From: "Nick" <psstcenter@shaw.ca>
Replies are inline...
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:IfHZe.1283$qC4.545@trnddc02...
>> From: "Nick" <psstcenter@shaw.ca>
>>
|>> Please, can anyone help by explaining to me the following? Thanks
| in
|>> advance!
|>>
|>> Nick
|>>
|>> AlexaToolbar - Browser Plugin
Very minor data miner.
|>>
|>> RegistryKey - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
|>> Explorer\Extensions\{C95FE080-8F5D-11D2-A20B-00AA003C157A}\
|>>
|>> RegistryKey - HKEY_CURRENT_USER\Software\Microsoft\Internet
|>> Explorer\Extensions\CmdMapping\{C95FE080-8F5D-11D2-A20B-00AA003C157A}
Not sure what these are...
|>> Advertising - 3rd Party Cookie
|>>
|>> URL - Cookie:nick1@advertising.com/
|>>
|>> Atdmt - 3rd Party Cookie
|>>
|>> URL - Cookie:nick1@atdmt.com/
|>>
|>> Edge - 3rd Party Cookie
|>>
|>> URL - Cookie:nick1@edge.ru4.com/
|>>
|>> Fastclick - 3rd Party Cookie
|>>
|>> URL - Cookie:nick1@fastclick.net/
|>>
|>> Tribalfusion - 3rd Party Cookie
|>>
Cookies are the LEAST of all problems to worry about. I don't bother with cookies at all.
>> Please download, install and update the following software...
|
| Will you please let me know briefly what does the above INFO mean?
| I just started the security + program and hope to learn this stuff in
| details later on.
| Installing ZA helped me delete all of the above, but I guess it's not
| enough.
|
>> Ad-aware SE v1.06
>> http://www.lavasoft.de/
>> http://www.lavasoftusa.com/
|
| It took me a while to find this file finally at
|
http://www.download.com/3001-8022_4-10399602.html
|
>> SpyBot Search and Destroy v1.4
>> http://security.kolla.de/
|
| Found this file at
|
http://hestia-ignite.com/hs/spybot/download/index.html
I don't know if that is a legal mirror site and not a tampered version (I hope it isn't !)
http://security.kolla.de/ takes you to
http://www.safer-networking.org/en/index.html
And was it found right here...
http://www.safer-networking.org/en/download/index.html
|
| Actually I had this program on my computer before and I uninstalled it.
You probably had an older version. The latest version of SpyBot S&D is v1.4.
|
>> After the software is updated, I suggest scanning the system in Safe Mode.
|
| Do you mean rebooting the computer in Safe Mode and then scanning the
| system? Why is that so important? ( hope you do not mind if I ask stupid
| questions)
| I scanned immediately and I received the following result:
Safe Mode is a limited version of the OS. It doesn't load as many Kernel files and doesn't
load user startup files. Thus when scanning in Safe Mode removal of malware has a greater
efficacy. This is due to the fact that there is less of a chance that the malware is
running at the time of the removal.
< snip >
>> I also suggest downloading, installing and updating BHODemon for any
| Browser Helper Objects
>> that may be on the PC.
>>
>> BHODemon
>> http://www.definitivesolutions.com/bhodemon.htm
|
| Isn't it too much to have Symantec AntiVirus, ZA, Spybot, Ad-Ware and BHO
| Demon on my PC? Is there any single program that performs all the functions?
|
| I appreciate your help!
|
| Nick
|
No not at all. Albeit I am no phan of Norton AV (Symantec AV is for Corp./enterprise use
and Norton AV is their retail product line).
NAV/SAV - Anti Virus
ZA - FireWall
SpyBot S&D, Ad-aware SE and BHODemon - non-viral malware
There is NO single program that it all. While there may be overlap in their application,
some may catch what another may miss. SyBot and Ad-aware are peer programs. They do the
same thing but one may catch what the other misses. BHODemon is spoecific to the non-viral
malware class called Browser Helper Objects (BHO). These are similar yet different to
plug-ins to Internet Explorer. An example of a good BHO is the Acrobat Reader. This way
you can view a PDF file within IE. Bad BHO's will generate lots of IE Pop-Ups, force you to
go to poern sites or other web sites you don't want to go to, etc.
When it comes to viral malware (Trojans are not really viruses but tend to be classed that
way) one needs to have one anti virus application installed and performing what is known as
"On Access" scanning. This is the process of scanning files written to or read from the
hard disk. This is different fro what is known as "On Demand" scanning. This is when you
specifically have AV software scan the entire computer or a specified area of the computer
(such as a folder or just one hard disk).
One should have only one "On Access" scanner installed but you can use multiple "On Demand"
scanners. Reason being one may find what another may miss.
"On Demand" scanners can be online scanners or the can be local scanners.
Example online "On Demand" scanners...
Trend:
http://housecall.antivirus.com http://housecall.trendmicro.com
F-Secure:
http://support.f-secure.com/enu/home/ols.shtml
McAfee:
http://www.mcafee.com/myapps/mfs/default.asp
Panda:
http://www.pandasoftware.com/activescan/
Kaspersky:
http://www.kaspersky.com/de/scanforvirus
Symantec:
http://security.symantec.com/
BitDefender
http://www.bitdefender.com/scan/license.php
Freedom Online scanner
http://www.freedom.net/viruscenter/index.html
The disadvantages of online scanners are...
- dependence upon IE
- requires Browser to be running
- tend to only run in Normal Mode
- some detect but don't remove infectors
An example of a local "On Demand" scanner is my Multi AV scanning tool. It provides AV
scanners from; McAfee, Sophos and Trend Micro.
The advantage are..
- can be executed in Safe Mode
- non-GUI scanners can be used in DOS and if the hard disk uses NTFS, one can use NTFS4DOS
- no dependency on IE or a browser being used
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm 
spyware 
Linear Mode
