| reply to not_stressed
Re: StopSign - WARNING! - Eanthology Put a check in the box to *fix* these items in HiJackThis
O4 - HKLM\..\Run: [regsvc32] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\system32\regsvc32.exe
O4 - HKLM\..\RunOnce: [SsUninst] C:\DOCUME~1\user\LOCALS~1\Temp\SS_UNI~1.EXE -d C:\PROGRA~1\ACCELE~1\StopSign\
................
I also see these in your Programs files, but not confident enough to tell you how to deal with them:
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHT~1\eanthtutor.exe
C:\PROGRA~1\ACCELE~1\SYSTEM~1\sys_alert.exe
Is there anything under the name Accelerate? in add/remove programs?
Anyway, have called upon a few other experts to come by and take a look see for ya  So get some rest and check in here in the morning 
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
|
|
| reply to John2g
These two don't look good to me (related to LOP - domain hijack maybe??).....someone please take a look at not_stressed  's log and advise?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
 ZupePremium,MVM
join:2001-11-29
New York, NY | said by CalamityJane:
These two don't look good to me (related to LOP - domain hijack maybe??).....someone please take a look at not_stressed 's log and advise?
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FDDC7B7-6D64-4B6A-BDA3-9898E07A44C2}: NameServer = 207.236.176.12 198.235.216.110
I thought those looked suspicious at first too, but they appear to be legitimate Sympatico/Bell Canada DNS Servers
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? |
|
ZupePremium,MVM
join:2001-11-29
New York, NY | reply to not_stressed
said by not_stressed:
O4 - HKLM\..\RunOnce: [SsUninst] C:\DOCUME~1\user\LOCALS~1\Temp\SS_UNI~1.EXE -d C:\PROGRA~1\ACCELE~1\StopSign\
O4 - HKLM\..\RunOnce: [ws_uninst] C:\DOCUME~1\user\LOCALS~1\Temp\ws_uninst.exe -s
Judging from these entries that showed up in your second scan, it looks like you ran an uninstall of some sort, is that correct? Have you rebooted since doing that?
--
Brain: Pinky, are you pondering what I'm pondering?
Pinky: I think so, Brain, but "Snowball for Windows"? |
|
 AD7BKPremium
join:2000-03-23
Havre, MT
 ·3Rivers Communic..
| reply to not_stressed
Welcome to DSLR Hope you find this place friendly and helpful!
(Hmm where's the Welcome group when you need em) XD
Anyway Stressed WELCOME
--
The following statement is true...The Proceeding statement was false!!--George Carlin |
|
| it's gone!! Omg!! thank you! thank you soooo much guys! it's gone finally!! ah!!
how wonderful this place n you guys are... :):) |
|
 sigPremium
join:2001-05-05 | Congratulations! You might also want to check out this program that can keep some unwanted spyware apps from getting on your computer. It's SpywareBlaster and it's free (although donations are happily accepted.) »www.javacoolsoftware.com/spywareblaster.html
It uses no resources since it's not a running application. All you have to do is check for updates occasionally and download the updates. It also has a support forum if you have questions or need assistance. (A link to the support forum is on the page I'm directing you to.) |
|
| reply to not_stressed
said by not_stressed:
Omg!! thank you! thank you soooo much guys! it's gone finally!! ah!!
how wonderful this place n you guys are... :):)
So you are now Not_stressed? Heed sig's suggestion and also use SpywareGuard (it protects you from everything else)
»www.wilderssecurity.net/spywareguard.html
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
| reply to sig
Re: StopSign - WARNING! - Eanthology said by sig:
said by John2g:
BOClean users will be pleased to know that they are protected from this malware.
[text was edited by author 2003-09-29 13:20:10]
It must be under another name, type of exploit, at least I can't find it. But if so, good.
per Kevin McAleavey, the BOClean developer...
"'StopSign' is one of HUNDREDS of programs out of 'eAnthology' which contain their 'EACCEL' advertising engine. BOClean covers 'EACCEL' but we don't waste time and space spelling out every item which contains it. But yes, we cover that."
EACCEL is listed in the BOClist.txt file of all trojans covered.
hth
--
look out kid they keep it all hid
[text was edited by author 2003-09-29 23:00:39] |
|
| Kudos for BOClean! |
|
| reply to Randy Bell
It was a bit more than a year ago, when StopSign first appeared. My sister was one of the first to get attacked by the crap. There was nothing around to get rid of it back then, just a few victims on the Internet trying to help each other. SpyBot S&D (great proggie) got into it not long after and solved a lot of the early problems.
I had a bitch at DialogueScience right after my ordeal to get rid of StopSign. They brushed my complaint off, and that pissed me off. My DrWeb licence ran out 2-3 months later. That was long enough for them to break off the relationship with StopSign if they wanted to. I figured they didn't want to, so I didn't renew it. I don't support hijackers.
I bought KAV instead, then I won NOD32 in a competition a few days after that and gave it to my sister. Both great programs. KAV let me down once with a virus NOD found, and NOD let my sister down with a trojan KAV found, but we can live with that. Nothing is perfect. I will be renewing both of them when the time comes.
DrWeb may not have known the bad credentials of the partner they got in bed with a year ago, but they know now, and they haven't done anything about it.
Money talks. The only way to beat spyware hijackers is to vote with your checkbook and buy something else. |
|
SchouwPremium
join:2003-05-29
Netherlands | reply to John2g
Kaspersky will not add protection for this..
We(KL and me) exchanged several e-mails but couldn't get them convinced..
The difference between this one and ieplugin.com is that ieplugin uses a file which can be distributed on p2p networks, which then can be opened without having to click yes on the (not)showed certificate. |
|
 John2gQui Tacet ConsentitPremium
join:2001-08-10
England | reply to boblandy2
said by boblandy2:
EACCEL is listed in the BOClist.txt file of all trojans covered.
Did it cross your mind that there was a reason that I didn't publish this information?
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
 VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | reply to sig
Re: it's gone!! Does SpywareBlaster protect against Stop Sign?
--
TrojanHunter Stands For Privacy!!!!!!! |
|
| IE-spyAD does |
|
 viperpa33sWhy Me?Premium
join:2002-12-20
Bradenton, FL | reply to John2g
All to know eAnthology not only dishes out the "Stop Sign" virus scanner but they also host a online game called The 4th Coming. The reason I know this is because I "had" to have the "Stop Sign" software installed on my computer in order to play the game. Not one of the best things to admit to people when I "hate" spyware myself.
Stop Sign does send information back to the host company everytime you use the product or not. Your ip address, how many times you used the product, what viruses is on your computer if any and so on. When installed on your computer it will also add a internet connection icon on your desktop called "KonX". Stop Sign automatically goes into the startup folder so everytime you start your computer "Stop Sign" starts.
You can disable it like I do by going into "msconfig" and removing it from startup. You can also use "Spybot" to try and remove it, but it won't remove the whole program. What you need to do is remove it from add/remove programs, then remove the rest manually. Do a search for anything "eAnthology" Use Spybot or a Registry Cleaner to remove the entries from the registry.
Like I said, not one of the best things to admit. Knows what your going through cause I have been there myself. |
|
| reply to Schouw
Re: StopSign - WARNING! - Eanthology said by Schouw:
Kaspersky will not add protection for this..We(KL and me) exchanged several e-mails but couldn't get them convinced..
Hmmm .. too bad, if KL gives you a hard time, I don't wanna think about what SARC will do, hehe .. LOL.
said by Schouw:
The difference between this one and ieplugin.com is that ieplugin uses a file which can be distributed on p2p networks, which then can be opened without having to click yes on the (not)showed certificate.
Well, as sig mentioned, NAV already has ieplugin.com flagged as malware in its database: »www.symantec.com/avcenter/venc/d···gin.html -- so at least we have that component covered by KAV and NAV .. I'm still waiting for eAnthology to add us and BOClean to the "Attackware" list .. LOL. Incredible!
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
 BubbaGIT-R-DONEPremium,MVM
join:2002-08-19
St. Andrews
 ·DIRECTV
 ·Pickwick Cablevi..
·Comcast
| reply to Vampirefo
Re: it's gone!! said by Vampirefo:
Does SpywareBlaster protect against Stop Sign?
Yep
• eAcceleration/StopSign, eAcceleration StopSign(2) AND eAcceleration/StopSign(3)....in the 9\22 update.
--
"Well, butter my butt and call me a biscuit." |
|
| reply to not_stressed
Thanks Sig i have it downloaded now.
CalamityJane, yeah im not stressed at the moment
Thanks everbody for all the help |
|
