Hello lobo, it is fun but, it's also MASSIVELY DAMNED time consuming, and
all the more annoying when, on this particular PC, roughly a year ago, I had
spent a considerabe number of hours tracking and cleaning out spy/ad-ware.
My memory's getting so bad, I can't even remember what was in his machine
the last time ! ...it may come back to me shortly.....

I'm currently looking into the McAfee / TSR type "command line scanner" that
David H Lipman mentioned, I might give it a go. This is despite a long
standing dislike of McaFee software when, many years ago, I tried several
successive versions of it over quite a long preiod of time, and it, more
often than, would not coexist very well with other software. But !
....that's was in the days of Windows 95 / OSR2 ...I think ...so perhaps
it's improved since then ! ....I think Computer Associates have been
doing a similar thing for some time, I'll have to look into that one as
well.

regards, Richard


"lobo" <el_lobo@nowhere.net> wrote in message
news:6tVtf.44000$q%.33663@newssvr12.news.prodigy.c om...
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:uPmOU2vDGHA.312@TK2MSFTNGP09.phx.gbl...
>> ..what on earth am I on about ?
>>
>> ...LSP remove the newsdotnet Winsock2 key and now IE etc is all OK :-)
>>
>> regards, Richard
>>
>>
>> "RJK" <notatospam@hotmail.com> wrote in message
>> news:%23UsAq0vDGHA.1124@TK2MSFTNGP10.phx.gbl...
>>> ...just did the LSP thing, ...no Norton, and IE come to that, can
>>> connect....I feel like I'm going to be sat in front of this thing for a
>>> week.
>>>
>>> regards, Richard
>>>
> I have been lurking on this thread for awhile now and wonder if you may
> have seen this tool: http://www.hijackfree.com/en/processdetails/?id=167
> I was having problems with Spyaxe and this helped me take care of it.
> Good Luck! Isn't this fun
>

"
>---------- ----- ---- --- -- - - - -
Don't pay malware vendors - boycott Sony
>---------- ----- ---- --- -- - - - -
"

I don't follow that one ! I LUV Sony products, they're all over my house !
:-)
....never liked the look of their PC products though.

regards, Richard


"cquirke (MVP Windows shell/user)" <cquirkenews@nospam.mvps.org> wrote in
message news:ivkhr1pqum3u00ff1htera8pd9n8m1tok8@4ax.com...
> On Sun, 1 Jan 2006 16:44:21 -0000, "RJK" <notatospam@hotmail.com>
>
>>...you beat me to it. i.e. last night while rummaging around attempting
>>to
>>get rid of New Dot Net, I noticed on the "Winsock2" branch (was rummaging
>>in the registry at the time), a "NewDotNet" entry and was going to ask how
>>to remove it without breaking the "daisy-chain" in there.
>
> A valid concern :-)
>
>>A year or so ago I tried a LSP fix on a machine with a broken Winsock,
>>...can't remember what was going on at the time but, after running it I
>>got
>>loud click from the moonitor and screen, and a competely dead Windows
>>installation, ...and hard disk if I remember correctly, ...even though
>>twas
>>more than a year ago. I also remember suspecting at the time that I'd
>>downloaded a rogue LSP fix.
>
> Wow - that's above & beyond expectations of badness. Normally, you'd
> end up with something that looked like broken DNS, i.e. "PC works but
> I can't access the Internet" sort of thing.
>
> In those days, before LSPFix, the cause was often deleting a
> Winsock-invader using one of the anti-cm tools - I think it was
> AdAware, may have been before Spybot came out - and the "fix" was to
> do an over-old re-installation of Windows. Ugly.
>
> Now AdAware and others have built-in LSP management tools or add-ons,
> and are far more aware of the issue when killing such malware, listing
> them in read and so forth. Finally, XP grew an in-house fix in SP2.
>
>>Thanx for all your help. ...am still struggling along :-).
>
> It's a pleasure!
>
>
>
>>---------- ----- ---- --- -- - - - -
> Don't pay malware vendors - boycott Sony
>>---------- ----- ---- --- -- - - - -

"RJK" <notatospam@hotmail.com> wrote in message
news:OizDdPMEGHA.1312@TK2MSFTNGP09.phx.gbl...
> ...final word on this thread ? , but first of course is a VERY big
> thankyou to David H. Lipman for such brilliant help.
>
> I took A****'s computer back to him in a much better state than I received
> it ! I also gave him a MAJOR "dressing down" for allowing in the malware
> that he'd allowed into his PC, ...for a second time ! ...last year he
> allowed malware into his PC and got a vigorous telling off from myself !
> He mentioned that his teenage sons are now using his computer, and I
> suggested that he disallaw them from using it unless he's present.
> "iTunes" music download software was installed and I suspect it was that
> which had the NewsDotNet malware/marketing software attached to it. I
> tried explaining to him that lots of "free" "TryBeforeYouBuy" software
> often has malware attached to it, a fact which is sometimes clearly stated
> in the Licensing details for such software, on which people are too quick
> to click OK.
>
> Thank you again.
>
> regards, Richard
>
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:uvS%23TrMDGHA.1816@TK2MSFTNGP11.phx.gbl...
>> ...long 'phone call, ...I haven't got in front of the following PC yet
>> .....
>>
>> A friend, (Adrian R*), has been hijacked, something has implanted itself
>> into his system tray and is presenting a pop out speech bubble as shown
>> here,
>> http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
>> site DO NOT download anything it, I haven't looked into it's
>> "reputation." !! ...i.e. it could yet one more of the thousands of
>> ant-spyware programs that is itself riddled with spyware!
>>
>> Adrian's IE6 Homepage has become www.systemwarning.com and the malware is
>> advising him to download more malware under the name of "SpyAxe,"
>> anti-spyware software.
>>
>> I've had an initial Google around the web and suspect that he has the
>> Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got,
>> and very hard locating a manual work through to remove it.
>>
>> Can ayone point me to a more appropriate remedy other than
>> http://securityresponse.symantec.com...an.zlob.e.html
>> ...or am I on the right track, ....in case I'm barking up the wrong tree.
>>
>> ...Left him running an a/v sweep in Safe Mode, will visit on site
>> tommorrow.
>>
>> ...am continuing to research this on the web, will post details if I find
>> my own solution for him, in case it can help others.
>>
>> regards, Richard
>>
>
>

....and a BIG thanx to all others on this thread :-)

regards, Richard


"RJK" <notatospam@hotmail.com> wrote in message
news:OizDdPMEGHA.1312@TK2MSFTNGP09.phx.gbl...
> ...final word on this thread ? , but first of course is a VERY big
> thankyou to David H. Lipman for such brilliant help.
>
> I took A****'s computer back to him in a much better state than I received
> it ! I also gave him a MAJOR "dressing down" for allowing in the malware
> that he'd allowed into his PC, ...for a second time ! ...last year he
> allowed malware into his PC and got a vigorous telling off from myself !
> He mentioned that his teenage sons are now using his computer, and I
> suggested that he disallaw them from using it unless he's present.
> "iTunes" music download software was installed and I suspect it was that
> which had the NewsDotNet malware/marketing software attached to it. I
> tried explaining to him that lots of "free" "TryBeforeYouBuy" software
> often has malware attached to it, a fact which is sometimes clearly stated
> in the Licensing details for such software, on which people are too quick
> to click OK.
>
> Thank you again.
>
> regards, Richard
>
>
> "RJK" <notatospam@hotmail.com> wrote in message
> news:uvS%23TrMDGHA.1816@TK2MSFTNGP11.phx.gbl...
>> ...long 'phone call, ...I haven't got in front of the following PC yet
>> .....
>>
>> A friend, (Adrian R*), has been hijacked, something has implanted itself
>> into his system tray and is presenting a pop out speech bubble as shown
>> here,
>> http://www.spynomore.com/trojan-zlob.htm PLEASE, anyone viewing this
>> site DO NOT download anything it, I haven't looked into it's
>> "reputation." !! ...i.e. it could yet one more of the thousands of
>> ant-spyware programs that is itself riddled with spyware!
>>
>> Adrian's IE6 Homepage has become www.systemwarning.com and the malware is
>> advising him to download more malware under the name of "SpyAxe,"
>> anti-spyware software.
>>
>> I've had an initial Google around the web and suspect that he has the
>> Trojan.zlob.e trojan but, it's hard to pin down exactly what he's got,
>> and very hard locating a manual work through to remove it.
>>
>> Can ayone point me to a more appropriate remedy other than
>> http://securityresponse.symantec.com...an.zlob.e.html
>> ...or am I on the right track, ....in case I'm barking up the wrong tree.
>>
>> ...Left him running an a/v sweep in Safe Mode, will visit on site
>> tommorrow.
>>
>> ...am continuing to research this on the web, will post details if I find
>> my own solution for him, in case it can help others.
>>
>> regards, Richard
>>
>
>

From: "RJK" <notatospam@hotmail.com>

| "
>> ---------- ----- ---- --- -- - - - -
| Don't pay malware vendors - boycott Sony
>> ---------- ----- ---- --- -- - - - -
| "
|
| I don't follow that one ! I LUV Sony products, they're all over my house !
| :-)
| ...never liked the look of their PC products though.
|
| regards, Richard
|

It's because of Sony's use of RootKit technology for copyright protection. A system that
was subsequently exploited by malware creators. Sony was sued and in the first case settled
the case. More law suits to follow.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "RJK" <notatospam@hotmail.com>

| Hello lobo, it is fun but, it's also MASSIVELY DAMNED time consuming, and
| all the more annoying when, on this particular PC, roughly a year ago, I had
| spent a considerabe number of hours tracking and cleaning out spy/ad-ware.
| My memory's getting so bad, I can't even remember what was in his machine
| the last time ! ...it may come back to me shortly.....
|
| I'm currently looking into the McAfee / TSR type "command line scanner" that
| David H Lipman mentioned, I might give it a go. This is despite a long
| standing dislike of McaFee software when, many years ago, I tried several
| successive versions of it over quite a long preiod of time, and it, more
| often than, would not coexist very well with other software. But !
| ...that's was in the days of Windows 95 / OSR2 ...I think ...so perhaps
| it's improved since then ! ....I think Computer Associates have been
| doing a similar thing for some time, I'll have to look into that one as
| well.
|


It is NOT a TSR - Terminate and Stay Resident.

There is a big difference between the command line scanner and the GUI you may have used.

There is also a big difference between the corp/enterprise McAfee VirusScan and the retail
McAfee VirusScan.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "RJK" <notatospam@hotmail.com>

| ...final word on this thread ? , but first of course is a VERY big thankyou
| to David H. Lipman for such brilliant help.
|
| I took A****'s computer back to him in a much better state than I received
| it ! I also gave him a MAJOR "dressing down" for allowing in the malware
| that he'd allowed into his PC, ...for a second time ! ...last year he
| allowed malware into his PC and got a vigorous telling off from myself !
| He mentioned that his teenage sons are now using his computer, and I
| suggested that he disallaw them from using it unless he's present. "iTunes"
| music download software was installed and I suspect it was that which had
| the NewsDotNet malware/marketing software attached to it. I tried
| explaining to him that lots of "free" "TryBeforeYouBuy" software often has
| malware attached to it, a fact which is sometimes clearly stated in the
| Licensing details for such software, on which people are too quick to click
| OK.
|
| Thank you again.
|
| regards, Richard

Richard:

I am glad I could help.
In the future I will be just as glad to assist you again.

Mu Multi AV Scanning Tool was created because I saw a niche where people need to remove
viruses and Trojans. So I wrote multiple scanner menu driven utility. This utility
provides; Mcafee, Sophos, Trend Micro and Kaspersky and none of them need to pre-exist on
the PC.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

http://www.ik-cs.com/multi-av.htm


I also have specific tools that are wrapped around a Mcafee only based command line scanner
process and are specialazed for specific malware. This way there are hard coded
instructions for the malware's removal plus the added benefit of signature and heuristic
malware detection and removal.

The following is for the Backdoor.Haxdoor Trojan and Raze Spyware.
{ This is a nasty Trojan using RootKit technology. }

Download Haxdoor.exe from the URL --
http://www.ik-cs.com/programs/virtools/Haxdoor.exe


The following is for the following malware; SpySheriff, SpyAxe, SmitFraud Trojan, some
variants of the Apropos Trojan and Apropos adware, PS Guard, SurfSideKick, Search Maid,
Virtual Maid, AntivirusGold, AdwareDelete, Daily Weather Forecast and Security IGuard.

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe


The following is for the Vundo Trojan and Adware-Virtumundo

Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe


All my tools are available at; http://www.ik-cs.com/got-a-virus.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

....(blush) ...wasn't thinking !

regards, Richard


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:uJmIotMEGHA.3148@TK2MSFTNGP10.phx.gbl...
> From: "RJK" <notatospam@hotmail.com>
>
> | Hello lobo, it is fun but, it's also MASSIVELY DAMNED time consuming,
> and
> | all the more annoying when, on this particular PC, roughly a year ago, I
> had
> | spent a considerabe number of hours tracking and cleaning out
> spy/ad-ware.
> | My memory's getting so bad, I can't even remember what was in his
> machine
> | the last time ! ...it may come back to me shortly.....
> |
> | I'm currently looking into the McAfee / TSR type "command line scanner"
> that
> | David H Lipman mentioned, I might give it a go. This is despite a long
> | standing dislike of McaFee software when, many years ago, I tried
> several
> | successive versions of it over quite a long preiod of time, and it, more
> | often than, would not coexist very well with other software. But !
> | ...that's was in the days of Windows 95 / OSR2 ...I think ...so
> perhaps
> | it's improved since then ! ....I think Computer Associates have been
> | doing a similar thing for some time, I'll have to look into that one as
> | well.
> |
>
>
> It is NOT a TSR - Terminate and Stay Resident.
>
> There is a big difference between the command line scanner and the GUI you
> may have used.
>
> There is also a big difference between the corp/enterprise McAfee
> VirusScan and the retail
> McAfee VirusScan.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>