leads
to overlap, confusion, and potential conflicts without necessarily increasing your level of protection.
Currently, IE-SPYAD adds over 15,000 items to the Restricted sites -- considerably more than Spybot or
SpywareBlaster, each of which adds only one or two thousand. "

In between those two statements, he gives details of possible conflicts such as that the IESpyAds uninstall.reg file will uninstall any of the SpywareBlaster entries in Restricted Sites that are common to IESpyAds' entries. That has never seemed a problem to me, since they are then reinstalled when you use the new install.reg file or the next time you use SWB.
And Howes makes it clear that IESpyAds has a much greater list of Restricted Sites than SWB, even though SWB is one of Howes' sources for the IESpyAds list.
But in any event, it is not a matter of choosing between SpywareWareBlaster and IESpyads. except perhaps the use of the two Restricted Sites lists.
You can use the rest of SpywareBlaster without the Restricted Sites option.
On SpywareBlaster's Restricted Sites tab, you can uncheck the box "Restrict the actions...." and also check the box "Remove protection for unchecked items ".

 

aiki456--SpySweeper and SpywareBlaster perform different functions. Nothing wrong with having both. In fact, SWB nicely complements SS.
SpySweeper is similar to AdAware or SpybotS&D.
SpywareBlaster is somewhat unique--disregarding the Restricted Sites list issue discussed above. SpywareBlaster can modify the Windows Registry to set the "kill bit" for certain ActiveX controls associated with known "spyware" programs and "homepage hijackers," preventing them from being installed via "drive-by-downloads" in Internet Explorer. This function is proactive, which means it occurs in the background before the ActiveX control can be installed.

 

Hi Frank,
Please boot to safe mode and run hijackthis again and check the following items and select fix.

O4 - Global Startup: REMIND32.lnk = C:\REMINDER\REMIND32.EXE
(nuisance)

O9 - Extra button: All - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe (file missing)

O9 - Extra 'Tools' menuitem: Close ALL IEx's - {26835CE1-D5EC-11d5-AF6E-00C06D0086BF} - C:\Program Files\closeIeX\closeIeX.exe (file missing)

O9 - Extra button: Others - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe (file missing)

O9 - Extra 'Tools' menuitem: Close OTHER IEx's - {6A0426D1-0FF2-49a0-ABC2-05B67826C727} - C:\Program Files\closeIeX\closeIeY.exe (file missing)

O9 - Extra button: (no name) - {B72455AE-D3DE-492a-8FE0-0EA053B85277} - (no file)

O15 - Trusted Zone: http://linktrader.cyberspacehq.com
SPYWARE?

O20 - Winlogon Notify: gdiwxp - C:\WINDOWS\SYSTEM32\
suspect: password stealing trojan

Then reboot in normal mode and turn system restore back on.

Suggest you keep norton antivirus turned off and use it manually about once a week on Thursdays after its definitions are updated.

Download and install the free AVG antivirus from Grisoft and use it as your main antivirus. Just let it do it's thing. Be sure to be online daily for an hour or so so it can update its definitions file which it does daily.

Also dowhload and install Spybot S&D and use it weekly. I run teatimer (part of spybot) in the background to protect the registry..

And also use ad-aware personal edition weekly the same way.
Download microsoft's antispyware also.

I use Sptwareblaster and spywareguard both without any problem.

Remember to keep a firewall active at ALL times.

 

aiki456--Could this be the problem? Seems to be dolomite's solution.
http://support.microsoft.com/kb/918165

 

Hi Frank,

More thoughts:

It would be helpful to know what sort of online connection you have.

Suggest you rerun the antivirus trial programs again as a double check, and also run rootkit revealer. Let us know what if anything they find now.

Suggest you download and install java from sun microsystems. It hopefully will overwrite what you presently have.

Also, some of the free programs such as spybot and spywareguard/blaster have an imunize option which you should turn on.

Clean those temporary folders on a weekly basis.

If all is well, then the best protection against another infection is to educate yourself about the problem. A good place to start is to read the 'stickies' at the top of this forum.

 

Ok, here's where I'm at... I reran HJT and deleted the files mentioned. I also deleted HP share to web and let windows update reinstall the security patches - things are working fine! Now I have to digest all the good information you guys gave me on the other programs I should be running and get moving on that. Quite a bit to digest!

I can't tell you guys how much I appreciate all the help you've given me on this. You really came through. Thanks so much.

Frank

 

aiki456--Thanks for posting back with the good news. That MS-06-015 908531 update is causing a lot of problems.

 

I installed a program to beta test at the final window of the install a window flashed up and it was so fast all I could see were the word "root kit ".

I downloaded and ran Root Kit Revealer. I know NOTHING about root kits, can someone please decipher this for me and tell me do I have a Root Kit installed on my computer and exactly what is a root kit? I was unable to save the log so used print screen and attached.

And if so, how do I get rid of it? Rook Kit Revealer has no option to remove found entries. The only ones I am concerned about are the 1st 3, I know what the others are.

 

I wish I could help you but I know nothing about root kits either. Since I entered the initial post on this thread, I don't know if anyone else is alerted when there is a new post. I wanted to let you know that; you might have better luck getting assistance if you begin a new post in this forum.

Good luck!

 

aiki456--Now that you have uninstalled all the problem programs, you may have heard that MS released a fix to the 908531 update
http://www.microsoft.com/technet/security/bulletin/MS06-015.mspx

 

LOL - no, I hadn't heard that. It figures. Thanks for the update!

 

whompuscat

Believe thumbnail posted shows rootkit present. Please start your own thread in spyware removal forum and include the thumbnail again there.