Searching \ for '[OT:] Adware Aggrevations' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=adware+aggrevations
Search entire site for: 'Adware Aggrevations'.

Exact match. Not showing close matches.
PICList Thread
'[OT:] Adware Aggrevations'
2004\06\06@173915 by Dave Dilatush

picon face
Late Friday afternoon I noticed a sudden, dramatic increase in
the number of pop-up ads when browsing with IE6, along with a
parasitic "search bar" gadget that attached itself to my WinXP
taskbar like a remora and wouldn't let go.

After a long weekend spent casting out demons with McAfee,
Ad-Aware, and Spybot Search & Destroy, I've got the problem
pretty well under control-- except for one especially pesky
critter that just won't quit, and on which I've not been able to
find any information.

The symptoms are these: after loading a web page with a
substantial amount of text, I'll find that a great number of the
words on the page have been converted into hyperlinks.  These
links have the same appearance as legitimate links on the page,
but they point to some redirect at http://www.adsrve.com (DO NOT GO TO
THAT PAGE!).  From there, who knows where they go; I refuse to
click on them.

What is strange is that these links seem to be created by some
process running on my own machine.  When the web page is first
rendered, the text appears normal; but over the next second or
two, I can see various words (or parts of words) being changed to
hyperlinks.

Anyone here have a clue what mal-ware might be doing this?  And
where I could go for help on banishing this beast?

All help appreciated...

Dave D.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2004\06\06@175404 by Tom

flavicon
face
Dave,

I ran "adsrve.com" through google and it came up with lots of responses
like "Help! adsrve.com hijacked my machine" etc.  Have you tried google yet?

Good luck!
Tom

At 09:38 PM 6/6/2004 GMT, you wrote:
>
>
>All help appreciated...
>
>Dave D.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2004\06\06@181104 by Dave Dilatush

picon face
Tom wrote...

>I ran "adsrve.com" through google...

Duh!  A classic case of something being "too obvious."

>...and it came up with lots of responses
>like "Help! adsrve.com hijacked my machine" etc.  Have you tried google yet?

Yep.  You're right, tons of stuff.  Thanks for giving my brain a
much-needed jiggling.  Between adware woes and ISO9000 woes, it's
been in a frazzle.

Dave

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2004\06\06@182344 by SHands

flavicon
face
LOL...  Totally agree. Check out http://forums.techguy.org/t228336.html.
There was another forum at
www.computercops.biz/modules.php?name=Forums&file=viewtopic&p=186
835 that had a user complaining of the same problem.

It's the classic play off - Do you spend the day fighting ad/spyware? Or
do you start hunting for your 2000/XP CD? (I mean, we all know how
winblows *loves* to be reinstalled every couple of months!)

When you do get it sorted try using the immunize feature in spybot -
pretty nifty bolting down on dodgy activex controls, etc.

Cheers,
Stuart
psirens.co.uk

{Original Message removed}

2004\06\06@183421 by Dave Dilatush

picon face
Stuart wrote...

>When you do get it sorted try using the immunize feature in spybot -
>pretty nifty bolting down on dodgy activex controls, etc.

Thanks, I will do that.

Dave

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2004\06\07@003026 by Ben Hencke

flavicon
face
Get HijackThis (google for it, or download.com)
You can turn off all & any of the embedded IE parasites, not to mention
just about anything else.
I also use it to turn off all those annoying systray icons that that
_every_ program installs these days.
Then use spybot to immunize and track every change so you can keep them
from coming back.

What other software copies itself to people's computer without their
permission, causes damage and serious loss of time, yet is considered
illegal while this is not?
- Ben

On Jun 6, 2004, at 2:38 PM, Dave Dilatush wrote:

{Quote hidden}

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\07@051340 by hilip Stortz

picon face
while i usually use a mac for websufing, and avoid exploiter like the
plague it is, i'd like to mention that i've found a good firewall very
useful for blocking ad pages.  i go through the log with the site names
resolved, and do a whois on any that are clearly advertising etc. and
then block that whole range of ip numbers.  of course new ip numbers do
pop up from time to time, but this does make it easy to block the bulk
of them, including most of the tracking companies.  it does cause
problems sometimes if javascript is on since some pages loop trying
desperately to load those damn adds, but few sites need javascript other
than online sales pages.  as a side note, this winter i hope to write a
better bsd firewall, and add a feature to block such ip#'s and pass a
faked response back to the browser to satisfy such silly loops, along
with some other features aimed at popups, advertising, and trackers/web beacons.

Dave Dilatush wrote:
>
> Late Friday afternoon I noticed a sudden, dramatic increase in
> the number of pop-up ads when browsing with IE6, along with a
> parasitic "search bar" gadget that attached itself to my WinXP
> taskbar like a remora and wouldn't let go.
--------

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\07@065158 by Dave Dilatush

picon face
Ben wrote...

>Get HijackThis (google for it, or download.com)
>You can turn off all & any of the embedded IE parasites, not to mention
>just about anything else.
>I also use it to turn off all those annoying systray icons that that
>_every_ program installs these days.
>Then use spybot to immunize and track every change so you can keep them
>from coming back.

Thanks, I was not aware of HijackThis; I'll give it a try, as it
sounds like a good thing to have.

Dave

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\07@065420 by Dave Dilatush

picon face
Philip Stortz wrote...

>while i usually use a mac for websufing, and avoid exploiter like the
>plague it is, i'd like to mention that i've found a good firewall very
>useful for blocking ad pages...

Another good suggestion... thanks!

Dave

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\07@085642 by Gerhard Fiedler

picon face
> while i usually use a mac for websufing, and avoid exploiter like the
> plague it is, i'd like to mention that i've found a good firewall very
> useful for blocking ad pages.

This, and using Mozilla (the full version, or the browser-only version
Firefox) for browsing. It tends to get hijacked a lot less, and since it is
not so tightly integrated with the system it tends not to get problematic
-- IF you need to get rid of something you don't know how, it's just a
reinstall of the browser.

Mozilla is pretty stable now, and the advantages IE still has are becoming
fewer almost by the day.

Gerhard

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\07@192626 by jayhanson

flavicon
face
>Another good suggestion... thanks!

Besides Adaware, Adwatch etc. I also run "regedit" (Win 2k).

Go to  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

I examine the list of programs that are starting when I boot.  If I don't
think the program is really needed, I delete it.   The system boots a lot
faster.

Also look in the "startup" directories (may be more than one) for junk you
don't need.

Jay

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\08@070040 by Gerhard Fiedler

picon face
> Besides Adaware, Adwatch etc. I also run "regedit" (Win 2k).
>
> Go to  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

Instead using regedit to go to the different places where autorun programs
can be, check out this small program:

http://www.mlin.net/StartupCPL.shtml

There you have them, all in one place. You can delete them, or just
deactivate them. This has been a faithful (and helpful) servant for years.

Gerhard

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spam_OUTlistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body

2004\06\09@185522 by jayhanson

flavicon
face
>Gerhard  Wrote:
>Instead using regedit to go to the different places where autorun programs
can be, check out this small program:
>
>http://www.mlin.net/StartupCPL.shtml

THANKS!!!!  What a GREAT idea.

Jay

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam@spam@mitvma.mit.edu

2004\06\12@030457 by hilip Stortz

picon face
i have to agree, even on a mac i use mozilla with great results (and i
like the available setting for privacy and security).  even on a mac, i
won't use a browser or email package that's integrated into the os, or
even from the same company, it just invites a big security problem to
eventually hit you hard, and though i haven't been hit yet, once would
be bad enough.  note that i won't even use apple's os x for web stuff
until i have a good hardware firewall up, it's unix based and apple is
as bad as microsoft when it comes to admitting there are security holes
and then downplaying them.  "honest corporation" is an oxymoron.

Gerhard Fiedler wrote:
-----
> This, and using Mozilla (the full version, or the browser-only version
> Firefox) for browsing. It tends to get hijacked a lot less, and since it is
> not so tightly integrated with the system it tends not to get problematic
> -- IF you need to get rid of something you don't know how, it's just a
> reinstall of the browser.
-------

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@033231 by Peter Moreton

flavicon
face
my 2-cents worth: I just this week started using the free version of Opera.
I have to say that it makes IE look very old-fashioned indeed, and I now use
Opera for all web browsing. I only intend to use IE occasionially, to keep
'up to speed' with this product, as I'm an IT professional, and have to be
competent with MS products. Opera is far, far better.
Peter Moreton


> {Original Message removed}

2004\06\12@094819 by Dave Dilatush

picon face
>Peter Moreton wrote...

>my 2-cents worth: I just this week started using the free version of Opera.
>I have to say that it makes IE look very old-fashioned indeed, and I now use
>Opera for all web browsing. I only intend to use IE occasionially, to keep
>'up to speed' with this product, as I'm an IT professional, and have to be
>competent with MS products. Opera is far, far better.

I'd be interested in hearing your experiences with Opera after
you've had some more time with it, esp. with regard to security;
I'm becoming very irked with this ad-ware problem and don't want
to repeat the experience.

To update on my original post, the problem is still there despite
repeated anti-virus scans and running Ad-Aware and Spybot S&D,
and I'm about to give up and just wipe the HD clean and
re-install WinXP from scratch- and then use Mozilla or Opera in
place of Internet Exploder.

A goodly part of the angst is coming from the fact that I'm
relying on one computer to do everything: e-mail, WWW, CAD, word
processing, photography, everything.  So having to re-install
WinXP means having to re-install every one of my applications, a
huge task.

I'm now thinking that it might be worthwhile to pick up a second
computer, a cheap, low-end machine, to serve for e-mail and WWW
only, and reserve my existing computer for non-internet
applications ONLY.  So if the internet box gets trashed by the
kind of mal-ware that's plaguing me now, doing a complete OS
re-install won't be such a big deal.

This sucks.

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@103048 by John J. McDonough

flavicon
face
----- Original Message -----
From: "Philip Stortz" <madscientist.at.largespamKILLspamEARTHLINK.NET>
Subject: Re: [OT:] Adware Aggrevations


> useful for blocking ad pages.  i go through the log with the site names
> resolved, and do a whois on any that are clearly advertising etc. and
> then block that whole range of ip numbers.  of course new ip numbers do
> pop up from time to time, but this does make it easy to block the bulk

I got frustrated constantly chasing new IP blocks, so what I did was run
squid on the firewall, then put the domain names in the firewall's hosts
file, pointing to a webserver on my LAN.  Now these things get resolved
quickly and I'm not constantly chasing after doubleclick's weeky new IP
blocks.  It's a little weird because all the banner ads now say "Page Not
Found", but it's a lot better than putting up with the junk.

--McD

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@105354 by Russell McMahon

face
flavicon
face
part 1 3706 bytes content-type:text/plain; (decoded 7bit)

> To update on my original post, the problem is still there despite
> repeated anti-virus scans and running Ad-Aware and Spybot S&D,
> and I'm about to give up and just wipe the HD clean and
> re-install WinXP from scratch

That seems like a great shame if it can be avoided.
If you are down to the one intractable program now, how about giving us as
much information as you can and seeing if we can't beat it together.

2.    See manual removal instructions at end.

1,    Consider the following

If I was faced with this problem I'd try the following. You may have done
all this.

- Set system rollback point before starting :-)
- Adaware & Spybot
- Run regedit and look in startup and system.ini files.
- Run "Startup Control panel" (as recommended here recently) and check the
various registry locations.
- Ctrl-Alt-Del and look at Applications and Processes to identify File names
and locations of the miscreant.
- Regedit & search for strings that related.
- 45 Magnum.


Below are manual remove instructions for adsvre from

   http://www.computercops.biz/postp175351.html

I'd GUESS that just deleting the exe files while in safe mode would be a
good start. Disabling System Restore would be necessary. Tell us if any of
this helps.

Once / If you get rid of it using the methods below you could consider using
the new "Tea Timer" facility in Spybot to help protect against such things
in future. Also the startup vetting system ? part of "Startup Control Panel"
that asks for permission before new startup registry keys are added.

Irrelevant observation: My SYSTEM32 subdir has over 5000 (presumably
legitimate) files in it. What madness is this ? :-)

Enjoy (hopefully)

           Russell McMahon



______________________


Fix these lines with HijackThis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKLM\..\Run: [5f] C:\windows\temp\5f.exe

O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost34.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: WeatherBug (HKCU)

----------------------------------------------------------------------------
---------

Next step - reboot and start up in Fail-Safe mode - Just reboot your
computer and keep pressing F8 untill you see a dialog prompting you what to
do. When Windows has started, disable System Restore. This link tells you
how to do so - http://service1.symantec.com/SUPPORT/ts...1912274039

Now, deleting the adware exe files can commence.

Delete the folder - C:\Program Files\TV Media\Tvm.exe

Delete the file - C:\windows\temp\5f.exe

Delete the file - C:\WINDOWS\fash.exe

Delete the file - C:\WINDOWS\System32\IEHost34.exe

Hold on, there are some leftovers that need to be cleaned, getting the info.

Read Uninstall procedure, and Manual removal on this page -

http://www.kephyr.com/spywarescanner/li...ce=bassfaq

Read Uninstall procedure on this page -

http://www.kephyr.com/spywarescanner/li...ndex.phtml

Remember to remove the files, which stated by that page, are left behind
even though the program is uninstalled.

Now, enable System Restore again -
http://service1.symantec.com/SUPPORT/ts...1912274039 - , reboot your
computer in normal mode, and post a new HijackThis log. Did this help? If
you have any problems, or questions, post away!



       Russell McMahon




--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.




part 2 211 bytes content-type:image/gif; (decode)

2004\06\12@113129 by Jake Anderson

flavicon
face
were any of the things you found called "cool web search"? or simmilar
www.spywareinfo.com/~merijn/downloads.html
for the removal tool for that

it also helps to go through your program files and look for oddities there
also beware any "odd" programs that may be in the grey legal area to start
with
kazzaa is shipped with a slew of scumware (use kazzaa lite if you must)

note well the distinction
opera is adware (though you can pay for it to take them out)
icq is adware

gator is scumware
cool web search is scumware
kaazaa ships with a whole heap of bundled scumware whose purpose is to
download other scumware (ad-infinitum)

people put ads in their legit software to make some cash in return for
making that software, i'm not too keen on it but if it gets me the software
i want at the price i want (ie free to me) then alls well with the world.
the distinction being scumware as a rule "sneaks" onto your computer, it
exploits JScript holes (btw I would reccomend to people using IE moving to
the sun java platform, afaikr microsoft and sun had a big argument, end
result is microsoft cant do anything javaish anymore (well in regards to IE
anyway)) generally practice a "slow download" so users on dialup wont
notice, generally are written crappily and all togther suck.

its subtle i know. ;->



{Original Message removed}

2004\06\12@113337 by Robert B.

flavicon
face
I'd also recommend using the tool "hijack this" to see whats cooking at
startup.  It provides convenient registry backup so you can really see what
needs to be there and what doesn't belong through a recursive testing
process.  There are also other good tools on the site as well.

http://www.spywareinfo.com/~merijn/downloads.html

A decent tutorial if (like me!) you're not sure about what belongs and whats
rubbish.
http://hjt.wizardsofwebsites.com/

{Original Message removed}

2004\06\12@113543 by Dave Dilatush

picon face
Russell McMahon wrote...

>If you are down to the one intractable program now, how about giving us as
>much information as you can and seeing if we can't beat it together.

I suspect "one intractable program" might be a bit optimistic;
let's say the steps I've taken so far have resulted in a
significant reduction in the annoyance.  But after running
Adaware, Spybot S&D and Mcafee multiple times, they ALWAYS still
report bad stuff on the next run-- even if I've disconnected from
the network while running them.  (That seems to be the case with
the complainant in the http://www.computercops.biz link you posted,
too.)

Part of the problem here, is that I am PROFOUNDLY paranoid about
tinkering around with the innards of Windoze.  I've had a lot of
experience with it in the past, ALL of it disastrous.  I seem to
have an uncommon talent for screwing up my computer and have
learned simply to refrain from messing with anything as it always
seems to make things worse no matter how clever or careful I
think I am.

I appreciate the suggestions you presented, and will keep your
post for future reference.  The "45 Magnum" idea seems a bit
dire, though, as I'd have to go out and buy one.  I do have a .22
Browning which works fine for murdering tin cans, perhaps that
would suffice?

Thanks,

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@115000 by Robert B.

flavicon
face
Well if you're gonna nuke it all anyway and reinstall windows XP.... may as
well learn a little along the way.  Try disabling any startup program that
doesn't look too important and see what happens.  Worst case you'll f-disk
and reinstall.  Best case you'll fix it and not need to.


{Original Message removed}

2004\06\12@120038 by Howard Winter

face
flavicon
picon face
Dave,

On Sat, 12 Jun 2004 15:35:57 GMT, Dave Dilatush wrote:

> The "45 Magnum" idea seems a bit dire, though, as I'd have to go out and buy one.

Actually you can't - Russell was exaggerating a bit - the "most powerful handgun in the World" is a *44*
Magnum... :-)  In fact that's a handgun *round* - the most powerful gun is probably the AutoMag - uses that
round but it's semi-auto, rather than Dirty Harry's S&W revolver.

On the original topic, have you tried running another browser than Internet Exploder?  You could try Opera or
(my favourite) Mozilla.  It may be that the spyware won't work under non-IE browsers, and you can try it for
nothing and without resorting to reinstalling Windoze.

Mozilla comes in various flavours: Mozilla itself has all the features.  "Mozilla Firefox" (this week's name
:-) is browser-only.  "Mozilla Thunderbird" is eMail & Newsgroups, with no browser.  You can choose which to
go with depending on your requirements.  See http://www.mozilla.org

Cheers,

Howard Winter
St.Albans, England - where *any* handgun is illegal these days...

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@120844 by Dave Dilatush

picon face
Jake Anderson wrote...

>were any of the things you found called "cool web search"?

Over the last week I've had several of these "web search" things
try to install themselves; one succeeded, and I had to rip it
out.

>... scumware ...

That is an EXCELLENT term...

>kazzaa is shipped with a slew of scumware (use kazzaa lite if you must)
>icq is adware
>gator is scumware

I don't use any of these things; frankly, the only things I ever
do over the Internet are email and reading my daily newspapers
and weblogs on the WWW.  I'd be perfectly happy with a web
browser that can't do anything other than display text and still
graphics; all the other "features" in modern bloatware like IE6
are of no interest.  Music, games, animation, it's all useless
crap as far as I'm concerned.

Thanks for the heads-up about Opera being adware; if I use it,
I'll pay for the ads-free version.

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@121259 by Dave Dilatush

picon face
Robert B. wrote...

>Well if you're gonna nuke it all anyway and reinstall windows XP.... may as
>well learn a little along the way.  Try disabling any startup program that
>doesn't look too important and see what happens.  Worst case you'll f-disk
>and reinstall.  Best case you'll fix it and not need to.

That's a good suggestion.  Once I get all my data offloaded from
this beast and am ready to nuke WinXP, I'll do a bit of playing
first while taking notes.

Thanks,

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@121507 by Robert B.

flavicon
face
The Automag and Dirty Harry's revolver fire the same cartridge, no?   A
revolver uses none of the cartridge energy for loading the next one, while
the AutoMag most certainly uses a small fraction of the energy to load a new
cartridge.  How, then, is the AutoMag more powerful?  A longer barrel?
Secret energy storage? Just curious, things don't seem to add up from over
here.
;)
R.

{Original Message removed}

2004\06\12@122129 by Dave Dilatush

picon face
Howard Winter wrote...

>On Sat, 12 Jun 2004 15:35:57 GMT, Dave Dilatush wrote:
>
>> The "45 Magnum" idea seems a bit dire, though, as I'd have to go out and buy one.
>
>Actually you can't - Russell was exaggerating a bit - the "most powerful handgun in the World" is a *44*
>Magnum... :-)  In fact that's a handgun *round* - the most powerful gun is probably the AutoMag - uses that
>round but it's semi-auto, rather than Dirty Harry's S&W revolver.

The last time I went to the range, a fellow came into the booth
next to me with a .50 caliber Desert Eagle.  There I am with my
little .22 Browning Buckmark going "Snap! Snap!" at my target,
when this jerk lets loose with a deafening "BOOOM!!!" and a
bright orange fireball at least a meter across.  Ridiculous...

>On the original topic, have you tried running another browser than Internet Exploder?

No, but I intend to do just that once I've cleaned up this
machine (by whatever means).

Thanks,

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@123205 by Norris Smith

picon face
Revolvers have a small gap between the cylinder and barrel, so there
will be a small loss of energy there also. There are also some more
powerful pistols such as the .454 Casull.

Norris

Robert B. wrote:

>The Automag and Dirty Harry's revolver fire the same cartridge, no?   A
>revolver uses none of the cartridge energy for loading the next one, while
>the AutoMag most certainly uses a small fraction of the energy to load a new
>cartridge.  How, then, is the AutoMag more powerful?  A longer barrel?
>Secret energy storage? Just curious, things don't seem to add up from over
>here.
>;)
>R.
>
>{Original Message removed}

2004\06\12@134451 by Matthew Fries

flavicon
face
Just this last week, I have had to deal with a couple of adware infected
machines at work. One of our operations PC got infected with a TON of stuff,
the most insidious of which is one called VX/BetterInternet. (Yeah, right!)

Yeah, I would run ad-aware, and even spybot search and destroy. They would
each say that there was something still running, so it couldn't delete the
file. I also cleaned up the RUN key in the registry. I tried to delete the
adware manually (i.e., stop the process, then delete the file), but it kept
respawning immediately! There was another process that was launching the
adware and also creating the .exe under different names, but I couldn't find
the parent process in the task manager process tab.

I went to http://www.sysinternals.com and downloaded Process Explorer. I used it to
kill the parent process of the adware, then ran ad-aware and spybot to clean
up the files. IT WORKED! The process was unable to respawn, and I got rid of
it. Try it!

Now I can't wait till Monday. I can finally clean the crap off of the VP's
laptop. (Sheesh!)




At 11:49 AM 6/12/2004 -0400, you wrote:
>Well if you're gonna nuke it all anyway and reinstall windows XP.... may as
>well learn a little along the way.  Try disabling any startup program that
>doesn't look too important and see what happens.  Worst case you'll f-disk
>and reinstall.  Best case you'll fix it and not need to.
>
>
>{Original Message removed}

2004\06\12@141603 by Dave Dilatush

picon face
Matthew Fries wrote...

>...I tried to delete the
>adware manually (i.e., stop the process, then delete the file), but it kept
>respawning immediately!

That tactic seems more and more common these days: a virus or
other scumware will have several, cooperative processes running
simultaneously, each one monitoring the others and watching out
for any attempts to stop them or delete the files.  Unless you
can get ALL of them stopped at once, you can't ever get rid of
the thing.

>I went to http://www.sysinternals.com and downloaded Process Explorer. I used it to
>kill the parent process of the adware, then ran ad-aware and spybot to clean
>up the files. IT WORKED! The process was unable to respawn, and I got rid of
>it. Try it!

Thanks, I'll do that.

Dave D.

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@154048 by David VanHorn

flavicon
face
At 10:31 AM 6/12/2004 -0600, Norris Smith wrote:

>Revolvers have a small gap between the cylinder and barrel, so there
>will be a small loss of energy there also. There are also some more
>powerful pistols such as the .454 Casull.

I like the Remington XP.
Basically a bolt action rifle, built as a pistol.
Not a concealed carry weapon, that's for sure.
http://www.hatchergun.com/images/AE_XP_3001.jpg

http://www.gun-tests.com/performance/oct96trickedout.html

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@162932 by Howard Winter

face
flavicon
picon face
Robert,

On Sat, 12 Jun 2004 12:13:54 -0400, Robert B. wrote:

> The Automag and Dirty Harry's revolver fire the same cartridge, no?

Not quite - the same bullet, but different cases.  The AutoMag uses a cut-down Winchester .308 rifle casing.

> A revolver uses none of the cartridge energy for loading the next one, while
> the AutoMag most certainly uses a small fraction of the energy to load a new
> cartridge.

Well revolvers leak between the front of the cylinder and the back of the barrel (which is why a silencer on a
revolver is a waste of time, despite being seen in lots of films!).  The AutoMag uses recoil energy for
cycling the action, so very little energy is lost (other automatic actions use the gas from the charge, so
some gas pressure is inevitably lost because you can't set it up to use just the right amount - you have to
overdo it a bit and the excess is lost).

> How, then, is the AutoMag more powerful?  A longer barrel?
> Secret energy storage? Just curious, things don't seem to add up from over here.

Combination of the above, I think, but the result is that a "standard" AutoMag load throws a 240grain
projectile at about 1500pfs, the S&W model 29 (Dirty Harry's gun) achieves about 1400fps with the same weight.

That and you can fire the AutoMag more rapidly, so throwing more firepower downrange in a given time.

There are actually more powerful handguns still, but they are pretty specialised and not mass-produced (not
that the AutoMag was exactly that either - but it was in series production for a while).

Cheers,

Howard Winter
St.Albans, England

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@182625 by William Chops Westfield

face picon face
On Saturday, Jun 12, 2004, at 09:09 US/Pacific, Dave Dilatush wrote:

> the only things I ever do over the Internet are email and reading my
> daily newspapers

Interesting.  I've found newspapers to be particularly annoying in the
ad department.  Someone will send a link to a story in some obscure
paper, and when I click on it I'll get 3 or 4 pop-up adds (just normal
popups, as far as I can tell.)

BillW

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@191121 by James Newton, Host

face picon face
I've noticed that as well.. Russell figured out a way around it for one of
the big ones (NY Times?) at least, but I haven't got round to asking him
how.

---
James Newton: PICList webmaster/Admin
.....jamesnewtonKILLspamspam.....piclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com



> {Original Message removed}

2004\06\12@204648 by Matt Pobursky

flavicon
face
On Sat, 12 Jun 2004 13:47:54 GMT, Dave Dilatush wrote:
> A goodly part of the angst is coming from the fact that I'm
> relying on one computer to do everything: e-mail, WWW, CAD, word
> processing, photography, everything.  So having to re-install
> WinXP means having to re-install every one of my applications, a
> huge task.
>
> I'm now thinking that it might be worthwhile to pick up a second
> computer, a cheap, low-end machine, to serve for e-mail and WWW
> only, and reserve my existing computer for non-internet
> applications ONLY.  So if the internet box gets trashed by the
> kind of mal-ware that's plaguing me now, doing a complete OS
> re-install won't be such a big deal.

My main workstation is setup much like yours (except I use Win2K). I
run Firebird/Firefox as a browser, Pocomail for email, ZoneAlarm Pro
firewall and EZTrust anti-virus (although I've turned off all it's real
time scanning, since ZoneAlarm neuters all executable attachments and
Pocomail will NOT run any active scripts in email). Nearly a decade
online now with a 24/7 connection and only gotten one virus several
years ago (pilot error on my part!).

However, I also do one more thing that totally eliminates "angst"
caused by adware, malware, spyware, viruses, etc. -- I use Norton Ghost
to make an image of my "C:" drive as soon as I've installed the OS and
customized everything to my liking. Any time I install a new
application, I re-Ghost the system so I can "go back", should the new
software bork my system. This includes before doing MS updates as well.
It takes about 5-10 minutes typically and restoring a previous image a
similar time. Much, much easier to restore a system drive from an image
than to re-install an OS and all your applications!!!

I also typically keep 2 or 3 images for each system drive -- one from
the initial system OS install (baseline), maybe one intermediate image
and one that's more or less current. This saved my bacon on my previous
system when the system drive shot craps... (IBM Deathstar). I was up
and running when the new drive arrived in less than 15 minutes.

I do automated daily full backups of all 5 workstations/server on my
network and this combined with the system drive images allows me to get
back to yesterday's status on any system in a very short time, should a
virus or hardware failure happen. I've only had to use my
backup/restore plan a couple times in nearly 20 years of work in my
home office, but it's worked flawlessly every time. I've used the Ghost
images many more times to quickly "uninstall" something that made my
system unstable or broke another application.

Matt Pobursky
Maximum Performance Systems

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

2004\06\12@221652 by Jake Anderson

flavicon
face
by the way
if you are religious about patching
and dont run dodgy software you should be fairly safe
I run IE 6 on 2k and have had only minimal (2) scumware infections all of
wich turned out to be from dodgy software

{Original Message removed}

2004\06\13@092554 by Dave Dilatush

picon face
Matt Pobursky wrote...

>...However, I also do one more thing that totally eliminates "angst"
>caused by adware, malware, spyware, viruses, etc. -- I use Norton Ghost
>to make an image of my "C:" drive as soon as I've installed the OS and
>customized everything to my liking...

I was considering using Norton Ghost 2003 even before I ran into
this adware problem, but abandoned the idea when I read this
review in PC World:

http://www.pcworld.com/reviews/article/0,aid,107378,00.asp

I don't know what to make of it; it sounded to me like either the
product itself was poorly done, or the author royally screwed
something up.  What do you think?

Dave D.

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email EraseMElistservspam_OUTspamTakeThisOuTmitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@095323 by Matt Pobursky

flavicon
face
I actually read that article when it came out -- I remember it because
I thought the author must be a PC simpleton (I'm trying to be
polite)....

I use the Ghost boot disk (actually, I made a bootable CDROM) and it's
user interface is extremely simple. But then, the author probably grew
up in a point 'n click Windows world and probably doesn't understand
terms like "partition", "source" and "destination". I believe if you've
ever used "Fdisk" to partition a drive and "format" to format it, you
have all the knowledge you need to use Ghost.

That said, there are other disk imaging programs out there too. I use
Ghost, but I've also used DriveImage and InstantRecovery. They all do
the same thing -- take a sector-by-sector copy of your drive or drive
partition and store it as a compressed file (and the reverse process
also) -- so their function is pretty simple really.

Matt Pobursky
Maximum Performance Systems

On Sun, 13 Jun 2004 13:24:51 GMT, Dave Dilatush wrote:
{Quote hidden}

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email listservspamspam_OUTmitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@100149 by Peter Moreton

flavicon
face
Dave,

I have used most versions of Norton Ghost, plus another similar product
called "PowerQuest DriveImage". Both are straightforward to use, work
flawlessly (with good hardware), and enable you to restore you OS from a
known good state. My kid could use drive imaging. I cannot imagine why the
PCWorld guy found Ghost hard to use ( Well, actually I can :-] )

Peter Moreton


> {Original Message removed}

2004\06\13@100632 by Dave Dilatush

picon face
Matt Pobursky wrote...

>...But then, the author probably grew
>up in a point 'n click Windows world and probably doesn't understand
>terms like "partition", "source" and "destination". I believe if you've
>ever used "Fdisk" to partition a drive and "format" to format it, you
>have all the knowledge you need to use Ghost.

OK, thanks.  I may give Ghost a try-- after re-acquainting myself
with Fdisk; I haven't used it in years.

Dave D.

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email @spam@listservKILLspamspammitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@142741 by Dave Dilatush

picon face
Peter Moreton wrote...

>I have used most versions of Norton Ghost, plus another similar product
>called "PowerQuest DriveImage". Both are straightforward to use, work
>flawlessly (with good hardware), and enable you to restore you OS from a
>known good state. My kid could use drive imaging. I cannot imagine why the
>PCWorld guy found Ghost hard to use ( Well, actually I can :-] )

Thanks, that's encouraging; and PowerQuest Drive Image sounds
good from the reviews I found at

http://www.pcworld.com/reviews/article/0,aid,111800,00.asp

and

http://www.computervideo.net/sep03-4.html

I'm still inclined to do what I mentioned before: get a second,
"no-frills" machine to serve as my Internet box, while keeping
all my CAD/WP/graphics applications and data on this one.  But
rather than go through a complete WinXP install when it becomes
necessary to clean out the Internet box, use Ghost or Drive Image
to restore it instead.

I **think** that makes sense as a tactic...

Dave D.

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email KILLspamlistservKILLspamspammitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@162044 by William Chops Westfield

face picon face
On Sunday, Jun 13, 2004, at 06:24 US/Pacific, Dave Dilatush wrote:

>> I use Norton Ghost to make an image of my "C:" drive as soon as I've
>> installed the OS and customized everything to my liking...

I do that.  The problem is with all those applications that populate
the windows registry or other undocumented areas of the C/windows drive
with all sorts of crap (see the "backup" discussion some months back.)

> I was considering using Norton Ghost 2003 even before I ran into
> this adware problem, but abandoned the idea when I read this
> review in PC World:
>
I use Ghost from NSW 2000, and it seems to work OK.  I wish it had that
extended media support, though.  I do use it primarily with W98...

BillW

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email RemoveMElistservTakeThisOuTspammitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@165531 by William Chops Westfield

face picon face
On Sunday, Jun 13, 2004, at 08:51 US/Pacific, Dave Dilatush wrote:

> I'm still inclined to do what I mentioned before: get a second,
> "no-frills" machine to serve as my Internet box, while keeping
> all my CAD/WP/graphics applications and data on this one.

For a while, the CE systems at work had their C drives in removable
trays.  Need to debug a problem with W3.2?  Pop in the appropriate
drive.  Linux?  Out comes the Windows drive and in goes a linux drive.
And so on.  Could be less painful than two completely separate systems.
The "internet" boot disk and the "work" boot disk.

BillW

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email spamBeGonelistservspamBeGonespammitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@173850 by Dave Dilatush

picon face
BillW wrote...

>On Sunday, Jun 13, 2004, at 08:51 US/Pacific, Dave Dilatush wrote:
>
>> I'm still inclined to do what I mentioned before: get a second,
>> "no-frills" machine to serve as my Internet box, while keeping
>> all my CAD/WP/graphics applications and data on this one.
>
>For a while, the CE systems at work had their C drives in removable
>trays.  Need to debug a problem with W3.2?  Pop in the appropriate
>drive.  Linux?  Out comes the Windows drive and in goes a linux drive.
>And so on.  Could be less painful than two completely separate systems.
>The "internet" boot disk and the "work" boot disk.

I considered that; but with the money situation the way it is
right now (no more child support, no more spousal support, no
more college tuition, no more lawyers, etc.) and given I'd like
another system to fall back on in a pinch anyway, I think I'll go
ahead and just buy a "no-frills" second machine.

Thanks,

DD

--
http://www.piclist.com#nomail Going offline? Don't AutoReply us!
email TakeThisOuTlistservEraseMEspamspam_OUTmitvma.mit.edu with SET PICList DIGEST in the body

2004\06\13@201931 by Bob Ammerman

picon face
You could run another copy of Windows under VMWARE or the Virtual PC
software to do the Internet thing.

Bob Ammerman
RAm Systems

{Original Message removed}

2004\06\14@113506 by Fred Hillhouse

picon face
The 44 AutoMag uses a 30-06 case cut down to 1.250" and sized to fit the 44
cal bullet. The case is considered rimless. It would fall completely through
the revolver cylinder if put into it. The 44 Mag case is 'rimmed'.

Actually when making the 44 Automag case, other donor cases work too, such
as the 308 Win Mag (Winchester, not part of Windows so it works!) and the
25-06, etc.

The 44 magnum/44automag round itself was the most powerful pistol round for
generic production pistols. There are custom pistols used for targeting that
handle much larger rounds (typically rifle rounds), such as a 338 Win Mag.
Big round in a pistol: knocks down steel full sized silhouettes of ram at
1000 yard!

I always wished the Automag round gained more favor. It makes for a better
auto-pistol round than the 44 Magnum. They stack better in a magazine. But,
alas, I just get a Desert Eagle in 44 Mag someday instead. It works very
well! And with a 14" barrel ... <drool> <sigh>




{Original Message removed}

2004\06\14@235424 by hilip Stortz

picon face
hell, i'll be doing that soon and i mostly use a mac, which so far has
been nearly bullet proof (but i'm not stupid enough to think that will
last for ever!).  i'll also be using a pc regularly starting in the next
few days, i don't plan to let it anywhere near the net!  the pc's (what
is the "proper" plural for pc?) will be on my local network, all will be
behind a firewall, and only one mac will be used online.  downloads will
be done to the mac and then sent over the network, preferably when i'm
offline.

you may think that's paranoid, but i'm on dialup and my current firewall
logs are still terrifying!  even on a slow, 26k dialup line with a
dynamic ip i'm getting constant incursion attempts, so bad that they
have interrupted things and slowed things down before, there are simply
too many people spending too much time cracking out there (and i do mean
"cracking", not hacking like i do which is totally legit and not an
attempt to break into anything that's not mine).

your only a paranoid until the spanish inquisition, or nazi germany, or
post 911 america with a cia stooge's son in the white house..... (do you
really think any former associate of the cia can be "out" if they are
still breathing?).  seriously, "it can't happen here" is usually the
fastest formula to make sure something will happen here.

Dave Dilatush wrote:
-------
>
> I'm still inclined to do what I mentioned before: get a second,
> "no-frills" machine to serve as my Internet box, while keeping
> all my CAD/WP/graphics applications and data on this one.  But
> rather than go through a complete WinXP install when it becomes
> necessary to clean out the Internet box, use Ghost or Drive Image
> to restore it instead.
>
> I **think** that makes sense as a tactic...
------------

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestspamTakeThisOuTmitvma.mit.edu

2004\06\15@073249 by Gerhard Fiedler

picon face
> the pc's (what is the "proper" plural for pc?)

Try "PCs" or maybe "peecees" :) -- an apostrophe seems not proper, in any
case.

> will be on my local network, all will be behind a firewall,

That's definitely a good thing, for any type of system.

> and only one mac will be used online.  downloads will be done to the mac
> and then sent over the network, preferably when i'm offline.

You still may want to keep the virus scanner on the peecees :) up to date.
I'm not sure whether the scanners available for the Mac get updated with
the same frequency (for example when a new one spreads around).

> you may think that's paranoid,

I've been online with my PC for many years (and since a few years a number
of other people on our LAN are, too), without a problem. Most infections
happen because there is no firewall in front, and/or the virus scanner is
not up to date, and/or the user did something really out there.

Gerhard

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads


'[OT:] Adware Aggrevations'
2005\12\30@063213 by Howard Winter
face
flavicon
picon face
Russell,

On Sun, 13 Jun 2004 02:53:03 +1200, Russell McMahon wrote:

>...
> 1,    Consider the following

I'd just add that some of the blighters are impossible to remove if you aren't in Safe Mode - running the
various scanners in that mode may succeed where they previously failed (the symptoms of which are often that
they say they deleted something, but the next scan finds it again).

>...
> Once / If you get rid of it using the methods below you could consider using
> the new "Tea Timer" facility in Spybot to help protect against such things
> in future. Also the startup vetting system ? part of "Startup Control Panel"
> that asks for permission before new startup registry keys are added.

What is this Startup Control Panel?  I must have missed it!

> Irrelevant observation: My SYSTEM32 subdir has over 5000 (presumably
> legitimate) files in it. What madness is this ? :-)

I blame Bill Gates...  and I'd like to know what I can do about the 92 folders containing over 3,500 files,
taking up over a third of a gigabyte, of "Uninstall" stuff that Windows updates have left behind!

Cheers,


Howard Winter
St.Albans, England


2005\12\30@130237 by Robert Rolf

picon face
Start/accessories/system tools/diskcleanup.

After the scan finishes (which can take a LONNNNNG time)
you have the option of deleting unused files
which includes the uninstalls for updater.

I figure Microsoft must own shares in hard drive & RAM companies given
the bloatware they create, and the crud that the O/S leaves behind.

Robert


Howard Winter wrote:

{Quote hidden}

2005\12\30@151752 by Danny Sauer

flavicon
face
Howard wrote regarding 'Re: [OT:] Adware Aggrevations' on Fri, Dec 30 at 05:34:
> I blame Bill Gates...  and I'd like to know what I can do about the
> 92 folders containing over 3,500 files, taking up over a third of a
> gigabyte, of "Uninstall" stuff that Windows updates have left
> behind!

Get rid of them.  They're of little to no use - do you plan to
uninstall any of the windows updates any time soon?  I didn't think
so. :)

--Danny

2005\12\31@082821 by Gerhard Fiedler

picon face
Howard Winter wrote:

>> Once / If you get rid of it using the methods below you could consider
>> using the new "Tea Timer" facility in Spybot to help protect against
>> such things in future. Also the startup vetting system ? part of
>> "Startup Control Panel" that asks for permission before new startup
>> registry keys are added.
>
> What is this Startup Control Panel?  I must have missed it!

I don't know what the OP meant (possibly a feature of Spybot), but this is
handy: http://www.mlin.net/StartupCPL.shtml

Gerhard

More... (looser matching)
- Last day of these posts
- In 2005 , 2006 only
- Today
- New search...