| User | Post |
HyperLamer
Posts: 550/8210 |
Originally posted by 404
IST Service? 
I had that once. It's spyware alright, something porn-related. It loads as an IE toolbar (which of course also loads in windoze explorer), there's no actual bar though. I came across it in C:\Program Files (yes, it's that stupid ), corrupted the hell out of all the files, and deleted it. Not the best way (still left the option on the menu) but it works. 
last updated: Mon, 3 May 2004 10:26:54 +0100 (1337 servers listed)
viewing hostnames added after: Fri, 7 May 2004 00:00:00 +0100 (1337 total)
 |
Tarale
Posts: 207/2720 |
Put your father on a leash already!
Block out all the ad servers in your Windows host file, hopefully that will make it a crapload harder for him to do stuff like this;
Ad server list is here
Save everything from the ## marks down as 'hosts' (no extension, not .txt or anything!) in your C:/windows directory, or if you have WinNT/2k/XP, save it in c:/winnt/system32/drivers/etc
Voila, no ads, and hopefully your father won't get any of the crapware on those adservers anymore. |
Uncle Elmo
Posts: 326/1062 |
Thanks 404, the only thing is, as I said, I've no idea what it is, you see my replacing that Prog with the one you wrote, what happens is that it gets overwritten by this "Hot Kiss" thingy, so how do I get rid of it, once and for all?
Tomguy - Ahhh! I see now, I'll do so later and tell you what happened. I logged in as admin. |
kitty
Posts: 869/2449 |
I'm not TomGuy, I'm Tomguy... And please, don't quote the post right above yours, there's no need to... unless you're rewording just a part of it or only quoting a small part for emphasis (not the whole thing!)
make sure you go to the HouseCall link as well... |
Wrath
Posts: 92/93 |
lol I know who you are I was just stating that Tom/Morelli showed me about the msconfig a while ago, I didn't mean Tomguy
Also you are correct, I never have updated the defenitions. I'll give out what you said a try in a miniute to see if it works.
Alright your now just Tomguy |
kitty
Posts: 866/2449 |
Originally posted by 404
Here's another nifty tool: Type in "msconfig". It's a lot easier to disable shit/see what runs and such.
In 98 it's decent, but you ever notice the Run- list? That's shit you unchecked, and it can get cluttered and get double (or triple, etc) entries. In XP I have no damn idea where they go so I just delete them Also, if I know I delete them and see them back there, it's more of an indication to me it's something fishy.
Wrath: If you scanned with Ad-Aware, you NEVER updated the defenitions. When online, click icon that's the picture of the world with a magnifying glass (2nd from the right in the top row), then "Connect" on the popup dialog, "Ok" in the window that pops up, and then Finish and scan with smart system scan. Ad-Aware HAS to get rid of new.net, and if not, Spybot sure as shit does. Also, you should go to the AV link as well, you have several trojans on your system. Anything with a nonsensical name or a name that attempts to mimic a system app/process is malicious.
And I'm not Morelli. I'm Tomguy. Watch it. My English is 100% comprehendable 
And DrJay: When you booted in safe mode, did you boot as administrator or as your default username? Admin has a different registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Wrath
Posts: 91/93 |
Yea i know about the msconfig Morelli/Tom or whatever he is named here told me about that a long while ago.
As for all your questions about what they are, i haven't a clue in the world
Oh and by your response and by where I was at I assume thats all that runs at startup...?
God i hate computers there so damn complicated |
Xkeeper
Posts: -4495/-863 |
Originally posted by Wrath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
What the fuck is aihjfxd.exe?
Fash.exe?
New.net?
IST Service?
DM Server?
...
What the hell.
I'd say trash them all but then again... TG might have something to imput on the subject, but if it's in there I kill it. I don't let anything [sides Pulse, Curseur.EXE and ChamClock] run at startup.
//
Here's another nifty tool: Type in "msconfig". It's a lot easier to disable shit/see what runs and such.
I use it. |
Wrath
Posts: 90/93 |
Yea sorry to butt in with this but what is this 'Registry Editor' and TomGuy you told Elmo his computer was 'fucked up' is how you put it so I was wondering - considering I think my computer is 'fucked up' too maybe you could help me out with it as well? Here's a screen of the first
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The second is
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
May this help stop many of the popups I have on my comps? I try Ad-Awarre to get rid of the spyware but I continue to get all kinds of annoying popups. |
Xkeeper
Posts: -4497/-863 |
Try overwriting it with this. I Just now wrote that for you-- it'll do nothing other than load and die.
It worked with MSN Messenger on XPee.
edit: No need to quote the post right above yours, especially if it's that long! |
Uncle Elmo
Posts: 323/1062 |
Well I've done mostly what you asked, there are a couple of problems though.....
Firstly half of the list didn't appear when I ran it in "safe mode", but I deleted the ones you asked me to do, and I then booted it up in "Normal Mode" and deleted the remaining ones.
I ran a virus check using that link, it found one Trojan (about the same time AVG told me about it), and got rid of it..
One thing... the very programme I asked your help in deleting... that "Hot Kiss", IS STILL BOOTING UP! It's very frustrating. I followed the link and found a programme in the Windows directory (it was hidden), I deleted it and thought that was that but it's obviously not. It must be elsewhere on the drive and copies itself to C:\Windows. There seems to be no reference to it in the registry (well where you asked me to look at any rate), and itr's bloody annoying.... Adaware seems oblivious to it as is spybot, AVG and that online Virus checker, I'm at the end of my tether and I am NOT about to reinstall windows and have to backup about 20Gb worth of data just because of one stupid programme.
Any more tips... what's this about "streams", how do I check those?
Regarding the Ad killer well I've got both Mozilla's own one and Zone alarm doing it for me. I've uninstaled pop-up stopper now. |
Xkeeper
Posts: -4499/-863 |
Jesus fricking christ 
First one.
Second one.
Jesus Christ... and what the fuck is "Internat service"?! |
HyperLamer
Posts: 540/8210 |
Upgrade Service sounds fishy with a name like 'sxchost.exe' (trying to mimic a windoze file). Runner also doesn't belong, svchost isn't in C:\Windows.
As for your missing file, You use XP? NTFS filesystem? Might be hidden in a stream.
Oh, and use Proxomitron to kill ads.  |
kitty
Posts: 842/2449 |
HOLY SHIT. Your PC is REALLY fucked up. Hoo boy!
First screen: Kill off these
Dial32 - Virus/Malware
Dial33 - Virus/Malware
Internat Service - Virus
Reg32 - Virus/Malware
Runner - ?
Upgrade Service - ?
WebSavingsfromEbates - Spyware
Second one is OK as far as I see (although you should use the Google toolbar and not Popup Stopper Free - it comes with spyware last I checked)
Once you do that, for God's sake... reboot in "normal" mode and... http://housecall.trendmicro.com/housecall/start_corp.asp |
Uncle Elmo
Posts: 322/1062 |
I've printed the screens for you...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I'm perplexed as there's no mention of "Hot Kiss" |
kitty
Posts: 839/2449 |
Start: Run: regedit - Go into
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
List for me everything in those two - I'll tell you which ones to kill off. You can double-click the value, select and copy/paste both the Value name (like nForce Tray Options) and Value data (like sstray.exe /r) - I need to know both with some viruses/spyware/malware
Start in safe mode (doing this in normal mode won't matter, the program will re-add itself). Then regedit and delete the ones I tell you to kill off. |
Uncle Elmo
Posts: 321/1062 |
Yep it's my Dad again. I manged to get rid of all the Spyware and Viruses apart frm one and it's driving everyone insane...
You see, I use ADSL, and for some unfathomable reason my Dad decided to install a dialler, now 9it's pretty useless, but randomly, about every half hour or so it boots itself up, plonks itself in the system tray until I shut it down. After some sleuthing, I've found out it's governed by a process called "HotKiss.exe". I've ran a Windows Search tool on it. and I found a "pf" file in the "Prefetch" folder refering to it, this has been deleted so I still have it, I can't find any "HotKiss.exe" file anywhere (nothing is hidden either) and It's driving me insane. What do you suggest? |
