Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Don't want to find Heretofind.com
November 8, 2004, 12:18 am
rate this thread
rid of that. However, now, whenever I'm on a webpage for a while, I
keep getting this annoying little bar pop up on the bottom of my
browser. It says the name of some topic of the page that I'm on,
party poker, hot girls, and more.
How do I get rid of this? I've run Ad-Aware a bunch of times.
Am running Windows 2000, IE 6.
Re: Don't want to find Heretofind.com
The infamous "toolbar" huh?
These are general removal instructions that work with Spyware/Adware and other
1.) Download this blocking Hosts file and put it in
Don't let it get saved as something like "hosts.txt". No extension. Move or
rename it so it's just plain "Hosts". Some systems have winnt in place
of windows in the path.
Make some well-known additions to that file, add
Any site you don't want to reach (eg, adware/spyware phoning home to
download/repair/defend themselves) add it in a similar manner. The file knocks
out adserver sites as well, too. If you need to have normal use of a listed
site, just remove its entry or put its real IP address in place of 127.0.0.1
2) Open TaskMgr. Go to Add/Remove programs and remove anything unwanted. You'd
be surprised to find the stuff people didn't know they "installed". You may
need to kill a process in taskmgr if something is running or in use that you
want to remove. Clean out all the "temp" and garbage files on the machine.
Likely, some of those will be running too, and you'll again need to use
taskmgr to end the process. http://www.systeminternals.com/ has two apps I
really like for this, pskill and pslist. Pskill seems to work better than
TaskManager at killing processes.
3) Get out Regedit. Use the menu and select "Export Registery". Select to
export ALL keys & values. Save this to a file, put it in a safe place. If you
make a mistake in the Registry, you can now at least revert to the old
version. Open the HKey Local Machine (HKLM) key. Keep opening folders down
thru "Software" -> "Microsoft" -> "CurrentVersion". You should see some keys
now, like "Run" and "RunOnce". Click on those, look at their values on the
right hand side of the display. Are these the programs you want to autostart
each and every time you start Windows? If no, delete the value off the right
side, but don't remove the "Run" key itself. Do the same for the other "Run__"
keys. Here, likely you'll find things like printer startup references,
sometimes AV scanners, system utils. Those are OK. Removing a key doesn't
remove the program, it just disables it's auto-starting. Programs can
autostart in more than one key. They can also use win.ini and autoexec.bat
files, but these methods aren't as common as Run key startup nowdays. A large
percent of malware uses the Run key method.
While you're in the "Windows\CurrentVersion" area, locate the key that
references Internet Explorer. Check it's search page settings and other
settings, homepage, etc. They may not be set. If they are set to something
they shouldn't, change the value on the right hand side to an appropriate
"Search URL" REG_SZ "http://nasty.spyware.net/?search "
"Search URL" REG_SZ "http://www.google.com/"
Sometimes the spware is buggy and messes up the URL part, so may it looks like
"Search URL" REG_SZ "@@#%vh^5g&&& **76H $$3@~~ _0OK"
Sometimes URL's are obscured with hex digits, like this:
You can find an ASCII chart to easily decode them. Some values you always see
are %2e = . %2f = / %77 = w %6f = o %61 = a %65 = e %69 = i
%40 = @ . If you see a "@" in a URL, it's sometimes for passing a
username/password pair on to a server to keep track of which site you are/who
3. Now, run the latest version available of Spybot S&D and an AV scanner, also
latest version (preferably updated that day). I use F-Prot on Linux, and
AntiVir on Windows (http://www.f-prot.com/ and http://www.free-av.com/ ).
Remove the suspected files. Personally, I think the System Restore feature of
Windows is a bad idea, since it will also restore all previously killed
spyware, adware, and viruses along with everything else. However, some people
want it and thus leave it on and active; it's a personal choice.
4. Go to Windowsupdate and install the latest patches & fixes available.
Don't run MSIE but only for Windowsupdate. Download Firefox from
http://www.mozilla.org/ and use that. Again and again I have seen systems
rendered totally unusable by spyware/adware/viruses able to gain a foothold in
turn them off. Enable them only when needed. Don't let every single site on
the 'Net cookie you to death. FireFox/Mozilla have good cookie controlling
features. I use "cookies for the original site only" and ask to accept each
cookie. It can remember sites you've denied. You probably want cookies from
your used sites like forums, webmail, or places you login because they store
your important info, but every site only casually visited has no reason to
litter your system with mini-files. Check into a firewall if you don't have
5. Reboot and run the cleaners again; clean up anything left behind. Empty the
recycle bin. Make sure you read EULA's (end user license agreements). Many
sites will outright tell you you'll be running their adware/popups/spyware,
but of course they use different, pleasent-sounding wording ;)
If you want free software/games/whatever, go to them- if they come *to you*,
likely there is a deeper meaning. One of the sites listed up top advertised
free games. Downloading and playing the games brought with it a system which
launched popups/popunders, changed the home page, search site, and added a
bunch of useless "favorites" in the bookmark section, plus resisted removal
and would repair/reload itself from another site. The changes to the computer
were so drastic and the adware comsumed so much resources that the machine was
rendered unusable. Windows opened themselves, porn links bookmarked
themselves, and traffic was getting routinely sent to a "mothership" host site.
Trying to browse *anywhere* resulted in landing at a "search" site. At any
given time there where numerous sent-connections to port 80 (http) of unheard
of IP addresses the user didn't know.
It took me over 17 hours to reclaim this machine, which is owned by someone I
know. There was over 3 gig of "temp" files, and the Registry itself weighed in
at over 80 mb. More than 66 instances of adware/spyware and 4 different
viruses where found. I hope at least part of this can help someone, because I
truely hate spyware/adware and those that promote it all the while claiming
it's not what it really is.
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
- » Implementation of wavelet decomposition : help required!
- — Previous thread in » General Computer Security