hgratt
join:2003-12-09
Plano, TX
| Another Virus/Hijack Removal Problem
Another friend, this time with win98se. He has serious problems with pop-ups from an object called CERES.
Have done the following, all in SAFE MODE:
1. Ran latest Spybot S&D
2. Ran latest Ad-Aware
3. Ran HJT
Main problem is with HJT (even in safe mode) the object/file ceres.dll keeps coming back. I also noticed that the HJT tool for removing a file at boot up was greyed out.
I could rename the file ceres.dll only in safe mode (afraid to delete it at the present time), but when I booted back up, the ceres pop-ups still came. Maybe other thing have to be removed in conjunction, This is the second time these cleaners have failed to remove stuff.
Anyway, any insights as to why I can't remove this stuff would be appreciated. Here is his HJT logfile:
Thanks,
Harvey
Logfile of HijackThis v1.99.0
Scan saved at 9:19:55 PM, on 1/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\TECH\WHEEL MOUSE\5.0\MOUSE32A.EXE
C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\INTERSIL\PRISM 802.11 WIRELESS LAN\CONFIG.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »home.iwon.com/index_gen.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [mgavrtclexe] c:\windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [efjorvjqpwms] C:\WINDOWS\SYSTEM\vytlkzc.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Configuration Utility.lnk = C:\Program Files\Intersil\PRISM 802.11 Wireless LAN\Config.exe
O4 - Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - »download.sidestep.com/get/k22675/sb028.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/MsnMe···ader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - »www2.incredimail.com/contents/se···ader.cab |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| This may help remove iwon
»www3.ca.com/securityadvisor/pest···53079969
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | reply to hgratt
Your problem is this:
Transponder - Ceres Variant
»doxdesk.com/parasite/Transponder.html
That page contains information on additional components that may have been installed and you should check to see if any of the additional files/registry entries need to be removed as all are not visible on the HijackThis log.
This particular variant we have seen comes bundled with a fresh install of Morpheus, in which case, you should caution your friend about spyware infested programs and taking care in downloading files from the interenet.
Adaware SE v. 1.05 with the most recent updates does have detection for this. Please make sure you have the latest version and updates as of Jan 11 is: SE1R25 11.01.2005
The Transponder DLL lives in the Windows folder. Before it can be deleted, it must be deregistered. Open a Command Prompt window (from Start->Programs->Accessories; called DOS prompt on Windows 95/98/Me) and enter the following command:
for the Ceres variant:
cd "%WinDir%\System"
regsvr32 /u ..\Ceres.dll
Then, boot the PC into SAFE MODE, scan with HijackThis and checkmark the following entries and press *fix checked*
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »home.iwon.com/index_gen.html
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O4 - HKLM\..\Run: [efjorvjqpwms] C:\WINDOWS\SYSTEM\vytlkzc.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE028.DLL
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - »download.sidestep.com/get/k22675/sb028..
Remain in safe mode and delete the following files named in bold (if found)
SBCIE028.DLL
C:\WINDOWS\CERES.DLL
C:\WINDOWS\SYSTEM\vytlkzc.exe
Also check your system for a file named: buddy.exe If found, delete it too.
Reboot back into normal mode and scan again with HijackThis and post a fresh log.
You should make sure Adaware is updated and scan with it as well, since it may find more entries as well.
Be sure to visit the doxdesk parasites page linked above to see what other entries you may need to search and destroy on the system related to the Ceres variant.
Note:
System Soap Pro has been reported to come with Foistware and it is generally recommended to avoid using that program
See description here:
»www.liutilities.com/products/win···ry/soap/
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
hgratt
join:2003-12-09
Plano, TX
| reply to hgratt
Thanks. I plan on getting over there again Thursday and will try the removal procedures. I will post back as soon as I can.
BTW, these people use the www.iwon.com page as their home page In fact, everytime we update SpywareBlaster , I have to remove the entry in the IE Restricted Zone. To me, the page just looks like a general information page where they sign up for news , weather updates, etc. What are the nasties associated with this page?
Thanks again,
Harvey |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| said by hgratt  :BTW, these people use the www.iwon.com page as their home page In fact, everytime we update SpywareBlaster , I have to remove the entry in the IE Restricted Zone. To me, the page just looks like a general information page where they sign up for news , weather updates, etc. What are the nasties associated with this page? Thanks again, Harvey From Symantec
Behavior
Adware.IWon is a Browser Helper Object that sends data to and receives data from a remote Web site.
Symptoms
You notice outgoing connections to www.iwon.com.
Transmission
This adware is installed when you download and install software from www.iwon.com.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
hgratt
join:2003-12-09
Plano, TX | Thanks. I will provide them with this information.
Harvey |
|
hgratt
join:2003-12-09
Plano, TX
| reply to CalamityJane
All right! The de-registration seems to have done it and allowed me to proceed successfully with your instructions.
Here is the latest HJT log:
Thanks for all the help. Hopefully this will last.
Logfile of HijackThis v1.99.0
Scan saved at 5:04:28 PM, on 1/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2PLXX.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\TECH\WHEEL MOUSE\5.0\MOUSE32A.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERSIL\PRISM 802.11 WIRELESS LAN\CONFIG.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »my.iwon.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F1 - win.ini: run=hpfsched
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Ati2cwxx] Ati2cwxx.exe
O4 - HKLM\..\Run: [TgAddServer] "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
O4 - HKLM\..\Run: [tgsetsite] "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [mgavrtclexe] c:\windows\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2plxx.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] c:\windows\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Configuration Utility.lnk = C:\Program Files\Intersil\PRISM 802.11 Wireless LAN\Config.exe
O4 - Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - »messenger.msn.com/download/MsnMe···ader.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - »www2.incredimail.com/contents/se···ader.cab |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Ok, good job.
The log looks clean 
I assume you are getting some prevention programs and extra security in place for them |
|
hgratt
join:2003-12-09
Plano, TX
| You bet! I've loaded Ad-Aware, Spybot, CWShredder and SpywareBlaster onto his system. Also installed AVAST anti-virus and a2 anti-trojan on his system.
Hopefully, this will give him adequate automatic protection and manual scanning/checking capabilities.
Thanks again for your help. |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | Great! I figured you would fix him up
Another really *must get* free tool is Eric Howe's IESPYAD. That will put over 5,000 known malicious and/or dangerous sites into his restricted zone. It needs to be updated periodically (see our Updates list at the top of this forum each day for the latest) but installing that tool will help stop reinfections and increase his protection without using any memory resources
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
hgratt
join:2003-12-09
Plano, TX | Does IESPYAD do anything for Mozilla? Also, will it conflict with SpywareBlaster and/or SpyBot's immunization procedures? |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Oh, no...doesn't work for Mozilla just IE, but also no - it doesn't interfere with SpywareBlaster or Spybot or any other security programs for those using IE. |
|
ZekeCee
@wachovia.com
|  reply to hgratt
To remove our advertising software from your computer, please visit HTTP://www.MyPCTuneUp.com/unistaller_exe.php, where you will be guided through an easy uninstall process.
It will remove the following Advertising Software programs from your computer: BestOffers, BetterInternet, Ceres, LocalNRD, MSView, MultiMPP, MXTarget, OfferOptimizer, Twaintec, and some others.
Good Luck!!! |
|
Zekecee
@wachovia.com
| Ceres PopUps was on my computer at work. The company that I traced the ceres.dll to is MyPCTUNEup.com. Their removal tool seemed to work and they claim to not install any spyware on your box. I checked to see if the Ceres.dll was still in my Windows directory, and it was not after I ran the removal software. I will keep my fingers crossed!!!
Good Luck |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | reply to hgratt
That uninstaller is best avoided according to several experts the antispyware community:
»forum.iamnotageek.com/t-805880.html
quote:
Though MyPCTuneUp does attempt to remove many of the parasites
connected to the Transponder gang, it runs using their 'Thinstaller'
program also used by Transponder and FavoriteMan, which connects to
their servers and spews out information about your machine, such as
computer and account names, and what software is installed.
Advice: avoid.
--
Andrew Clover
mailto:and@doxdesk.com
»www.doxdesk.com/
Is This Software On Your Hard Drive?
How one of the Internet’s largest and most secretive adware companies really operates. With new regulations coming, will it really reform?
»www.msnbc.msn.com/id/6689667/site/newsweek/
Giving your email to MyPCtuneup.com in order to obtain a user ID starts SPM from Traffix!
»netrn.net/spywareblog/archives/2···traffix/
Ceres.dll:
Attacking a firewall near you.
»www.vitalsecurity.org/ceres.htm
webhelper Alert - Transponder Gangs On the Move Ipinsight.net now MyPctuneup.com
»www.webhelper4u.com/tnewswritigs···eup.html
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
