Home page logo
/

basics logo Security Basics mailing list archives

Re: Need help on Spyware
From: "Daniel Wozniak" <danran420 () hotmail com>
Date: Tue, 30 Mar 2004 04:01:06 +0000

hey, make sure you're updating the definition files in adaware and spybot. i've overlooked that at first.


From: Michael Cecil <macecil () comcast net>
To: security-basics () securityfocus com
Subject: Re: Need help on Spyware
Date: Fri, 26 Mar 2004 21:18:43 -0600
MIME-Version: 1.0
X-Sender: macecil () mail comcast net
Received: from outgoing3.securityfocus.com ([205.206.231.27]) by mc1-f29.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 29 Mar 2004 10:21:01 -0800 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 58D13A3775; Mon, 29 Mar 2004 09:52:55 -0700 (MST)
Received: (qmail 16570 invoked from network); 26 Mar 2004 21:08:40 -0000
X-Message-Info: 6sSXyD95QpUkaF/VtF/wZgDtaoqUe9UR
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-Id: <6.0.1.1.2.20040326211440.02048950 () mail comcast net>
X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1
In-Reply-To: <20040326124302.2716.qmail () search securityfocus com>
References: <20040326124302.2716.qmail () search securityfocus com>
Return-Path: security-basics-return-27825-danran420=hotmail.com () securityfocus com X-OriginalArrivalTime: 29 Mar 2004 18:21:02.0214 (UTC) FILETIME=[9771E260:01C415BA]

At 06:43 AM 3/26/2004, H Carvey said:
>In-Reply-To: <OF59F2B19F.120D964A-ON48256E62.00040DCF () dci net>
>
>
>>      I'd encountered some problems with my PC, the Internet Explorer
>>always get redirected to a page called http://merdeka.hebat.com when I try
>>to browse. I've tried to scan with Ad-aware and Spybot and nothing was
>>found, on top of that I've also do a full system scan with 3 antivirus
>>software and the out come also tell me that my system is clean from virus. >>What I suspect here is somehow the spyware change my registry and redirect
>>me to the page. Can someone help me ??
>
>Have you checked Browser Helper Objects, or the Registry keys that you
>suspect where changed? Have you done a search of the Registry for "merdeka"?

Browser Helper Objects don't always get detected by spyware scanners. Use something like HighjackThis or BHODaemon to scan and repair this sort of thing. Then increase the security settings of IE or switch to Mozilla.

http://tomcoyote.com/hjt/hijackthis.zip
http://www.definitivesolutions.com/files/BHODemon10Setup.exe
--
Michael Cecil
macecil () comcast net
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]