Help unknown spyware 66.118.169.7

[Albert_Hall]

Did all that except nt services. Firewall says that IE is trying to connect
to that IP's. Gonna try the services part. Thanx
"Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
news:Q2Bfb.36209$%h1.24415@sccrnsc02...
> So, what ELSE have *you* done?
>
> - Have you ran a FULL scan with a recently updated anti-virus program?
>
> - Have you used BHO Demon to see what BHOs are installed in IE?
>
> - Have you used msconfig.exe or Mike Lin's Startup applet to disable
> startup programs, reboot, and check if the problem continues?
>
> - Have you disabled all non-critical NT services?
>
> - Have you booted into Safe mode (with networking)?
>
> - If you disable the rules you defined to block the connection, does
> your firewall popup an alert saying what program is trying to make an
> outbound connection (and let you select to block, permit, or manual
> configure a rule for it)? If so, that might itself identify the culprit
> program. If it is svchost.exe then an NT service is making the
> connection, so you need to stop all non-critical NT services and restart
> them one by one to see which one attempts the connection.
>
> - SysInternal's TCPview (free) might indicate who owns the local port
> through which the communication is moving.
>
> - Use Task Manager to see what processes are running. Then go hunting
> for those executables to see where they are. Right-click on them and
> look under the Version tab to see if there is any identifying
> information as to its maker and its use.
>
>
> --
> __________________________________________________ __________
> "Albert_Hall" <dcosic@net.hr> wrote in message
> news:blm4ou$4ll$1@bagan.srce.hr...
> > I was wrond, the problem is still present, don't know what to do???
> >
> >
>
>

[Jim Byrd]

Hi Albert - From your description it's difficult to be sure just what you
got into, and therefore to prescribe any specific actions. Do the following:
Download HijackThis, free, here:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Unzip it to any convenient folder, start it then press Scan. Click on
SaveLog when it's finished which will create hijackthis.log. Now click the
Config button, then Misc Tools and click on Generate StartupList.log which
will create Startuplist.txt

Go to Spyware and Hijackware Removal Support, here:

http://www.spywareinfo.com/forums/in...74&act=SF&f=11

Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s).



--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:bln9df$onh$1@bagan.srce.hr,
Albert_Hall <dcosic@net.hr> typed:
> Did all that except nt services. Firewall says that IE is trying to
> connect to that IP's. Gonna try the services part. Thanx
> "Vanguard" <no-email@post-reply-in-newsgroup.nix> wrote in message
> news:Q2Bfb.36209$%h1.24415@sccrnsc02...
>> So, what ELSE have *you* done?
>>
>> - Have you ran a FULL scan with a recently updated anti-virus
>> program?
>>
>> - Have you used BHO Demon to see what BHOs are installed in IE?
>>
>> - Have you used msconfig.exe or Mike Lin's Startup applet to disable
>> startup programs, reboot, and check if the problem continues?
>>
>> - Have you disabled all non-critical NT services?
>>
>> - Have you booted into Safe mode (with networking)?
>>
>> - If you disable the rules you defined to block the connection, does
>> your firewall popup an alert saying what program is trying to make an
>> outbound connection (and let you select to block, permit, or manual
>> configure a rule for it)? If so, that might itself identify the
>> culprit program. If it is svchost.exe then an NT service is making
>> the connection, so you need to stop all non-critical NT services and
>> restart them one by one to see which one attempts the connection.
>>
>> - SysInternal's TCPview (free) might indicate who owns the local port
>> through which the communication is moving.
>>
>> - Use Task Manager to see what processes are running. Then go
>> hunting for those executables to see where they are. Right-click on
>> them and look under the Version tab to see if there is any
>> identifying information as to its maker and its use.
>>
>>
>> --
>> __________________________________________________ __________
>> "Albert_Hall" <dcosic@net.hr> wrote in message
>> news:blm4ou$4ll$1@bagan.srce.hr...
>>> I was wrond, the problem is still present, don't know what to do???

[nemo outis]

In article <bln9df$onh$1@bagan.srce.hr>, "Albert_Hall" <dcosic@net.hr> wrote:
>Did all that except nt services. Firewall says that IE is trying to connect
>to that IP's. Gonna try the services part. Thanx


As an aside, the best spot to find out which (NT & XP) services
to enable and disable is:

www.blackviper.com

Regards,