Hi! I had a trojan, which was pretty awful. Completely disabled Spyware Blaster, unchecked the "Lock Host File" setting in Win Patrol and other settings. I used Spyware Sweeper and then Registry Mechanic and a few other things, including setting System Restore back a few day prior to the problem. I uninstalled Spyware Blaster and reinstalled it. I updated it and then no matter what I have tried to do, when I look at Status, it shows that under "Restricted Sites" that 271 items have protection disabled. Is this a result of a change the Trojan would have made that I haven't found? Any suggestions? Thanks so much, Beth :(
beth_ct , hello and welcome to LzD :)
To make sure you have no malicious files/programs residing in your system, please do this:
(this is, if you have Win2K or XP )
Go here and download Ewido Security Suit:
http://www.ewido.net/en/download/
A quick guide is found here:
http://www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf
- Install ewido security suite
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
- Click on scanner
- Click on Complete System Scan and the scan will begin.
On the first alert, a window will open prompting you to take action. Checkmark "Remove" and "Perform action on all detections".
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop.
Now close ewido security suite.
Then.....
Download HiJack This from here: http://www.thespykiller.co.uk/files/HJTsetup.exe
This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
This is a complete installer that installs Hijackthis onto the computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.
then.......
Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here together with the report from Ewido and we´ll have a look at it.
Regards
Die Hard :)
Hi there - I thought I'd let you know that I had a similar problem to Beth's, most notably the "restricted sites" issue in Spyware Blaster, as well as a prob with Spybot S&D disabled immunizations. [FYI - I run MS Antispyware (beta) and saw no probs with it (but then I run it out of curiosity, mostly).]
So Die Hard, I followed you instructions and downloaded the Ewido suite. It found the following:
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\katew\Local Settings\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe -> Backdoor.SdBot : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
The probs in both Spyware Blaster and Spybot S&D went away after removal. Thanks!
I hope this might help with your diagnosis and resolution.
Gratefully, Kate
Katewahine :)
I read your PM :)
This is the benefits of an open board; a user with one problem can help another with a similar problem.
That can be seen on the count for "views" on some topics on certain boards, some will have several thousands viewers, but only a few posts in it.
regards
Die Hard :)
Quote from: beth_ct on January 30, 2006, 12:42:37 AM
I used Spyware Sweeper....~snip~....I uninstalled Spyware Blaster and reinstalled it.... ~snip~ ....when I look at Status, it shows that under "Restricted Sites" that 271 items have protection disabled
Hey Beth,
I assume you mean Webroot's Spysweeper instead of
Spyware Sweeper :?
If that's the case....there is a known issue where-by SpySweeper may prevent SpywareBlaster from enabling all Restricted Sites protection if
IE Security Shield is enabled in SpySweeper. The below link has an explanation by Javacool the programmer of Spywareblaster.
This link---> Having trouble setting the Restricted Sites protection in SpywareBlaster? (http://www.wilderssecurity.com/showthread.php?t=113841)
Regards,
Bubba