General discussion

Locked

Annoying Peice of Malware

By mshultz ·
I have this really annoying piece of malware running on one of my workstations. It's purpose is unknown, it could even be a reminant of a past peice of software. It's dug itself into explorer.exe and iexplore.exe somehow. Every time one of those apps are opened or when there is an action in those apps an informational dialog pops up and states:

"As part of the Tools for Internet Explorer, we have now activated Safe Shopping Features for your browser.

It provides you with information about merchants we have identified as safe providers of goods or services. We automatically identify you as one of our users to these merchants."

I'm fairly certain this is not part of the "Tools for Internet Explorer" and that this was not purposely installed. It is annoying to the point that almost no actual work can be done on this machine. I've been battling malware for years and none of my usuall methods work. No funny dlls are loaded at startup, no odd processes, no unwanted apps installed, no known active X extensions installed, nothing. The newest version of Symantec AV does not pick it up, nor does ad-aware. I took a screenshot of the dialog if you are interested. You can find it with the link below.

http://mikeshultz.com/screenshot.jpg

If anyone has any ideas, I would appreciate them.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mshultz In reply to Annoying Peice of Malware

By the way, this machine is Windows2k, newest SPs and patches, with IE6 fully patched.

Collapse -

by YetAnotherAdmin In reply to Annoying Peice of Malware

I haven't seen this problem myself but I use Ad-Aware SE personal and Spybot - Search and Destroy. It might be worth a try for you. http://www.spybot.info/en/index.html

Collapse -

by glyall In reply to Annoying Peice of Malware

try Ad-Aware and Spy-Bots first
after that check this site
http://www.actualresearch.com/

it show how to replace spyware by hand. it show which file to delete and how to fix the registry
good site!

I usually check task manager to see what is running. if I do not know what it is I use Google to search the web for that app.
If they are not any thing I should be there I end it then find it on the harddrive and delete it.

hope this helps

good luck

Collapse -

by razz2 In reply to Annoying Peice of Malware

Mike, the others have mentioned Spybot Search & Destroy. I
never use only one program as they all find different items due
to different search methods. I would use the latest versions of
Lavasoft Adaware AND Spybot S&amp. Make sure (I know you did
but have to say it anyway) that the definitions are up-to-date
too. Also, run HiJackThis.

http://www.spywareinfo.com/~merijn/downloads.html

It will report any valid registry entries that may have been
hijacked. It will actually report all the entries hijacked or not, so
carefull what you remove and even post a report here first to be
safe if you want.

Check what services are listed in the services MMC and also, you
might try the Windows Tasklist Utility

http://windows.about.com/library/tips/bltip684.htm

it can tell you what services are running under svchost in the
process list:

http://support.microsoft.com/Default.aspx?kbid=314056

Good Luck,

razz

Collapse -

by Oz_Media In reply to Annoying Peice of Malware

apparently it is just a brower hijack.

Download CWShredder, and HijackThis.

Run them both, save the hijackthis log.

Visit here for a browser check: http://inetexplorer.mvps.org/parasite.htm

Review your hijackthis log and look for any odd entries, the link above also will lead you to a forum where they will look over your saved Hijackthis log.

You will probably walso want to add IESPY Ad to your browers certificates, it willblock known ad and hijack sites.
IESPYAD (excellent tool!): https://netfiles.uiuc.edu/ehowes/www/resource.htm


The best way around such issues with insecurity and hijacks would be to ditch IE and get the faster and more stable Mozilla Firefox, looks and feels the same as IE but actually works.

http://www.mozilla.org

The Tunderbird email client will be a welome replacement for Outlook Express too!

Collapse -

by BFilmFan In reply to Annoying Peice of Malware

You may want to try the new Microsoft anti-spy beta product. I've used it several times successfully and it is free.

Collapse -

by lmayeda In reply to Annoying Peice of Malware

You may want to run Adaware and Spybot while in SAFE MODE so that unwanted processes are not in use and can be deleted.

Collapse -

by Curacao_Dejavu In reply to Annoying Peice of Malware

since all answers have my suggestions already (ad aware, spyware search and destroy, to remove the spyware)
I will only add that uf you want to keep using IE and prevent this to happen in the future take a look at this link.
I use spyware blaster to protect me permanent from future infections

or alternative you can use the mozilla webbrowser

Succes
Leopold

Collapse -

by pleary454 In reply to Annoying Peice of Malware

This sounds like a browser hijack. One other suggestion is to go into the control panel and look at the add/remove programs. Sometimes these hijacks will install a software program which will be listed in this area.

Do you know aproxiamtely when this occured. I would do a file search on prgrams created around the time this started. File/Search/Date created. Usually you have to remove the file folders also.

back up your registry and then go in and look at the entries under Microsoft and IE.

If this is a browser hijack, you will need to review and look at all of your registry entries. If you are not an advanced user, you will need to have someone assist you, as you can kill or wound your PC. Be VERY careful with this.

AdAware SE and Hijack This are very good tools to explore malware and browser hijacks.

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums