close

Privacy guaranteed - Your email is not shared with anyone.

Everything was fine until I click on...

Discussion in 'Tech Talk' started by Wayne02, Feb 21, 2005.

  1. Wayne02

    Wayne02

    Messages:
    364
    Likes Received:
    0
    Joined:
    Dec 13, 2001
    Location:
    Washington
    Been computing for years without any significant spy-ware or virus problems. That all changed about two weeks ago when, despite my best judgment, I clicked on a link that immediately began "downloading components". I knew I was screwed right then. It was over in a matter of seconds.

    Things went south right away. Machine slowed to a crawl, browser was taken over, google pop-up blocker was overridden etc. I've been running xp pro, norton for email, ad-aware and spy-bot for spy-ware. So I ran ad-aware and it found 14 or so issues which I deleted. This helped only a little, machine still slow, browser still had a mind of its own etc. Ran spy-bot and it found another 12 or so issues which I deleted. Still no joy, machine slow, pop-ups etc.

    Out of desperation I downloaded the ms spy-ware beta and it found about 16 items, several of them in the mega serious threat category, or whatever its called. Whala! Everything is back to normal. Set ms spy-ware to run at 2am every night and get regular updates.

    It will go for a couple days without reporting any items but it's been finding several items every few days. One that keeps showing up regularly is the "Adstatus KipSoft Remote Access Trojan" this is listed as a super mega threat and of course I delete it each morning it shows up.

    I'm not sure if I get this thing by visiting websites during the day or if it is on my hd and is some sort of time release deal (if there is such a thing). I'm not sure how else to track it down, other than maybe recording the sites I visit each day and see if it shows up the next morning. I visit maybe 6 or so sites each day and none of them have reported any problems or have any sort of pop-ups etc.

    Anybody heard of this issue?

    BTW, I'm on dsl behind a router.

    Wayne
     
  2. nickg

    nickg

    Messages:
    640
    Likes Received:
    0
    Joined:
    Jan 16, 2002
    have you tried any registry cleaners? it could be a key or string buried in the registry somewhere. CCleaner is a good program, plus it allows you to make a backup before you make any changes just in case.

    but, as others will also tell you, don't mess with the registry itself unless you are ABSOLUTELY SURE you know what you are doing.
     

  3. Toyman

    Toyman

    Messages:
    2,600
    Likes Received:
    36
    Joined:
    May 6, 2003
    Location:
    West Michigan
    It may be that it's getting downloaded, but due to security patches it's not being executed (which would be somewhat safe). Where is it finding it? In files? In the registry? In downloaded/internet cache?
     
  4. Wayne02

    Wayne02

    Messages:
    364
    Likes Received:
    0
    Joined:
    Dec 13, 2001
    Location:
    Washington
    Hmm, good question. I know the spyware software reports where it finds it, I just didn't make a note of it. The trojan will probably be back tomorrow and I will take note of where it is found and report back. I'll also try the cc cleaner.

    Wayne
     
  5. NetNinja

    NetNinja Always Faithful

    Messages:
    967
    Likes Received:
    0
    Joined:
    Oct 23, 2001
    Location:
    HotLanta, GA
    Wayne02 I sent you a PM.
     
  6. fastvfr

    fastvfr Ancient Tech

    Messages:
    2,344
    Likes Received:
    0
    Joined:
    Mar 28, 2001
    Location:
    SW Oregon
    "Anybody heard of this?"

    Only with people who run NAV while they use Internet Exploder to surf the Web...;Q ;g ;P

    If you ran a Mozilla product and a better AV app like Avast, this probably never would have happened at all.

    Is the HW firewall in your router set up properly?

    Is there a Restore point you can roll back to?

    Do yourself a favor and set one every week as long as you persist on indulging in Unsafe Surfing, please.

    GL
     
  7. Wayne02

    Wayne02

    Messages:
    364
    Likes Received:
    0
    Joined:
    Dec 13, 2001
    Location:
    Washington
    Well, mr. trojan seems to be gone. Cleaned up after ccleaner and have had no problems for four days straight now.

    In fact had zero spy-ware of any type for the last four days using ms spy-ware, ad-aware, and spy-bot on a regular basis. Until today that is... had one instance of a medium threat addware something or other. Been tracking my surfing and today I made a slight diversion from my regular sites. I went to the discovery channels website and it wasn't long before I got one pop-up that over-road the blockers.

    Ran ms spyware right after and sure enough found the addware deal that had infected three registry keys... guess I won't visit that site anymore.

    Wayne
     
  8. calestus

    calestus

    Messages:
    13
    Likes Received:
    0
    Joined:
    Feb 20, 2005
    Location:
    DFW
    give a-squared a try.