Unsolicited Programs

My wife's computer has become riddles with heinous spyware and memory-robbing programs (clock-sync, gator, etc.). I've tried running Ad Aware, but it crashes before it can complete a scan. However, before it crashes, it's indicating copious instances of spyware/adware which are causing incessant pop-up bombs. She insists that she's not knowingly installing anything, but can an executable program install onto one's system without autorization? Next plan is to re-format and re-install Windows.

 

hardboiledcat Hi

You might first make sure its adaware version 6 build 162 updated
start the pc in safe mode then scan and yes things can be downloaded from the web without promting to install , but most-likely the adware or spyware trojan malware came with some free (ha ha ) software .
do the same with SPYBOT run from safe mode (update first)
Or both programs can start up with windows IF we choose that option,
beware disableing some of these things disables that freeware
good ridence I say( you know this sorry).so if you insist one using it you may have to reinstall it afterwards then scan with adarware
exlude them same with spybot

BUT first check in addremove programs and uninstall anything suspious(gator) etc etc...
always run spybot first let it fix everything ( I cant-dont let it fix user tracks)
==============================================
SpyBot downloads by PepiMK Software: http://security.kolla.de/index.php?lang=en&page=download
More of an explanation:
Spybot Help - hosted by TomCoyote: http://www.tomcoyote.org/SPYBOT/

You might need to uninstall Adaware , reinstall .I would assume some baddies would target it just as some would an virus would an av program ( trying to disable it)
do an online av scan ? heres one
Trend Micro - Free online virus Scan - Scan Now: http://housecall.trendmicro.com/housecall/start_corp.asp

Good luck
Lonny

 

Try running AdAware or Spybot SD (either one, but I would run Spybot first) with all other programs and explorer windows closed and backgrond tasks ended. OR, run either program from SAFE MODE as Lonny suggests.
Safe Mode details here:
http://support.microsoft.com/support/kb/articles/q180/9/02.asp

On programs installing themselves without asking, check your Internet Options Security settings.
See
http://www.windows-help.net/features/surf-safe.html
How to surf the Internet more safely with Internet Explorer

More here:
http://www.microsoft.com/technet/prodtechnol/ie/reskit/ie6/part2/c04ie6rk.asp

Also make sure Enable Install on Demand is NOT checked, in the Internet Options, Advanced settings.

 

Thanks Alice, nice work great, I see how far behind I am sometimes
"Also make sure Enable Install on Demand is NOT checked, "
I thought the one to be most concerned about was
make sure in to uncheck [ ] install on demand (other) is uncheck. But I see some systems dont have that to configure, namely XP

hardboiledcat uncheck both install on demands, tools internet options advanced, in the browsing section.. and let us know what goes on.

Lonny

 

Thanks Lonny and Alice. Your input is much appreciated. I didn't even think about running those programs in Safe Mode. I'll follow your advice on all counts and report back ASAP.

Cheers!

 

Time To Reformat

Okay, I ran SpyBot and AdAware both in safe mode. Worked great BUT I have a parasite that will not let go. The culprit is nCase. Here are all the sordid details:

http://www.doxdesk.com/parasite/nCase.html

I tried their uninstall instructions, but it keeps coming back!

Beware this evil spyware!

 

Hi hardboiledcat

Sorry to hear that , did you also uninstall anything that might have brought in this ncase thing to ?
sometimes when we run them they reinstall the bad ware In particular any file sharing programs.


Both Spybot and Adaware have an option to run at startup maybe that would help to ? try it
well WAIT , I suggest posting logs at the SpyBot forum this May-be a new variant and they would want to know and have exactly the right fix for it..

Open SpyBot in advanced > settings files sets and ensure all are checked, they should already be..

Then let it once more scan (search for problems)

Net-Integration-Forums: http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi?s=3e6302296260ffff


After the scan and fix problems > hit tools and scroll to the bottom [view report] check all but [ ] do not report disabled or known etc etc well heck check that to
> export and put it say in the my documents folder

It may be that this report is to large for note pad if so open with word-pad (right click open with)
a simple copy paste ,, I think you can even post there without being a member singing in (free) anyway

after this and in the future---what ever you do not ever set [X]SpyBot to both run at startup and [X]close program if everything is OK
There used to be a little BIG bug,,I don't know if they fixed it as yet..
Usualy there is no need to have it run at startup it will should tell you if it needs to, say OK if it asks,,,
Just to make sure, you do know that it does not need to be running to protect you,,,
thats all on the immunize page http://www.tomcoyote.org/SPYBOT/
for a better explanation

You should also check this link out on what and how to set IE's security to : provided By Alice earlyer
How to surf the Internet more safely with Internet Explorer - Windows-Help.NET: http://www.windows-help.net/features/surf-safe.html

Good luck and please let us know what happens ?

Lonny
PS that wasnt "ASAP" -------five days

 

HardBoiled

Use this kill all the nCase it finds.

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Mike

 

Hi Lonny,

"make sure in to uncheck [ ] install on demand (other) is uncheck. But I see some systems dont have that to configure, namely XP "

Both are in XP as well in the advanced IE settings that Alice mentioned.

Regards - Charles

 

Hi

But ,,
" "For Internet Explorer 6 for Windows XP, no components are installed based on the Enable Install On Demand (Other) option. This option should not appear in the Advanced dialog box in Windows XP. " "

Not untill Xp 's Internet explorer is upgraded to sp1 or one of the a 's
http://support.microsoft.com/default.aspx?scid=kb;en-us;222639

Atleast thats the way I interpreted the article ???
Regards
Lonny

 

Hi Lonny,

I quess your right. I never noticed it not being there.

Wonder if someone is still running IE 6.0 sans SP1 and could confirm that.

However, I suspect most users are running it with SP1 and therefore have it.

Regards - Charles

 

HB Cat

Tell me you did not format, but used HiJackThis to finish this cleanup!

Mike