A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » Internet
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

IESEARCH



 
 
Thread Tools Display Modes
  #1  
Old June 13th 04, 11:59 PM
BigMig
external usenet poster
 
Posts: n/a
Default IESEARCH

An IESEARCH application has been downloaded (unwanted)
from a web site. Every 5 minutes or so it connects my pc
to the internet. I cannot delete this application
because "it is in use by window". How do I delete this
application
  #2  
Old June 14th 04, 02:12 AM
AlmostBob
external usenet poster
 
Posts: n/a
Default IESEARCH

install either or both of the first two links below, run, update from the in
program link and allow them to remove all the references to this and most
other unwanted garbage on your pc

--
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Panda online AntiVirus scan http://www.pandasoftware.com/ActiveScan/
Catalog of removal tools http://www.pandasoftware.com/download/utilities/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before use
Grateful thanks to the authors/webmasters

"BigMig" wrote in message
...
| An IESEARCH application has been downloaded (unwanted)
| from a web site. Every 5 minutes or so it connects my pc
| to the internet. I cannot delete this application
| because "it is in use by window". How do I delete this
| application


  #3  
Old June 16th 04, 02:19 PM
Sandi - Microsoft MVP
external usenet poster
 
Posts: n/a
Default IESEARCH

There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups,
anti-malware websites and dedicated mailing lists into such a wonderful
resource.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure you check for
updates and then run the programmes in safe mode.

You can go to the link below to check your system for parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous
versions are NO LONGER SUPPORTED and will not be updated...]

AdAware is available at www.lavasoft.de. Make sure you check for updates
every time you use it.

To be most effective, you must run AdAware while Windows is in safe mode.

Modern malware uses more than one process, and these processes are
'co-dependent'. In other words, when one processes detects that the other
has been shut down, it automatically restarts its sibling, often using a
different name.

Disable the ability of suspect processes to start automatically by using
MSCONFIG (startup tab) before booting into safe mode. Use the information
at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the boot menu options
appear. Select 'safe mode'. After you are in safe mode, check to make sure
the suspect processes did not start up. If they did start up, we are going
to have to track down *where* they are coming from before going any further.
An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down as many malware
processes as possible, start AdAware. AdAware, when run using default
settings, simply does not cope with new 'intelligent' malware. Make sure
'activate in depth scan' is enabled. Select 'use custom scanning options'
and then click on the 'customize' button. Turn on the following scan
options - scan within archives, active processes, registry (including deep
scan), IE favorites and hosts file. You must also turn on the following
option via the 'tweak' button:

Cleaning engine: 'automatically try to unregister objects prior to deletion'

IMPORTANT: Before letting AdAware delete malware, write down on a piece of
paper exactly where the malware is stored. You will need to delete those
directories after AdAware has done its work, but ONLY IF IT IS NOT A
STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the option 'select
drives/folders to scan'. Click on 'select'. Scan your entire hard drive.
Also do the following:

Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\name\Local Settings\Temp (the path to your temp folder will
change depending on your name) - sometimes programmes can be hidden in
there - watch out for mysterious *.exe files or *.dll files in those
folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual objects
there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no
style sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be difficult
and it is only a BANDAID. Nothing gets fixed. There is software that
depends on 'third party browser extensions" to work, including Acrobat,
Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your operating system,
create a new restore point. Your old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if you operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility).

If you are still having problems:

You can go to the link below to check your system for parasites and
hopefully identify your problem (supplied by Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a free programme
which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this programme,
please get the advice of those more experienced before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine your system and
*create a results log for experts to examine* is HijackThis, available from:
http://209.133.47.12/~merijn/files/HijackThis.exe (direct download)

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default...b;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/



BigMig wrote:
An IESEARCH application has been downloaded (unwanted)
from a web site. Every 5 minutes or so it connects my pc
to the internet. I cannot delete this application
because "it is in use by window". How do I delete this
application


  #4  
Old June 22nd 04, 11:08 PM
pjd190
external usenet poster
 
Posts: n/a
Default IESEARCH

I have done all that is suggested- run ad aware, hi-jack
this, spybot-- ALL UPDATED- they removed VX2,
Look2me,once. hijack this keeps finding auto.search,
etc. McAfee security center on, also their virus scan-
NONE of these programs finds any other spyware/malware,
except the search engines. Downloaded PestPatrol, which
also found VX2 and removed it. Pop-ups, and IE search
hijackings continued. 302 kb files in WINDOWS/SYSTEM-
cannot remove C*gwiz [* is changeable letter]- says in
use by Windows. Properties- Nic Tech Networks, 5/5/04. On
every restart, another 302 kb file in Windows System, but
I was able to remove those a coouple of times, but then
PC would freeze, had to control-alt-del to restart. Each
restart, Windows is 'reconfiguring your start up files'.
I was able to open the C*gwiz file- once- and it had much
gibberish, but many messages at end- which pop up
frequently, plus the Nic Tech Networks info, along with
VeriSign and Fawlte certificate information [sorry I
didn't copy all this down]. Then- no CD. Tried to check
system resources, and on each tab click, that op[tion
disappeared. Tried to restore registry in DOS- "this
program cannot run in DOS". Now I cannot start my PC in
safe mode, but when desktop appears, cannot use mouse,
and it repeatedly attempts to connect to the internet.
Started PC with a boot disk- tried to copy SYS C files
[command.com. IO.sys, MSDOS.sys] no go- "needed
parameters missing". I am now running a full scandisk
from boot disk.
Tried calling MS virus help line- after receiving sales
pitch to upgrade to XP, was cut off twice.
Presentluy running MS Windows98SE, IE 6.0.28000, 128 bit
security. Current on all updates.
-----Original Message-----
There are many people who have helped this FAQ improve

over time - MVPs and
newsgroup users. I thank all of you who have made the

newsgroups,
anti-malware websites and dedicated mailing lists into

such a wonderful
resource.

IMPORTANT: Before trying to remove spyware, download a

copy of LSPFIX from
the URL below - some malware can kill your internet

connection when it is
removed, and this software should get things going for

you again:
http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure

you check for
updates and then run the programmes in safe mode.

You can go to the link below to check your system for

parasites (supplied by
Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check

for malware entries
and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version

6.181. All previous
versions are NO LONGER SUPPORTED and will not be

updated...]

AdAware is available at www.lavasoft.de. Make sure you

check for updates
every time you use it.

To be most effective, you must run AdAware while Windows

is in safe mode.

Modern malware uses more than one process, and these

processes are
'co-dependent'. In other words, when one processes

detects that the other
has been shut down, it automatically restarts its

sibling, often using a
different name.

Disable the ability of suspect processes to start

automatically by using
MSCONFIG (startup tab) before booting into safe mode.

Use the information
at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the

boot menu options
appear. Select 'safe mode'. After you are in safe

mode, check to make sure
the suspect processes did not start up. If they did

start up, we are going
to have to track down *where* they are coming from

before going any further.
An experienced computer technician can use programme

such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down

as many malware
processes as possible, start AdAware. AdAware, when run

using default
settings, simply does not cope with new 'intelligent'

malware. Make sure
'activate in depth scan' is enabled. Select 'use custom

scanning options'
and then click on the 'customize' button. Turn on the

following scan
options - scan within archives, active processes,

registry (including deep
scan), IE favorites and hosts file. You must also turn

on the following
option via the 'tweak' button:

Cleaning engine: 'automatically try to unregister

objects prior to deletion'

IMPORTANT: Before letting AdAware delete malware, write

down on a piece of
paper exactly where the malware is stored. You will

need to delete those
directories after AdAware has done its work, but ONLY IF

IT IS NOT A
STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the

option 'select
drives/folders to scan'. Click on 'select'. Scan your

entire hard drive.
Also do the following:

Empty your IE cache and your other temporary file

folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents

and
Settings\name\Local Settings\Temp (the path to your

temp folder will
change depending on your name) - sometimes programmes

can be hidden in
there - watch out for mysterious *.exe files or *.dll

files in those
folders.

Go to IE Tools, Internet Options, Temporary Internet

Files {Settings
Button}, View Objects, Downloaded Programme Files. Check

for unusual objects
there.

Go to IE Tools, Internet Options, Accessibility. Make

sure there is no
style sheet chosen (under User Style Sheet - format

documents using my style
sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions

(Enable third-party
browser extensions (requires restart) at IE tools,

internet options,
advanced) to disable *all* plug-ins but troubleshooting

will be difficult
and it is only a BANDAID. Nothing gets fixed. There is

software that
depends on 'third party browser extensions" to work,

including Acrobat,
Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your

operating system,
create a new restore point. Your old ones may, of

course, be infected with
the malware and therefore cannot be used. Run disk

cleanup to remove old
restore points (if you operating system has this option

you will find it on
the 'more options' tab of the disk cleanup utility).

If you are still having problems:

You can go to the link below to check your system for

parasites and
hopefully identify your problem (supplied by

Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web

Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a

free programme
which can be downloaded from:

http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to

use this programme,
please get the advice of those more experienced

before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine

your system and
*create a results log for experts to examine* is

HijackThis, available from:
http://209.133.47.12/~merijn/files/HijackThis.exe

(direct download)

MS have released a limited KB article regarding what

they call 'deceptive
software'.
http://support.microsoft.com/default.aspx?scid=kb;EN-

US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/



BigMig wrote:
An IESEARCH application has been downloaded (unwanted)
from a web site. Every 5 minutes or so it connects my

pc
to the internet. I cannot delete this application
because "it is in use by window". How do I delete this
application


.

  #5  
Old July 3rd 04, 08:29 AM
Sandi - Microsoft MVP
external usenet poster
 
Posts: n/a
Default IESEARCH

PJD,

Check out the updated advice, and be very careful about *how* you use the
anti-spyware software.

There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups,
anti-malware websites and dedicated mailing lists into such a wonderful
resource.

Read the advice at my prevention link
(http://inetexplorer.mvps.org/data/prevention.htm) to reduce the chances of
your computer being infected.

IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from
the URL below - some malware can kill your internet connection when it is
removed, and this software should get things going for you again:
http://www.cexx.org/lspfix.htm

Also get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html

The software you should download and have ready to use is:

AdAware - www.lavasoft.de [..Warning: AdAware is now version 6.181. All
previous versions are NO LONGER SUPPORTED and will not be updated...]

Spybot Search and Destroy - http://spybot.eon.net.au

HijackThis - http://209.133.47.12/~merijn/files/HijackThis.exe

CWShredder - http://www.merijn.org/files/CWShredder.exe

HackerDefender Disabler - http://www.aumha.org/downloads/unhackdef.zip
Extract the BAT file to your desktop.

IMPORTANT: After obtaining the required software above, make sure you check
for updates and run the programmes in safe mode.

Malware removal (beginner's guide):

Go to Control Panel, Folder Options, View Tab. Turn on the option to show
hidden files. Turn off the option to hide protected system files.
***WARNING!! Files are hidden by Windows for a very good reason. It is not
wise to 'experiment' with these files. Unfortunately, to successfully
remove modern malware we must turn this protection off. There is a risk to
doing this. Please turn the protection back on when you have finished
cleaning your system.***

Run HackerDefener Disabler. A DOS window will flash onto your screen and
then disappear. This is normal.

First, go to Control Panel, add/remove programs. Check for malware entries
and use the uninstall programs, then reboot.

Go to start/run and type MSCONFIG. Go to the startup tab. Disable
everything that you do not recognise as legitimate (do not disable any power
profile options).

Now go to the Services tab. Turn on the option to 'hide all Microsoft
Services'. Disable everything that remains. If you don't have this option,
don't worry about it.

Reboot your computer and hold down the F8 key until the boot menu options
appear. Choose Safe Mode as your startup choice. You will find
information about what safe mode is, and what it does, at this link
[http://inetexplorer.mvps.org/data/safe_mode.htm]

Start CWSHREDDER. Update it, and fix anything it finds. Reboot back into
safe mode.

Start AdAware. Use the 'check for updates now' option. After you have
updated, click 'start'.

Note that when run using default settings, AdAware does not cope with new
'intelligent' malware. Make the following changes to the default settings.

Use the option 'select drives/folders to scan'. Set AdAware to scan your
entire hard drive.

Make sure 'activate in depth scan' is enabled.

Select 'use custom scanning options' and then click on the 'customize'
button. Turn on the following scan options - scan within archives, scan
active processes, scan registry, deep registry scan, scan [my] IE favorites
for banned URLs, and scan [my] hosts file.

Use the 'tweak' button. Turn on the following options:

Cleaning engine: 'automatically try to unregister objects prior to
deletion', 'let windows remove files in use at next reboot', 'delete
quarantined objects after restoring'.

Scanning engine: 'unload recognized processes during scan'.

After you have finished with AdAware run Spybot to pick up any leftovers.
Fix anything marked in red. Again, don't forget to check for updates.

Also do the following:

Empty your IE cache and your other temporary file folders, eg: c:\temp,
c:\windows\temp or C:\Documents and Settings\name\Local Settings\Temp (the
path to your temp folder will change depending on your name) - sometimes
programmes can be hidden in there - watch out for mysterious *.exe files or
*.dll files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Program Files. Check for unrecognised
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is no style
sheet chosen (under User Style Sheet - format documents using my style
sheet). If the option is turned on, turn it OFF.

If the problem comes back, start all over again but with the following
changes (this section requires advanced computer skills - inexperienced
users will require assistance, available via the public newsgroups or
various anti-spyware forums, my preferred forum being
http://forum.aumha.org/)

Examine win.ini using MSCONFIG to see what is loading. You may find
something there. Go to MSCONFIG and go to the General tab. Turn off
process win.ini file, load system services and load startup items. Restart
Windows and run AdAware etc once more.

Use services.msc to see what is running. Some malware is now registering
itself as a Service. The problem is working out what is legitimate and what
is not.

Once a service or services has been identified as malware, use services.msc
to set the malware service(s) to 'disabled'. Reboot into safe mode. Delete
the relevant malware key in the right hand pane at
HKLM\System\CurrentControlSet\Services.

I strongly recommend that unless you have strong experience working in this
area that until such time as I am able to track down a comprehensive list of
legitimate services (or put one together myself), that you post details of
the services revealed by services.msc to a microsoft.public newsgroup for
professional guidance. If you turn off the wrong service you could cause
serious problems, and at the very worst, leave the computer unbootable.

An experienced computer technician can use programme such as AutoStart
Viewer for in-depth diagnosis:
http://www.diamondcs.com.au/index.php?page=asviewer

I prefer Process Viewer for Windows:
http://www.teamcti.com/pview/

Another excellent programme is 'Silent Runners':
http://www.aaronoff.com/silent_runners/

Another excellent programme for the experienced user is APM (Advanced
Process Manipulation), available at:
http://www.diamondcs.com.au/index.php?page=apm

Once the computer is clean, and if it applies to the operating system,
create a new restore point. The old ones may, of course, be infected with
the malware and therefore cannot be used. Run disk cleanup to remove old
restore points (if your operating system has this option you will find it on
the 'more options' tab of the disk cleanup utility. If the option to remove
old restore points is not available, stop and restart the restore service
which will flush out old restore points and prevent accidental reloading of
malware.

MS have released a limited KB article regarding what they call 'deceptive
software'.
http://support.microsoft.com/default...b;EN-US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/




pjd190 wrote:
I have done all that is suggested- run ad aware, hi-jack
this, spybot-- ALL UPDATED- they removed VX2,
Look2me,once. hijack this keeps finding auto.search,
etc. McAfee security center on, also their virus scan-
NONE of these programs finds any other spyware/malware,
except the search engines. Downloaded PestPatrol, which
also found VX2 and removed it. Pop-ups, and IE search
hijackings continued. 302 kb files in WINDOWS/SYSTEM-
cannot remove C*gwiz [* is changeable letter]- says in
use by Windows. Properties- Nic Tech Networks, 5/5/04. On
every restart, another 302 kb file in Windows System, but
I was able to remove those a coouple of times, but then
PC would freeze, had to control-alt-del to restart. Each
restart, Windows is 'reconfiguring your start up files'.
I was able to open the C*gwiz file- once- and it had much
gibberish, but many messages at end- which pop up
frequently, plus the Nic Tech Networks info, along with
VeriSign and Fawlte certificate information [sorry I
didn't copy all this down]. Then- no CD. Tried to check
system resources, and on each tab click, that op[tion
disappeared. Tried to restore registry in DOS- "this
program cannot run in DOS". Now I cannot start my PC in
safe mode, but when desktop appears, cannot use mouse,
and it repeatedly attempts to connect to the internet.
Started PC with a boot disk- tried to copy SYS C files
[command.com. IO.sys, MSDOS.sys] no go- "needed
parameters missing". I am now running a full scandisk
from boot disk.
Tried calling MS virus help line- after receiving sales
pitch to upgrade to XP, was cut off twice.
Presentluy running MS Windows98SE, IE 6.0.28000, 128 bit
security. Current on all updates.
-----Original Message-----
There are many people who have helped this FAQ improve over time -
MVPs and newsgroup users. I thank all of you who have made the
newsgroups, anti-malware websites and dedicated mailing lists into
such a wonderful resource.

IMPORTANT: Before trying to remove spyware, download a copy of
LSPFIX from the URL below - some malware can kill your internet
connection when it is removed, and this software should get things
going for you again: http://www.cexx.org/lspfix.htm

IMPORTANT: After obtaining the software below, make sure you check
for updates and then run the programmes in safe mode.

You can go to the link below to check your system for parasites
(supplied by Doxdesk.com):
http://inetexplorer.mvps.org/parasite.htm

Malware removal (beginners guide):

First, go to Control Panel, add/remove programs. Check for malware
entries and use the uninstall programs.

Second, get AdAware. [..Warning: AdAware is now version 6.181. All
previous versions are NO LONGER SUPPORTED and will not be updated...]

AdAware is available at www.lavasoft.de. Make sure you check for
updates every time you use it.

To be most effective, you must run AdAware while Windows is in safe
mode.

Modern malware uses more than one process, and these processes are
'co-dependent'. In other words, when one processes detects that the
other has been shut down, it automatically restarts its sibling,
often using a different name.

Disable the ability of suspect processes to start automatically by
using MSCONFIG (startup tab) before booting into safe mode. Use the
information at the URL below as a guide:

http://www2.whidbey.com/djdenham/Uncheck.htm

Reboot your computer and hold down the F8 key until the boot menu
options appear. Select 'safe mode'. After you are in safe mode,
check to make sure the suspect processes did not start up. If they
did start up, we are going to have to track down *where* they are
coming from before going any further. An experienced computer
technician can use programme such as AutoStart Viewer for in-depth
diagnosis: http://www.diamondcs.com.au/index.php?page=asviewer

While still in safe mode, and after you have shut down as many
malware processes as possible, start AdAware. AdAware, when run
using default settings, simply does not cope with new 'intelligent'
malware. Make sure 'activate in depth scan' is enabled. Select
'use custom scanning options' and then click on the 'customize'
button. Turn on the following scan options - scan within archives,
active processes, registry (including deep scan), IE favorites and
hosts file. You must also turn on the following option via the
'tweak' button:

Cleaning engine: 'automatically try to unregister objects prior to
deletion'

IMPORTANT: Before letting AdAware delete malware, write down on a
piece of paper exactly where the malware is stored. You will need
to delete those directories after AdAware has done its work, but
ONLY IF IT IS NOT A STANDARD WINDOWS DIRECTORY.

After running AdAware, run it again, this time using the option
'select drives/folders to scan'. Click on 'select'. Scan your
entire hard drive. Also do the following:

Empty your IE cache and your other temporary file folders, eg:
c:\windows\temp (if using Windows 98) or C:\Documents and
Settings\name\Local Settings\Temp (the path to your temp folder
will change depending on your name) - sometimes programmes can be
hidden in there - watch out for mysterious *.exe files or *.dll
files in those folders.

Go to IE Tools, Internet Options, Temporary Internet Files {Settings
Button}, View Objects, Downloaded Programme Files. Check for unusual
objects there.

Go to IE Tools, Internet Options, Accessibility. Make sure there is
no style sheet chosen (under User Style Sheet - format documents
using my style sheet). If the option is turned on, turn it OFF.

It is possible to turn off third party extensions (Enable third-party
browser extensions (requires restart) at IE tools, internet options,
advanced) to disable *all* plug-ins but troubleshooting will be
difficult and it is only a BANDAID. Nothing gets fixed. There is
software that depends on 'third party browser extensions" to work,
including Acrobat, Microsoft Money, and many other programmes.

Once your computer is clean, and if it applies to your operating
system, create a new restore point. Your old ones may, of course,
be infected with the malware and therefore cannot be used. Run disk
cleanup to remove old restore points (if you operating system has
this option you will find it on the 'more options' tab of the disk
cleanup utility).

If you are still having problems:

You can go to the link below to check your system for parasites and
hopefully identify your problem (supplied by Doxdesk.com):

http://inetexplorer.mvps.org/parasite.htm

Download and run the latest version of "Cool Web Shredder"
http://www.merijn.org/files/CWShredder.exe

The more experienced user can try Spybot. Again, it is a free
programme which can be downloaded from:

http://spybot.eon.net.au/. Warning: it is NOT
a good programme for the inexperienced. If you want to use this
programme, please get the advice of those more experienced

before 'fixing' anything
that it finds.

Another excellent programme that allows you to examine your system
and *create a results log for experts to examine* is HijackThis,
available from: http://209.133.47.12/~merijn/files/HijackThis.exe
(direct download)

MS have released a limited KB article regarding what they call
'deceptive software'.
http://support.microsoft.com/default.aspx?scid=kb;EN- US;827315

Here is advice specific to:

home page hijackings
http://inetexplorer.mvps.org/answers.htm#home_page

pop-up ads
http://inetexplorer.mvps.org/data/popup.htm

search engine hijackings
http://inetexplorer.mvps.org/answers4.htm#search_engine


--
Hyperlinks are used to ensure advice remains current
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://inetexplorer.mvps.org/



BigMig wrote:
An IESEARCH application has been downloaded (unwanted)
from a web site. Every 5 minutes or so it connects my pc
to the internet. I cannot delete this application
because "it is in use by window". How do I delete this
application


.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 01:40 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.