I dont know how it happened but I now have an unsolicited banner on my Internet Explorer. Every page I enter has a red banner across the top telling me abouyt a poker game. Every time I open IE I get a poker search engine, everytime I search I get a poker seach - what is happening!!!

I have reset the defaults - noipe does not work, I have loaded and run a spybot - nope, no help, I have edited the default webpage back to what it should be and guess what - it does not help. Has anyone any idea what I can do please? I am pulling out my already scant hair one by one.

:bawling:

What was the last thing downloaded/installed on the computer?

the last thing I loaded was spybot - a spoyware deleter, before that it was Norton Anti virus and before that Zonelabs, before that nothing for four months. I cannot believe that it was any of these items? Feeluing really depressed now, its lager time

You probably got it off a website you visited. Use Ad-Aware with Spybot to make sure your system is clean.

Download adaware and also run spybot. Is it a banner in the HTML of all sites or is it a bar added to IE? If it's a bar right click and see if you can see a name then search on google as most have a way to uninstall the crap they put on.

It is html on each page - I tried contacting the reference site that is mentioned and they deny knowledge - odd that :(

I will try adware to see what happens

Thnaks for the help guys

You don't need to download something to get hijacked. To get rid of the intruder go here:
http://www.computercops.biz/downloads-cat-14.html
Download adaware and run it, deleting the junk it finds.
Then download hijack this and check out what it finds here:
http://www.computercops.biz/HijackThis.html
The forums on that site give a lot more information about the current problems with spys and adware and how to get rid of them.
If it comes up when you run Google searches, it's a hijack by a browser helper. Those can sneak in if you've enabled helpers in IE to use the Google toolbar. Hijack This will show you where those are and get rid of them for you. A lot of the BHOs insert themselves into the startup directory and regenerate.
Again, Hijack This will help you weed them out.

And when you delete it I suggest you switch to some other browser that isn't full of security holes:
http://www.mozilla.org
http://www.opera.com

Yup - browser hijack. Not pleasant as they can be nasty things to get rid off. Not had one of those myself, but seen them at work elsewhere - hard to get rid of. Follow madmouser's comments and be thorough with the cleaning of your system.

Thanks for the help chaps but all to no avail. I have tried Adware, I have tried spybot and most recently hijack and all to no avail. Yes it does appear when visiting Google and now it is bring up pages of its own including poker, sex and other items of no interest to me in viewing - I have a popup stopper but thats not stopping these. Almost at my wits end here, time to take a step back and thing again I feel. Anyone got any ideas please?

:bawling:

grap, this problem is becomming more and more evident, i had the problem and done exactly as you have done, instlled spybot, adaware, etc... nothing got rid of it, put simply its been automatically installed on the machine by some internet explorer bugs that exist at the moment.

For all internet explorer toolbars and maintenance for popups and junk you need to download the following program:

http://www.mvps.org/sramesh2k/toolbarcop.htm

i suggest it for anyone experiencing unwanted toolbars in internet explorer and unwanted popups that have a seemingly unknown cause.

you can PM me and ill give you my MSN details if you need further help.

-XT

You downloaded spybot? Not spybot search and destroy??

If so, that's your problem. I removed this program from 3 computers in the last month. It is not the real spybot search and destroy, and it is the cause of the banners and adware.

Sorry Pixetech it was Spybot S&D that I have downloaded, thanks for the help anyway :)

Sign up for the forum at PCpolice and post your hijack this log.
They'll tell you what's causing it and how to get rid of it.
http://computercops.biz/forum67.html
Did you check your Hijack This log against the database of known spyware/adware? Look at all the 02 and 04 entries. Do you recognize the names for each?

Originally posted by XTStrike
grap, this problem is becomming more and more evident, i had the problem and done exactly as you have done, instlled spybot, adaware, etc... nothing got rid of it, put simply its been automatically installed on the machine by some internet explorer bugs that exist at the moment.

For all internet explorer toolbars and maintenance for popups and junk you need to download the following program:

http://www.mvps.org/sramesh2k/toolbarcop.htm

i suggest it for anyone experiencing unwanted toolbars in internet explorer and unwanted popups that have a seemingly unknown cause.

you can PM me and ill give you my MSN details if you need further help.

-XT


This was not quite the answer but after 59 minutes and 55 seconds on MSN XT came up with a solution, I am sure he will explain it better than I but what a gent. It is a pleasure to meet people who are so helpful. Thnak you XT. Nice to know you

Grap

:)

Now we just gotta figure out how to keep that XTDude around.

just to let people know what the problem was for future reference, go to the following address and read up on the spyware trojan:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

if you download the shredder it will get rid of the majority of the trojan, you will also need to possibly alter your hosts file (located in windows/system32/drivers/etc) and get rid of all the junk entries.

anyone else has problems just PM me and ill try and help. if i get too many respons ill put a thread in the technical forum on how to resolve it step by step.

Grap, glad i could help you, im just happy it wasnt my mobile phone bill!!

Bravo XTStrike! Good work... (Dennis, any ideas yet? ;) )

Originally posted by XTStrike

Grap, glad i could help you, im just happy it wasnt my mobile phone bill!!

I rang you from the mobile and it was worth EVERY penny of the 59 mins and 55 secs :) , thanks for the help again.

Grap

same thing happened to me :( eventually got rid of its self somehow :confused:

Earlier today an ex-friend of mine, sent me an exe that contained adware; no big deal, right? Wrong.

I ran Ad-aware 6 Pro, it found 256 new files/reg keys; so I removed them all and rebooted. When I opened up IE, I saw that two files were installing in the system tray, so I stopped them and ran Spybot search and destroy AND Ad-aware 6 pro, they both found a lot and removed them, I edited my msconfig startup, my "All users" start up, and my personal account start up and restarted.

To my dismay, MORE spy/adware was installed! I now no longer have a google bar, but instead an annoying "Search with tons of ads" bar; a very VERY annoying extra-windows-based bar that hovers over everything, that spawns pop ups; and about 50 different things trying to access the internet.


Does anyone have ANY clue how I can get rid of this junk? Spybot, adaware, msconfig, and editing the folder-based start ups; just don't work anymore.


Also, would anyone happen to know how to uninstall spybot completely, and/or reset the settings? I accidently set it to automatically scan; and I can't get back into the settings.



Thanks, this is a pretty bad starting post in the Lounge, but I just want to get this worked out before I can't even move my mouse; Did I mention the lag with new ad/spyware installing itself every 5 minutes, is terrible?

Personally, I've had good luck with PestPatrol.

I have merged this to contain the helpful links in one thread.

Search the forums here for information on what you've got.
http://computercops.biz/forums.html
You'll need to run Hijack This to get a look at what's going on.
You can download that and the CWShredder here:
http://computercops.biz/downloads-cat-14.html

One thing I did that got rid of a lot of stuff was to run a "find" on everything with an .exe that had been created or modified in the last day. And then deleted everything it found. Drastic, but effective. I knew I hadn't installed any new programs.

my problem is that i keep getting some search engine as my homepage and i cant fix that with any thing...it drives me nuts

I did every single thing listed above this post, and I was clean for about 12 hours. Its back now! :(

Someone help me, at first I was amused - now I'm getting very peeved; do advertisers have brains anymore? "Lets make our customers MAD! Maybe they'll buy all of our junk if they're blind with rage"

Here's some help;

www.mozilla.com / www.opera.com

:D

Originally posted by net-trend
Here's some help;

www.mozilla.com / www.opera.com

:D

Best advice yet... But remove the Opera :stickout:

I have both, and use both - but some sites only fully work in IE.

This is way past an IE problem now, even when there are no IE windows open, the spy/adware comes back.

Sometimes, when you use other programs like..*ahem*..Kazaa, they use IE too. Which means, you don't have to be using IE to be USING IE. :P

:( What do you take me for!? (Kidding).

But really, I use Kazaa Lite Plus Plus (Before it got shut down), eMule (Regular, unmodified version), Shareaza, etc. - nothing that has any type of ad or spy ware.

In fact, the only thing that really does anything, that I installed on my own; is Yahoo IM, but I took off everything besides the actual client.


So basically, out of the blue - IE windows appear; K++ Doesn't auto-spawn any type of pop ups, of any kind; and some sort of IE vulnerbility keeps on popping up when I run Spybot S&D, which supposibly lets programs auto-spawn IE windows without asking.


So SOMEHOW, something is running that isn't on the processes list or application list. :(

Go download and use SpyBot S&D, and Ad-ware 6.0 and it will be gone.

Skyoi, have you tried running the following software:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

if that doesnt work then PM me and ill work with you on getting rid of it by MSN.

Some dodgy site has taken over my homepage. I go into the control panel and set the homepage to what I want it as, and it is fine, but then after turning back on my computer the next day or whenver, its back again as my homepage!

Help :(

Some websites install a script in the registry to disable changeing the web page. Google it and you should find an answer. ;)

Download adaware or another spyware removal program.

For *temporary relief* in IE just goto Tools >> Internet Options and reset your homepage to about:blank.

However, you must as Steve as suggested get spyware for a real thorough check of your system.

This Thread (http://www.webhostingtalk.com/showthread.php?s=&threadid=258999) might be of help.

What homepage does it redirect you to?

http://download.com.com/3000-8022-10194058.html?tag=lst-0-2

:)

SPY SWEEPER (http://www.spybot.com) is your friend!!!

The Dude :)

Well I had family over yesterday and I made the mistake of letting the kids use the PC, I have now been infected with something from Lyco's called Sidesearch and as normal I did a search on it and found a few different methods for removing it but they all all different and some of the things such as file locations and registry keys do not exist so I think that Lycos is just changing the way it installs as far as filenames and registry entrys because every fix I find has different info than what I have.

I also deleted most of the files I could find off it and unregistered a .DLL it uses but it will not let me delete the DLL itself because it is in use by some process but I have been unable to find it even after killing almost everything but Windows services and explore.

I have ran both adaware and S&D with no luck at all and the files are back on the PC as soon as I reboot, I also attempted to restore the PC to a couple days ago, did not work so I tried a month ago and it is still stuck in there so there is something adding the registry entrys even after they are removed on bootup.

Worst of all I can't access any IP based urls for things like WHM as a Lycos side search page comes up for some reason.. frustrating to say the least..

All I have to say is we need to get some laws passed about this crap because as far as I am concerned this is just as bad as a normal destruction of property that someone would do when keying your car or whatever.. if only I had the time and the money I would persue things like this but I don't..

anhow if anyone has gotten stuck with this one before please let me know any help would be greatly appreciated.

Ran every single thing listed above, but it keeps coming back; I've cleared all of my temp files, after booting into registry; and after looking in my windows/system32 folder - I Found the following:

aktxprxy.dll
wpa.dbl
vsconfig.xml
aktxprxy.cpy.dll
wapicc.exe


All were created around the time I first started seeing ad/spy ware, but I can't deleted any - even in safe mode; any ideas? I can't find any info on any of them.

you can remove the side search thing through
control panel-> add or remove programs
Seriously.. there should be a law.
They are like hacking your pc pretty much.
You didnt give them permission to do this.
Its really say, just did a fresh win install a while ago.
And the guy got spyware in around 15 minutes..
Really Really sad.

Originally posted by Sykoi
Ran every single thing listed above, but it keeps coming back; I've cleared all of my temp files, after booting into registry; and after looking in my windows/system32 folder - I Found the following:



Lycos is one of the toughest to get rid of. Do a search on *.exe created during the last week and delete all it finds. That worked for me. Clean the registry.
Then run HijackThis and check what comes up in the log with what is shown here:
http://computercops.biz/HijackThis.html
Check carefully the R and FO entries in particular. Also the "browser helpers"
This is where it hides out.
You can download HijackThis from here:
http://www.computercops.biz/downloads-cat-14.html

Its not lycos, and its not an exe; I think its some sort of dll that runs with... Well just about anything.

I also said I ran Hijack This.

:( Thanks but none of that works for me, what I need is a way to delete the dlls BEFORE windows loads, but before I boot into dos and try that - I need to know what they do first.

Originally posted by XTStrike
Skyoi, have you tried running the following software:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

if that doesnt work then PM me and ill work with you on getting rid of it by MSN.


Have you tried this, it took an hour for XT to solve my problem but this did the trick first time I run it. Worth a go if you have not already tries it.

Grap

A couple things that weren't mentioned, so I thought I would add for future searchers to this thread:

If you suddenly find yourself attacked by a bunch of this stuff and can't get it removed right away, as a temporary fix, put in a blocking hosts file. Click this link and one will download:

http://www.mvps.org/winhelp2002/hosts.zip

Find 'hosts' and take a look at it (It's unlikely, but something on your system may have a special one in already) it's probably blank except for one 127.0.0.1 entry. Replace it with the one you downloaded and it blocks almost every scum advertiser in existance!

I leave it in all the time, even when my system is clean. Once in awhile though, you'll have to disable it (by renaming it) to get something working (A website, some software, etc.) No big deal, just think of renamimg it as turning it off and on. More instructions for hosts can be found here: http://www.mvps.org/winhelp2002/hosts.htm

Bazooka - If all else fails, this software does a pretty good job of finding everything and when you click on it, opens a webpage at kephyr.com with instructions on manually removing each parasite. Sometimes adaware and other auto removers won't work and it's necessary to sit down for a few hours and sytematically get rid of all of the crap. http://www.kephyr.com/spywarescanner/

Good Luck!
Joe