Find leftovers of Malware!

I personally believe that's it's impossible to not ever to be infected with something. So that's where ad-aware and McAfee come-in to help clean up the mess. But I personally find that many crumbs of the trojan/adware still stay. I just realized where all the **** has been hiding more than 3 years!

THE REGISTRY!!!

*Using regedit.exe to edit the registry can seriously mess up your windows installation! *

Well I clicked the edit menu --> search button and search with these keywords:

search
coolwwwsearch (nasty bugga)
****
dialer
Bar
toolbar
pics
hot
gator
huntbar
sex
(names of installations/uninstallations gone wrong)

You'd be amazed how many links are hidden deep within your registry!

 

I am stunned by the 'hits' in my search. What is the next step - can one just delete them from the registry ???

 

One can do anything one wants but one will also have to live with the consequences. If this, "You'd be amazed how many links are hidden deep within your registry! " comes as such a revelation, it would probably be best to stay out of your registry.

 

Rockster2u:

Wow !!! I'll just crawl back into my little corner.

 

My two cents.

In my experience, impulsive reactions and registry editing do not mix well. I'm sure Rockster2u meant no harm and intended only to save you a headache.

 

Aubrey: Not trying to banish you to some "little corner" and not trying to be critical or intimidating.

 

So what am I supposed to do. Not try anything new (above my intellectual level, I suppose) to protect my system from being infected by the creations of the 'super geeks' and hopefully clean out what they've done. My system is badly infected, despite liberal applications of Reg Clean, SpyBot, Spyware Blaster, Ad-aware, Avg, M/S Windows Memory Diagnostic and many, many others, and a great number of hours spent on forums such as this one plus several others, such as Amhaug, trying to get my problem resolved. I've tried everything, including what I rightly suspected, were just plain, wild guesses. And here comes another avenue to investigate, and I'm shot down like an idiot who should not be anywhere in the vicinity of a computer, keyboard or mouse - if you don't know, don't try to learn by asking stupid questions.

 

get defensive much? sheesh dude. Its a sound practice to encourage exploration and curiosity, but here be dragons. For every posting on this kind of thread, there will be 100 others that will find it on google. You need to take a step back and consider that the audience is bigger than you. You wack the wrong thing, and you'll be digging for your XP CD to reinstall.

The concept is interesting, but its not a good idea to encourage people searching and deleting without expert level knowladge in this system component. A person who's machine doesnt boot cannot be assisted with a web forum.

Using regedit.exe to edit the registry can seriously mess up your windows installation!
Ultimately this warning here is the point. Yes, the registry is a repository for most of the persistant configuration of the machine. HijackThis was created specifically to ferret out the appropriate nooks and crannys, because its buried all over the place. Adaware, AntiSpyware, etc.. All programs that were written with a specific knowladge of how these nasties work, and how to safely remove them, without breaking your machine.

If you are experiencing a problem with malware on your machine. Start a new thread with a hijackthis log, and lets see what you got.

 

Aubrey, I must commend you on your choice of software for defense against the gremlins. I use much the same. SpywareBlaster and AVG7 are my first line of defense. If anything gets past them I use Spybot S&D and AdAware to clean them up.

Now, if you are having symptoms that indicate something is amiss, given that you have taken all the right steps, I'd suggest that you post a HiJackThis log and let the experts here take a look at it. It may be an easy fix for them and your grief will be over.

 

Not Necessarily Malware Leftovers!

Hi all, was curious as to what I would find in my registry doing a search on Dave932932's list of naughty names. Well there was a ton of stuff in the following registry KEY:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

I deleted the "Domains" part of the key and guess what? Ran Spybots S & D immunize and most of the formerly blocked items were now not blocked. Same with Spywareblaster.

The entries in this key are the items that Spybot S & D and SpywareBlaster put in the registry for the "Immunize" feature and spywareblasters blocking registry entries. Went back to Spybot and and spywareblaster and re-immunized and re-blocked and all are back.

So, all is not necessarily what it seems in the registry.

 

John, That sounds like something I would Do. Except I wouldn't tell anyone.

 

An easy way to repopulate HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
(which is where the IE Tools|Internet Options|Security tab|Restricted Sites reside) is by using IESpyAds
https://netfiles.uiuc.edu/ehowes/www/resource.htm