Spyware Issues (was Bellrock Warning)

[jpm]

Yeah, I've tried the McAfee, Norton and Zone Alarm products for internet security and found ZA to be the most compatible for online gaming, and just the best of the bunch overall. I am using the Pro version of it, which you gotta buy, but the basic free one is still good. The Pro version has more privacy related items, such as cookie, java, web bug blocking. That is the version I'd recommend. You can also tell it to shut up if the alerts are driving you nuts, it will just do its thing silently. They also have a special bundle that includes a product called Pest Patrol, which is a proactive anti malware/spyware program. I use that as well and never have a problem with hijacks, spyware, etc. And don't forget an up to date antivirus program! That's important to protect from evil email and websites. Yeah, its alot of crap to load on your machine, but its better than the alternative. Every so often I'll do an adaware and spybot scan just to see if anything snuck thru, so far so good!

Hint: If you use pest patrol, you may want to shut of the cookie patrol part, it can cause problems at times, and zone alarm pro can handle cookies.

[angahar]

What you have their is a nasty coolweb infection. Coolweb is a program that inserts itself into IE and your registry in order to redirect your homepage (to home search, among others) and give you pop up ads. It includes a remote keylogger to record everything you type in search engines, etc and uses that info to give you "targeted: pop ups. Some versions of coolweb are extremely stubborn and difficult to remove from your computer. Adware programs like ad-aware, spybot and spysweeper will track down bits and pieces of coolweb but are no real help in dealing with the beast. Coolweb is thought to be spread via certain, ahem, ad-intensive websites and pop ups. Here is a few suggestions in dealing with it:

Download coolweb shredder. Despite the name it doesn't usually do the job by itself, but its a start.

download hijack this. This is a program that identifies suspicious registry entries and gives you the options of which ones to delete. Use with caution, For the most part eveything it comes up with is expendable, but read the descriptions it gives you of the file types to help guide you. Specifically look for BHO (browser helper objects) and files that change your IE start and search pages (duh).

download a program like browser hijack blaster that will tell you whenever coolweb tries to reinsert the BHO into your registry. This gives you a good indication whether or not you've killed it.

download antivir, a free antivirus program that seems to help but doesn't eliminate coolweb.

go to your start menu and run "msconfig" click over to the last tab with the programs that load on startup. Uncheck everything you don't use (something called "addux" is suspicious). I uncheck everything for a super fast load, but some people like certain programs to start.

There is also a process that coolweb starts that is listed as a sysyem process that busily goes about undoing all your work by recreating the files that are attacking your browser. Hit control alt delete and go to the processes tab to see what processes are running. I've seen it use a process called something like dhvj or some four letter garbage starting with d. This can be labeled as a system process but it is not your friend. To narrow it down a little, boot in safe mode and write down all the processes that are running. These should be ok. Boot back in normal mode and see what extra processes there are. Experiment with ending these. One of them is adding phony .dll files to your system and system32 folder that are attacking your browser. (browser hijack blaster will tell you what .dll files are adding the BHOs to your registry.)

use your spyware program as normal to scour your system.

This is in no particular order, and all of it might not be necessary. However, running and rerunning all these things finally freed my brothers computer from the evil clutches of coolweb. cwshredder will also give you a few ways to prevent reinfection. Good Luck!

[Yankee]

I can really recommend HijackThis. I've had similar problems like what you described twice within the last couple of months and this program helped me get rid of the intruders quickly.

[Black21Jack]

Thanks a lot for the help angahar. I will try all this tomorrow and re post my progress. Once again thanks a lot, I appreciate it.

[jpm]

I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.

[Black21Jack]

I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.

That would be great if you could post how to do that jpm. I was going to start doing all the other stuff but because it will take a while, I am being lazy. Will system restore erase anything?

[jpm]

Its is supposed to only affect the registry and other programs and settings, but not affect documents, etc. Just be on the safe side and back up anything important before you do it! I didn't seem to lose anything when I did it the other nite and it was about a 5 minute procedure. Quite painless indeed, and I'll use it again in the future if I ever have similar issues.

I'll post the procedure when I get home, so I can take you thru each step as I do it, except for the final step of course

[GrandMaster]

You should also tighten up your IE security settings or even ditch IE completely and use a different browser such as Mozilla Firefox (my favourite) or Opera.

[jpm]

Don't you have to pay for opera? Or is it free now?

[Black21Jack]

Ok, I decided to get off my lazy arse and download all advised programs. They were: Antivir; which found over 20 Trojan Horse files on the computer, Spyware Sweeper; which found numerous bad programs all of which included "casino" in the name, 3 had "Microgaming" in the name and two had "32Red" in the name even though those casinos were immediately uninstalled when I started having the problems, Hijack This, Window Washer (my own idea becuase it cleans cookies, history, recycle bin, and file extensions), Ad-aware, Browser Hijack Blaster, and CW Shredder. These are in addition to SpyBot S&D, and Spyware Blaster which I already had protectiing my system. All of this seems to have done thee trick, I do not get the search pages or popups anymore. I would still like to do system restore to be on the safe side. Thanks for all the help.