[ripken204]

my dads comp is pretty screwed b/c of all the popups that he is getting, he walks away for half an hour and then comes back, over 50 popups! then when he exits out of all of them, in task manager there are like 50 iexplorer.exe processes. any1 have any suggestions on what to do here? better yet is there a way to just get rid of internet explorer?

i know that it is from my sister b/c all she does all day long is talk on aim, go to aim icon sites(which is loaded with crap), and myspace(which is also loaded with crap no matter what you guys say).

[Zxian]

The usual big three of Spyware protection - Ad-Aware, Spybot, MS-AS. Download them all, update their definitions, and then run them in safe-mode. A good virus scan wouldn't hurt either.

As for prevention in the future, run the Immunize feature in Spybot, as well as run SpywareBlaster.


As for your sister, try to tell her not to go to those websites in IE, and definately not click on any pop-ups, no matter how good they might look. An ounce of prevention is worth a pound of cure.

[ripken204]

my dad runs those 3 programs and NAV. i tell her not to go to those sites but u know how girls are. they only use firefox but all of the popups are in IE.

[Zxian]

... they only use Firefox but all the pop-ups are in IE?

It would also help to set up a limited user account for your sister. Malware has a lower chance of infecting the computer from a limited account than from an administrator or Power-user account.

Are there any instances of iexplore.exe running on startup? Do an online scan from Safe Mode with Networking at TrendMicro's HouseCall just to be sure that the computer is clean. I remember when I used to run NAV and stuff still got through.

[ripken204]

i have been thinking of doing that

i switched to nod32 a few weeks ago and i love it, norton sucks compared to it

[ripken204]

now what would be the advantage of a limited account? would the adaware/spyare/viruses still infect the admin's account? and ive also been thinking of possibly setting up a dual boot.

[dman]

ripken204, on Aug 30 2005, 07:11 PM, said:

now what would be the advantage of a limited account? would the adaware/spyare/viruses still infect the admin's account? and ive also been thinking of possibly setting up a dual boot.
<{POST_SNAPBACK}>

Advantage of limited account is that it doesn't have the authority to install programs... this includes virus. Unfortunately it also means other programs. Most people find limited account too restrictive to be usable. A better approach is to start internet, IM and email through dropmyrights.exe. This will strip admin rights out of process as it is launched giving advantage of limited account, but otherwise computer will behave as expected with admin rights.
http://msdn.microsoft.com/library/default....ure11152004.asp

[ripken204]

all she needs is aim,firefox, and ms word. now how about adaware/spyware? ill give that program a try, thx.

[atomizer]

ripken, i'd suggest getting rid of IE, OE and anything AIM/AOL related. reformat and go with nLite (i assume you use nLite, i see you in the forums all the time).
if your sister needs AIM compatibility, try Miranda or Gaim.
she may not like Miranda at first (very minimal), but it can be customized like crazy and functionality can be extended with plugins.

if you use FF with NoScript, Thunderbird and stay away from AOL crap, i'm thinking you won't really need any spyware blocking s/w. i rarely check my system anymore and never run anything in the background.

This post has been edited by atomizer: 30 August 2005 - 05:59 PM

[877136]

for the stubborn scumware you might want to grab hijack this from here

http://www.spywareinfo.com/~merijn/

using an oline analyzer to help intepret the results

http://www.spywareinfo.com/~merijn/

its also worth remembering that although a lot of scumware generates from inside an infected machine, running the usage tracks cleaner (accessed via the advanced mode in spybot) helps you from being targetted - you may also want to consider something such as windowwasher to compliment spybot and cleaning your system out on a regular basis

[atomizer]

Quote

its also worth remembering that although a lot of scumware generates from inside an infected machine, running the usage tracks cleaner (accessed via the advanced mode in spybot) helps you from being targetted - you may also want to consider something such as windowwasher to compliment spybot and cleaning your system out on a regular basis

don't take this personally, it's meant as a stab in IE's back, not yours or anyone elses

that's the problem with IE; you can't run it alone. i always used a proxy, like proxomitron/proxomodo/ad-subtract or whatever, then you have to install and run something like SB S&D, scan system, immunize, run it again every week/month, update, scan system, immunize, run to windows update every month to get the latest "critical update" for the latest "buffer run overflow" that "allowas an attacker to take control" and on and on and on and on.......................
and after all of that, if you left JS and ActiveX controls enabled, or didn't properly configure your security settings (cause they sure aren't configured right by default), you're still infected. and if you think you aren't, you're probably wrong

just look at all the companies making money selling products that guard against spyware/adware/malware/whateverware/ that cater to the IE audiance, not to mention the freeware. then there's all the "erase your IE history" programs that must number in the hundreds.

or....

use a quality browser. done. opera/FF/whatever

[ripken204]

@atomizer-why not use aim? i did run aim ad hack which gets rid of all of the crap put on the system. i have aim and i get absolutely nothing on my comp. my dad uses thunderbird, but for firefox its the sites that my sister goes to. and the xp on it is nlited, same exact as what is on my comp until i do my next install in a few days with ryanvm's new update pack and my UA programs which i am putting together

@877136-i do use hijackthis and i do get rid of what i think is bad

This post has been edited by ripken204: 30 August 2005 - 07:02 PM

[atomizer]

Ripken, i really can't give an intelligent answer as to why not to use AIM. i just hate/don't trust anything AOL/AIM related. perhaps if it's configured properly it's OK. my daughter and her friend used AIM and i was always being bugged with "why is this popping.., why can't i boot.., why is this so slow.., look! i have 22 viruses!..," etc.. maybe it was what they were downloading, i don't know. and i watched them chatting one day and noticed all the ads. i don't understand how that can NOT annoy the living daylights out of someone (i know you said you used a util to stop that). anyway, i practically forced my daughter to use Miranda and that was the end of the problems (well, computer related ones anyway ). once she got used to it she liked it. simple. clean. functional.

[ripken204]

aim ad hack gets rid of all of the ads and added shortcuts/programs that aim adds to the system. so im just going to stick with it since i have not had any problems with it.

[atomizer]

rip - i didn't really word my last post right; i meant to refer to the machine your dad/sis are using. all of those problems may have been due to IE, but i don't know. maybe some of them were due to AIM, which you yourself suspected. maybe try loading another multi-protocol IM (like miranda or whatever) on that box and see if that helps.

[war59312]

Use xplite and get rid of IE forever.

[atomizer]

war59312, on Aug 30 2005, 09:12 PM, said:

Use xplite and get rid of IE forever.
<{POST_SNAPBACK}>

i use nLite to get rid of IE before the install. have you tried it? if so, i'd like to hear your opnion on both nLite and XPLite. thanks

[ripken204]

how do u get rid of IE in nlite?

[Zxian]

Remove Internet Explorer - it's an option of the removed components.

Unless you want to cripple the system, don't remove IE Core. You'll loose access to all the MMC dialogs and the like. Help will be screwed up as well.

[atomizer]

rip - you have 2 choices; 1) get rid of some IE files, but keep the core, or 2) get rid of all of it... sort of. if you remove IE and the core (both individually selectable within the nLite UI), it's still not completely gone. it takes some reg and dll hacking to finish the job. i just did an nLite build with the IE core removed and it went pretty well.