Amiga.org
The "Not Quite Amiga but still computer related category" => Alternative Operating Systems => Topic started by: KennyR on March 30, 2004, 01:08:03 AM
-
I've just cleared spyware from my family's PC for the 50th time. I think I got it all, and certainly that annoying custom IE toolbar doesn't appear any more, but it seems that the spyware made changes to my system.
Specifically, any window called "Mozilla" is automatically closed. That includes explorer windows and the Mozilla browser window itself. This means nobody can use Mozilla on this machine.
I've searched the registry and run AdWare, Spybot Search and Destroy, Norton AntiVirus 2004 and several other spyware removers. My system seems clean.
How can I get rid of this annoying automatic window close "feature"? Anyone had a similar problem and know how to fix it?
-
wow, SpybotS&D didnt get it all?
I assume you ran the "Immunize" feature and all the updates were done on the spybot S&D
I found a "strategy" page for you, not that it will be the cure
http://cexx.org/neuter.htm
-
If your running Win2000 or XP, Just put the CD in and 'fix a damaged installation.' It reinstalls all system files to their original versions.
Win98? Unless you can find the .dll that's doing it, you might as well wipe out the partition and reinstall windows. It will save you hours.
Just make sure when you're done to install Moz/Firefox and then hide all associations to IE so they can't use it anymore.
:-D
-
Install Firefox 0.8 and the Firefox Extension that randomises the browser name!
-
An excellent suggestion 8-)
-
If your running Win2000 or XP, Just put the CD in and 'fix a damaged installation.' It reinstalls all system files to their original versions.
That replaces the system files, but keeps most of your registry intact, so as not to damage installed software. I tried that a few times, and not only didn't it fix anything, but I ended up with several duplicates of my Documents and Settings folder, with no reliable way to get rid of them.
If spyware or other software you don't trust has corrupted your system, you might as well just re-install... and give your family another big lecture on installing crap. I ususally don't have to re-install my families' computers, though. I've never heard of a background task or config change that automatically closes windows. IE, in particular, will throw a fit if you try to close a window with JavaScript (even though you can OPEN as many as you like!)
I miss the non-registry days. Programs didn't care if they were installed or not, they just ran wherever you put them! You may not have to re-insall programs, since they rebuild their registry data as needed. Only programs with passwords and stuff may throw a tantrum.
-
Install Firefox 0.8 and the Firefox Extension that randomises the browser name!
Installed the "Firesomething" extension.
The results are a riot.
-
May seem silly but do you use a popup preventer (NoAds a very popular preventer is actually a window preventer if you check the window list or popup list you should find Mozilla there). It is also possible to ad Mozilla to your popup preventer in Mozilla itself. If you get a popup that is lets say a porn site and you right click and add to popup list and the popup window name just says Mozilla build ,xxxx you will not be able to use Mozilla it will supress its own window.
-
Sounds more like a problem for Mozilla had, either the spyware blaster removed something from Mozilla (Don't know if Mozilla has spyware) and therefor Mozilla can't load succesfully. If you have a NT machine (NT4, 2000, XP) then you can look in the eventviewer and see if Mozilla reports anything. Or look for a log in it's program dir. Anyway, have you tried reinstalling mozilla ?
Otherwise; if this problem has been here before "groups.google.com" and search for something like "mozilla windows close itself" orsomething like that.
Edit
Or what vpamicue said :-) :lol:
-
legion wrote:
If your running Win2000 or XP, Just put the CD in and 'fix a damaged installation.' It reinstalls all system files to their original versions.
You can do similarly with '98, no need to completely wipe
the partition.
Win98? Unless you can find the .dll that's doing it, you might as well wipe out the partition and reinstall windows. It will save you hours.
-
Hi
How you could fix your problem ?
Sell your PC at eBay and use an Amiga ;-)
No more spyware or problems in repairing the system :-D
Have your spyware removers possibly removed the whole spyware Wind#*? itself :-D
Noster
-
Ok, found the problem and eliminated it. vpamicue was right - i went to PopupBlocker and found the Mozilla window listed in its block list. How the hell did it get there? Why didn't I think of that myself? Arrrghh!
Still, it was hard to find because of all the secret data files Windows keeps. Registry, javascript, java, javavm, ActiveX controls... any of those could have been to blame.
This family PC uses XP. I "repair" the XP installation (which is actually reinstalling, lets get this straight) only as a totally last resort. Why? Because it (a) almost never fixes problems like these and (b) always breaks lots of stuff, including the VIA drivers its taken me ages to get stable.
Well anyway, thanks to everyone for their suggestions. I can genuinely say that if it wasn't for AO coming to the rescue again I'd still be looking at this computer and scratching my head.
-
The best thing to do (which i do), when the machine is in a perfect running state i run Norton Ghost to back up my brother in-laws machine to cd-r`s. so he can do what the hell he wants online and i can get it back to the way it was before he ever touched it :-)
If they are total newbies i recommend something like Norton GoBack which can be set to revert the machine back to the way it was at a set date/time.
-
I should also tell you where the problem came from. Two weeks ago, I also cleared out a lot of spyware, adware and malware - including a nasty browser hijacking trojan. Then the system was clean.
But the source of all the crap seemed to have been a program called Messenger Plus!, a fairly innocuous addon program for MSNMessenger. None of the spyware removers tried to remove it so I thought it was ok. Then yesterday a popup appeared saying "A Messenger update is ready. Would you like to download now?"
Someone clicked yes. And it downloaded all the crap again.
So Messenger Plus! is gone and I've told my family not to install it again, or to install any of these other kinds of things like SmileyCentral or Comet Mousepointers that also seem nice but are actually spyware too.
This spyware issue - and in particular, the browser hijackers - are becoming a HUGE problem in Windows. Virus killers don't catch them and they seem to be being added to every popular piece of freeware or shareware software, not just crap like P2P clients.
The design of Windows is totally to blame for these problems. Whoever thought integrating all of the system services like that should be slapped and drowned in warm custard. What a crazy, useless idea.
-
Perhaps a "listen to me or I don't fix your computer problems anymore" ultimatum is in order?
Admittedly I've never had any problems getting my family to do as they're told wrt using computers. I think they understand that they do things like I suggest, or they have loads of problems.
Also, I'd remove at least MSNM (and any other messaging apps, as they're evil and full of security holes), as well as OE. Install Firefox and Thunderbird (recent builds).
-
Well Mike, I'm not the system admin. If I locked off their ability to install stuff completely then I'd have to install things whenever they wanted something installed - which is often. I don't have the time or the inclination to do that. And I don't want the computer's functionality crippled like that. They paid a lot of money for it, they need to use it. I clean the mess sometimes.
It's a learning curve. My sister uses the computer most and installs most crap on it. I teach her what not to install and what to do if something breaks. Hopefully in time she'll learn. Hopefully.
I'd just like to know who at Microsoft had the bright idea of merging Explorer and Internet Explorer. As far as ideas go, that ranks closely to peeing on an electric fence, invading Russia, or clicking any button that says "Click here for TOTALLY FREE porn!"
-
I recently had similar problem with my XP machine..considering blocking all access it has to outside world at my router to avoid these issues and caching the content on I want on my LAN...k'in nightmare it is.
Even my sister got smart and ditched the spyware MSN type stuff...
Next time your family buy a computer....make sure they get a Mac, problems gone in an instant :-) I'm certainly recommending this to the less computer literate members of the family (and the stupid ones who install crap on a daily basis)..
Steve
-
Well... Some tips for ya Kenny...
Install PestPatrol (http://www.pestpatrol.com/), and let it run in real time. It will zap spyware in real time (it has a neat feature where it beeps everytime it zaps one, and while you surf the web you hear it beeping constantly, with some pages going berzerk. Kinda creepy, so I turn off the beeping feature).
Since you'll most certainly be back there next week cleaning up their system, you may want to install HijackThis (http://www.spywareinfo.com/~merijn/files/HijackThis.exe), TCPView, Process Explorer and AutoRuns from SysInternals (http://www.sysinternals.com/ntw2k/utilities.shtml), NetInfo (http://netinfo.tsarfin.com/copyright.html), PacketMon (http://www.analogx.com/contents/download/network/pmon.htm), and perhaps a personal firewall which grants internet access only to apps the user approves like ZoneAlarm (http://www.zonelabs.com/store/content/home.jsp) (MikeyMike may suggest others). These tools should help diagnose and track down any "rogue" software.
Just last week I too was cleaning up a buddy's XP box. His was infected with a spybot and a nasty virus. I managed to clean both up nicely. Interestingly, the spybot was trickier to track down and used several spybot removers, and did a lot of the work myself. I first noticed it when I had his machine "idling" and noticed the LEDs on my router going crazy. I did a netstat and it scrolled off the page! So I installed most of the software I listed above, and when I ran TCPView I noticed that one particular instance of svchost.exe had over 50 live connections with IP addresses throughout the world! Using Process Explorer I was able to kill the right svchost.exe (it's normal to have several instances of svchost.exe running as it is a generic "host" process for most standard services). Anyway, I eventually tracked it down to something called "hotbar", which had some aliases (check for hbinst.exe on your HD & registry). HotBar is basically a browser extension much like the yahoo/google bars are, except it supposedly links to "Free XXX" and "Horny Teen Sluts", etc... Not sure how he got that?!? ;-) But anyway, this nasty little bugger installed itself multiple times all over the place, also calling itself SuperBrowser or something like that. I also found it in the "Install and Remove Software" control panel, and when I clicked on "Remove", it in fact re-installed it self!!! So I manually "removed" that app from the registry with RegEdit. Good times!
- Mike
-
Well Mike, I'm not the system admin. If I locked off their ability to install stuff completely
Where did I suggest you should do that?
And I don't want the computer's functionality crippled like that.
Crippled like what?
I'd just like to know who at Microsoft had the bright idea of merging Explorer and Internet Explorer.
Turn to page 1005 of "How To Force Out All Competitors in the IT Industry". It's under "screwing both customers and competitors for fun and profit".
-
a word to the wise: Never use IE.
Like, NEVER.
in my ZoneAlarm settings I have IE totally blocked - BIG [color=CC0000]RED[/color] Crosses - preventing IE from going out to the interent or being a "server'.
IT'S JUST NOT ALLOWED TO DO ANYTHING.
so, even if another program accidentally starts it, it does nothing but sit there until i turn it off.
and i do!
quickly
:lol: :flame: