AVG, adaware, zonealarm, spyguard, spybot

Are AVG, adaware, zonealarm, spyguard, spybot search & destroy the be all, end-all of problem-solving on the topic of spyware, IE hijacking, and viruses?

Except for AVG, I have all of the aforementionned programs up and running, and yet, when I launch my homepage –which is either google.ca or www2.sympatico.ca–, it always opens up a little “pop-up” (which is actually just another IE window, which is located farther than the bottom right corner…when you right click–>close it, you see it doing that movement from bottom right to the taskbar, then it shuts down). It’s a mere annoyance to have to close the pop up every 5 minutes or so of surfing, but it DOES mean there’s a hole in my system. Which I’d like to fix.

[Oh, and uh, well, for a reason I won’t explain due to the rules on cracks and big macs, I can’t install the service pack 2 of windows XP…Would that be the problem? If so, anyone have any pointers to unofficial (read: not windows update) ways to install the service pack 2?]


There is another great program called Pest Patrol, but as I recall it is not free. It is a great program though.

Read up on this if you’d like:
^article I wrote on what you are asking about. :slight_smile:

I have a feeling if you research a program called “HiJackThis” and look for BHO’s that you might solve your problem.

there’s also SyGate which, like ZoneAlarm, is a firewall, however SyGate is much more secure, and just as easy to operate. However, SyGate isn’t free.

And by the way, you should keep AVG alive at all times as it is the best antivirus out there. Norton is a massive faliure, especially when compared to AVG.

As for this pop-up thing, I suggest you first check and see if your porgrams are up to date on their definitions, then run them all. If that doesn’t work, download a program called Spy Sweeper, which is the best one out there, however it isn’t free. You can a trial though.

I work in a computer lab that has developmentally disabled users. We are constantly dealing with these problems. I have found a solution that seems to work.

First you need to clean up your system. Get “HiJack This” from dwonload .com and run it. Be very carefull using though beacause some of the results are legitimate, if you have questions follow it’s advice and post your results on one of the spyware removal forums. After you get that cleaned follow my advice. Stop running all of those other programs, these are what you need:

  1. Latest version of either McAfee or Norton, these new versions have heuristics that look for virus like behavior and identify much of the ad/spy ware out there.
  2. Use AdAware SE, I found that the newest version of this program has been sufficient enough to clean an infected system with out having to run Hijack This, AdAware SE should be the only AdWare/SpyWare removal program you need. If you use the free version make sure you run the updates and run the program every couple days.
  3. Don’t worry about expensive firewall systems, use “The Proxomitron”. You can get it from here:http://www.proxomitron.info/files/index.html , be sure to read the documentation on how to use it, if you have trouble setting it up just PM me. This is a web filter that will stop most malisious crap before it even get’s downloaded.
  4. Just use Zonealarm free edition. This program is plenty sufficient in blocking ALL of your ports, keeping hackers out.

With this combination of things you can rst assured your system will be safe. If you need help using HiJack This PM me and I’ll walk you through it. The only investment you will need to make is Norton or McAfee, which you should be running anyways.

I ran HiJackThis:

Logfile of HijackThis v1.98.2
Scan saved at 19:18:30, on 2004-08-27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\system32\dla fswctrl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.sympatico.ca/
R3 - Default URLSearchHook is missing
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla fswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla fswctrl.exe
O4 - HKLM…\Run: [StorageGuard] “C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [yhhvdk] C:\WINDOWS\System32\eoxkpp.exe
O4 - HKLM…\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O17 - HKLM\System\CCS\Services\Tcpip…{4EC488D9-8F90-4F57-B940-1B47D5E9D71F}: NameServer =

AVG tells me that I’m having some istbar.4AD and Agent.AS viruses! Why, this is most conforting to see that I CAN REMOVE THEM!

I see a few questionable items, gotta go home now but I’ll give it a look see when I get there.

But my “seconday popup problem” hasen’t been fixed yet :frowning:
I need to learn to understand that log…I can clearly make out msn, fileplanet, zonealarm and so on…but there’s a lot more stuff I don’t understand than stuff I do understand…So I’m at a loss…

Just use AVG with Ad-Aware or better yet with Spybot since on some instances, it has found more adware than Ad-Aware. I wouldnt say Norton is bad though. Its firewall and detection of intrusion is exceptional. AVG is great but whats with win98 look? It looks so tacky.