 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
| 0 user currently in Hardware/Software. |
| Acmlm's Board - I2 Archive - Hardware/Software - Hunting Down Rogue Programs |
 |  |  |
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| User | Post | ||
Uncle Elmo Hammer Brother Partly Sweet, Helpful, good at advice and a half decent writer. Also modest. Level: 49 Posts: 321/1062 EXP: 845899 For next: 37984 Since: 03-15-04 From: Prestatyn, Uk Since last post: 23 hours Last activity: 2 hours |
| ||
| Yep it's my Dad again. I manged to get rid of all the Spyware and Viruses apart frm one and it's driving everyone insane... You see, I use ADSL, and for some unfathomable reason my Dad decided to install a dialler, now 9it's pretty useless, but randomly, about every half hour or so it boots itself up, plonks itself in the system tray until I shut it down. After some sleuthing, I've found out it's governed by a process called "HotKiss.exe". I've ran a Windows Search tool on it. and I found a "pf" file in the "Prefetch" folder refering to it, this has been deleted so I still have it, I can't find any "HotKiss.exe" file anywhere (nothing is hidden either) and It's driving me insane. What do you suggest? |
|||
|
kitty Come on babe, pet the pussy ;) Level: 70 Posts: 839/2449 EXP: 2962406 For next: 53405 Since: 03-15-04 From: Scranton, PA, USA Since last post: 3 hours Last activity: 3 hours |
| ||
| Start: Run: regedit - Go into HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run List for me everything in those two - I'll tell you which ones to kill off. You can double-click the value, select and copy/paste both the Value name (like nForce Tray Options) and Value data (like sstray.exe /r) - I need to know both with some viruses/spyware/malware Start in safe mode (doing this in normal mode won't matter, the program will re-add itself). Then regedit and delete the ones I tell you to kill off. |
|||
|
Uncle Elmo Hammer Brother Partly Sweet, Helpful, good at advice and a half decent writer. Also modest. Level: 49 Posts: 322/1062 EXP: 845899 For next: 37984 Since: 03-15-04 From: Prestatyn, Uk Since last post: 23 hours Last activity: 2 hours |
| ||
| I've printed the screens for you... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run I'm perplexed as there's no mention of "Hot Kiss" |
|||
|
kitty Come on babe, pet the pussy ;) Level: 70 Posts: 842/2449 EXP: 2962406 For next: 53405 Since: 03-15-04 From: Scranton, PA, USA Since last post: 3 hours Last activity: 3 hours |
| ||
| HOLY SHIT. Your PC is REALLY fucked up. Hoo boy! First screen: Kill off these Dial32 - Virus/Malware Dial33 - Virus/Malware Internat Service - Virus Reg32 - Virus/Malware Runner - ? Upgrade Service - ? WebSavingsfromEbates - Spyware Second one is OK as far as I see (although you should use the Google toolbar and not Popup Stopper Free - it comes with spyware last I checked) Once you do that, for God's sake... reboot in "normal" mode and... http://housecall.trendmicro.com/housecall/start_corp.asp |
|||
|
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 540/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
| Upgrade Service sounds fishy with a name like 'sxchost.exe' (trying to mimic a windoze file). Runner also doesn't belong, svchost isn't in C:\Windows. As for your missing file, You use XP? NTFS filesystem? Might be hidden in a stream. Oh, and use Proxomitron to kill ads.  |
|||
|
Xkeeper The required libraries have not been defined. Level: NAN  Posts: -4499/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Jesus fricking christ  First one. Second one. Jesus Christ... and what the fuck is "Internat service"?!  |
|||
|
Uncle Elmo Hammer Brother Partly Sweet, Helpful, good at advice and a half decent writer. Also modest. Level: 49 Posts: 323/1062 EXP: 845899 For next: 37984 Since: 03-15-04 From: Prestatyn, Uk Since last post: 23 hours Last activity: 2 hours |
| ||
| Well I've done mostly what you asked, there are a couple of problems though..... Firstly half of the list didn't appear when I ran it in "safe mode", but I deleted the ones you asked me to do, and I then booted it up in "Normal Mode" and deleted the remaining ones. I ran a virus check using that link, it found one Trojan (about the same time AVG told me about it), and got rid of it.. One thing... the very programme I asked your help in deleting... that "Hot Kiss", IS STILL BOOTING UP! It's very frustrating. I followed the link and found a programme in the Windows directory (it was hidden), I deleted it and thought that was that but it's obviously not. It must be elsewhere on the drive and copies itself to C:\Windows. There seems to be no reference to it in the registry (well where you asked me to look at any rate), and itr's bloody annoying.... Adaware seems oblivious to it as is spybot, AVG and that online Virus checker, I'm at the end of my tether and I am NOT about to reinstall windows and have to backup about 20Gb worth of data just because of one stupid programme. Any more tips... what's this about "streams", how do I check those? Regarding the Ad killer well I've got both Mozilla's own one and Zone alarm doing it for me. I've uninstaled pop-up stopper now. |
|||
|
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4497/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
| Try overwriting it with this. I Just now wrote that for you-- it'll do nothing other than load and die. It worked with MSN Messenger on XPee.  edit: No need to quote the post right above yours, especially if it's that long! (edited by Yiffy Kitten on 05-04-04 10:55 AM) |
|||
Wrath Shyguy Level: 17  Posts: 90/93 EXP: 21856 For next: 2887 Since: 03-18-04 From: Canada Since last post: 547 days Last activity: 339 days |
| ||
| Yea sorry to butt in with this but what is this 'Registry Editor' and Yiffy Kitten you told Elmo his computer was 'fucked up' is how you put it so I was wondering - considering I think my computer is 'fucked up' too maybe you could help me out with it as well? Here's a screen of the first HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run The second is HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run May this help stop many of the popups I have on my comps? I try Ad-Awarre to get rid of the spyware but I continue to get all kinds of annoying popups. |
|||
|
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4495/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Originally posted by WrathWhat the fuck is aihjfxd.exe? Fash.exe? New.net? IST Service? DM Server? ... What the hell. I'd say trash them all but then again... TG might have something to imput on the subject, but if it's in there I kill it. I don't let anything [sides Pulse, Curseur.EXE and ChamClock] run at startup. // Here's another nifty tool: Type in "msconfig". It's a lot easier to disable shit/see what runs and such. I use it. |
|||
|
Wrath Shyguy Level: 17 Posts: 91/93 EXP: 21856 For next: 2887 Since: 03-18-04 From: Canada Since last post: 547 days Last activity: 339 days |
| ||
| Yea i know about the msconfig Morelli/Tom or whatever he is named here told me about that a long while ago. As for all your questions about what they are, i haven't a clue in the world  Oh and by your response and by where I was at I assume thats all that runs at startup...? God i hate computers there so damn complicated (edited by Wrath on 05-04-04 09:14 AM) (edited by Wrath on 05-04-04 09:15 AM) |
|||
|
kitty Come on babe, pet the pussy ;) Level: 70 Posts: 866/2449 EXP: 2962406 For next: 53405 Since: 03-15-04 From: Scranton, PA, USA Since last post: 3 hours Last activity: 3 hours |
| ||
Originally posted by 404In 98 it's decent, but you ever notice the Run- list? That's shit you unchecked, and it can get cluttered and get double (or triple, etc) entries. In XP I have no damn idea where they go so I just delete them Also, if I know I delete them and see them back there, it's more of an indication to me it's something fishy.Wrath: If you scanned with Ad-Aware, you NEVER updated the defenitions. When online, click icon that's the picture of the world with a magnifying glass (2nd from the right in the top row), then "Connect" on the popup dialog, "Ok" in the window that pops up, and then Finish and scan with smart system scan. Ad-Aware HAS to get rid of new.net, and if not, Spybot sure as shit does. Also, you should go to the AV link as well, you have several trojans on your system. Anything with a nonsensical name or a name that attempts to mimic a system app/process is malicious. And I'm not Morelli. I'm Yiffy Kitten. Watch it. My English is 100% comprehendable  And DrJay: When you booted in safe mode, did you boot as administrator or as your default username? Admin has a different registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (edited by Yiffy Kitten on 05-04-04 11:12 AM) |
|||
|
Wrath Shyguy Level: 17 Posts: 92/93 EXP: 21856 For next: 2887 Since: 03-18-04 From: Canada Since last post: 547 days Last activity: 339 days |
| ||
| lol I know who you are I was just stating that Tom/Morelli showed me about the msconfig a while ago, I didn't mean Yiffy Kitten Also you are correct, I never have updated the defenitions. I'll give out what you said a try in a miniute to see if it works. Alright your now just Yiffy Kitten (edited by Yiffy Kitten on 05-04-04 11:15 AM) (edited by Wrath on 05-04-04 11:20 AM) |
|||
|
kitty Come on babe, pet the pussy ;) Level: 70 Posts: 869/2449 EXP: 2962406 For next: 53405 Since: 03-15-04 From: Scranton, PA, USA Since last post: 3 hours Last activity: 3 hours |
| ||
| I'm not Yiffy Kitten, I'm Yiffy Kitten... And please, don't quote the post right above yours, there's no need to... unless you're rewording just a part of it or only quoting a small part for emphasis (not the whole thing!) make sure you go to the HouseCall link as well... |
|||
|
Uncle Elmo Hammer Brother Partly Sweet, Helpful, good at advice and a half decent writer. Also modest. Level: 49 Posts: 326/1062 EXP: 845899 For next: 37984 Since: 03-15-04 From: Prestatyn, Uk Since last post: 23 hours Last activity: 2 hours |
| ||
| Thanks 404, the only thing is, as I said, I've no idea what it is, you see my replacing that Prog with the one you wrote, what happens is that it gets overwritten by this "Hot Kiss" thingy, so how do I get rid of it, once and for all? Yiffy Kitten - Ahhh! I see now, I'll do so later and tell you what happened. I logged in as admin. |
|||
|
Tarale I'm not under the alfluence of incohol like some thinkle peop I am. It's just the drunker I sit here the longer I get.  Level: 73  Posts: 207/2720 EXP: 3458036 For next: 27832 Since: 03-18-04 From: Adelaide, Australia Since last post: 4 hours Last activity: 2 hours |
| ||
| Put your father on a leash already! Block out all the ad servers in your Windows host file, hopefully that will make it a crapload harder for him to do stuff like this; Ad server list is here Save everything from the ## marks down as 'hosts' (no extension, not .txt or anything!) in your C:/windows directory, or if you have WinNT/2k/XP, save it in c:/winnt/system32/drivers/etc Voila, no ads, and hopefully your father won't get any of the crapware on those adservers anymore. |
|||
|
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 550/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Originally posted by 404 I had that once. It's spyware alright, something porn-related. It loads as an IE toolbar (which of course also loads in windoze explorer), there's no actual bar though. I came across it in C:\Program Files (yes, it's that stupid ), corrupted the hell out of all the files, and deleted it. Not the best way (still left the option on the menu) but it works.
|
| Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
| Acmlm's Board - I2 Archive - Hardware/Software - Hunting Down Rogue Programs |
| | |
