Okay, as some of you may know, I have a cousin about my age, a little older, and he like to skrew around with my computer when he's around, but this time I'm seriously thinking about putting a password on my account.
Anyway, he was on my computer yesterday and he went to tons of pr0n sites and now I think I have a bunch of spyware on my computer because the last few times I've gotten on internet, IE is slower than usual (not loading pages, like highlighting text and such) and my homepage has been changed. I've heard the AdAware is a really good program, but I think I've heard that there's better (must be free though). I've never needed it before because the only places I've gone are Massassi and a few other places for homework, so there was no reason to get it.

I checked google but I didn't get any good results (the places either had a broken link to it, or didn't have a link to it, I may have spelled it wrong too http://forums.massassi.net/html/redface.gif ). Anyone know where I can get it?

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

Well, after about 20 minutes of searching and using google, I found Ad-aware 6 and did a scan, 162 items, I must say that I expected more for a first scan, anyway, How do I make sure that I don't accidentally delete a file that is important?

Most of the things it found were cookies, but there were a few files, .dlls, and registry keys and I don't know how to tell if they are needed by something (windows and such). Like it says that 'Alexa' is a program "installed with internet explorer and some microsoft updates." so I don't know if I should keep that or let it be deleted. I could really use some help with this.

Thanks for the help in advance.

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

If Adaware finds it, you can safely delete it. It does find things about DAP, and occasionally Opera, but those are both for the free versions, and have to do with the adds and what not.
Spybot: Search and Destory is another good one, and if you run both of them together (one after another), and they are both updated to the current log file, you'll annhialate pretty much everything.

------------------
[12:42] Spork: I wish I knew, coned sucked. owned owns coned and pwned.
[23:30] <happydud> Crap! I think I just dislocated my shoulder while sneazing...
MadQuack on Military school: Pro's: I get to shoot a gun. Con's: Everything else.

Thanks, it said it couldn't delete one of the .dll files, is this a problem?
It was in the C:/windows/system32 folder.

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

[This message has been edited by Stormtrooper (edited August 31, 2003).]

You mean you don't routinely visit pr0n sites?

------------------
To think that once I could not see beyond the veil of reality, to see those who dwell behind. I was once a fool.

No, just no...

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

<font face="Verdana, Arial" size="2">Originally posted by Stormtrooper:
No, just no...

</font>

Well that's beyond me...

------------------
To think that once I could not see beyond the veil of reality, to see those who dwell behind. I was once a fool.

<font face="Verdana, Arial" size="2">Originally posted by Stormtrooper:
Thanks, it said it couldn't delete one of the .dll files, is this a problem?
It was in the C:/windows/system32 folder.

</font>

Quite possibly one of the spywares was running at the time. I am assuming your running win2k/XP with these instructions. If not, let me know.

Right click on your taskbar, then click on task manager. (CTRL+ALT+DEL then click on task manager works too)

List any ones that you think are suspicious. If you are unsure, just list it.

Here are some that can be counted as safe:

Studio.exe (winamp)
IEXPLORE.exe (internet explorer)
explorer.exe (windows)
System (... System)
System Idle Process (... System)
regsvc.exe (services program)
SMSS.exe (system)
svchost.exe (services program, may be multiples)
WinMgmt.exe (windows)
spoolsv.exe (printer program)
LSASS.exe (system)
WINLOGON.exe (windows)
TASKMGR.exe (Task Manager... duh http://forums.massassi.net/html/biggrin.gif)
Services.exe (services program)
avgcc32.exe (AVG virus scanner)
NAV***.exe (*** represents anything. Any of that starting with NAV is Norton Antivirus)
CTHELPER.exe (important)
nv****.exe (nvidia control panel. *** same as above)
ati2evxx.exe (ATI control panel)
mstask.exe (system)
rundll32.exe (This is a special case. If there are multiples, LET ME KNOW. Also, it is safe to end process this file. Once the windows system has started, it serves no usefulness, except oftentimes to run spyware. It is a normal system file, but its a special case sort of file, that can be used to run spyware.)

If there are duplicates of any that are not listed as having duplicates, write those down. Also, if there are any miss-spelled ones, do not dismiss them. I didn't make any spelling mistakes. I checked. Write them down.

Obviously there are more, and it will vary between systems as to what is safe. But those above can be used as a sort of narrowing-down.

Hopefully I didn't scare you, and if you have computer expertise, this should make a lot more sense for you. I tried to make it as simple as possible.

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...

This is all that is in there:

alg.exe
CDAC11BA.exe
csrss.exe
explorer.exe
IEXPLORER.EXE
lsass.exe
mostat.exe
NAVAPSVC.EXE
NAVAPW32.EXE
notepad.exe
nvscv32.exe
pctspk.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe (3 running under system, 1 under local service, and 1 under network service)
System
System Idle Process
taskmgr.exe
winlogon.exe
WZQKPICK.EXE

Typed exactly like it is in the processes tab, checked and double checked.
Some of the things you mentioned I've never seen in there, like the CTHELPER.exe, so I just listed everything that was in the window.

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

If you really want this dead and gone, you can actually end task everything BUT explorer.exe... I do it all the time on my 98se box. So try this, and then run adaware.

If your computer crashes after you close something, make a note of it, reboot, and skip that one next time.

------------------
[12:42] Spork: I wish I knew, coned sucked. owned owns coned and pwned.
[23:30] &lt;happydud&gt; Crap! I think I just dislocated my shoulder while sneazing...
MadQuack on Military school: Pro's: I get to shoot a gun. Con's: Everything else.

Here are the ones I would end process, then immediately run ad-aware afterwards:
alg.exe &lt;-- End it.
CDAC11BA.exe &lt;-- End it.
mostat.exe &lt;-- Might be a spyware. End it.
notepad.exe &lt;-- that's notepad. No probs there. That is, unless notepad isn't running.
nvscv32.exe &lt;-- This might be nvidia stuff, but end task it. I don't recognize it.
pctspk.exe &lt;-- Not sure, but end it. It might be some sound card software, but not important for now.
WZQKPICK.EXE &lt;--Very High probability of this being a spyware

After end-processing those, run ad-aware again. And delete everything it comes up with.

------------------
"The future is not determined by a throw of the dice, but is determined by the conscious decisions of you and me."
I am addicted to ellipses!!! AHHH!!! ...

WZQKPICK.EXE is winzip quick pick, but I'll do the other things you said.

When I started up my computer again today, my homepage was changed again, I swear I'm gonna hurt my cousin if I can't get this fixed.

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

OK, I ended those, (mostat.exe wasn't in the list, so I'm guessing it's with some program) ran Ad-aware and all it found was a registry value. I think it had something similar to what my homepage was changed to earlier.

I'm gonna restart here in a little bit and run Ad-aware again, just to be sure.

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

I don't mean to hijack or anything, but my computer that isn't connected to the internet has rundll32.dll on there twice. What's that mean?

I'm still having trouble too, today when I got on my computer, right away it tried to connect to the internet to some webcomic site, I cancelled and ran Ad-Aware and this came up in the log file.
<font face="Verdana, Arial" size="2">
Possible browser hijack attempt : SOFTWARE\Microsoft\Internet Explorer\Styles "c:\windows\web\oslogo.bmp"

CoolWebSearch Object recognized!
Type : CSS Hijack
Data : c:\windows\web\oslogo.bmp
CSS Hijack : SOFTWARE\Microsoft\Internet Explorer\Styles\c:\windows\web\oslogo.bmp

Possible browser hijack attempt : SOFTWARE\Microsoft\Internet Explorer\Styles "c:\windows\web\oslogo.bmp"
</font>
(What's all that mean?)
I deleted all the things that came up and restarted my computer, this time nothing came up but when I opened internet explorer, the homepage was changed again (to something like out.counter. something) and then it tried to connect to that same webcomic site again after that. It's like internet explorer isn't keeping the changes I make in options after I shut down the computer.... grrr....
I just updated the reference file for Ad-aware so I'm gonna see what that does, and I think I'm gonna give that Spybot: Search and Destory a try too.

Okay, I got Spybot S&D, it found some DSO Exploits, what should I do with those? Also, it found some registry from Windows Media Player, what should I do with those?

------------------
Look for my current project, The Force in Your Soul.
Last week I cudn't evn spel grajuat, but now I is one.

*Takes out his blaster and fires shots at the wall, the blastmarks leave the words "S-TROOPER WUZ 'ERE!!!"

[This message has been edited by Stormtrooper (edited September 02, 2003).]

This might be a bit of a hijack as well. But well spybot search and destroy no longer [as of about a month ago] loads for me. Just sits there forever supposedly loading 'til have to end-task it. This is a bit perplexing, as have uninstalled re-dl'd reinstalled and all that. Adaware came up clean. But, still.

------------------
Blue Mink Bifocals ! (http://dormouse.spyw.com/)
fsck -Rf /world/usr/ (http://deadkittyp.com/)
Capite Terram (http://villainsupply.com/)
"Stupid English language... Why does nothing rhyme with 'primordial goo'???" -happydud
NPC.Interact::PressButton($'Submit');

---Start Pointlessness---
What is spyware?
-Clothes James Bond wears
---End Pointlessness---


------------------
WARNING: THIS POST MAY CONTAIN TRACES OF PEANUT!!! (http://www.ud.2ya.com)