SPYWARE

[nomo4me]

First, thanks P-51 for putting this together. I can be counted amoungst those who will chip in a few $$ towards it's upkeep.

Anyone else sure that the ezboard site was planting spyware on their PC???? Note I'm not talking about GP, but the ezboard host.

I'm pretty certain that's where my constant rash of spyware was coming from. I hope that is not the same case with this site.

Thanks again P-51. Long live our passion for bits of painted plastic!


Nomo4me

[USCGSARdog]

Hmmmmm.... very interesting. I have had the same problem as of late. I had not been able to pinpoint the source however. How/why do you think its coming from EZboard? Sounds like you may be on to something here!

[nomo4me]

Reasons:
1) ezboard takes forever to load on my pc, and I use cable. It's trying to plant/read something.

2) I can clean my system of spyware, go to ezboard without visiting any other sites and the spyware is back again.

The second one bugs me, because my spyware blocker should keep that from happening.

But ezboard is Sleazyboard as far as I'm concerned.

[Coreyeagle48]

Nomo,

I hate to tell you this, but ezboard is not the problem here. Despite the fact that you have spyware blocker, I believe there is still spyware on your system or you have a virus or a combination. It is not ezboard.

I use three seperate spyware checkers on my computer, Cool Web Shredder, Spybot, and Hijack This. Sometimes, one of the programs does not completely solve the problem, so I have to use another one to do so. Also, make sure you update these programs on a regular basis, as well as your anti virus software. Very important since stuff is vulnerable after a few months.

Probably Audie gave it to you. If you describe some of the problems you have, perhaps I can steer you the right direction into solving the problem. Good luck

Corey

[nomo4me]

Coryeagle please explain why you are certain that ezboard doesn't plant spyware.
I believe that it does, though I don't have the computer savy to verify with hard data.

Nomo

[Coreyeagle48]

Nomo,

It wouldn't make sense for ezboard to plany spyware, they want people to use their message boards, so why would they do that. I use three different ezboards and have used gp's forum a lot longer than you have been there as well as several other forums. I have never had a problem with ezboard to this day with spyware. I also know a number of other people who use ezboard and no one has ever had a problem with spyware.

All internet sites do store stuff on your drive, like graphics and some things. It is so when you frequent a site, the page loads quicker for you. But there are very small files and you can get rid of them by deleting the files in your temporay internet files and cookie folders. However, I do this only seldomly because with large hard drives, there is no need to do it.

Spyware unfortunately mostly comes from sites such as porno sites or these independent sites. Or any site that has a frequent amount of pop up ads. The problem is that spyware gets through because there are several security weaknesses in the internet explorer and windows. Unfortunately spyware folks can fairly easily overwrite or expose these weaknesses on your computer. The best bet to fix spyware is to use anti spyware programs such as spybot, and keep them updated, use anti virus software and keep that updated and to continue to keep windows updated by visitng the microsoft site and downloading the updates and fixes. Most of the fixes are a direct result of exposed weaknesses, so it is good to keep your systems updated.

I had a huge problem awhile back with a spyware deal, I could not get rid of it. It continually changed my homepage and messed up my system. Spybot nor hijack this fixed it. I eventually found that the program was a virus, imbedded in the system files of windows, every time you started the computer, it came back. Anit virus software and manually finding the program through a file search and elminating it eventually solved the problem.

My point is, if ezboard caused this, a lot of other people would have problems with it. But the fact is thousands of people use it and I never heard of anyone having a spyware problem from ezboard. They want people to use the board, so why would they plant spyware. Just doesn't make sense.

My suggestion to you is to throughly check your system. And if you know someone computer savvy, possibly have them take a look at your system. I'm willing to bet you got some kind of virus or trojan horse or spyware program in an email or by visiting a website at some point, and it is in the system files so it comes back every time you use the net or startup. Hope this helps.

If you could tell me more details about your problem, I might be able to point you to the right place or a way to fix it.

Corey

[Coreyeagle48]

LI,

You can remove that virus using anit virus software. The best one, and it is free, is AVG Anit Virus 6.0 from Grisoft. You can download it free for home use and it works very well. It also checks virus as you boot up your computer. Also. update spybot, spybot can pick up cool web search in the newer version.

As for Cool Web Shredder, just type that into google.com or any search and you will find a link for it I am sure. I forget where I got mine nowdays but i just found it on the Net.

Once you use AVG, and the other programs, I can't see why you would have a problem running IE again on your system. Also, use the newest verison, which should help guard against viruses.

Corey

[Coreyeagle48]

LI,

You can remove that virus using anit virus software. The best one, and it is free, is AVG Anit Virus 6.0 from Grisoft. You can download it free for home use and it works very well. It also checks virus as you boot up your computer. Also. update spybot, spybot can pick up cool web search in the newer version.

As for Cool Web Shredder, just type that into google.com or any search and you will find a link for it I am sure. I forget where I got mine nowdays but i just found it on the Net.

Once you use AVG, and the other programs, I can't see why you would have a problem running IE again on your system. Also, use the newest verison, which should help guard against viruses.

Corey

[nomo4me]

Sorry for the delay in responding. If you could help me I'd really appreciate it.
Spybot finds and removes the following virus/spyware, but then it always seems to reappear. Here's what it looks like on the spybot listing:

DSO EXPLOIT
HKEY_USERS\S-15-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\INTERNET SETTINGS\ZONES\0\1004!=W=3

I get 5 different iterations of this thing. If you or anyone else can point towards a shareware tool to remove it I'd appreciate it.

Nomo4me

[Teamski]

Have you tried Hi Jack This??

You can get it here for free:

http://www.spywareinfo.com/~merijn/downloads.html

It does a pretty good job on clearing spy gear...........

-Ski

[Coreyeagle48]

Nomo,

download hijack this, then when you have it run it. When you run it, save it as a log file. Then post the file listing on here. I can tell if anything is a miss when you run the scan and save it as a log file

Corey

[nomo4me]

Logfile of HijackThis v1.98.2
Scan saved at 10:52:51 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\windows\redirect7.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [redirect] C:\windows\redirect7.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: NkvMon.exe.lnk = Nikon\NkView5\NkvMon.exe
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe

[Coreyeagle48]

Nomo,

Looking at your scan results, I can't see anything out of the ordinary on your computer. It is possible one of those files is spyware, but, the problem is you i see run XP where i run 98 SE on this computer still. IO see some of the XP file names are different.

If anyone else has XP and uses hijack this, perhaps they can compare results with you. There are also some very good spyware message boards out there, if you find one, post your results and someone there can probably tell you better than me. I just don't have XP and don't know it, not yet anyway. Actually this computer would not take XP, be way to slow.

Corey

[hawkonevoodoo]

I run Ad-aware once a week and it seems to do a good job. Also it is free.
Happy collecting!!!
http://www.download.com/3001-8022_4-10319876.html?idl=n