I am wary about Spy ware after watching a report on the CBC which claimed that about 90% of all computers are affected by Spy ware. Giving your personal info out to anyone who would buy it, and totally destroying your personal privacy. A example cited in the report was a program called hotbar,and others.

http://aroundcny.com/technofile/texts/tec072003.html

http://www.thundercloud.net/help/hotbar-is-spyware.htm

Just one of the many programs that infect computers.

http://www.safer-networking.org/

This software should try to detect and rid you of spy ware. Since I am apprehensive, and paranoid about spy ware. Should I d/l this program, and should you?

download both ad-aware from lavasoft and spybot search and destroy from safer-networking. The real homepage is security.kolla.de, but you often get redirected to safer-networking. Alternatively, you can download mozilla and not worry (about cookies anyway.) Mozilla gives you tabbed browsing as a bonus, that's the main reason I use it. It's a hassle in some cases, sometimes to download you need to right-click link and select save target as. And some pages don't display right as a lot of sites cater to internet explorer, and it doesn't stay 100% true to html specs. And don't install hotbar :p

Exactly what can spyware do? Can it just pick up the information you do online or can it also view things on your hard drive?

Spyware has gotten much worse. I was on the phone with my brother tonight. He picked up something that won't allow him to go to Ad Aware or Spybots pages! I had him disable a bunch of junk in msconfig, but no luck. He may very well end up formatting and reinstalling to get rid of it.

Here is a great link, that links to several sites about spyware, http://www.overclockers.com/tips00561/ .

Get him to check his HOSTS file, it's usually the way that any Canonical domain name (Like www.sciforums.com) could be pointed at a different IP address, meaning that you'll load a wrong page.

Spyware has moved from the original tracking your purchasing movements for better advertising, to hijackerware which as mentioned can hijack your ability to browse particular sites.

I suggest if you get to clean your system down, make sure you make a backup of your systems registery, this will be useful in patching anything maliciously altered in it in the future.

Exactly what can spyware do? Can it just pick up the information you do online or can it also view things on your hard drive?

Spyware, once installed onto your computer, can possibly do a number of things like read data from your hard-drive, record your internet use, use a keylogger to record everything you type, etc. What is more worrying is that they also often install a backdoor into your system giving the creator of the spyware easy access to your computer.

Repo Man

Why doesn't he go here?

http://download.com.com/3001-8022-10194058.html

Because that site is blocked as well. I thought he could go to Netscape and get that browser, but Netscape won't come up either. We went through all of the settings in Internet Options, no luck. I'd have him delete it in the registry, but we don't know what we are looking for.

I just redid my computer before hooking up to the internet. I have Norton, and plan to download Spy-bot first thing. Anything else?

How do you just get a backup of your registry(XP)?

so download adaware and spybot search and destroy on another computer, burn them to a cd, physically transport them to the infected computer. What I'd probably do is just reinstall. It's not that complicated, just back up whatever files he feels he needs and can't get on the net easily. Personally, I reinstall every month as a protest to micro$oft. I refuse to authenticate. Reinstalling cleans up the registry, speeds up the system, ensures that hackers and viruses can't get a good hold on the system. It does take an hour or so to install, then another hour or two downloading updates (come on service pack 2!!) and reinstalling software, but not that big a deal.

There's another program I've never used personally, but I've heard about several times. It's called HijackThis or something similar. It's meant to deal with just your situation.

gifted:
back up registry. start menu/run/regedit file menu, export. Don't know how useful this would be necesarily tho, I think most people use it before installing programs or physically editting registry to undo any mistakes made.

get adaware as well. Spybot has an inoculation feature that prevents certain types of adware, not sure how well it works, but these programs don't generally run as a "shield". After browsing for a while and you've aquired cookies and whatever, run them and they'll clean it up.

Mozilla doesn't have the same cookie problem IE has, you might think about trying it out. And netscape sucks. Talk about spyware. Maybe not necessarily spyware, but definitely intrusive.

Do you have a firewall? If you're on broadband, you should definitely consider getting a hardware router. There's also software firewalls, Zonealarm and Kerio firewall are two of the best. Both have free versions and trialware (speaking of trialware, another good reason to reinstall monthly ;)). What else? Anti-virus? AVG is good and free.

Stryder:
Get him to check his HOSTS file, it's usually the way that any Canonical domain name (Like www.sciforums.com) could be pointed at a different IP address, meaning that you'll load a wrong page.

Where would said HOSTS file be found? I am having a similar redirect problem, but it doesn't seem to be any particular sites. It just randomly redirects me to this one site.

Sounds to me like a spyware program I faced called something like IEDRIVER, What it did was insert random links to Advert servers to falsely bloat someones turnover per click by selecting pieces of text at random from you accessing a webpage and then turning it into a hyperlink, so that the victim wouldn't know that the links on the site didn't actually belong to the site.

HOSTS can be found on XP at:
C:\WINDOWS\SYSTEM32\DRIVERS\etc

The only other option would be to check that you haven't had some "Proxy settings" set.

Another silly question, but how do I open or check to see if there are any problems with the HOSTS file?

You can open the hosts file either by right-clicking on it, select open, select choose program from a list, choose wordpad or notepad. (I guess double-clicking it should work too, brings up the choose program dialogue box.) Or you can open notepad or wordpad, select file, open, navigate to windows\system32\drivers\etc\ select hosts and voila! You might need to change the open file extensions to .* instead of .txt.

Thanks, all I needed to know was what program to use...I guess I could have tried some, but oh well. Thanks again.

Edit: Alright, I opened it and it lists a bunch of sites. What am I looking for that might be causing my redirect problem?

the default should have only localhost as 127.0.0.1 all the rest are the redirects. What the hosts file does is define an ip address to a name. So if you wanted, you could define dese_nutz as meaning www.sciforums.com or rather the ip address of the site. Then you could type dese_nutz in the address bar it would take you here. This is what my default host file reads

-----------------------------------
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
--------------------------------------------------------
this is for an xp machine, I think they're all the same though.

I'm with invert_nexus on this.

Ad-aware and Spybot are great.
And get a firewall - personally, I use Sygate.

As for Virus protection - great little thing... DL and update online: F-Prot and F-Stop.

Be weary of Browser Hi-jack attempts, stuff like Xupiter...
Many progs are suspicious even if you don't think so.

I.e:

Bonzi Buddy
and most famously,
Kazaa

They take info from your PC, see where you've been online and send you pop ups accordingly... they take up bandwidth for one... and disk space.

So, can I just delete all the ones I don't want in there?

you got it.

edit: I think you must restart for changes to take effect.

err.... This is a personal computer right? If it's a work computer these might need to be in there. If it's your computer and you didn't put them in there, then you've been hijacked. I've never seen a program alter the hosts file. It's obsolete now ain't it? Just in for compatibility?

It's a personal computer, so no worries there. Thanks a lot for your help.

HOSTS file hijacking is on an increase. HOSTS file play less of the role they use to thanks to DNS servers, however they are still utilised in certain instances, like making sure the domain you type in is the one you want by placing the correct IP address in there with them.

They are also useful for giving your own computers on an LAN network petnames, so you can contact them through the browser if they are serving things like websites etc.
(i.e. Rather than typing 192.168.0.2 for another machine, you can write a name like "Comp2" and it will find it, but only if it's rigged up for the protocols supported by the browser)

HOSTS files are also used in configuring linux boxes with things like Sendmail, and Apache. Useful for creating internal subdomain names that don't work outside of the servers structure.

I d/l adware, but I am not sure on how exactly it works. Also I know I have been hijacked or something of that nature due to the fact this:

res://mshp.dll/index.html#37049

is my homepage, how do I get rid of that? Also I have this annoying thing called readme Acid Skip...I am computer retarded, so please baby step by baby step. Thank you.

I am wary about Spy ware after watching a report on the CBC which claimed that about 90% of all computers are affected by Spy ware. Giving your personal info out to anyone who would buy it, and totally destroying your personal privacy. A example cited in the report was a program called hotbar,and others.

http://aroundcny.com/technofile/texts/tec072003.html

http://www.thundercloud.net/help/hotbar-is-spyware.htm

Just one of the many programs that infect computers.

http://www.safer-networking.org/

This software should try to detect and rid you of spy ware. Since I am apprehensive, and paranoid about spy ware. Should I d/l this program, and should you?
If you think thats bad, they are going to start and put chips in your clothing that will record details about your spending patterns. Mental stuff.

Undecided, it appears that this URL should have something of relevance:
http://www.pchell.com/support/lookfor.shtml

Apparently it's what you mentioned isn't just a hijackware, but also a trojan:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_IEFEATS.A&VSect=T

Hope that will give you a clue how to get rid of it, since both have instructions on removal, although they aren't "beginners" methods.

So although I already use Adaware, I installed Spybot yesterday.

But it won't update. Program locks up if I try. Probably because you need to define a proxy. But I don't know anything about those things. I don't think I have a "proxy" (can one have a proxy? :)) I am logged in through a university intranet, which also gives acces to internet.

How can I update Spybot?

Well the Univerisity computers are more than likely to run through a Proxy (In this case, server systems that Cache what you view online on a server at the University, the idea is that if everyone in the university was all going to look at a page, they wouldn't all pull it from one site they would get it from the Cache saving bandwidth)

This means that your connection to the actual net is routed through it (ergo named proxy).

It's more than likely the case that you won't be able to get any information on the installation of the system at University (since they like to try and stop people mucking around with the settings too much)

If your having problems though, I doubt it would be down to a proxy setting, it's more than likely that the University has stopped .EXE files from being downloaded from the internet and executed on the computers, you would have to attempt to find a .ZIP version of the files to update.

Or you could try changing the default update server. I think the default is somewhere in europe and I've heard it get's overwhelmed sometimes. Never actually had the problem myself though.

invert nexus: thanks! Updates come in from Australia without any problems or proxy settings

Stryderunknown: thanks for not assuming I was making such a dumb mistake :)

no prob, now I have confirmation that this does help sometimes.

No prob, A4Ever. The reason I didn't look at the simple usage of a different location is I've seen some universities block file types to try and stop their systems getting things loaded onto them. (Although there is always a work around)

Seems the admins at such places lock the systems up and then pretty much forget about them because they believe they've dealt with the issue, meanwhile the students circumnavigate left right and centre. There probably best off allowing the students full access, and stopping the ability to lock people out, at least they would have to stay on top of things, but it's not like anyone will ever listen lol