IE Pop-ups and redirects - Page 2

Susan528 · 04-03-2007, 07:22 AM

Quote:

when I used to run "bots" in chatrooms.

I know one can use bots for lots of things--just curious about what did these bots do?

STEP 1.
======
Hijackthis Delete on Reboot tool

Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file:
C:\Documents and Settings\Courtney\Local Settings\Temp\twesneav.dll
Click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the No button since we have one more file to get.

Now go back to the Misc Tools button

Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file:
C:\Documents and Settings\Rachel\Local Settings\Temp\vvwseing.dll
Click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button since we have one more file to get.

Then please check to make sure these files were deleted. You may want to run another Panda scan to verify this. Let me know when you have got them deleted.

nagsville · 04-03-2007, 01:54 PM

I couldn't find either of those files through Windows Explorer.

The bots I used were for acting as sitting hosts in chatrooms, for auto moderating ie. floods, profanity, spamming etc

Susan528 · 04-05-2007, 12:18 PM

Good work! Since those files are gone and your hijackthis log appears clean, please do the following:

Reset hidden/system files and folders

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Create a new System Restore point

click Start >> Run - type SYSDM.CPL & press Enter
select the System Restore Tab
tick on the checkbox - "Turn off System Restore on all drives"
click Apply
then untick the same checkbox & click OK

Enable Windows Auto Update

Go to Start>Run - type wuaucpl.cpl
tick on the checkbox - "Keep my computer up to date"
Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button – enable protection for all unprotected items
SpywareGuard
to catch and block spyware before it can execute.
Ad-Aware
Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Download IE-Spyad- Extract the contents to a new folder
  From within the folder, double-click install.bat
  Select Option #2 – Install the new IE-SPYAD list.
  Then return to the main menu.
  Select option #4 – Add the old porn sites domain
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Here are some firewalls--you may want to choose one to install if you have not obtained a firewall.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Thank you for using TechSupport!

Susan

04-03-2007, 01:54 PM	#22 (permalink)
nagsville Registered User Join Date: Jul 2006 Posts: 26 OS: XP Home SP3	Re: IE Pop-ups and redirects I couldn't find either of those files through Windows Explorer. The bots I used were for acting as sitting hosts in chatrooms, for auto moderating ie. floods, profanity, spamming etc

04-05-2007, 12:18 PM	#23 (permalink)
Susan528 Analyst, Security Team Join Date: Nov 2006 Posts: 215 OS: WinXP Pro	Re: IE Pop-ups and redirects Good work! Since those files are gone and your hijackthis log appears clean, please do the following: Reset hidden/system files and folders Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View tab. Deselect the Show hidden files and folders option. Select the Hide file extensions for known types option. Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Create a new System Restore point click Start >> Run - type SYSDM.CPL & press Enter select the System Restore Tab tick on the checkbox - "Turn off System Restore on all drives" click Apply then untick the same checkbox & click OK Enable Windows Auto Update Go to Start>Run - type wuaucpl.cpl tick on the checkbox - "Keep my computer up to date" Under settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs: SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button – enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. Ad-Aware Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Download IE-Spyad- Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 – Install the new IE-SPYAD list. Then return to the main menu. Select option #4 – Add the old porn sites domain MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Here are some firewalls--you may want to choose one to install if you have not obtained a firewall. Comodo Personal Firewall ZoneAlarm Outpost Firewall In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? THE ANTISPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Thank you for using TechSupport! Susan __________________ Proud member of ASAP since 2005 If you feel we've helped you, Please donate to the forum