I'm convinced I have spyware on my machine...
#1
The cable modem activity LED keeps flashing as though I am either downloading or uploading data - but I'm not. In fact, I don't even have IE running.
Does anyone know of any software I can use to detect what is going on and remove any crap that has sneaked onto my machine?
Thanks in advance.
UB
Does anyone know of any software I can use to detect what is going on and remove any crap that has sneaked onto my machine?
Thanks in advance.
UB
#4
Ad-aware from lavasoft,searches and deletes all known spyware. Also has a neat tool called ad-watch which monitors cookies and processes.
Click Here to Download
RikW.
[Edited by rik1471 - 10/11/2002 8:31:35 PM]
[Edited by rik1471 - 10/11/2002 8:31:55 PM]
Click Here to Download
RikW.
[Edited by rik1471 - 10/11/2002 8:31:35 PM]
[Edited by rik1471 - 10/11/2002 8:31:55 PM]
Trending Topics
#9
Install ZoneAlarm - a very user friendly firewall and free. After it's installed you'll see all programs that try to connect to the Internet and it'll ask if you want to let them
http://download.com.com/3000-2092-10039884.html?part=zonealarm&subj=dlpage&tag=butto n
http://download.com.com/3000-2092-10039884.html?part=zonealarm&subj=dlpage&tag=butto n
#13
Scooby Regular
If you check your firewall logs (if you have one) you'll see that Blueyonder themselves do port scans, for some reason. (that's also assuming you use BY)
#14
rik,
this the the log for drive C - can you see anything suspect?
It didn't report finding any spyware specifically:
Scan initialized on 11/10/2002 20:39:48.
(AAW release 5.83, referencefile 029-15.06.2002)
=================================================
Started extended registry scan
===============================
Gator key:HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\
WurldMedia key:HKEY_CLASSES_ROOT\clsid\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_CLASSES_ROOT\interface\{3cb6def9-1db2-4b5d-9a70-9bf8345ed73c}\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj.1\
Other key:HKEY_CURRENT_USER\software\acceleration software international corporation\
Other key:HKEY_LOCAL_MACHINE\software\acceleration software international corporation\
Gator key:HKEY_LOCAL_MACHINE\software\gator.com\
Alexa key:HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\explorer\browser helper objects\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\uninstall\your cash rewards\
WurldMedia key:HKEY_CLASSES_ROOT\typelib\{4769dd43-4045-405c-945f-752516445e89}\
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\run\cmesys
Registry scan result:
Suspicious keys found : 17
Started folder scan
====================
Gator file:C:\WINNT\GatorPdpSetup.log
Gator folder:C:\Documents and Settings\All Users\Start Menu\Programs\GAIN
Gator folder:C:\Program Files\Common Files\CMEII
Folder scan result:
Folders processed:2383
Suspicious folders found:2
Started file scan
==================
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@serve dby.advertising[1].txt
Doubleclick file:C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@count er7.sextracker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@sextr acker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@value click[2].txt
Gator file:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
Gator file:C:\Program Files\Common Files\CMEII\CMEIIAPI.dll
Gator file:C:\Program Files\Common Files\CMEII\CMESys.exe
Gator file:C:\Program Files\Common Files\CMEII\CMEUpd.exe
Gator file:C:\Program Files\Common Files\CMEII\GAppMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GController.dll
Gator file:C:\Program Files\Common Files\CMEII\GDwldEng.dll
Gator file:C:\Program Files\Common Files\CMEII\GFormCTM.dll
Gator file:C:\Program Files\Common Files\CMEII\GMTProxy.dll
Gator file:C:\Program Files\Common Files\CMEII\GObjs.dll
Gator file:C:\Program Files\Common Files\CMEII\GStore.dll
Gator file:C:\Program Files\Common Files\CMEII\GStoreServer.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcSAP.dll
WurldMedia file:C:\Program Files\Morpheus\uninstall_wurld.ctoa
WurldMedia file:C:\WINNT\system32\ad020326.de.xml
WurldMedia file:C:\WINNT\system32\mbho.dll
Gator file:C:\WINNT\GatorPdpSetup.log
File scan result:
Suspicious files found:26
Scanning finished
==================
Suspicious modules found:0
Suspicious keys found : 17
Suspicious folders found:2
Suspicious files found:26
==========================
Components ignored:0
Total components found:45
this the the log for drive C - can you see anything suspect?
It didn't report finding any spyware specifically:
Scan initialized on 11/10/2002 20:39:48.
(AAW release 5.83, referencefile 029-15.06.2002)
=================================================
Started extended registry scan
===============================
Gator key:HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\
WurldMedia key:HKEY_CLASSES_ROOT\clsid\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_CLASSES_ROOT\interface\{3cb6def9-1db2-4b5d-9a70-9bf8345ed73c}\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj.1\
Other key:HKEY_CURRENT_USER\software\acceleration software international corporation\
Other key:HKEY_LOCAL_MACHINE\software\acceleration software international corporation\
Gator key:HKEY_LOCAL_MACHINE\software\gator.com\
Alexa key:HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\explorer\browser helper objects\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\uninstall\your cash rewards\
WurldMedia key:HKEY_CLASSES_ROOT\typelib\{4769dd43-4045-405c-945f-752516445e89}\
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\run\cmesys
Registry scan result:
Suspicious keys found : 17
Started folder scan
====================
Gator file:C:\WINNT\GatorPdpSetup.log
Gator folder:C:\Documents and Settings\All Users\Start Menu\Programs\GAIN
Gator folder:C:\Program Files\Common Files\CMEII
Folder scan result:
Folders processed:2383
Suspicious folders found:2
Started file scan
==================
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@serve dby.advertising[1].txt
Doubleclick file:C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@count er7.sextracker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@sextr acker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@value click[2].txt
Gator file:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
Gator file:C:\Program Files\Common Files\CMEII\CMEIIAPI.dll
Gator file:C:\Program Files\Common Files\CMEII\CMESys.exe
Gator file:C:\Program Files\Common Files\CMEII\CMEUpd.exe
Gator file:C:\Program Files\Common Files\CMEII\GAppMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GController.dll
Gator file:C:\Program Files\Common Files\CMEII\GDwldEng.dll
Gator file:C:\Program Files\Common Files\CMEII\GFormCTM.dll
Gator file:C:\Program Files\Common Files\CMEII\GMTProxy.dll
Gator file:C:\Program Files\Common Files\CMEII\GObjs.dll
Gator file:C:\Program Files\Common Files\CMEII\GStore.dll
Gator file:C:\Program Files\Common Files\CMEII\GStoreServer.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcSAP.dll
WurldMedia file:C:\Program Files\Morpheus\uninstall_wurld.ctoa
WurldMedia file:C:\WINNT\system32\ad020326.de.xml
WurldMedia file:C:\WINNT\system32\mbho.dll
Gator file:C:\WINNT\GatorPdpSetup.log
File scan result:
Suspicious files found:26
Scanning finished
==================
Suspicious modules found:0
Suspicious keys found : 17
Suspicious folders found:2
Suspicious files found:26
==========================
Components ignored:0
Total components found:45
#15
oh I see. hit continue and it lists all the dodgy stuff. Then gives you the option to remove.
Amongst is Gator - a well known one.
and Wurldmedia - never heard of that.
a couple of dodgy looking things called 'sextracker'
and something called Web 3000
great - they're all going to room 101
Amongst is Gator - a well known one.
and Wurldmedia - never heard of that.
a couple of dodgy looking things called 'sextracker'
and something called Web 3000
great - they're all going to room 101
#16
James,
Zone Alarm installed and running. It immediately warned that another machine was monitering mine complete with IP address etc.
Activity light has stopped blinking now
Top advice guys - feeling much more secure now!
Zone Alarm installed and running. It immediately warned that another machine was monitering mine complete with IP address etc.
Activity light has stopped blinking now
Top advice guys - feeling much more secure now!
#19
Scooby Regular
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
My cable modem light flashes activity even when my PC is turned off so I wouldn't worry too much
Could do a netstat -a from a command line and see if there's any suspect looking entries.
Could do a netstat -a from a command line and see if there's any suspect looking entries.
#21
The clint<something>.dll in Kazaa is spyware. If you download Kazaa lite, then it will install a dummy version of this file rather than the nasty version.
Ad-aware will still pick it up as spyware as it has the same filename but you can then safely ignore it.
Joolz
Ad-aware will still pick it up as spyware as it has the same filename but you can then safely ignore it.
Joolz
#23
Zone Alarm has logged 180 blocked intrustions since I installed it last night - 159 'high rated'
Dave - I have no idea how that sex thingy got onto my machine - honest not a fan of internet **** meself sometimes when you're surfing around you can't avoid it though [img]images/smilies/mad.gif[/img]
Dave - I have no idea how that sex thingy got onto my machine - honest not a fan of internet **** meself sometimes when you're surfing around you can't avoid it though [img]images/smilies/mad.gif[/img]
#26
ad aware now installed. what can I expect to happen next?!
- the activity light has stopped flashing already!
oh - no it hasn't
[Edited by uncle buck - 10/11/2002 8:42:26 PM]
Thread
Thread Starter
Forum
Replies
Last Post
mattstant
ScoobyNet General
1
10 October 2001 02:58 PM
johnfelstead
ScoobyNet General
27
26 February 2001 05:48 PM