Esato Mobile
General discussions : Esato forum : Spyware/Adaware on Esato?
Index Menu
Sign in
> New Topic
> Reply
< Esato Forum Index > General discussions > Esato forum > Spyware/Adaware on Esato? Bookmark topic
Page <  12345>

EastCoastStar Posts: > 500

its not bothering me really, but it really suprised me when i saw it, ya know?
the main one i saw was for Vonage
--
Posted: 2005-02-08 22:02:49
Edit : Quote

Cycovision Posts: > 500

Well, at work (I'm a computer repair man) we use a program called 'Hijack this' to find out exactly what applications, BHO's and dll's (through rundll32.exe) get loaded up and executed at Windows startup.

I can safely say that my PC has shown no signs of spyware activity despite visiting Esato on a daily basis.

For anyone who's into hijack this, here's the log taken as I write this message:

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32GSICON.EXE
C:WINDOWSsystem32dslagent.exe
C:Program FilesCommon FilesAOLACSAOLDial.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesVIAudioiSBADeckADeck.exe
C:PROGRA~1COMMON~1XCPCSyncTRANSL~1ErPhn2ErTray.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesMagicKeyMagicKey.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:Program FilesSony EricssonMobileaudevicemgr.exe
c:PROGRA~1INTUWA~1SharedMROUTE~1MROUTE~2.EXE
C:Program FilesMagicKeyOSD.EXE
C:Program FilesMagicKeyMulMouse.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1SONYER~1MobileCONNEC~1CONNMN~1.EXE
C:Program FilesAOL 9.0waol.exe
C:Program FilesAOL 9.0shellmon.exe
C:Program FilesCommon FilesAOLaoltpspd.exe
C:PROGRA~1SONYER~1MobileCONNEC~1CapMan.exe
C:PROGRA~1SONYER~1MobileCONNEC~1ElogErr.exe
C:PROGRA~1SONYER~1MobileCONNEC~1BROADC~1.EXE
C:PROGRA~1SONYER~1MobileCONNEC~1SCRFS.exe
C:PROGRA~1SONYER~1MobileAUFILE~1.EXE
C:PROGRA~1SONYER~1MobileCONNEC~1Ecfmserv.exe
C:PROGRA~1COMMON~1NullsoftActiveXAOLMed~1.exe
E:Jay's DocumentsHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [GSICONEXE] GSICON.EXE
O4 - HKLM..Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..Run: [AOLDialer] C:Program FilesCommon FilesAOLACSAOLDial.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [XTNDConnect PC - ErPhn2] C:PROGRA~1COMMON~1XCPCSyncTRANSL~1ErPhn2ErTray.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:Program FilesAOL 9.0aoltray.exe
O4 - Global Startup: MagicKey.lnk = C:Program FilesMagicKeyMagicKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
--
Posted: 2005-02-08 22:31:44
Edit : Quote

laffen Posts: > 500

@EastCoastStar
You might have seen an ad for Vonage if you are located in the US. Members located in Europe, Asia or Africa will not see this advert.
--
Posted: 2005-02-09 20:24:58
Edit : Quote

Lembo Posts: > 500

A quick way to check if internet explorer has spyware attached to it is to check the size.

Internet Explorer ver. 6 should be 91KB
--
Posted: 2005-02-09 20:48:44
Edit : Quote

OluYom Posts: > 500

I am yet to run into any of these while browsing Esato. This message was posted from a WAP device
--
Posted: 2005-02-09 21:19:50
Edit : Quote

marlonski Posts: > 500

@Cycovision
So Hijack this will basically log all running applications so that someone like yourself can then remove the the cr*p or at least advise someone what to do ? it's the renaming files in regedit and all the other thangs you guys do that seem a little daunting

Do you know of any programs that'll actually sort this out by checking running applications, identifying and then removing them ? or is spybot and adaware sufficient ?

I run spybot, adaware, keep a copy of stinger (mcafee), cw shredder and run nortons.

i don't suffer from popups on here.

@vanquish not trying to tell ya ho to suck eggs mate, but have you run spybot in safe mode ? I don't think you can run adaware in safe mode (at least i haven't managed to yet).

If your running xp have you tried turning off the system restore which will delete garbage backed up and then running spybot etc ?
--
Posted: 2005-02-10 01:03:40
Edit : Quote

Cycovision Posts: > 500

@marlonski

Yes, the top part of the log shows all currently running applications and services whilst the bottom part (which is more usefull) shows pretty much everything that gets loaded at startup via the registry. Not just apps, but .dll files, browser plugins etc. Hijack this lets you delete these items directly without having to hack the registry.

Basically, we use it to help us get rid of the stuff that Spybot, Adaware etc. miss. There's quite a lot of very nasty browser hijackers out there that bury themselves deep within windows, and recreate themsleves whenever you remove them using spyware removal apps. That's when we go renaming files and hacking the registry directly!

Most people will find that running a good antivirus app along with Adaware and Spybot search and destroy will do a good enough job, they certainly get rid of the most dangerous spyware components like dialers and keyloggers. Apps like Hijack this and Process Explorer come in usefull when all else fails
--
Posted: 2005-02-10 09:56:08
Edit : Quote

marlonski Posts: > 500

@Cycovision.... thanks very much for clarifying that



--
Posted: 2005-02-10 10:39:02
Edit : Quote

Payalnik Posts: 380

Oh god, mates, why not use Firefox? I save a lot of time with all its tabs, ad blocker and no spyware
--
Posted: 2005-02-14 11:02:14
Edit : Quote

masseur Posts: > 500

people experience other problems on esato with firefox such as the "new posts" feature not working and other cookie related issues

I'll stick with IE and NIS!
--
Posted: 2005-02-14 11:04:03
Edit : Quote
Page <  12345>
New Topic   Reply
Forum Index

Esato home