fix spyware infection

18 Dec
Posted on Author swildow

The DNS servers (205.152.37.23 and 205.152.132.23) are in Atlanta and New
Orleans. You are in South Carolina or somewhere near there. Both servers are
probably reasonably close, for dialup anyway, but it would be interesting to see
traceroutes to both from your friends system.

But that doesn’t explain the browser problem with accessing www.yahoo.com by IP
address. I’m betting you should be checking for spyware, specifically a browser
and / or DNS hijack of some type.

DNS resolution is affected by the LSP / Winsock subsystem.
http://support.microsoft.com/?id=318584
http://support.microsoft.com/?id=811259

Give LSP-Fix and WinsockLSPFix a shot first .

Now check for adware / crapware / spyware. Start by downloading each of the
following free tools (To your computer then figure a way to copy them to your
friend’s computer?):
AdAware
CWShredder
HijackThis

Spybot S&D

Stinger

Create a separate folder for HijackThis, such as C:\HijackThis – copy the
downloaded file there. AdAware and Spybot S&D have install routines – run them.
The other downloaded programs can be copied into, and run from, any convenient
folder.

First, run Stinger. Have it remove any problems found.

Next, close all Internet Explorer and Outlook windows, and run CWShredder. Have
it fix all problems found.

Next, run AdAware. First update it (“Check for updates now”), configure for
full scan (), then scan. When scanning
finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it (“Search for updates”), then run a scan
(“Check for problems”). Trust Spybot, and delete everything (“Fix Problems”)
that is displayed in Red.

Then, run HijackThis (“Scan”). Do NOT make any changes immediately. Save the
HJT Log.

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha:
Net-Integration:
Spyware Info:
Spyware Warrior:
Tom Coyote:

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx again.

Cheers,