uncle buck

The cable modem activity LED keeps flashing as though I am either downloading or uploading data - but I'm not. In fact, I don't even have IE running.

Does anyone know of any software I can use to detect what is going on and remove any crap that has sneaked onto my machine?

Thanks in advance.

UB

mega_stream

What O/S you running?

uncle buck

Windows 2000

rik1471

Ad-aware from lavasoft,searches and deletes all known spyware. Also has a neat tool called ad-watch which monitors cookies and processes.

Click Here to Download



RikW.

[Edited by rik1471 - 10/11/2002 8:31:35 PM]

[Edited by rik1471 - 10/11/2002 8:31:55 PM]

rik1471

finally

uncle buck

Sounds good - I think someone at work mentioned it the other day.

I shall get it straight away

Thanks...

uncle buck

rik,

That majorgeeks.com looks like a usefule site

cheers

rik1471

It is.

The title of the 1st page makes me laugh:

James Neill

iTrader: (1)

Install ZoneAlarm - a very user friendly firewall and free. After it's installed you'll see all programs that try to connect to the Internet and it'll ask if you want to let them

http://download.com.com/3000-2092-10039884.html?part=zonealarm&subj=dlpage&tag=butto n

rik1471

Go to START-PROGRAMS-ADAWARE

Then choose deep reg scan, and any HDD you have.

uncle buck

James

nice idea.... I'll get that too. It's about time I had a firewall - been thinking about it for a while now.

Thanks

rik1471

Then click scan now, if it detects any spyware it will display it; tick the box and hoose delete/remove.

Its a good idea to put the ad-watch program in your startup folder.

BuRR

If you check your firewall logs (if you have one) you'll see that Blueyonder themselves do port scans, for some reason. (that's also assuming you use BY)

uncle buck

rik,

this the the log for drive C - can you see anything suspect?

It didn't report finding any spyware specifically:

Scan initialized on 11/10/2002 20:39:48.
(AAW release 5.83, referencefile 029-15.06.2002)
=================================================


Started extended registry scan
===============================
Gator key:HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\
WurldMedia key:HKEY_CLASSES_ROOT\clsid\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_CLASSES_ROOT\interface\{3cb6def9-1db2-4b5d-9a70-9bf8345ed73c}\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj\
WurldMedia key:HKEY_CLASSES_ROOT\mbho.iehlprobj.1\
Other key:HKEY_CURRENT_USER\software\acceleration software international corporation\
Other key:HKEY_LOCAL_MACHINE\software\acceleration software international corporation\
Gator key:HKEY_LOCAL_MACHINE\software\gator.com\
Alexa key:HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\explorer\browser helper objects\{d14641fa-445b-448e-9994-209f7af15641}\
WurldMedia key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\uninstall\your cash rewards\
WurldMedia key:HKEY_CLASSES_ROOT\typelib\{4769dd43-4045-405c-945f-752516445e89}\
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgef
Web3000 key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\stashedgmg
Gator key:HKEY_LOCAL_MACHINE\software\microsoft\windows\ currentversion\run\cmesys


Registry scan result:
Suspicious keys found : 17


Started folder scan
====================
Gator file:C:\WINNT\GatorPdpSetup.log
Gator folder:C:\Documents and Settings\All Users\Start Menu\Programs\GAIN
Gator folder:C:\Program Files\Common Files\CMEII
Folder scan result:
Folders processed:2383
Suspicious folders found:2


Started file scan
==================
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@serve dby.advertising[1].txt
Doubleclick file:C:\Documents and Settings\Administrator\Cookies\administrator@doubl eclick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@fastc lick[2].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@count er7.sextracker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@sextr acker[1].txt
Other file:C:\Documents and Settings\Administrator\Cookies\administrator@value click[2].txt
Gator file:C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
Gator file:C:\Program Files\Common Files\CMEII\CMEIIAPI.dll
Gator file:C:\Program Files\Common Files\CMEII\CMESys.exe
Gator file:C:\Program Files\Common Files\CMEII\CMEUpd.exe
Gator file:C:\Program Files\Common Files\CMEII\GAppMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GController.dll
Gator file:C:\Program Files\Common Files\CMEII\GDwldEng.dll
Gator file:C:\Program Files\Common Files\CMEII\GFormCTM.dll
Gator file:C:\Program Files\Common Files\CMEII\GMTProxy.dll
Gator file:C:\Program Files\Common Files\CMEII\GObjs.dll
Gator file:C:\Program Files\Common Files\CMEII\GStore.dll
Gator file:C:\Program Files\Common Files\CMEII\GStoreServer.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcMgr.dll
Gator file:C:\Program Files\Common Files\CMEII\GSvcSAP.dll
WurldMedia file:C:\Program Files\Morpheus\uninstall_wurld.ctoa
WurldMedia file:C:\WINNT\system32\ad020326.de.xml
WurldMedia file:C:\WINNT\system32\mbho.dll
Gator file:C:\WINNT\GatorPdpSetup.log

File scan result:
Suspicious files found:26



Scanning finished
==================
Suspicious modules found:0
Suspicious keys found : 17
Suspicious folders found:2
Suspicious files found:26
==========================
Components ignored:0
Total components found:45

uncle buck

oh I see. hit continue and it lists all the dodgy stuff. Then gives you the option to remove.

Amongst is Gator - a well known one.

and Wurldmedia - never heard of that.

a couple of dodgy looking things called 'sextracker'

and something called Web 3000

great - they're all going to room 101

uncle buck

James,

Zone Alarm installed and running. It immediately warned that another machine was monitering mine complete with IP address etc.

Activity light has stopped blinking now

Top advice guys - feeling much more secure now!

Dark Muppet

Shame that ad aware does'nt recognise Windows XP SP 1 as spyware

Redkop

When using Ad-Aware - be careful you don't delete a 'dll which KaZaA needs. Can't remember what it is called, but has the word 'clint' in it.

mega_stream

My cable modem light flashes activity even when my PC is turned off so I wouldn't worry too much

Could do a netstat -a from a command line and see if there's any suspect looking entries.

DavidLewis

"Sextracker" --- Uncle Buck, what HAVE you been doing

jbryant

The clint<something>.dll in Kazaa is spyware. If you download Kazaa lite, then it will install a dummy version of this file rather than the nasty version.
Ad-aware will still pick it up as spyware as it has the same filename but you can then safely ignore it.

Joolz

suba

IMHO, i find PestPatrol better than Ad-Adware. i do run both just in case

uncle buck

Zone Alarm has logged 180 blocked intrustions since I installed it last night - 159 'high rated'

Dave - I have no idea how that sex thingy got onto my machine - honest not a fan of internet **** meself sometimes when you're surfing around you can't avoid it though [img]images/smilies/mad.gif[/img]

rik1471

Remove anything which doesn't have an "Other" Rating. So that's GATOR, WurldMedia , and DoubleClick.

Should be fine then.

uncle buck

all gone

Activity light still flashes away merrily, but I can monitor things now with Zone Alarm and Ad Aware

Thanks guys

uncle buck

ad aware now installed. what can I expect to happen next?!

- the activity light has stopped flashing already!

oh - no it hasn't

[Edited by uncle buck - 10/11/2002 8:42:26 PM]