An Apple a Day

If I recall using a linux based password "recovery" tool usually ends up you resetting the password to gain access to a passworded computer. Not the best thing if you dont want to leave tracks you were there. For the file extraction you want to do, I have not done this but am told it will do it, use a "live cd". A "live cd" is a operating system on one cd. The operating system is loaded in to the computer Ram and not the harddrive. You can access the hard drive but no files are written to it from the Ram. The one cd os loads its own drivers to operate the hardware, ie printers, cd reader/writers, usb ports, Dvd ect. Once shutdown and the cd removed there generally is no trace, because windows OS was never started. Knoppix (a popular one cd os) might just be the ticket. (sorry no link doing this on the fly) Regards

I do believe that all of the devices will default to the slowest "nic" on the network. Most of the "nic's" are auto-sensing. Example: if three devices were on the same network. one with a 10mbs nic, another with a 10/100mbs (auto sense nic) and another with a 10/100/1000mbs (auto sense nic) All devices will default to the 10mb speed. :)-->good luck

Paw, you missed this one. Most likely the cause of most of the problems: O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:MAIN.MHT!http://d.dialer2004.com//tv/main.chm::/load.exe This one is called "TrojanDownloader/dropper.Win32.Small.cw" Its whole purpose in life is to retrieve and install additional files, when run. Most will be configured to retrieve files/images from a designated web or FTP site. Notice the "dialer2000" website part of it, probly "adult content" is associated with it. Do you see the /load.exe? I would suggest checking that O16 entry as well for fixing while in safe mode. If it (the browser hijacking) does not go away, a number of file deletions and registry editing might be in order. This one is probly getting loaded at boot. There are a number of other bed-bugs present as well (such as odd browser helper objects (BHO's)) But will let you drive the bus Also very very important C:WINDOWSTEMPORARY INTERNET FILESCONTENT.IE5GHAJ0LQVHIJACKTHIS[1]HIJACKTHIS.EXE One last thing, never run Hijackthis from a "temp file" always make a folder, preferably on your root directory..(ie c:hijackthis) put the program exe in it and run it from there. Reason being is that Hijackthis does make a back up should you need to put back what you deleted/fixed. If you run it from a temp file you will lose everything when you reboot. Now back to your regularly schedualed program....

herbiejuan Try booting into safe mode and running Adaware. after scan reboot again into normal mode and see if it has gone. Another thing you may have to do is show hidden files and folders. Here is how How to unhide files Try to search for your baddie files/folder that way. Sometimes Adaware complains about a file that Spybot has put into backup archives. Could be a false positive so to speak. There are a few more things to try. But give those a shot first.

I use this tool to profile a computer when the user/owner is not sure of what they have or what the model numbers of the equiptment they own. Plus so much more! Belarc Advisor Next step once you have the model/serial numbers is to search out the information on the Web.

Well as long as you are not a (must I say it) a Dis"grunt"led poster? I will see you get some help. You know one of these times we will catch up in the chatroom!

Ok, Bacon girl sorry for the difficulties for getting in the forum at SWI. If you get nowhere with getting on the forums there (SWI), I have another forum you can post your log can get some attention. Tomcoyote forums Pretty much the same folks that post and help at SWI (including me) and is a bit easier to post to. (less traffic) You do have to do the register thing unfortunately, most forums are having to do this now. Even here at GS you have to be a member just to read certain content. Once you register at Tomcoyote's post your log and such in the Open forum and under the topic Hijackthis logs and problems. Yes your firewall is definetly keeping you from connecting. You might try this fix for SWI.(or any other site you might have trouble with) In IE, do Tools->Internet Options, and delete cookies. In IE, do Tools->Internet Options, Privacy, click Edit, add URL for SWI forums, click Allow. Close all browser windows. Open just one IE. SWI like many forums want to set cookies for the browser session to remember your name and login across the sections and pages there. To keep you logged in so to speak. Please let me know where you landed with your post. There are these two missionaries who have been lost and wandering in a jungle for days, and they're at death's door with hunger. As they stumble on, hoping for salvation in the form of a mircle or something to eat, they suddenly spy, through the bramble, a peculiar tree off in the distance. As they get closer, they can see that the tree is draped with rasher upon rasher of bacon. There's smoked bacon, crispy bacon, life-giving juicy nearly-raw bacon, all sorts. "My God, John" says the first man. "It's a bacon tree !!! We're saved!!!" "You're right" says John, "Praise the Lord!" "Its a mircle!" So John, goes on ahead and runs up to the tree salivating at the prospect of food. But as he gets to within five feet of the tree, there's the sound of a sackbutt, and he is shot down in a hail of Pigpellets. His friend quickly drops down on the ground, and calls across to the dying John. "John, John - what happened?".... With his dying breath John calls out ... ."Ugh, run , run ! ... it wasn't a Bacon Tree it was a........Ham Bush."

Why not use the WEP (Wired Equivalency Protocal/Privacy) and MAC filtering together? Wep may cause some network slowdown, but depending on the bandwidth being used currently by the connected devices you may not notice. Wep isnt perfect but better than nothing. Using the Wep would encrypt data between the device to the Base. Would stop/slow the "Unauthorized" User from getting a connection for starts and monitor traffic for legit Mac addresses and passwords. That and get rid of any "factory" SSID's or Keys and make some of your own. A step better than WEP is that your Router supports a newer technology called Wi-Fi Protected Access™ (WPA) wireless security. The Router protects your PC from most known Internet attacks with a powerful Stateful Packet Inspection firewall. It can also serve as a DHCP Server, supports VPN pass-through, and can be configured to filter internal users' access to the Internet. A real advanced step would be to make the Wireless base station one network, and the devices another and use Virtual Private network connections (VPN,s) using certificates as authentications. But as Steve put it, Mac filtering might be enough for what you need to do. But I would be sure tempted to enable the WEP.

Balsamic,err Pslamy, no..no..wait I will get it..Ptooey, Psalty,..Psalmy! I look forward to see you there. Just let me know who to look for. More about the ZoneAlarm: Try putting the privacy and security settings in the internet settings control panel on medium or lower. Does that fix the access problem at GS? Here is a tutorial on how to set access for sites you like to visit on Zone. Privacy settings/ZoneAlarm

Ad-Aware/Spybot SD are very good "General" tools but the number and types of exploits are becoming exceedingly more difficult to detect and remove. The tools generally require to be able to "see" the files and the crapware is getter better at hidding them. Spybot SSD is coming out with a new version in the next few days (or so promised) to better detect more of them. (version 1.3) Yes, Pacman's portal has a presence on many security websites and is a very good database for discovering "what is this thing" But startups are not the only issue. There are BHO's system files, and applications. (such as that Aveo that never really went away) The Hijackthis program frequenly mentioned and used is very simple to use. You download the executable file into a permenant folder and run it. Here is a link to a quick start on the program Quick Start on Hijackthis You do nothing but explain in a post at one of the security forums recomended about what happened to you and post the Log created by hijackthis if a Helper or Expert asks for it. About the ZoneAlarm, its a good thing you are getting the alerts. It means it is catching them! But for the most part its just "noise" that has always been there and you are just seeing it for the first time. Once the novelty of having it pop up on you each time one happens you can shut off the notifications. Zone alarm is chatty when first installed because it does have to learn from you what access is acceptable or not. ( both outgoing and incoming) If acceptable always, you check the box on the popup not to bug you about it again. If not acceptable ever you check the box saying so. Even if you make a mistake you can find that entry and remove it from being blocked or allowed. A bit of fine tuning and you probly can get Greasespot to work as you want it to. I dont use zonealarm, I use kerio personal firewall and do fine on GS. I know this no fun, but its the exploiters which have made the internet this way. Best you can do is lock down your machine as reasonable as possible. birdy birdy in the sky, dropped some whitewash in my eye...boy I am glad pigs cant fly..

Psalmy, Psalmy, Psalmy!!! You can continue to use outlook express. It has nothing do with Firefox the browser. Yes mozilla does have a email client but thats not what was recomended to you by the other Chatters. sigh... Browser exploits in internet explorer allowed other people via websites you visited to execute code on your computer as if they were sitting at your keyboard. Thats why so many updates and security patches had been released to remove the vunerabilites. That is why probly why mozilla firefox (say it with me--> "Browser") was recomended to you. It doesnt have the exploits IE has/had. Now do you know if you have a keylogger, malware, ect still on your computer? I dont, nor will anyone else unless you run some tools. I am not trying to panic you into a rash thing, I just want to help you secure your computer and to keep it from happening to you again. oh by the way, apple a day does keeps the ah-hem Doctor away.

A snip from a Tech/tv article for getting you IE favorites to Mozilla firefox. Things to Know about Firefox There you go

Great let me know under what Nick or handle you are posting over on spywareinfo. Better yet a link so I can baby sit your post should you not get a quick response. Mozilla firefox is what you want to download. About 6.5 megabytes. So you do have room for it. Here is a link to it so you can learn all about it. Firefox-Browser Now with that said, I have not used it myself but come recomended highly by those who do just for the feature of tab browsing and ad blocking built in. No more continuing to back and forth and open new windows to follow links. Why havent I used it? Just have not taken the time on a shared dial up to grab the file. One of those when I get around to it I will do it. I have not have had problems with IE because of the security tweakings and layered applications I have running. See you soon.

Run both adaware (by lavasoft) and spybot search and destroy. Each looks for different exploits by crapware, keyloggers, and hijackers. The way things are currently, unless you are a computer professional, it is very difficult for the average user to identify any malware they might have. Malware has become stealthy in hidding its self by changing names or places it resides. I would suggest you go have a visit at spywareinfo Make a post in The spyware removal-Hijack forum with your problem. With the number of posts they recieve you may have to bump your post to the top of the list on occasion. Follow what the experts or helpers suggest, and ask for assistance to avoid getting reinfected. I would walk you through this, but would rather have the resources of that site to be sure you get the best help possible. (oh by the way proverb17 says he still has sackbutt envy, and still complains about Psalms before proverbs...)

Update, if you dont want to install a new program and already have musicmatch as a media player. This snip is from TechTv snip You can also use MusicMatch to capture the analog signal being played. Go into the Options menu, select Recorder and change the source to System Mixer. You'll need to make sure your computer's volume level is turned up as it will effect the level of the recording (capture) end snip Even cheaper would be to capture the sound from the sound card on one of the speaker/lineouts rerouted to a line in. Any thoughts why that wouldnt work? Other than quality of sound?

Thank you for the invitation Sudo. I might swing on by for a look. Now understanding what you want to do with the files here is a link to a program called Total Recorder. Total Recorder This program will capture any thing that your soundcard can play. This includes streaming media from RealPlayer or Windows Media player. There is a trial verson of this program which will limit you to 40 sec's of recording. I have not used this myself not having the need yet for conversions or captures. But since you can try it before you buy it you have nothing to lose. (look for the Standard version for the trial) A nod to Steve, if I had looked more carefully at what the .asx extention was I would have relized it was nothing more than a xml link to stream the real file in the .asf format. The clip I downloaded was so small I assumed it was the file itself. ME BAD!

I went to your link Sudo, I right clicked a song link in the Windows media catagory, selected "save target as" and it saved for me as a .asx extension to my harddrive. Closed all browsers, navigated to it, and it played in my Windows Media player. What are you trying to do with the file once you have it? Are you trying to change its format? (ie to a wav or mp3) Not clear on what you are wanting to do.

The +RW vs -RW standard is about how the data is physically laid down on the disk. There is a competition between manufactures not unlike the old betamax vs VHS videotape competition of the past. Its not clear what will end up being the "standard" yet. Not only is there +RW and -RW there is DVD-Ram and DVD-ROM Backers of DVD+RW, besides HP, include Koninklijke Philips Electronics, Sony, Yamaha, Thomson Multimedia, and Dell Computer. Backers of DVD-RW is Panasonic and Compact computers. Backers of DVD-Ram is also Panasonic. DVD-RAM, allows you to record and view what you recorded at the same time. You can also create play lists of the material on the disc and edit and reorder any way you like, then play it back. Nice feature But incompatibility with existing DVD-ROM drives and home entertainment DVD players. You would have to convert it to another standard. DVD+RW is compatible with home DVD players, allows data as well as DVD recording. DVD-RW doesn't include the defect management and is said to be less usable for data files. (according to the +RW folks) Some compatibility issues with some DVD+RW drives from what I get from some of the forums. Slashdot/Dell Throws In For The +R/+RW Standard So where is this going? If you are building a new box get a burner that burns both -RW and +RW HP Drives DVD+RW Standard Recordable DVD Wars Heat Up With New Entries ----------------------------------------------- ..The early bird gets the worm..the second mouse gets the cheese!

I am so sorry that had to happen to you Wayfer Not!. I hope you can get your money back. A bit of an update for those who care: The www.spywareinfo.com site is up now. They found the combination of servers and proxies to blunt the Ddos they were recieving. 60 mb per second of requests was knocking them off the net. The volunteers there have made a difference in the fight against malware and got targeted. A few of the sites,esp Netintegration (spybot s&d official forums) got knocked off. They cant afford to pay that sort of bandwidth being used from their hosting providers. They will remain out until this Ddos stops. Spywareinfo is helping them out as Netintegration did for them by giving them a presence. So for all help on malware/trojans you can point your browsers to: Spywareinfo The early bird gets the worm..the second mouse gets the cheese!

Yes, I have heard of that happening. You most likely had a Cd that was either flawed/cracked or cut/made off balanced. (wobbles) The faster the Cd-rom/Dvd drive spins up, the more likely it will happen with a bad cd. Some of my cd's I own make a terrible hum or racket but have not had any break yet. Good quality well know brands are less likely to have defects and life-time replacement warranties. But I am frugal and look for good deals too. The early bird gets the worm..the second mouse gets the cheese!

Proxomitron is reported to be an excellent tool. I have never heard any bad news by anyone who has used it. Usually terms of "awesome" and "great" are associated with it when asked about it around the antispy/software boards. Was designed to deal with the popup ads and javascripting plaguing everyone at the time of its creation. It can deal with ActiveX with additional filters and rules manually put in. I have not used it myself so I can not speak to its effectiveness having come up with other solutions. As Zixar has pointed out the author has stopped supporting it. But the author Scott Lemmon is still is around the support forums. computercops The only thing from what I read from reviews and testimonials about it is that it can be confusing to configure for novice users. If you are willing to learn a new piece of software and its controls it is a good way to go as well. The early bird gets the worm..the second mouse gets the cheese!

Good call on the Hijackthis reference Steve. Yes this is one of the tools used to remove stubbon pieces of software, startup entries,ect. But it is a very powerful piece of software. It just shows you what processes and programs you have running on the machine. It does not how ever tell you what you should remove. It only removes what you tell it or check off. Wrongly used you can make your computer non-bootable and difficult to recover. Dont try to use it to remove entries on your own the first time you use it. To use the tool Hijackthis I would suggest you go toSWI and take advantage of the experts help there. The creator of that program (Merijn) posts there as well. They have extensive knowledge and a arsonal of tools to eradicate whatever bedbug is plaguing your computer. You dont have to register to post there. Its all free. I would recomend you read the FAQ's, and the before you post entries there to get the best results. John R. Look at Javcools site I posted on earlier. One of his software offerings is Spywareblaster. Javacool Software SpywareBlaster sets Kill bits on specific ActiveX controls the malware folks try to place on your computer when you visit Web pages. This one of the major ways one gets infected. You get a popup with a yes/no box wanting you to download something (if you are lucky and have set your browser to prompt you). Yet this program it lets the friendly Activex features through so you can enjoy the content of the Website you are visiting.(games, video, music and so on) I personally do not know what web page is going to have on it when I am surfing. The urls or hosts for these malware guys change often but the methods of infecting the machine not so often. After the fact scanning is important, but its a reactive measure and not a proactive one. I prefer a layered approach. What is activeX? ActiveX control is essentially a Windows program that can be distributed from a web page. These controls can do literally anything a Windows program can do.(read, write, execute, download, email, erase, find, search..) SpywareGuard is another layer to the protection. A real time scanner. Does what your antivirus does for viruses, but is designed to watch for spyware. I know its sounds a bit complicated, but once you have some of these installed, much of the work is being done for you behind the scenes and can act as "tripwires" so you can get on the with the business of enjoying the browsing of the internet. People want to be able to use the computer for their benefit and not be its servant twisting its knobs and controls constantly. Alfakat, You wont find me flaming you on the browser choice. There is so much going for the mozilla/firbird/fox, Micro$oft is going to copy some of its features. If I had the time and bandwidth to download it I would have it in a heartbeat. Tabbed browsing, built in cookie blockers, activex protections to name a few benefits of them. Side note: spywareinfo.com, merjin.org, tomcoyote.org (major spyware battlers) have been targeted recently by DDos attacks (suspected culprit is one of the malware companies) and have had to block some major isp domains temporarily. So if you cant get into those sites right away thats the reason. Other note: Sorry to come off sounding hard on you folks that spent good hard earned money on the spyhunter software. But ripping off someone elses reputation and calling it your own should sound familiar to a lot of us. Emails and demands for money back should be in order. The trend is starting to form with the malware people is that if you cant beat them, fool em into thinking you are a spyware removal company too. Give you free software, target bogus "parasites" and scare you into buying the removal of these parasites with the "professional" versions. spyware installing spyware ok, now I need to go drink more coffee.. The early bird gets the worm..the second mouse gets the cheese!

If your problem remains: You may wish to navigate to the control panel, system properties,system restore tab. Look for the check box labeled turn off system restore. check it and reboot. Run the spybot and see if it gets it. If so go and uncheck the box from the previous proceedure. If your problem still remains: still recheck the box. I dont want you out there with no restore point. Where do these bedbugs get installed? Registry, system files, anywhere they can be executed. How did you get them? You were at the wrong place at the right time. These will install without your knowledge, a drive by download so to speak. Bundled software usually include a surprise not unlike a box of CrackerJacks. When it comes to software, "Free" usually means it comes with malware, scumware, spyware and such. Its how these folks get paid. Serve you a ad, market your personal info maybe you will buy. Now there are free software downloads which are marvelous! Usually marked by having a Paypal or some means for donations to support the work. How do I stop this from happening? You can for the most part. The malware changes faster or as fast as the means to block it. here is a Url to download GOOD free software to block it even before it downloads. Proactive vs reactive. If it doesnt get on you dont have to clean it off. Javacool Software. Look at spywareblaster and spywareguard. Small very effective programs updated frequently. Lets hear some feed back on if you got rid of your bedbug. The early bird gets the worm..the second mouse gets the cheese!

Wayfer not: A couple of ideas come to mind why you are still getting hits on that bedbug. Idea number one is that you still have the entries located in your system restore files. For obvious reasons the "system" took a snapshots of your files and folders just in case you needed to restore your computer to a earlier working point. The utility is probly seeing entries but will not/can not remove them. First and formost I have a Url for you to look at. SpyHunter has been doing slimy business practices. Take a look at the BIG FAKE WARNING Enigma has been trying to cash in on Patrick M. Kolla's work. Trying to redirect searches to its own Web site. The real spybot S&D With that said get rid of the thing and get the real deal. Run the Spybot s&d you got from the posted site and see if that takes care of it. If this does not work, you need some other tools to get at them. I have a few recomendations for helping you keep the bedbugs from getting on your computer in the first place. From legitimate sites and for no money. Let me catch my breath and will make another post The early bird gets the worm..the second mouse gets the cheese!