General discussion

Locked

Invasion of my registry

By TX_Mad-Dog ·
In the last few weeks, I have been fighting a very disturbing trend and I want to know if anyone out there has a line on a real fix aside from editing my registry every time www.looking-for.cc changes my home page from my preferred setting to their piece of JUNK search site.
I run spybot S&amp and it picks up NOTHING.
I run AdSubtract Pro and it picks up NOTHING.
I run ZoneAlarm Pro and it sees NOTHING.
The way I see it, there is no way I am their only victim.
According to whois, 81.211.105.20 is an offshore site somewhere in Europe and is under the jurisdiction of RIPE. Simply put, this means my only recourse is to find a way to block them, however, I have no idea how they are getting into my system in the first place.
Any insight would be appreciated.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

HijackThis

by Joseph Moore In reply to Invasion of my registry

HijackThis is a great tool for trying to fix IE when it gets modified against your will.
http://mjc1.com/mirror/hjt/

Run that, and it will tell you every place where this spyware thing is hiding.

Also, my anti-spyware program of choice is Ad-Aware. I have ran it against Spybot, and I think Ad-Aware is better:
www.lavasoftusa.com

Collapse -

Invasion of my registry

by marimena In reply to HijackThis

I too am having this invasion problems and was unable to find assistance anywhere. I tried HijackThis only to find out that when I delete the items from the resitry they reappear once I have opened the internet explorer.
Has anyone else come up with a better solution? This invasion has also slowed down my computer. Virus scans come up negative and spybot came up negative.
Please advise as this is a very annoying issue.
Thanks

Collapse -

by djent In reply to Invasion of my registry

check the program list in Zone Alarm, somewhere in that list is a "trusted" program that is phoning home.

Collapse -

my registry is iaded tooo

by ahfmca In reply to Invasion of my registry

did you ever resolve this problem...l tried everything...same as Tx mad dog......any help??

Collapse -

Insidious spyware

by pctech In reply to Invasion of my registry

Hi,
The spyware is becoming far too aggressive. Not only in the information they are gathering but, also, to whomever they are willing to sell this information to. I see spyware as a likely attempt at identity theft.
Ad Aware, Spybot Search & Destroy, HiJack This, CWShredder, and others are becoming essential tools to be used by techs to free systems from the invasions by spyware. The spyware programmers are aware that these tools are being used to foil their attemts to gather information on you and have taken their own countermeasures to ensure that their product remains on your computer. One method they employ is to add themselves to the exclussion lists of Spybot and Adaware. These exclusion lists need to be checked before you perform your scans. The HOST file is another area where countermeasures are used by spyware. As with some viruses, the HOST file is modified to redirect your scanner to the loopback address and thus the scanners "think" there are no available updates for these products. They will also make redirects to their own sites. The HOST file must also be checked for redirects.
The "History" also should be cleaned as well as the "Favorites" list checked. The "security" settings for IE should also be checked and corrected, if need be. The "Programs" settings should be reset to the default settings including the home page. Manually check the "Temporary Internet Files" folder as well as the "Cookies" folder. I ALWAYS EMPTY these files manually. Yes, some personal settings for specific sites may be stored there and the user will have to reenter the information they saved when they return to these sites but, better this than spyware.
All these measures help but, are no longer an assurance that you have rid the system of the spyware. I have slaved the drive on another system and have manually deleted files identified as spyware. I then boot the infected system back up in "Safe" mode or "Safe Mode with Command Prompt" for XP systems. "Safe Mode with Command Prompt" is a 32 bit environment that will allow you to run your spyware tools and thus improve your chances of removing the spyware. "Safe" mode, on other systems, will allow you to edit the registry and to clean out the spyware references.
So our battles against spyware continues and the stakes become higher. We must inform and take our measures to rid the internet of spyware and viruses. We stand a much better chance against spyware for we can directly attack advertisers that use them with a variety of measures, including extremely harsh penalities for their use.

Collapse -

This Spyware/Malware is horrible, here is some info

by Garion11 In reply to Invasion of my registry

I had my system infected with this stuff when I accidentally pressed YES on a IE popup on a website I didn't trust (don't ask me which website it was, *grin*). I ran all the Spybot, Adaware, and other anti-spyware programs (becareful, some anti spyware programs are spyware themselves). Nothing worked, not even Hijack this. The simple and most effective solution is to save all your personal files (you made backups didn't you??) and format and reinstall the Harddrive. If you have taken an image of your system (i.e. Ghost) then even better.

I had a customer of mine who had the same issue, it Jraun or something...and kept going to http://www.zestyfind.com or look2me.com on his IE periodically. His NAv didn't catch it, although Symantec offered which registry keys to edit and remove after much research. The thing with these spybots is they have been copying their own version of some system files and thus becoming pretty impossible to remove. I spent 4-5 hours 2 days ago trying to remove this stuff using 4 different anti-spy software (all full versions which we bought at that moment) and nothing worked. Although they found that we had spyware installed, they would delete the particular files, and once you restarted the PC bam, it'd come back. I tried EVERYTHING I could think of. But in that 4-5 hours, I also could have backed up his word docs, excel files, and pics, formatted his HD, and reinstalled his OS. No easy solutions, but there is a simple and a VERY effective solution to this issue.

Collapse -

Hosts file

by dubtek In reply to Invasion of my registry

Can't you put them in your hosts file to block them?

Collapse -

Hosts file

by dubtek In reply to Invasion of my registry

Can't you put them in your hosts file to block them?

Back to Security Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums