I just joined the forum as I’m a bit desperate. I downloaded the avast home edition and detected (and deleted) several viruses. So far, so good. But still I have a spysoftware (I assume) on my computer that delets my startpage and tries to link me to a page like onemoresearch.net or searchxp.com. Furthermore it puts links behind certain words on all webpages that are difficult to detect as fake. Besides all this I constantly get pop-ups especially from i-friends. And all this is not detected by avast! Why is this so and what can I do?
HiJackThis - Eddy’s Website click the “HiJackThis Section” and also the “Malware removal instructions and applications” section.
and follow the directions there and get back to us if you need more help…
Thank you both for your help. I loaded down Spybot which detected everything and fixed also almost all of them. The only problem I still have with DSO. This can’t be fixed by Spybot. I even changed now the according value in the registry for “1004” to “3”. So I got rid of one but it is still not enough. Download of dsostop2.exe didn’t really help either. Either I have to wait for the next update of Spybot or look for another solution.
Hi, what was the exact location of the DSO exploit? I believe right now Spybot has a false positive - since I have the exact same DSO exploit continually bothering me.
You must have version 1.3 Final installed in order for this fix to work
The DSO Exploit is a security gap in IE. Microsoft did already repair this, so if you have all Windows updates and patches installed, it will not be dangerous for your system. Spybot S&D will still find it, because it contains an invalid value. Spybot S&D just has to reset that value. Unfortunately, in the current version, it sets again an incorrect value, so it is found in the next scan.
Yes, I think it’s a false alarm - it was said on their web or did I read it on this forum ? Try google. Hijackthis (recommended by DavidR) is good tool - but not for newbies.
the exact path is HKEY_USERS\DEFAULT\Software\Microsoft\Windows\Current\Version\Internet Settings\Zones\0\1004!=W=3.
Instead of DEFAULT it is also S-1-5-18 or S-1-5-19 or S-1-5-20. I loaded down all the recommended programs + dsostop2.exe and deleted one registry manually which still leaves four registries I can’t get rid off!
That really sucks >:(
If anybody has an idea I am open to (almost) anything!
Haxthausan… read up to the message I posted a few minutes ago. Go to that link and download the file and run it. It WILL fix the DSO problem with Spybot
Thanks a lot. I finally got rid of the annoying false postive I’ve had on Spybot.
Never really looked into it before. Shame on me. :-
Gald I was doing a bit of browsing tonight.
Actually avast! does detect many spyware too.
Mostly it’s detected as Win32:Trojan-gen or it has tag [Adw] in the end of the name.
Some are also detected as Trojano-xxx (x are numbers).
But as other said,avast! is manly an antivirus so spyware detection isn’t it’s primary job.
Hello together, I’ve read this here and like to tell you:
If you use the Ad-Watch Monitore from Lavasofts Ad-Aware (the online scanner from Ad-Aware) and you do a scan with Spybot:
Do not forget to turn off the Ad-Watch Program BEFORE you click the “Fix Problems” Button in Spybot. Or you have to turn off the Automatic-Option from Ad-Watch or the following will happen:
If you let Ad-Watch run (and Spybot has found spys on your computer) Ad-Watch will block any change that Spybot will do at the Windows Registry to remove the spys.
Spybot can NOT remove any Spyware if the Ad-Watch Module is still running and/or active.
Spybot will give out the message that it has removed the spys, but it did not, they are still there, because Ad-Watch has blocked the changes from Spybot.
You can also shut down this Automatic-Option in Ad-Watch, then a message from Ad Watch will pop up on the screen and the program will ask you for agreement with the action Spybot want to do in the registry or not.
In the opposite, Spybot does not block any action Ad-Aware will do in the registry, if Ad-Aware has found any Spys.
Yes, problems with DSO and SpyBot are old ones… Sorry if I did not post before…
If you schedule a boot time scanning of SpyBot you can get rid of that registry keys :
Ronny, welcome…
You’re right, the residents of SpyBot (TeaTimer) and Ad-Aware (Ad-Watch) can make a lot of mess togheter.
I really recommend that you disable them when uninstalling software…
It would save a lot of time from me as they were preventing the legitims registry key to be added while uninstalling.
EXACTLY!
If you let them run (the residents) from both (Spybot and Ad-Aware) you are unable to do any installation or deinstallation, i forgot this to write, that’s true.
You have to shut them down at any time BEFORE you do any installation or deinstallation or you get messed up.
By the way, i have a problem by myself with Avast, maybe you can help me:
I like to use Avast because i think it’s a great Utility but if I do so, I have the following problem:
Sometimes I share some MP3’s with friends and if my Email Attachments are more than 5 Megs I get a “Time Out” Error-Message from my mailserver, because Avast takes too long to scan the attachments.
I tryed to turn off the scanning from my outgoing Emails:
Nothing, Avast is still scanning, also after i turned off the outgoing scan…
I turned down the email scan option on the very lowest modus…nothing, Avast took the same time for the scan and again: Time Out error…
Is it possible to deactivate the Attachment scan option only for outgoing emails?
I could not figure out how i can do this.
Avast is still scanning, no matter i turned someting off or not.
Avast works without any problems, but only if my Mailattachments are not over 5 Megs.
My System:
Windows ME
Hardware:
128 MB RAM
40 Gigs Harddrive
Maybe someone of you can tell me what i can do more…
I did not write install on purpose.
If you do not know the origin (and if the setup file is clean or not) you should not shut down them :-[
I think this works only for uninstall followed by a boot.
Can you click on ‘Settings’ in my signature?
Follow the section [MailScanner] and add the values:
What i mean is, if the backgroundscanners are still working, they prevent any changes in the registry from any other programs during their installation.
If you want to install a new program, you have to shut them down first or their installation will fail, if you want or not, you have no other choice, I do not know any other option.
