Security Basics mailing list archives

Re: Need help on Spyware

From: "Daniel Wozniak" <danran420 () hotmail com>
Date: Tue, 30 Mar 2004 04:01:06 +0000

hey, make sure you're updating the definition files in adaware and spybot.i've overlooked that at first.

From: Michael Cecil <macecil () comcast net>
To: security-basics () securityfocus com
Subject: Re: Need help on Spyware
Date: Fri, 26 Mar 2004 21:18:43 -0600
MIME-Version: 1.0
X-Sender: macecil () mail comcast net
Received: from outgoing3.securityfocus.com ([205.206.231.27]) bymc1-f29.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Mon, 29 Mar 200410:21:01 -0800Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid58D13A3775; Mon, 29 Mar 2004 09:52:55 -0700 (MST)
Received: (qmail 16570 invoked from network); 26 Mar 2004 21:08:40 -0000
X-Message-Info: 6sSXyD95QpUkaF/VtF/wZgDtaoqUe9UR
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-Id: <6.0.1.1.2.20040326211440.02048950 () mail comcast net>
X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1
In-Reply-To: <20040326124302.2716.qmail () search securityfocus com>
References: <20040326124302.2716.qmail () search securityfocus com>
Return-Path:security-basics-return-27825-danran420=hotmail.com () securityfocus comX-OriginalArrivalTime: 29 Mar 2004 18:21:02.0214 (UTC)FILETIME=[9771E260:01C415BA]
At 06:43 AM 3/26/2004, H Carvey said:
>In-Reply-To: <OF59F2B19F.120D964A-ON48256E62.00040DCF () dci net>
>
>
>>      I'd encountered some problems with my PC, the Internet Explorer
>>always get redirected to a page called http://merdeka.hebat.com when Itry
>>to browse. I've tried to scan with Ad-aware and Spybot and nothing was
>>found, on top of that I've also do a full system scan with 3 antivirus
>>software and the out come also tell me that my system is clean fromvirus.>>What I suspect here is somehow the spyware change my registry andredirect
>>me to the page. Can someone help me ??
>
>Have you checked Browser Helper Objects, or the Registry keys that you
>suspect where changed? Have you done a search of the Registry for"merdeka"?
Browser Helper Objects don't always get detected by spyware scanners. Usesomething like HighjackThis or BHODaemon to scan and repair this sort ofthing. Then increase the security settings of IE or switch to Mozilla.
http://tomcoyote.com/hjt/hijackthis.zip
http://www.definitivesolutions.com/files/BHODemon10Setup.exe
--
Michael Cecil
macecil () comcast net
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master theskills of an Ethical Hacker to better assess the security of yourorganization. Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


_________________________________________________________________

MSN Toolbar provides one-click access to Hotmail from any Web page FREEdownload! http://toolbar.msn.com/go/onm00200413ave/direct/01/



---------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 offany course! All of our class sizes are guaranteed to be 10 students or lessto facilitate one-on-one interaction with one of our expert instructors.Attend a course taught by an expert instructor with years of in-the-fieldpen testing experience in our state of the art hacking lab. Master the skillsof an Ethical Hacker to better assess the security of your organization.Visit us at:http://www.infosecinstitute.com/courses/ethical_hacking_training.html

----------------------------------------------------------------------------

Current thread:

Need help on Spyware bryan_khoo (Mar 25)
- RE: Need help on Spyware Eric (Mar 25)
- <Possible follow-ups>
- Re: Need help on Spyware Michael Rundell (Mar 25)
- RE: Need help on Spyware Dante Mercurio (Mar 26)
- Re: Need help on Spyware H Carvey (Mar 26)
  - Re: Need help on Spyware Michael Cecil (Mar 29)
- Re: Need help on Spyware Daniel Wozniak (Mar 30)
- Need help on Spyware bryan_khoo (Mar 30)
- Re: Need help on Spyware SMiller (Mar 30)